ilShibbolethRoleAssignmentRules Class Reference

Shibboleth role assignment rules. More...

Collaboration diagram for ilShibbolethRoleAssignmentRules:

Static Public Member Functions
static	getCountRules ()
static	updateAssignments ($a_usr_id, $a_data)
static	doAssignments ($a_usr_id, $a_data)
static	callPlugin ($a_plugin_id, $a_user_data)

Static Protected Attributes
static	$active_plugins = NULL

Detailed Description

Shibboleth role assignment rules.

Author

Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Fabian Schmid fabia.nosp@m.n.sc.nosp@m.hmid@.nosp@m.ilub.nosp@m..unib.nosp@m.e.ch

Version

$Id$

Definition at line 36 of file class.ilShibbolethRoleAssignmentRules.php.

Member Function Documentation

callPlugin()

static ilShibbolethRoleAssignmentRules::callPlugin (   $a_plugin_id,   $a_user_data  )

static

Parameters

$a_plugin_id
$a_user_data

Returns

bool

Definition at line 143 of file class.ilShibbolethRoleAssignmentRules.php.

References $ok, and IL_COMP_SERVICE.

Referenced by ilShibbolethRoleAssignmentRule\doesMatch(), and ilShibbolethRoleAssignmentRule\matches().

                                                                      {
                global $ilPluginAdmin;
                if (self::$active_plugins == NULL) {
                        self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
                }
                $assigned = false;
                foreach (self::$active_plugins as $plugin_name) {
                        $ok = false;
                        $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
                        if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
                                $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
                        }
                        if ($ok) {
                                $assigned = true;
                        }
                }

                return $assigned;
        }

Here is the caller graph for this function:

doAssignments()

static ilShibbolethRoleAssignmentRules::doAssignments (   $a_usr_id,   $a_data  )

static

Parameters

$a_usr_id
$a_data

Returns

bool

Definition at line 113 of file class.ilShibbolethRoleAssignmentRules.php.

References $ilDB, $ilLog, $query, $res, $row, ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ShibAuth\login().

                                                                 {
                global $ilDB, $rbacadmin, $ilLog;
                $query = "SELECT rule_id FROM shib_role_assignment ";
                $num_matches = 0;
                $res = $ilDB->query($query);
                while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
                        $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
                        if ($rule->doesMatch($a_data)) {
                                $num_matches ++;
                                $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                                $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
                        }
                }
                // Assign to default if no matching found
                if (! $num_matches) {
                        $default_role = shibConfig::getInstance()->getUserDefaultRole();
                        $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
                        $rbacadmin->assignUser($default_role, $a_usr_id);
                }

                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

getCountRules()

static ilShibbolethRoleAssignmentRules::getCountRules ( )

static

Definition at line 60 of file class.ilShibbolethRoleAssignmentRules.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilAuthShibbolethSettingsGUI\parseRulesTable(), and ilAuthShibbolethSettingsGUI\setSubTabs().

                                               {
                global $ilDB;
                $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
                $res = $ilDB->query($query);
                while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
                        return $row->num;
                }

                return 0;
        }

Here is the caller graph for this function:

updateAssignments()

static ilShibbolethRoleAssignmentRules::updateAssignments (   $a_usr_id,   $a_data  )

static

Parameters

$a_usr_id
$a_data

Returns

bool

Definition at line 78 of file class.ilShibbolethRoleAssignmentRules.php.

References $ilDB, $ilLog, $query, $res, $row, ilObject\_lookupTitle(), DB_FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ShibAuth\login().

                                                                     {
                require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');

                global $ilDB, $rbacadmin, $rbacreview, $ilLog;
                $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
                $res = $ilDB->query($query);
                while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) {
                        $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
                        //                      $matches = $rule->matches($a_data);
                        if ($rule->doesMatch($a_data) and $row->add_on_update) {
                                $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                                $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
                        }
                        if (! $rule->doesMatch($a_data) and $row->remove_on_update) {
                                $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
                                $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
                        }
                }
                // check if is assigned to minimum one global role
                if (! array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
                        $default_role = shibConfig::getInstance()->getUserDefaultRole();
                        $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
                        $rbacadmin->assignUser($default_role, $a_usr_id);
                }

                return true;
        }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

$active_plugins

ilShibbolethRoleAssignmentRules::$active_plugins = NULL

staticprotected

Definition at line 38 of file class.ilShibbolethRoleAssignmentRules.php.

---

The documentation for this class was generated from the following file:

• Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php