ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
32class ilLDAPRoleAssignmentRule
33{
34 private static $instances = null;
35
36 const TYPE_GROUP = 1;
37 const TYPE_ATTRIBUTE = 2;
38 const TYPE_PLUGIN = 3;
39
40 private $server_id = 0;
41 private $plugin_active = false;
42 private $add_on_update = false;
43 private $remove_on_update = false;
44 private $plugin_id = 0;
45
46
54 private function __construct($a_id = 0)
55 {
56 global $ilDB;
57
58 $this->db = $ilDB;
59
60 $this->rule_id = $a_id;
61 $this->read();
62 }
63
72 public static function _getInstanceByRuleId($a_rule_id)
73 {
74 if(isset(self::$instances[$a_rule_id]))
75 {
76 return self::$instances[$a_rule_id];
77 }
78 return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
79 }
80
85 public static function hasRulesForUpdate()
86 {
87 global $ilDB;
88
89 $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
90 'WHERE add_on_update = 1 '.
91 'OR remove_on_update = 1 ';
92 $res = $ilDB->query($query);
93 $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
94 return $row->num > 0;
95 }
96
102 public function matches($a_user_data)
103 {
104 global $ilLog;
105
106 switch($this->getType())
107 {
108 case self::TYPE_PLUGIN:
109 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
110 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
111
112 case self::TYPE_ATTRIBUTE:
113
114 $attn = strtolower($this->getAttributeName());
115
116 if(!isset($a_user_data[$attn]))
117 {
118 return false;
119 }
120
121 if(!is_array($a_user_data[$attn]))
122 {
123 $attribute_val = array(0 => $a_user_data[$attn]);
124 }
125 else
126 {
127 $attribute_val = $a_user_data[$attn];
128 }
129
130 foreach($attribute_val as $value)
131 {
132 if($this->wildcardCompare(trim($this->getAttributeValue()),trim($value)))
133 {
134 $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
135 return true;
136 }
137 /*
138 if(trim($value) == trim($this->getAttributeValue()))
139 {
140 $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
141 return true;
142 }
143 */
144 }
145 return false;
146
147 case self::TYPE_GROUP:
148 return $this->isGroupMember($a_user_data);
149
150 }
151 }
152
153 protected function wildcardCompare($a_str1, $a_str2)
154 {
155 $pattern = str_replace('*','.*?', $a_str1);
156 $GLOBALS['ilLog']->write(__METHOD__.': Replace pattern:'. $pattern.' => '.$a_str2);
157 return (bool) preg_match('/^'.$pattern.'$/i',$a_str2);
158 }
159
168 private function isGroupMember($a_user_data)
169 {
170 global $ilLog;
171
172
173 if($this->isMemberAttributeDN())
174 {
175 $user_cmp = $a_user_data['dn'];
176 }
177 else
178 {
179 $user_cmp = $a_user_data['ilExternalAccount'];
180 }
181
182 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
183 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
184
185 $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
186
187 try
188 {
189 $query = new ilLDAPQuery($server);
190 $query->bind();
191 $res = $query->query($this->getDN(),
192 sprintf('(%s=%s)',
193 $this->getMemberAttribute(),
194 $user_cmp),
195 IL_LDAP_SCOPE_BASE,
196 array('dn'));
197 return $res->numRows() ? true : false;
198 }
199 catch(ilLDAPQueryException $e)
200 {
201 $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
202 return false;
203 }
204 }
205
206
207
214 public function _getRules($a_server_id)
215 {
216 global $ilDB;
217
218 $query = "SELECT rule_id FROM ldap_role_assignments ".
219 "WHERE server_id = ".$ilDB->quote($a_server_id,'integer');
220 $res = $ilDB->query($query);
221 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
222 {
223 $rules[] = self::_getInstanceByRuleId($row->rule_id);
224 }
225 return $rules ? $rules : array();
226 }
227
235 public function setRoleId($a_role_id)
236 {
237 $this->role_id = $a_role_id;
238 }
239
246 public function getRoleId()
247 {
248 return $this->role_id;
249 }
250
257 public function getRuleId()
258 {
259 return $this->rule_id;
260 }
261
269 public function setServerId($a_id)
270 {
271 $this->server_id = $a_id;
272 }
273
280 public function getServerId()
281 {
282 return $this->server_id;
283 }
284
292 public function setType($a_type)
293 {
294 $this->type = $a_type;
295 }
296
304 public function getType()
305 {
306 return $this->type;
307 }
308
316 public function setDN($a_dn)
317 {
318 $this->dn = $a_dn;
319 }
320
327 public function getDN()
328 {
329 return $this->dn;
330 }
331
339 public function setMemberAttribute($a_attribute)
340 {
341 $this->member_attribute = $a_attribute;
342 }
343
350 public function getMemberAttribute()
351 {
352 return $this->member_attribute;
353 }
354
362 public function setMemberIsDN($a_status)
363 {
364 $this->member_is_dn = $a_status;
365 }
366
373 public function isMemberAttributeDN()
374 {
375 return (bool) $this->member_is_dn;
376 }
377
385 public function setAttributeName($a_name)
386 {
387 $this->attribute_name = $a_name;
388 }
389
396 public function getAttributeName()
397 {
398 return $this->attribute_name;
399 }
400
408 public function setAttributeValue($a_value)
409 {
410 $this->attribute_value = $a_value;
411 }
412
419 public function getAttributeValue()
420 {
421 return $this->attribute_value;
422 }
423
424 public function enableAddOnUpdate($a_status)
425 {
426 $this->add_on_update = $a_status;
427 }
428
429 public function isAddOnUpdateEnabled()
430 {
431 return (bool) $this->add_on_update;
432 }
433
434 public function enableRemoveOnUpdate($a_status)
435 {
436 $this->remove_on_update = $a_status;
437 }
438
439 public function isRemoveOnUpdateEnabled()
440 {
441 return (bool) $this->remove_on_update;
442 }
443
444 public function setPluginId($a_id)
445 {
446 $this->plugin_id = $a_id;
447 }
448
449 public function getPluginId()
450 {
451 return $this->plugin_id;
452 }
453
454 public function isPluginActive()
455 {
456 return (bool) $this->getType() == self::TYPE_PLUGIN;
457 }
458
459
466 public function conditionToString()
467 {
468 global $lng;
469
470 switch($this->getType())
471 {
472 case self::TYPE_PLUGIN:
473 return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
474
475 case self::TYPE_GROUP:
476 $dn_arr = explode(',',$this->getDN());
477 return $dn_arr[0];
478
479
480 case self::TYPE_ATTRIBUTE:
481 return $this->getAttributeName().'='.$this->getAttributeValue();
482 }
483 }
484
485
493 public function create()
494 {
495 global $ilDB;
496
497 $next_id = $ilDB->nextId('ldap_role_assignments');
498
499 $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
500 "add_on_update, remove_on_update, plugin_id ) ".
501 "VALUES( ".
502 $this->db->quote($this->getServerId(),'integer').", ".
503 $this->db->quote($next_id,'integer').", ".
504 $this->db->quote($this->getType(),'integer').", ".
505 $this->db->quote($this->getDN(),'text').", ".
506 $this->db->quote($this->getMemberAttribute(),'text').", ".
507 $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
508 $this->db->quote($this->getAttributeName(),'text').", ".
509 $this->db->quote($this->getAttributeValue(),'text').", ".
510 $this->db->quote($this->getRoleId(),'integer').", ".
511 $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
512 $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
513 $this->db->quote($this->getPluginId(),'integer').' '.
514 ")";
515 $res = $ilDB->manipulate($query);
516 $this->rule_id = $next_id;
517
518 return true;
519 }
520
527 public function update()
528 {
529 global $ilDB;
530
531 $query = "UPDATE ldap_role_assignments ".
532 "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
533 "type = ".$this->db->quote($this->getType(),'integer').", ".
534 "dn = ".$this->db->quote($this->getDN(),'text').", ".
535 "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
536 "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
537 "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
538 "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
539 "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
540 "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
541 'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
542 'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
543 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
544 $res = $ilDB->manipulate($query);
545 return true;
546 }
547
554 public function validate()
555 {
556 global $ilErr;
557
558 $ilErr->setMessage('');
559
560 if(!$this->getRoleId())
561 {
562 $ilErr->setMessage('fill_out_all_required_fields');
563 return false;
564 }
565 switch($this->getType())
566 {
567 case self::TYPE_GROUP:
568 if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
569 {
570 $ilErr->setMessage('fill_out_all_required_fields');
571 return false;
572 }
573 break;
574 case self::TYPE_ATTRIBUTE:
575 if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
576 {
577 $ilErr->setMessage('fill_out_all_required_fields');
578 return false;
579 }
580 break;
581
582 case self::TYPE_PLUGIN:
583 if(!$this->getPluginId())
584 {
585 $ilErr->setMessage('ldap_err_missing_plugin_id');
586 return false;
587 }
588 break;
589
590 default:
591 $ilErr->setMessage('ldap_no_type_given');
592 return false;
593 }
594 return true;
595 }
596
603 public function delete()
604 {
605 global $ilDB;
606
607 $query = "DELETE FROM ldap_role_assignments ".
608 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
609 $res = $ilDB->manipulate($query);
610 return true;
611
612 }
619 private function read()
620 {
621 global $ilDB;
622
623 $query = "SELECT * FROM ldap_role_assignments ".
624 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
625
626 $res = $this->db->query($query);
627 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
628 {
629 $this->setServerId($row->server_id);
630 $this->setType($row->type);
631 $this->setDN($row->dn);
632 $this->setMemberAttribute($row->attribute);
633 $this->setMemberIsDN($row->isdn);
634 $this->setAttributeName($row->att_name);
635 $this->setAttributeValue($row->att_value);
636 $this->setRoleId($row->role_id);
637 $this->enableAddOnUpdate($row->add_on_update);
638 $this->enableRemoveOnUpdate($row->remove_on_update);
639 $this->setPluginId($row->plugin_id);
640 }
641 }
642}
643?>
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:168
ilLDAPRoleAssignmentRule\setMemberAttribute
setMemberAttribute($a_attribute)
@access public
Definition: class.ilLDAPRoleAssignmentRule.php:339
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:102
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:385
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:373
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRule\_getRules
_getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:214
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:408
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:362
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:233
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:185
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
$server
$server
Definition: dummy_client.php:12
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$ilErr
$ilErr
Definition: inc.setup_header.php:67
$lng
global $lng
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:19