ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ilLDAPRoleAssignmentRule
33 {
34  private static $instances = null;
35 
36  const TYPE_GROUP = 1;
37  const TYPE_ATTRIBUTE = 2;
38  const TYPE_PLUGIN = 3;
39 
40  private $server_id = 0;
41  private $plugin_active = false;
42  private $add_on_update = false;
43  private $remove_on_update = false;
44  private $plugin_id = 0;
45 
46 
54  private function __construct($a_id = 0)
55  {
56  global $ilDB;
57 
58  $this->db = $ilDB;
59 
60  $this->rule_id = $a_id;
61  $this->read();
62  }
63 
72  public static function _getInstanceByRuleId($a_rule_id)
73  {
74  if(isset(self::$instances[$a_rule_id]))
75  {
76  return self::$instances[$a_rule_id];
77  }
78  return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
79  }
80 
85  public static function hasRulesForUpdate()
86  {
87  global $ilDB;
88 
89  $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
90  'WHERE add_on_update = 1 '.
91  'OR remove_on_update = 1 ';
92  $res = $ilDB->query($query);
93  $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
94  return $row->num > 0;
95  }
96 
102  public function matches($a_user_data)
103  {
104  global $ilLog;
105 
106  switch($this->getType())
107  {
108  case self::TYPE_PLUGIN:
109  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
110  return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
111 
112  case self::TYPE_ATTRIBUTE:
113 
114  $attn = strtolower($this->getAttributeName());
115 
116  if(!isset($a_user_data[$attn]))
117  {
118  return false;
119  }
120 
121  if(!is_array($a_user_data[$attn]))
122  {
123  $attribute_val = array(0 => $a_user_data[$attn]);
124  }
125  else
126  {
127  $attribute_val = $a_user_data[$attn];
128  }
129 
130  foreach($attribute_val as $value)
131  {
132  if($this->wildcardCompare(trim($this->getAttributeValue()),trim($value)))
133  {
134  $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
135  return true;
136  }
137  /*
138  if(trim($value) == trim($this->getAttributeValue()))
139  {
140  $ilLog->write(__METHOD__.': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
141  return true;
142  }
143  */
144  }
145  return false;
146 
147  case self::TYPE_GROUP:
148  return $this->isGroupMember($a_user_data);
149 
150  }
151  }
152 
153  protected function wildcardCompare($a_str1, $a_str2)
154  {
155  $pattern = str_replace('*','.*?', $a_str1);
156  $GLOBALS['ilLog']->write(__METHOD__.': Replace pattern:'. $pattern.' => '.$a_str2);
157  return (bool) preg_match('/^'.$pattern.'$/i',$a_str2);
158  }
159 
168  private function isGroupMember($a_user_data)
169  {
170  global $ilLog;
171 
172 
173  if($this->isMemberAttributeDN())
174  {
175  $user_cmp = $a_user_data['dn'];
176  }
177  else
178  {
179  $user_cmp = $a_user_data['ilExternalAccount'];
180  }
181 
182  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
183  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
184 
185  $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
186 
187  try
188  {
189  $query = new ilLDAPQuery($server);
190  $query->bind();
191  $res = $query->query($this->getDN(),
192  sprintf('(%s=%s)',
193  $this->getMemberAttribute(),
194  $user_cmp),
195  IL_LDAP_SCOPE_BASE,
196  array('dn'));
197  return $res->numRows() ? true : false;
198  }
199  catch(ilLDAPQueryException $e)
200  {
201  $ilLog->write(__METHOD__.': Caught Exception: '.$e->getMessage());
202  return false;
203  }
204  }
205 
206 
207 
214  public function _getRules($a_server_id)
215  {
216  global $ilDB;
217 
218  $query = "SELECT rule_id FROM ldap_role_assignments ".
219  "WHERE server_id = ".$ilDB->quote($a_server_id,'integer');
220  $res = $ilDB->query($query);
221  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
222  {
223  $rules[] = self::_getInstanceByRuleId($row->rule_id);
224  }
225  return $rules ? $rules : array();
226  }
227 
235  public function setRoleId($a_role_id)
236  {
237  $this->role_id = $a_role_id;
238  }
239 
246  public function getRoleId()
247  {
248  return $this->role_id;
249  }
250 
257  public function getRuleId()
258  {
259  return $this->rule_id;
260  }
261 
269  public function setServerId($a_id)
270  {
271  $this->server_id = $a_id;
272  }
273 
280  public function getServerId()
281  {
282  return $this->server_id;
283  }
284 
292  public function setType($a_type)
293  {
294  $this->type = $a_type;
295  }
296 
304  public function getType()
305  {
306  return $this->type;
307  }
308 
316  public function setDN($a_dn)
317  {
318  $this->dn = $a_dn;
319  }
320 
327  public function getDN()
328  {
329  return $this->dn;
330  }
331 
339  public function setMemberAttribute($a_attribute)
340  {
341  $this->member_attribute = $a_attribute;
342  }
343 
350  public function getMemberAttribute()
351  {
352  return $this->member_attribute;
353  }
354 
362  public function setMemberIsDN($a_status)
363  {
364  $this->member_is_dn = $a_status;
365  }
366 
373  public function isMemberAttributeDN()
374  {
375  return (bool) $this->member_is_dn;
376  }
377 
385  public function setAttributeName($a_name)
386  {
387  $this->attribute_name = $a_name;
388  }
389 
396  public function getAttributeName()
397  {
398  return $this->attribute_name;
399  }
400 
408  public function setAttributeValue($a_value)
409  {
410  $this->attribute_value = $a_value;
411  }
412 
419  public function getAttributeValue()
420  {
421  return $this->attribute_value;
422  }
423 
424  public function enableAddOnUpdate($a_status)
425  {
426  $this->add_on_update = $a_status;
427  }
428 
429  public function isAddOnUpdateEnabled()
430  {
431  return (bool) $this->add_on_update;
432  }
433 
434  public function enableRemoveOnUpdate($a_status)
435  {
436  $this->remove_on_update = $a_status;
437  }
438 
439  public function isRemoveOnUpdateEnabled()
440  {
441  return (bool) $this->remove_on_update;
442  }
443 
444  public function setPluginId($a_id)
445  {
446  $this->plugin_id = $a_id;
447  }
448 
449  public function getPluginId()
450  {
451  return $this->plugin_id;
452  }
453 
454  public function isPluginActive()
455  {
456  return (bool) $this->getType() == self::TYPE_PLUGIN;
457  }
458 
459 
466  public function conditionToString()
467  {
468  global $lng;
469 
470  switch($this->getType())
471  {
472  case self::TYPE_PLUGIN:
473  return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
474 
475  case self::TYPE_GROUP:
476  $dn_arr = explode(',',$this->getDN());
477  return $dn_arr[0];
478 
479 
480  case self::TYPE_ATTRIBUTE:
481  return $this->getAttributeName().'='.$this->getAttributeValue();
482  }
483  }
484 
485 
493  public function create()
494  {
495  global $ilDB;
496 
497  $next_id = $ilDB->nextId('ldap_role_assignments');
498 
499  $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
500  "add_on_update, remove_on_update, plugin_id ) ".
501  "VALUES( ".
502  $this->db->quote($this->getServerId(),'integer').", ".
503  $this->db->quote($next_id,'integer').", ".
504  $this->db->quote($this->getType(),'integer').", ".
505  $this->db->quote($this->getDN(),'text').", ".
506  $this->db->quote($this->getMemberAttribute(),'text').", ".
507  $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
508  $this->db->quote($this->getAttributeName(),'text').", ".
509  $this->db->quote($this->getAttributeValue(),'text').", ".
510  $this->db->quote($this->getRoleId(),'integer').", ".
511  $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
512  $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
513  $this->db->quote($this->getPluginId(),'integer').' '.
514  ")";
515  $res = $ilDB->manipulate($query);
516  $this->rule_id = $next_id;
517 
518  return true;
519  }
520 
527  public function update()
528  {
529  global $ilDB;
530 
531  $query = "UPDATE ldap_role_assignments ".
532  "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
533  "type = ".$this->db->quote($this->getType(),'integer').", ".
534  "dn = ".$this->db->quote($this->getDN(),'text').", ".
535  "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
536  "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
537  "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
538  "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
539  "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
540  "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
541  'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
542  'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
543  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
544  $res = $ilDB->manipulate($query);
545  return true;
546  }
547 
554  public function validate()
555  {
556  global $ilErr;
557 
558  $ilErr->setMessage('');
559 
560  if(!$this->getRoleId())
561  {
562  $ilErr->setMessage('fill_out_all_required_fields');
563  return false;
564  }
565  switch($this->getType())
566  {
567  case self::TYPE_GROUP:
568  if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
569  {
570  $ilErr->setMessage('fill_out_all_required_fields');
571  return false;
572  }
573  break;
574  case self::TYPE_ATTRIBUTE:
575  if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
576  {
577  $ilErr->setMessage('fill_out_all_required_fields');
578  return false;
579  }
580  break;
581 
582  case self::TYPE_PLUGIN:
583  if(!$this->getPluginId())
584  {
585  $ilErr->setMessage('ldap_err_missing_plugin_id');
586  return false;
587  }
588  break;
589 
590  default:
591  $ilErr->setMessage('ldap_no_type_given');
592  return false;
593  }
594  return true;
595  }
596 
603  public function delete()
604  {
605  global $ilDB;
606 
607  $query = "DELETE FROM ldap_role_assignments ".
608  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
609  $res = $ilDB->manipulate($query);
610  return true;
611 
612  }
619  private function read()
620  {
621  global $ilDB;
622 
623  $query = "SELECT * FROM ldap_role_assignments ".
624  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
625 
626  $res = $this->db->query($query);
627  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
628  {
629  $this->setServerId($row->server_id);
630  $this->setType($row->type);
631  $this->setDN($row->dn);
632  $this->setMemberAttribute($row->attribute);
633  $this->setMemberIsDN($row->isdn);
634  $this->setAttributeName($row->att_name);
635  $this->setAttributeValue($row->att_value);
636  $this->setRoleId($row->role_id);
637  $this->enableAddOnUpdate($row->add_on_update);
638  $this->enableRemoveOnUpdate($row->remove_on_update);
639  $this->setPluginId($row->plugin_id);
640  }
641  }
642 }
643 ?>
ilLDAPRoleAssignmentRule\_getRules
_getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:214
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:185
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:102
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:385
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:373
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:168
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:408
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:233
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:72
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$server
$server
Definition: dummy_client.php:12
$lng
global $lng
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:362
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
$ilErr
$ilErr
Definition: inc.setup_header.php:67