ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilShibbolethRoleAssignmentRules Class Reference

Shibboleth role assignment rules. More...

+ Collaboration diagram for ilShibbolethRoleAssignmentRules:

Static Public Member Functions

static getCountRules ()
 
static updateAssignments ($a_usr_id, $a_data)
 
static doAssignments ($a_usr_id, $a_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 

Static Protected Attributes

static $active_plugins = NULL
 

Detailed Description

Shibboleth role assignment rules.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Fabian Schmid fabia.nosp@m.n.sc.nosp@m.hmid@.nosp@m.ilub.nosp@m..unib.nosp@m.e.ch
Version
$Id$

Definition at line 36 of file class.ilShibbolethRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilShibbolethRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static
Parameters
$a_plugin_id
$a_user_data
Returns
bool

Definition at line 143 of file class.ilShibbolethRoleAssignmentRules.php.

143 {
144 global $ilPluginAdmin;
145 if (self::$active_plugins == NULL) {
146 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
147 }
148 $assigned = false;
149 foreach (self::$active_plugins as $plugin_name) {
150 $ok = false;
151 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
152 if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
153 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
154 }
155 if ($ok) {
156 $assigned = true;
157 }
158 }
159
160 return $assigned;
161 }
const IL_COMP_SERVICE
Interface for shibboleth role assignment plugins.

References $ok, and IL_COMP_SERVICE.

Referenced by ilShibbolethRoleAssignmentRule\doesMatch(), and ilShibbolethRoleAssignmentRule\matches().

+ Here is the caller graph for this function:

◆ doAssignments()

static ilShibbolethRoleAssignmentRules::doAssignments (   $a_usr_id,
  $a_data 
)
static
Parameters
$a_usr_id
$a_data
Returns
bool

Definition at line 113 of file class.ilShibbolethRoleAssignmentRules.php.

113 {
114 global $ilDB, $rbacadmin, $ilLog;
115 $query = "SELECT rule_id FROM shib_role_assignment ";
116 $num_matches = 0;
117 $res = $ilDB->query($query);
118 while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
119 $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
120 if ($rule->doesMatch($a_data)) {
121 $num_matches ++;
122 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
123 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
124 }
125 }
126 // Assign to default if no matching found
127 if (! $num_matches) {
128 $default_role = shibConfig::getInstance()->getUserDefaultRole();
129 $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
130 $rbacadmin->assignUser($default_role, $a_usr_id);
131 }
132
133 return true;
134 }
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
static _lookupTitle($a_id)
lookup object title
static getInstance()
global $ilDB

References $ilDB, $ilLog, $query, $res, $row, ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ShibAuth\login().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getCountRules()

static ilShibbolethRoleAssignmentRules::getCountRules ( )
static

Definition at line 60 of file class.ilShibbolethRoleAssignmentRules.php.

60 {
61 global $ilDB;
62 $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
63 $res = $ilDB->query($query);
64 while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
65 return $row->num;
66 }
67
68 return 0;
69 }

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilAuthShibbolethSettingsGUI\parseRulesTable(), and ilAuthShibbolethSettingsGUI\setSubTabs().

+ Here is the caller graph for this function:

◆ updateAssignments()

static ilShibbolethRoleAssignmentRules::updateAssignments (   $a_usr_id,
  $a_data 
)
static
Parameters
$a_usr_id
$a_data
Returns
bool

Definition at line 78 of file class.ilShibbolethRoleAssignmentRules.php.

78 {
79 require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');
80
81 global $ilDB, $rbacadmin, $rbacreview, $ilLog;
82 $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
83 $res = $ilDB->query($query);
84 while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
85 $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
86 // $matches = $rule->matches($a_data);
87 if ($rule->doesMatch($a_data) and $row->add_on_update) {
88 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
89 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
90 }
91 if (! $rule->doesMatch($a_data) and $row->remove_on_update) {
92 $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
93 $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
94 }
95 }
96 // check if is assigned to minimum one global role
97 if (! array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
98 $default_role = shibConfig::getInstance()->getUserDefaultRole();
99 $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
100 $rbacadmin->assignUser($default_role, $a_usr_id);
101 }
102
103 return true;
104 }

References $ilDB, $ilLog, $query, $res, $row, ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ShibAuth\login().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $active_plugins

ilShibbolethRoleAssignmentRules::$active_plugins = NULL
staticprotected

Definition at line 38 of file class.ilShibbolethRoleAssignmentRules.php.


The documentation for this class was generated from the following file: