ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilShibbolethRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
25
36class ilShibbolethRoleAssignmentRules {
37
38 protected static $active_plugins = NULL;
39
40
44 public static function getAllRules() {
45 global $DIC;
46 $ilDB = $DIC['ilDB'];
47 $rules = array();
51 $query = "SELECT rule_id FROM shib_role_assignment ORDER BY rule_id";
52 $res = $ilDB->query($query);
53 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
54 $rules[$row->rule_id] = new ilShibbolethRoleAssignmentRule($row->rule_id);
55 }
56
57 return $rules;
58 }
59
60
61 public static function getCountRules() {
62 global $DIC;
63 $ilDB = $DIC['ilDB'];
64 $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
65 $res = $ilDB->query($query);
66 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
67 return $row->num;
68 }
69
70 return 0;
71 }
72
73
80 public static function updateAssignments($a_usr_id, $a_data) {
81 require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');
82
83 global $DIC;
84 $ilDB = $DIC['ilDB'];
85 $rbacadmin = $DIC['rbacadmin'];
86 $rbacreview = $DIC['rbacreview'];
87 $ilLog = $DIC['ilLog'];
88 $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
89 $res = $ilDB->query($query);
90 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
91 $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
92 // $matches = $rule->matches($a_data);
93 if ($rule->doesMatch($a_data) and $row->add_on_update) {
94 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
95 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
96 }
97 if (! $rule->doesMatch($a_data) and $row->remove_on_update) {
98 $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
99 $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
100 }
101 }
102 // check if is assigned to minimum one global role
103 if (! array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
104 $default_role = shibConfig::getInstance()->getUserDefaultRole();
105 $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
106 $rbacadmin->assignUser($default_role, $a_usr_id);
107 }
108
109 return true;
110 }
111
112
119 public static function doAssignments($a_usr_id, $a_data) {
120 global $DIC;
121 $ilDB = $DIC['ilDB'];
122 $rbacadmin = $DIC['rbacadmin'];
123 $ilLog = $DIC['ilLog'];
124 $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
125 $num_matches = 0;
126 $res = $ilDB->query($query);
127 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
128 $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
129 if ($rule->doesMatch($a_data)) {
130 $num_matches ++;
131 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
132 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
133 }
134 }
135 // Assign to default if no matching found
136 if (! $num_matches) {
137 $default_role = shibConfig::getInstance()->getUserDefaultRole();
138 $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
139 $rbacadmin->assignUser($default_role, $a_usr_id);
140 }
141
142 return true;
143 }
144
145
152 public static function callPlugin($a_plugin_id, $a_user_data) {
153 global $DIC;
154 $ilPluginAdmin = $DIC['ilPluginAdmin'];
155 if (self::$active_plugins == NULL) {
156 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
157 }
158 $assigned = false;
159 foreach (self::$active_plugins as $plugin_name) {
160 $ok = false;
161 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
162 if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
163 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
164 }
165 if ($ok) {
166 $assigned = true;
167 }
168 }
169
170 return $assigned;
171 }
172}
173
174?>
php
An exception for terminatinating execution or to throw for unit testing.
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
shibConfig\getInstance
static getInstance()
Definition: class.shibConfig.php:202
$ilLog
$ilLog
Definition: inc.setup_header.php:130
ilShibbolethRoleAssignmentPlugin
Interface for shibboleth role assignment plugins.
Definition: interface.ilShibbolethRoleAssignmentPlugin.php:34
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$DIC
global $DIC
Definition: imagemanager.php:32