ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Static Public Member Functions | Data Fields | Static Protected Member Functions | Static Protected Attributes
ilLDAPRoleAssignmentRules Class Reference
Services/LDAP

Do role assignemnts More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole ($a_server_id)
 Get default global role. More...
 
static getAllPossibleRoles ($a_server_id)
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ($a_server_id)
 get all possible attribute names More...
 
static getAssignmentsForUpdate ($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
 type $ilDB type $rbacadmin type $rbacreview type $ilSetting type $ilLog More...
 
static getAssignmentsForCreation ($a_server_id, $a_usr_name, $a_usr_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 Call plugin check if the condition matches. More...
 

Data Fields

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Static Protected Member Functions

static getAdditionalPluginAttributes ($a_server_id)
 Fetch additional attributes from plugin. More...
 
static parseRole ($a_role_id, $a_action)
 Parse role. More...
 

Static Protected Attributes

static $active_plugins = null
 
static $default_role = null
 

Detailed Description

Do role assignemnts

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 32 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static

Call plugin check if the condition matches.

Returns
bool
Parameters
object$a_plugin_id
object$a_user_data

Definition at line 233 of file class.ilLDAPRoleAssignmentRules.php.

References $ok, and IL_COMP_SERVICE.

Referenced by ilLDAPRoleAssignmentRule\matches().

234  {
235  global $ilPluginAdmin;
236 
237  if(self::$active_plugins == null)
238  {
239  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
240  'LDAP',
241  'ldaphk');
242  }
243 
244  $assigned = false;
245  foreach(self::$active_plugins as $plugin_name)
246  {
247  $ok = false;
248  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
249  'LDAP',
250  'ldaphk',
251  $plugin_name);
252 
253  if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
254  {
255  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
256  }
257 
258  if($ok)
259  {
260  $assigned = true;
261  }
262  }
263  return $assigned;
264  }
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:32
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes (   $a_server_id)
staticprotected

Fetch additional attributes from plugin.

Parameters
int$a_server_id
Returns

Definition at line 273 of file class.ilLDAPRoleAssignmentRules.php.

References $ok, and IL_COMP_SERVICE.

274  {
275  global $ilPluginAdmin;
276 
277  if(self::$active_plugins == null)
278  {
279  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
280  'LDAP',
281  'ldaphk');
282  }
283 
284  $attributes = array();
285  foreach(self::$active_plugins as $plugin_name)
286  {
287  $ok = false;
288  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
289  'LDAP',
290  'ldaphk',
291  $plugin_name);
292 
293  if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
294  {
295  $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
296  }
297  }
298  return $attributes ? $attributes : array();
299  }
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:32
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles (   $a_server_id)
static

Get all assignable roles (used for import parser)

Parameters
int$a_server_id
Returns
array roles

Definition at line 61 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\refresh().

62  {
63  global $ilDB;
64 
65  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ".
66  'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
67  $res = $ilDB->query($query);
68  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
69  {
70  $roles[$row->role_id] = $row->role_id;
71  }
72  $gr = self::getDefaultRole($a_server_id);
73  $roles[$gr] = $gr;
74  return $roles ? $roles : array();
75  }
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation (   $a_server_id,
  $a_usr_name,
  $a_usr_data 
)
static
Returns
array role data
Parameters
int$a_server_id
object$a_usr_id
object$a_usr_datapublic

Definition at line 181 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $ilLog, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), and DB_FETCHMODE_OBJECT.

Referenced by ilAuthContainerApache\forceCreation(), ilLDAPUserSynchronisation\handleAccountMigration(), and ilLDAPAttributeToUser\usersToXML().

182  {
183  global $ilDB,$ilLog;
184 
185  $query = "SELECT rule_id FROM ldap_role_assignments ".
186  'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
187  $res = $ilDB->query($query);
188 
189  $num_matches = 0;
190  $roles = array();
191  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
192  {
193  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
194  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
195 
196  if($rule->matches($a_usr_data))
197  {
198  $num_matches++;
199  $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
200  $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
201  }
202  }
203 
204  // DONE: check for global role
205  $found_global = false;
206  foreach($roles as $role_data)
207  {
208  if($role_data['type'] == 'Global')
209  {
210  $found_global = true;
211  break;
212  }
213  }
214  if(!$found_global)
215  {
216  $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
217  $roles[] = self::parseRole(
218  self::getDefaultRole($a_server_id),
219  self::ROLE_ACTION_ASSIGN
220  );
221  }
222 
223  return $roles ? $roles : array();
224  }
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate (   $a_server_id,
  $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

type $ilDB type $rbacadmin type $rbacreview type $ilSetting type $ilLog

Parameters
int$a_server_id
type$a_usr_id
type$a_usr_name
type$a_usr_data
Returns
array

Definition at line 118 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $ilLog, $ilSetting, $query, $res, $row, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\usersToXML().

119  {
120  global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
121 
122  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
123  "WHERE (add_on_update = 1 OR remove_on_update = 1) ".
124  'AND server_id = '.$ilDB->quote($a_server_id,'integer');
125 
126  $res = $ilDB->query($query);
127  $roles = array();
128  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
129  {
130  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
131  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
132 
133  $matches = $rule->matches($a_usr_data);
134  if($matches and $row->add_on_update)
135  {
136  $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
137  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
138 
139  }
140  if(!$matches and $row->remove_on_update)
141  {
142  $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
143  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
144  }
145  }
146 
147  // Check if there is minimum on global role
148  $deassigned_global = 0;
149  foreach($roles as $role_data)
150  {
151  if($role_data['type'] == 'Global' and
152  $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
153  {
154  $deassigned_global++;
155  }
156  }
157  if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
158  {
159  $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
160  $roles[] = self::parseRole(
161  self::getDefaultRole($a_server_id),
162  self::ROLE_ACTION_ASSIGN
163  );
164  }
165 
166  return $roles ? $roles : array();
167 
168  }
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames (   $a_server_id)
static

get all possible attribute names

Parameters
int$a_server_id
Returns

Definition at line 83 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

84  {
85  global $ilDB;
86 
87  $query = "SELECT DISTINCT(att_name) ".
88  "FROM ldap_role_assignments ".
89  'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
90  $res = $ilDB->query($query);
91  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
92  {
93  $name = strtolower(trim($row->att_name));
94  if($name)
95  {
96  $names[] = $name;
97  }
98  }
99 
100  $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
101  return $names ? $names : array();
102  }
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole (   $a_server_id)
static

Get default global role.

Parameters
int$a_server_id
Returns

Definition at line 46 of file class.ilLDAPRoleAssignmentRules.php.

References ilLDAPAttributeMapping\_lookupGlobalRole().

47  {
48 
49  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
50  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
51 
52  return self::$default_role =
53  ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
54  }
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:98
+ Here is the call graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole (   $a_role_id,
  $a_action 
)
staticprotected

Parse role.

Returns
Parameters
int$a_role_id
string$a_action

Definition at line 308 of file class.ilLDAPRoleAssignmentRules.php.

309  {
310  global $rbacreview;
311 
312  return array(
313  'id' => $a_role_id,
314  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
315  'action' => $a_action
316  );
317  }

Field Documentation

◆ $active_plugins

ilLDAPRoleAssignmentRules::$active_plugins = null
staticprotected

Definition at line 37 of file class.ilLDAPRoleAssignmentRules.php.

◆ $default_role

ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 38 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'

Definition at line 34 of file class.ilLDAPRoleAssignmentRules.php.

Referenced by ilAuthContainerApache\forceCreation(), and ilLDAPUserSynchronisation\handleAccountMigration().

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'

Definition at line 35 of file class.ilLDAPRoleAssignmentRules.php.

The documentation for this class was generated from the following file: