ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
10 class ilLDAPRoleAssignmentRule
11 {
12  private static $instances = null;
13 
17  private $logger = null;
18 
22  private $db = null;
23 
24  const TYPE_GROUP = 1;
25  const TYPE_ATTRIBUTE = 2;
26  const TYPE_PLUGIN = 3;
27 
28  private $server_id = 0;
29  private $plugin_active = false;
30  private $add_on_update = false;
31  private $remove_on_update = false;
32  private $plugin_id = 0;
33 
34 
42  private function __construct($a_id = 0)
43  {
44  $this->db = $GLOBALS['DIC']->database();
45  $this->logger = $GLOBALS['DIC']->logger()->auth();
46 
47  $this->rule_id = $a_id;
48  $this->read();
49  }
50 
59  public static function _getInstanceByRuleId($a_rule_id)
60  {
61  if(isset(self::$instances[$a_rule_id]))
62  {
63  return self::$instances[$a_rule_id];
64  }
65  return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
66  }
67 
72  public static function hasRulesForUpdate()
73  {
74  global $ilDB;
75 
76  $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
77  'WHERE add_on_update = 1 '.
78  'OR remove_on_update = 1 ';
79  $res = $ilDB->query($query);
80  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
81  return $row->num > 0;
82  }
83 
89  public function matches($a_user_data)
90  {
91  switch($this->getType())
92  {
93  case self::TYPE_PLUGIN:
94  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
95  return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
96 
97  case self::TYPE_ATTRIBUTE:
98 
99  $attn = strtolower($this->getAttributeName());
100 
101  if(!isset($a_user_data[$attn]))
102  {
103  return false;
104  }
105 
106  if(!is_array($a_user_data[$attn]))
107  {
108  $attribute_val = array(0 => $a_user_data[$attn]);
109  }
110  else
111  {
112  $attribute_val = $a_user_data[$attn];
113  }
114 
115  foreach($attribute_val as $value)
116  {
117  if($this->wildcardCompare(trim($this->getAttributeValue()),trim($value)))
118  {
119  $this->logger->debug(': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
120  return true;
121  }
122  }
123  return false;
124 
125  case self::TYPE_GROUP:
126  return $this->isGroupMember($a_user_data);
127 
128  }
129  }
130 
131  protected function wildcardCompare($a_str1, $a_str2)
132  {
133  $pattern = str_replace('*','.*?', $a_str1);
134  $this->logger->debug(': Replace pattern:'. $pattern.' => '.$a_str2);
135  return (bool) preg_match('/^'.$pattern.'$/i',$a_str2);
136  }
137 
146  private function isGroupMember($a_user_data)
147  {
148  if($this->isMemberAttributeDN())
149  {
150  $user_cmp = $a_user_data['dn'];
151  }
152  else
153  {
154  $user_cmp = $a_user_data['ilExternalAccount'];
155  }
156 
157  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
158  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
159 
160  $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
161 
162  try
163  {
164  $query = new ilLDAPQuery($server);
165  $query->bind();
166  $res = $query->query($this->getDN(),
167  sprintf('(%s=%s)',
168  $this->getMemberAttribute(),
169  $user_cmp),
170  IL_LDAP_SCOPE_BASE,
171  array('dn'));
172  return $res->numRows() ? true : false;
173  }
174  catch(ilLDAPQueryException $e)
175  {
176  $this->logger->warning(': Caught Exception: '.$e->getMessage());
177  return false;
178  }
179  }
180 
181 
182 
189  public static function _getRules($a_server_id)
190  {
191  $ilDB = $GLOBALS['DIC']->database();
192 
193  $query = "SELECT rule_id FROM ldap_role_assignments ".
194  "WHERE server_id = ".$ilDB->quote($a_server_id,'integer');
195  $res = $ilDB->query($query);
196  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
197  {
198  $rules[] = self::_getInstanceByRuleId($row->rule_id);
199  }
200  return $rules ? $rules : array();
201  }
202 
210  public function setRoleId($a_role_id)
211  {
212  $this->role_id = $a_role_id;
213  }
214 
221  public function getRoleId()
222  {
223  return $this->role_id;
224  }
225 
232  public function getRuleId()
233  {
234  return $this->rule_id;
235  }
236 
244  public function setServerId($a_id)
245  {
246  $this->server_id = $a_id;
247  }
248 
255  public function getServerId()
256  {
257  return $this->server_id;
258  }
259 
267  public function setType($a_type)
268  {
269  $this->type = $a_type;
270  }
271 
279  public function getType()
280  {
281  return $this->type;
282  }
283 
291  public function setDN($a_dn)
292  {
293  $this->dn = $a_dn;
294  }
295 
302  public function getDN()
303  {
304  return $this->dn;
305  }
306 
314  public function setMemberAttribute($a_attribute)
315  {
316  $this->member_attribute = $a_attribute;
317  }
318 
325  public function getMemberAttribute()
326  {
327  return $this->member_attribute;
328  }
329 
337  public function setMemberIsDN($a_status)
338  {
339  $this->member_is_dn = $a_status;
340  }
341 
348  public function isMemberAttributeDN()
349  {
350  return (bool) $this->member_is_dn;
351  }
352 
360  public function setAttributeName($a_name)
361  {
362  $this->attribute_name = $a_name;
363  }
364 
371  public function getAttributeName()
372  {
373  return $this->attribute_name;
374  }
375 
383  public function setAttributeValue($a_value)
384  {
385  $this->attribute_value = $a_value;
386  }
387 
394  public function getAttributeValue()
395  {
396  return $this->attribute_value;
397  }
398 
399  public function enableAddOnUpdate($a_status)
400  {
401  $this->add_on_update = $a_status;
402  }
403 
404  public function isAddOnUpdateEnabled()
405  {
406  return (bool) $this->add_on_update;
407  }
408 
409  public function enableRemoveOnUpdate($a_status)
410  {
411  $this->remove_on_update = $a_status;
412  }
413 
414  public function isRemoveOnUpdateEnabled()
415  {
416  return (bool) $this->remove_on_update;
417  }
418 
419  public function setPluginId($a_id)
420  {
421  $this->plugin_id = $a_id;
422  }
423 
424  public function getPluginId()
425  {
426  return $this->plugin_id;
427  }
428 
429  public function isPluginActive()
430  {
431  return (bool) $this->getType() == self::TYPE_PLUGIN;
432  }
433 
434 
441  public function conditionToString()
442  {
443  $lng = $GLOBALS['DIC']->language();
444 
445  switch($this->getType())
446  {
447  case self::TYPE_PLUGIN:
448  return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
449 
450  case self::TYPE_GROUP:
451  $dn_arr = explode(',',$this->getDN());
452  return $dn_arr[0];
453 
454 
455  case self::TYPE_ATTRIBUTE:
456  return $this->getAttributeName().'='.$this->getAttributeValue();
457  }
458  }
459 
460 
468  public function create()
469  {
470  $ilDB = $this->db;
471  $next_id = $ilDB->nextId('ldap_role_assignments');
472 
473  $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
474  "add_on_update, remove_on_update, plugin_id ) ".
475  "VALUES( ".
476  $this->db->quote($this->getServerId(),'integer').", ".
477  $this->db->quote($next_id,'integer').", ".
478  $this->db->quote($this->getType(),'integer').", ".
479  $this->db->quote($this->getDN(),'text').", ".
480  $this->db->quote($this->getMemberAttribute(),'text').", ".
481  $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
482  $this->db->quote($this->getAttributeName(),'text').", ".
483  $this->db->quote($this->getAttributeValue(),'text').", ".
484  $this->db->quote($this->getRoleId(),'integer').", ".
485  $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
486  $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
487  $this->db->quote($this->getPluginId(),'integer').' '.
488  ")";
489  $res = $ilDB->manipulate($query);
490  $this->rule_id = $next_id;
491 
492  return true;
493  }
494 
501  public function update()
502  {
503  $ilDB = $this->db;
504 
505  $query = "UPDATE ldap_role_assignments ".
506  "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
507  "type = ".$this->db->quote($this->getType(),'integer').", ".
508  "dn = ".$this->db->quote($this->getDN(),'text').", ".
509  "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
510  "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
511  "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
512  "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
513  "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
514  "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
515  'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
516  'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
517  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
518  $res = $ilDB->manipulate($query);
519  return true;
520  }
521 
528  public function validate()
529  {
530  global $ilErr;
531 
532  $ilErr->setMessage('');
533 
534  if(!$this->getRoleId())
535  {
536  $ilErr->setMessage('fill_out_all_required_fields');
537  return false;
538  }
539  switch($this->getType())
540  {
541  case self::TYPE_GROUP:
542  if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
543  {
544  $ilErr->setMessage('fill_out_all_required_fields');
545  return false;
546  }
547  break;
548  case self::TYPE_ATTRIBUTE:
549  if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
550  {
551  $ilErr->setMessage('fill_out_all_required_fields');
552  return false;
553  }
554  break;
555 
556  case self::TYPE_PLUGIN:
557  if(!$this->getPluginId())
558  {
559  $ilErr->setMessage('ldap_err_missing_plugin_id');
560  return false;
561  }
562  break;
563 
564  default:
565  $ilErr->setMessage('ldap_no_type_given');
566  return false;
567  }
568  return true;
569  }
570 
577  public function delete()
578  {
579  $ilDB = $this->db;
580 
581  $query = "DELETE FROM ldap_role_assignments ".
582  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
583  $res = $ilDB->manipulate($query);
584  return true;
585 
586  }
593  private function read()
594  {
595  $ilDB = $this->db;
596 
597  $query = "SELECT * FROM ldap_role_assignments ".
598  "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
599 
600  $res = $this->db->query($query);
601  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
602  {
603  $this->setServerId($row->server_id);
604  $this->setType($row->type);
605  $this->setDN($row->dn);
606  $this->setMemberAttribute($row->attribute);
607  $this->setMemberIsDN($row->isdn);
608  $this->setAttributeName($row->att_name);
609  $this->setAttributeValue($row->att_value);
610  $this->setRoleId($row->role_id);
611  $this->enableAddOnUpdate($row->add_on_update);
612  $this->enableRemoveOnUpdate($row->remove_on_update);
613  $this->setPluginId($row->plugin_id);
614  }
615  }
616 }
617 ?>
$ilErr
global $ilErr
Definition: raiseError.php:16
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:89
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:360
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:348
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:146
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:383
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:189
$a_type
$a_type
Definition: workflow.php:93
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:233
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$server
$server
Definition: dummy_client.php:12
$lng
global $lng
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:337
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10