ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
33{
34 const ROLE_ACTION_ASSIGN = 'Assign';
35 const ROLE_ACTION_DEASSIGN = 'Detach';
36
37 protected static $active_plugins = null;
38 protected static $default_role = null;
39
40
46 public static function getDefaultRole($a_server_id)
47 {
48
49 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
50 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
51
52 return self::$default_role =
54 }
55
61 public static function getAllPossibleRoles($a_server_id)
62 {
63 global $ilDB;
64
65 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments ".
66 'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
67 $res = $ilDB->query($query);
68 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
69 {
70 $roles[$row->role_id] = $row->role_id;
71 }
72 $gr = self::getDefaultRole($a_server_id);
73 $roles[$gr] = $gr;
74 return $roles ? $roles : array();
75 }
76
77 // begin-patch ldap_multiple
83 public static function getAttributeNames($a_server_id)
84 {
85 global $ilDB;
86
87 $query = "SELECT DISTINCT(att_name) ".
88 "FROM ldap_role_assignments ".
89 'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
90 $res = $ilDB->query($query);
91 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
92 {
93 $name = strtolower(trim($row->att_name));
94 if($name)
95 {
96 $names[] = $name;
97 }
98 }
99
100 $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
101 return $names ? $names : array();
102 }
103
104 // begin-patch ldap_multiple
118 public static function getAssignmentsForUpdate($a_server_id,$a_usr_id,$a_usr_name,$a_usr_data)
119 {
120 global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
121
122 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments ".
123 "WHERE (add_on_update = 1 OR remove_on_update = 1) ".
124 'AND server_id = '.$ilDB->quote($a_server_id,'integer');
125
126 $res = $ilDB->query($query);
127 $roles = array();
128 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
129 {
130 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
132
133 $matches = $rule->matches($a_usr_data);
134 if($matches and $row->add_on_update)
135 {
136 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
137 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
138
139 }
140 if(!$matches and $row->remove_on_update)
141 {
142 $ilLog->write(__METHOD__.': Deassigned from role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
143 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
144 }
145 }
146
147 // Check if there is minimum on global role
148 $deassigned_global = 0;
149 foreach($roles as $role_data)
150 {
151 if($role_data['type'] == 'Global' and
152 $role_data['action'] == self::ROLE_ACTION_DEASSIGN)
153 {
154 $deassigned_global++;
155 }
156 }
157 if(count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global)
158 {
159 $ilLog->write(__METHOD__.': No global role left. Assigning to default role.');
160 $roles[] = self::parseRole(
161 self::getDefaultRole($a_server_id),
162 self::ROLE_ACTION_ASSIGN
163 );
164 }
165
166 return $roles ? $roles : array();
167
168 }
169
170
181 public static function getAssignmentsForCreation($a_server_id, $a_usr_name,$a_usr_data)
182 {
183 global $ilDB,$ilLog;
184
185 $query = "SELECT rule_id FROM ldap_role_assignments ".
186 'WHERE server_id = '.$ilDB->quote($a_server_id,'integer');
187 $res = $ilDB->query($query);
188
189 $num_matches = 0;
190 $roles = array();
191 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
192 {
193 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
195
196 if($rule->matches($a_usr_data))
197 {
198 $num_matches++;
199 $ilLog->write(__METHOD__.': Assigned to role: '.$a_usr_name.' => '.ilObject::_lookupTitle($rule->getRoleId()));
200 $roles[] = self::parseRole($rule->getRoleId(),self::ROLE_ACTION_ASSIGN);
201 }
202 }
203
204 // DONE: check for global role
205 $found_global = false;
206 foreach($roles as $role_data)
207 {
208 if($role_data['type'] == 'Global')
209 {
210 $found_global = true;
211 break;
212 }
213 }
214 if(!$found_global)
215 {
216 $ilLog->write(__METHOD__.': No matching rule found. Assigning to default role.');
217 $roles[] = self::parseRole(
218 self::getDefaultRole($a_server_id),
219 self::ROLE_ACTION_ASSIGN
220 );
221 }
222
223 return $roles ? $roles : array();
224 }
225
233 public static function callPlugin($a_plugin_id,$a_user_data)
234 {
235 global $ilPluginAdmin;
236
237 if(self::$active_plugins == null)
238 {
239 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
240 'LDAP',
241 'ldaphk');
242 }
243
244 $assigned = false;
245 foreach(self::$active_plugins as $plugin_name)
246 {
247 $ok = false;
248 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
249 'LDAP',
250 'ldaphk',
251 $plugin_name);
252
253 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
254 {
255 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id,$a_user_data);
256 }
257
258 if($ok)
259 {
260 $assigned = true;
261 }
262 }
263 return $assigned;
264 }
265
266 // begin-patch ldap_multiple
267
273 protected static function getAdditionalPluginAttributes($a_server_id)
274 {
275 global $ilPluginAdmin;
276
277 if(self::$active_plugins == null)
278 {
279 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,
280 'LDAP',
281 'ldaphk');
282 }
283
284 $attributes = array();
285 foreach(self::$active_plugins as $plugin_name)
286 {
287 $ok = false;
288 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE,
289 'LDAP',
290 'ldaphk',
291 $plugin_name);
292
293 if($plugin_obj instanceof ilLDAPRoleAssignmentPlugin)
294 {
295 $attributes = array_merge($attributes,$plugin_obj->getAdditionalAttributeNames());
296 }
297 }
298 return $attributes ? $attributes : array();
299 }
300
301
308 protected static function parseRole($a_role_id,$a_action)
309 {
310 global $rbacreview;
311
312 return array(
313 'id' => $a_role_id,
314 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
315 'action' => $a_action
316 );
317 }
318
319}
const IL_COMP_SERVICE
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
@classDescription Do role assignemnts
static getAllPossibleRoles($a_server_id)
Get all assignable roles (used for import parser)
static parseRole($a_role_id, $a_action)
Parse role.
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
static getDefaultRole($a_server_id)
Get default global role.
static getAttributeNames($a_server_id)
get all possible attribute names
static getAdditionalPluginAttributes($a_server_id)
Fetch additional attributes from plugin.
static getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global t...
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
static _lookupTitle($a_id)
lookup object title
Interface for ldap role assignment plugins.
global $ilSetting
Definition: privfeed.php:40
global $ilDB