ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
32class ilLDAPRoleAssignmentRule
33{
34 private static $instances = null;
35
36 const TYPE_GROUP = 1;
37 const TYPE_ATTRIBUTE = 2;
38 const TYPE_PLUGIN = 3;
39
40 private $server_id = 0;
41 private $plugin_active = false;
42 private $add_on_update = false;
43 private $remove_on_update = false;
44 private $plugin_id = 0;
45
46
54 private function __construct($a_id = 0)
55 {
56 global $ilDB;
57
58 $this->db = $ilDB;
59
60 $this->rule_id = $a_id;
61 $this->read();
62 }
63
72 public static function _getInstanceByRuleId($a_rule_id)
73 {
74 if(isset(self::$instances[$a_rule_id]))
75 {
76 return self::$instances[$a_rule_id];
77 }
78 return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
79 }
80
85 public static function hasRulesForUpdate()
86 {
87 global $ilDB;
88
89 $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
90 'WHERE add_on_update = 1 '.
91 'OR remove_on_update = 1 ';
92 $res = $ilDB->query($query);
93 $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
94 return $row->num > 0;
95 }
96
102 public function matches($a_user_data)
103 {
104 global $ilLog;
105
106 switch($this->getType())
107 {
108 case self::TYPE_PLUGIN:
109 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
110 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
111
112 case self::TYPE_ATTRIBUTE:
113
114 $attn = strtolower($this->getAttributeName());
115
116 if(!isset($a_user_data[$attn]))
117 {
118 return false;
119 }
120
121 if(!is_array($a_user_data[$attn]))
122 {
123 $attribute_val = array(0 => $a_user_data[$attn]);
124 }
125 else
126 {
127 $attribute_val = $a_user_data[$attn];
128 }
129
130 foreach($attribute_val as $value)
131 {
132 if($this->wildcardCompare(trim($this->getAttributeValue()),trim($value)))
133 {
134 $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
135 return true;
136 }
137 /*
138 if(trim($value) == trim($this->getAttributeValue()))
139 {
140 $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
141 return true;
142 }
143 */
144 }
145 return false;
146
147 case self::TYPE_GROUP:
148 return $this->isGroupMember($a_user_data);
149
150 }
151 }
152
153 protected function wildcardCompare($a_str1, $a_str2)
154 {
155 $pattern = str_replace('*','.*?', $a_str1);
156 $GLOBALS['ilLog']->write(__METHOD__.': Replace pattern:'. $pattern.' => '.$a_str2);
157 return (bool) preg_match('/^'.$pattern.'$/i',$a_str2);
158 }
159
168 private function isGroupMember($a_user_data)
169 {
170 global $ilLog;
171
172
173 if($this->isMemberAttributeDN())
174 {
175 $user_cmp = $a_user_data['dn'];
176 }
177 else
178 {
179 $user_cmp = $a_user_data['ilExternalAccount'];
180 }
181
182 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
183 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
184
185 $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
186
187 try
188 {
189 $query = new ilLDAPQuery($server);
190 $query->bind();
191 $res = $query->query($this->getDN(),
192 sprintf('(%s=%s)',
193 $this->getMemberAttribute(),
194 $user_cmp),
195 IL_LDAP_SCOPE_BASE,
196 array('dn'));
197 return $res->numRows() ? true : false;
198 }
199 catch(ilLDAPQueryException $e)
200 {
201 $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
202 return false;
203 }
204 }
205
206
207
214 public function _getRules()
215 {
216 global $ilDB;
217
218 $query = "SELECT rule_id FROM ldap_role_assignments ";
219 $res = $ilDB->query($query);
220 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
221 {
222 $rules[] = self::_getInstanceByRuleId($row->rule_id);
223 }
224 return $rules ? $rules : array();
225 }
226
234 public function setRoleId($a_role_id)
235 {
236 $this->role_id = $a_role_id;
237 }
238
245 public function getRoleId()
246 {
247 return $this->role_id;
248 }
249
256 public function getRuleId()
257 {
258 return $this->rule_id;
259 }
260
268 public function setServerId($a_id)
269 {
270 $this->server_id = $a_id;
271 }
272
279 public function getServerId()
280 {
281 return $this->server_id;
282 }
283
291 public function setType($a_type)
292 {
293 $this->type = $a_type;
294 }
295
303 public function getType()
304 {
305 return $this->type;
306 }
307
315 public function setDN($a_dn)
316 {
317 $this->dn = $a_dn;
318 }
319
326 public function getDN()
327 {
328 return $this->dn;
329 }
330
338 public function setMemberAttribute($a_attribute)
339 {
340 $this->member_attribute = $a_attribute;
341 }
342
349 public function getMemberAttribute()
350 {
351 return $this->member_attribute;
352 }
353
361 public function setMemberIsDN($a_status)
362 {
363 $this->member_is_dn = $a_status;
364 }
365
372 public function isMemberAttributeDN()
373 {
374 return (bool) $this->member_is_dn;
375 }
376
384 public function setAttributeName($a_name)
385 {
386 $this->attribute_name = $a_name;
387 }
388
395 public function getAttributeName()
396 {
397 return $this->attribute_name;
398 }
399
407 public function setAttributeValue($a_value)
408 {
409 $this->attribute_value = $a_value;
410 }
411
418 public function getAttributeValue()
419 {
420 return $this->attribute_value;
421 }
422
423 public function enableAddOnUpdate($a_status)
424 {
425 $this->add_on_update = $a_status;
426 }
427
428 public function isAddOnUpdateEnabled()
429 {
430 return (bool) $this->add_on_update;
431 }
432
433 public function enableRemoveOnUpdate($a_status)
434 {
435 $this->remove_on_update = $a_status;
436 }
437
438 public function isRemoveOnUpdateEnabled()
439 {
440 return (bool) $this->remove_on_update;
441 }
442
443 public function setPluginId($a_id)
444 {
445 $this->plugin_id = $a_id;
446 }
447
448 public function getPluginId()
449 {
450 return $this->plugin_id;
451 }
452
453 public function isPluginActive()
454 {
455 return (bool) $this->getType() == self::TYPE_PLUGIN;
456 }
457
458
465 public function conditionToString()
466 {
467 global $lng;
468
469 switch($this->getType())
470 {
471 case self::TYPE_PLUGIN:
472 return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
473
474 case self::TYPE_GROUP:
475 $dn_arr = explode(',',$this->getDN());
476 return $dn_arr[0];
477
478
479 case self::TYPE_ATTRIBUTE:
480 return $this->getAttributeName().'='.$this->getAttributeValue();
481 }
482 }
483
484
492 public function create()
493 {
494 global $ilDB;
495
496 $next_id = $ilDB->nextId('ldap_role_assignments');
497
498 $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
499 "add_on_update, remove_on_update, plugin_id ) ".
500 "VALUES( ".
501 $this->db->quote($this->getServerId(),'integer').", ".
502 $this->db->quote($next_id,'integer').", ".
503 $this->db->quote($this->getType(),'integer').", ".
504 $this->db->quote($this->getDN(),'text').", ".
505 $this->db->quote($this->getMemberAttribute(),'text').", ".
506 $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
507 $this->db->quote($this->getAttributeName(),'text').", ".
508 $this->db->quote($this->getAttributeValue(),'text').", ".
509 $this->db->quote($this->getRoleId(),'integer').", ".
510 $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
511 $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
512 $this->db->quote($this->getPluginId(),'integer').' '.
513 ")";
514 $res = $ilDB->manipulate($query);
515 $this->rule_id = $next_id;
516
517 return true;
518 }
519
526 public function update()
527 {
528 global $ilDB;
529
530 $query = "UPDATE ldap_role_assignments ".
531 "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
532 "type = ".$this->db->quote($this->getType(),'integer').", ".
533 "dn = ".$this->db->quote($this->getDN(),'text').", ".
534 "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
535 "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
536 "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
537 "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
538 "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
539 "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
540 'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
541 'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
542 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
543 $res = $ilDB->manipulate($query);
544 return true;
545 }
546
553 public function validate()
554 {
555 global $ilErr;
556
557 $ilErr->setMessage('');
558
559 if(!$this->getRoleId())
560 {
561 $ilErr->setMessage('fill_out_all_required_fields');
562 return false;
563 }
564 switch($this->getType())
565 {
566 case self::TYPE_GROUP:
567 if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
568 {
569 $ilErr->setMessage('fill_out_all_required_fields');
570 return false;
571 }
572 break;
573 case self::TYPE_ATTRIBUTE:
574 if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
575 {
576 $ilErr->setMessage('fill_out_all_required_fields');
577 return false;
578 }
579 break;
580
581 case self::TYPE_PLUGIN:
582 if(!$this->getPluginId())
583 {
584 $ilErr->setMessage('ldap_err_missing_plugin_id');
585 return false;
586 }
587 break;
588
589 default:
590 $ilErr->setMessage('ldap_no_type_given');
591 return false;
592 }
593 return true;
594 }
595
602 public function delete()
603 {
604 global $ilDB;
605
606 $query = "DELETE FROM ldap_role_assignments ".
607 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
608 $res = $ilDB->manipulate($query);
609 return true;
610
611 }
618 private function read()
619 {
620 global $ilDB;
621
622 $query = "SELECT * FROM ldap_role_assignments ".
623 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
624
625 $res = $this->db->query($query);
626 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
627 {
628 $this->setServerId($row->server_id);
629 $this->setType($row->type);
630 $this->setDN($row->dn);
631 $this->setMemberAttribute($row->attribute);
632 $this->setMemberIsDN($row->isdn);
633 $this->setAttributeName($row->att_name);
634 $this->setAttributeValue($row->att_value);
635 $this->setRoleId($row->role_id);
636 $this->enableAddOnUpdate($row->add_on_update);
637 $this->enableRemoveOnUpdate($row->remove_on_update);
638 $this->setPluginId($row->plugin_id);
639 }
640 }
641}
642?>
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:168
ilLDAPRoleAssignmentRule\setMemberAttribute
setMemberAttribute($a_attribute)
@access public
Definition: class.ilLDAPRoleAssignmentRule.php:338
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:102
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:384
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:372
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:407
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:361
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:216
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Definition: class.ilLDAPServer.php:53
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:180
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:931
$server
$server
Definition: dummy_client.php:12
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilLog
$ilLog
Definition: inc.setup_header.php:132
$ilErr
$ilErr
Definition: inc.setup_header.php:81
$lng
global $lng
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:19