ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Static Public Member Functions | Data Fields | Static Protected Member Functions | Static Protected Attributes
ilLDAPRoleAssignmentRules Class Reference
Services/LDAP

@classDescription Do role assignemnts More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole ($a_server_id)
 Get default global role. More...
 
static getAllPossibleRoles ($a_server_id)
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ($a_server_id)
 get all possible attribute names More...
 
static getAssignmentsForUpdate ($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
 @global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global type $ilLog More...
 
static getAssignmentsForCreation ($a_server_id, $a_usr_name, $a_usr_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 Call plugin check if the condition matches. More...
 

Data Fields

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Static Protected Member Functions

static getAdditionalPluginAttributes ($a_server_id)
 Fetch additional attributes from plugin. More...
 
static parseRole ($a_role_id, $a_action)
 Parse role. More...
 

Static Protected Attributes

static $active_plugins = null
 
static $default_role = null
 

Detailed Description

@classDescription Do role assignemnts

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 32 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static

Call plugin check if the condition matches.

Returns
bool
Parameters
object$a_plugin_id
object$a_user_data

Definition at line 233 of file class.ilLDAPRoleAssignmentRules.php.

234 {
235 global $ilPluginAdmin;
236
237 if(self::$active_plugins == null)
238 {
239 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
240 'LDAP',
241 'ldaphk');
242 }
243
244 $assigned = false;
245 foreach(self::$active_plugins as $plugin_name)
246 {
247 $ok = false;
248 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
249 'LDAP',
250 'ldaphk',
251 $plugin_name);
252
253 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
254 {
255 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
256 }
257
258 if($ok)
259 {
260 $assigned = true;
261 }
262 }
263 return $assigned;
264 }
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:33

References $ok, and IL_COMP_SERVICE.

Referenced by ilLDAPRoleAssignmentRule\matches().

+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes (   $a_server_id)
staticprotected

Fetch additional attributes from plugin.

Parameters
int$a_server_id
Returns

Definition at line 273 of file class.ilLDAPRoleAssignmentRules.php.

274 {
275 global $ilPluginAdmin;
276
277 if(self::$active_plugins == null)
278 {
279 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
280 'LDAP',
281 'ldaphk');
282 }
283
284 $attributes = array();
285 foreach(self::$active_plugins as $plugin_name)
286 {
287 $ok = false;
288 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
289 'LDAP',
290 'ldaphk',
291 $plugin_name);
292
293 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
294 {
295 $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
296 }
297 }
298 return $attributes ? $attributes : array();
299 }

References $ok, and IL_COMP_SERVICE.

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles (   $a_server_id)
static

Get all assignable roles (used for import parser)

Parameters
int$a_server_id
Returns
array roles

Definition at line 61 of file class.ilLDAPRoleAssignmentRules.php.

62 {
63 global $ilDB;
64
65 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ".
66 'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
67 $res = $ilDB->query($query);
68 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
69 {
70 $roles[$row->role_id] = $row->role_id;
71 }
72 $gr = self::getDefaultRole($a_server_id);
73 $roles[$gr] = $gr;
74 return $roles ? $roles : array();
75 }
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPRoleAssignmentRules\getDefaultRole
static getDefaultRole($a_server_id)
Get default global role.
Definition: class.ilLDAPRoleAssignmentRules.php:46
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $ilDB, $query, $res, $row, DB_FETCHMODE_OBJECT, and getDefaultRole().

Referenced by ilLDAPAttributeToUser\refresh().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation (   $a_server_id,
  $a_usr_name,
  $a_usr_data 
)
static
Returns
array role data
Parameters
int$a_server_id
object$a_usr_id
object$a_usr_data

@access public

Definition at line 181 of file class.ilLDAPRoleAssignmentRules.php.

182 {
183 global $ilDB,$ilLog;
184
185 $query = "SELECT rule_id FROM ldap_role_assignments ".
186 'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
187 $res = $ilDB->query($query);
188
189 $num_matches = 0;
190 $roles = array();
191 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
192 {
193 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
194 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
195
196 if($rule->matches($a_usr_data))
197 {
198 $num_matches++;
199 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
200 $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
201 }
202 }
203
204 // DONE: check for global role
205 $found_global = false;
206 foreach($roles as $role_data)
207 {
208 if($role_data['type'] == 'Global')
209 {
210 $found_global = true;
211 break;
212 }
213 }
214 if(!$found_global)
215 {
216 $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
217 $roles[] = self::parseRole(
218 self::getDefaultRole($a_server_id),
219 self::ROLE_ACTION_ASSIGN
220 );
221 }
222
223 return $roles ? $roles : array();
224 }
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRules\parseRole
static parseRole($a_role_id, $a_action)
Parse role.
Definition: class.ilLDAPRoleAssignmentRules.php:308
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
$ilLog
$ilLog
Definition: inc.setup_header.php:136

References $ilDB, $ilLog, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPUserSynchronisation\handleAccountMigration(), and ilLDAPAttributeToUser\usersToXML().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate (   $a_server_id,
  $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global type $ilLog

Parameters
int$a_server_id
type$a_usr_id
type$a_usr_name
type$a_usr_data
Returns
array

Definition at line 118 of file class.ilLDAPRoleAssignmentRules.php.

119 {
120 global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
121
122 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
123 "WHERE (add_on_update = 1 OR remove_on_update = 1) ".
124 'AND server_id = '.$ilDB->quote($a_server_id,'integer');
125
126 $res = $ilDB->query($query);
127 $roles = array();
128 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
129 {
130 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
131 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
132
133 $matches = $rule->matches($a_usr_data);
134 if($matches and $row->add_on_update)
135 {
136 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
137 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
138
139 }
140 if(!$matches and $row->remove_on_update)
141 {
142 $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
143 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
144 }
145 }
146
147 // Check if there is minimum on global role
148 $deassigned_global = 0;
149 foreach($roles as $role_data)
150 {
151 if($role_data['type'] == 'Global' and
152 $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
153 {
154 $deassigned_global++;
155 }
156 }
157 if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
158 {
159 $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
160 $roles[] = self::parseRole(
161 self::getDefaultRole($a_server_id),
162 self::ROLE_ACTION_ASSIGN
163 );
164 }
165
166 return $roles ? $roles : array();
167
168 }
$ilSetting
global $ilSetting
Definition: privfeed.php:40

References $ilDB, $ilLog, $ilSetting, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPAttributeToUser\usersToXML().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames (   $a_server_id)
static

get all possible attribute names

Parameters
int$a_server_id
Returns

Definition at line 83 of file class.ilLDAPRoleAssignmentRules.php.

84 {
85 global $ilDB;
86
87 $query = "SELECT DISTINCT(att_name) ".
88 "FROM ldap_role_assignments ".
89 'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
90 $res = $ilDB->query($query);
91 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
92 {
93 $name = strtolower(trim($row->att_name));
94 if($name)
95 {
96 $names[] = $name;
97 }
98 }
99
100 $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
101 return $names ? $names : array();
102 }

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole (   $a_server_id)
static

Get default global role.

Parameters
int$a_server_id
Returns

Definition at line 46 of file class.ilLDAPRoleAssignmentRules.php.

47 {
48
49 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
50 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
51
52 return self::$default_role =
53 ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
54 }
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:98

References ilLDAPAttributeMapping\_lookupGlobalRole().

Referenced by getAllPossibleRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole (   $a_role_id,
  $a_action 
)
staticprotected

Parse role.

Returns
Parameters
int$a_role_id
string$a_action

Definition at line 308 of file class.ilLDAPRoleAssignmentRules.php.

309 {
310 global $rbacreview;
311
312 return array(
313 'id' => $a_role_id,
314 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
315 'action' => $a_action
316 );
317 }

Referenced by getAssignmentsForCreation(), and getAssignmentsForUpdate().

+ Here is the caller graph for this function:

Field Documentation

◆ $active_plugins

ilLDAPRoleAssignmentRules::$active_plugins = null
staticprotected

Definition at line 37 of file class.ilLDAPRoleAssignmentRules.php.

◆ $default_role

ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 38 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'

Definition at line 34 of file class.ilLDAPRoleAssignmentRules.php.

Referenced by ilLDAPUserSynchronisation\handleAccountMigration().

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'

Definition at line 35 of file class.ilLDAPRoleAssignmentRules.php.

The documentation for this class was generated from the following file: