ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilShibbolethRoleAssignmentRules.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
25 
36 class ilShibbolethRoleAssignmentRules {
37 
38  protected static $active_plugins = NULL;
39 
40 
44  public static function getAllRules() {
45  global $ilDB;
46  $rules = array();
50  $query = "SELECT rule_id FROM shib_role_assignment ORDER BY rule_id";
51  $res = $ilDB->query($query);
52  while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
53  $rules[$row->rule_id] = new ilShibbolethRoleAssignmentRule($row->rule_id);
54  }
55 
56  return $rules;
57  }
58 
59 
60  public static function getCountRules() {
61  global $ilDB;
62  $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
63  $res = $ilDB->query($query);
64  while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
65  return $row->num;
66  }
67 
68  return 0;
69  }
70 
71 
78  public static function updateAssignments($a_usr_id, $a_data) {
79  require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');
80 
81  global $ilDB, $rbacadmin, $rbacreview, $ilLog;
82  $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
83  $res = $ilDB->query($query);
84  while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
85  $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
86  // $matches = $rule->matches($a_data);
87  if ($rule->doesMatch($a_data) and $row->add_on_update) {
88  $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
89  $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
90  }
91  if (! $rule->doesMatch($a_data) and $row->remove_on_update) {
92  $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
93  $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
94  }
95  }
96  // check if is assigned to minimum one global role
97  if (! array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
98  $default_role = shibConfig::getInstance()->getUserDefaultRole();
99  $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
100  $rbacadmin->assignUser($default_role, $a_usr_id);
101  }
102 
103  return true;
104  }
105 
106 
113  public static function doAssignments($a_usr_id, $a_data) {
114  global $ilDB, $rbacadmin, $ilLog;
115  $query = "SELECT rule_id FROM shib_role_assignment ";
116  $num_matches = 0;
117  $res = $ilDB->query($query);
118  while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
119  $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
120  if ($rule->doesMatch($a_data)) {
121  $num_matches ++;
122  $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
123  $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
124  }
125  }
126  // Assign to default if no matching found
127  if (! $num_matches) {
128  $default_role = shibConfig::getInstance()->getUserDefaultRole();
129  $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
130  $rbacadmin->assignUser($default_role, $a_usr_id);
131  }
132 
133  return true;
134  }
135 
136 
143  public static function callPlugin($a_plugin_id, $a_user_data) {
144  global $ilPluginAdmin;
145  if (self::$active_plugins == NULL) {
146  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
147  }
148  $assigned = false;
149  foreach (self::$active_plugins as $plugin_name) {
150  $ok = false;
151  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
152  if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
153  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
154  }
155  if ($ok) {
156  $assigned = true;
157  }
158  }
159 
160  return $assigned;
161  }
162 }
163 
164 ?>
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
shibConfig\getInstance
static getInstance()
Definition: class.shibConfig.php:201
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilShibbolethRoleAssignmentPlugin
Interface for shibboleth role assignment plugins.
Definition: interface.ilShibbolethRoleAssignmentPlugin.php:33
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6