ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
10class ilLDAPRoleAssignmentRule
11{
12 private static $instances = null;
13
17 private $logger = null;
18
22 private $db = null;
23
24 const TYPE_GROUP = 1;
25 const TYPE_ATTRIBUTE = 2;
26 const TYPE_PLUGIN = 3;
27
28 private $server_id = 0;
29 private $plugin_active = false;
30 private $add_on_update = false;
31 private $remove_on_update = false;
32 private $plugin_id = 0;
33
34
42 private function __construct($a_id = 0)
43 {
44 $this->db = $GLOBALS['DIC']->database();
45 $this->logger = $GLOBALS['DIC']->logger()->auth();
46
47 $this->rule_id = $a_id;
48 $this->read();
49 }
50
59 public static function _getInstanceByRuleId($a_rule_id)
60 {
61 if(isset(self::$instances[$a_rule_id]))
62 {
63 return self::$instances[$a_rule_id];
64 }
65 return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
66 }
67
72 public static function hasRulesForUpdate()
73 {
74 global $ilDB;
75
76 $query = 'SELECT COUNT(*) num FROM ldap_role_assignments '.
77 'WHERE add_on_update = 1 '.
78 'OR remove_on_update = 1 ';
79 $res = $ilDB->query($query);
80 $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
81 return $row->num > 0;
82 }
83
89 public function matches($a_user_data)
90 {
91 switch($this->getType())
92 {
93 case self::TYPE_PLUGIN:
94 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
95 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
96
97 case self::TYPE_ATTRIBUTE:
98
99 $attn = strtolower($this->getAttributeName());
100
101 if(!isset($a_user_data[$attn]))
102 {
103 return false;
104 }
105
106 if(!is_array($a_user_data[$attn]))
107 {
108 $attribute_val = array(0 => $a_user_data[$attn]);
109 }
110 else
111 {
112 $attribute_val = $a_user_data[$attn];
113 }
114
115 foreach($attribute_val as $value)
116 {
117 if($this->wildcardCompare(trim($this->getAttributeValue()),trim($value)))
118 {
119 $this->logger->debug(': Found role mapping: '.ilObject::_lookupTitle($this->getRoleId()));
120 return true;
121 }
122 }
123 return false;
124
125 case self::TYPE_GROUP:
126 return $this->isGroupMember($a_user_data);
127
128 }
129 }
130
131 protected function wildcardCompare($a_str1, $a_str2)
132 {
133 $pattern = str_replace('*','.*?', $a_str1);
134 $this->logger->debug(': Replace pattern:'. $pattern.' => '.$a_str2);
135 return (bool) preg_match('/^'.$pattern.'$/i',$a_str2);
136 }
137
146 private function isGroupMember($a_user_data)
147 {
148 if($this->isMemberAttributeDN())
149 {
150 $user_cmp = $a_user_data['dn'];
151 }
152 else
153 {
154 $user_cmp = $a_user_data['ilExternalAccount'];
155 }
156
157 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
158 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
159
160 $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
161
162 try
163 {
164 $query = new ilLDAPQuery($server);
165 $query->bind();
166 $res = $query->query($this->getDN(),
167 sprintf('(%s=%s)',
168 $this->getMemberAttribute(),
169 $user_cmp),
170 IL_LDAP_SCOPE_BASE,
171 array('dn'));
172 return $res->numRows() ? true : false;
173 }
174 catch(ilLDAPQueryException $e)
175 {
176 $this->logger->warning(': Caught Exception: '.$e->getMessage());
177 return false;
178 }
179 }
180
181
182
189 public static function _getRules($a_server_id)
190 {
191 $ilDB = $GLOBALS['DIC']->database();
192
193 $query = "SELECT rule_id FROM ldap_role_assignments ".
194 "WHERE server_id = ".$ilDB->quote($a_server_id,'integer');
195 $res = $ilDB->query($query);
196 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
197 {
198 $rules[] = self::_getInstanceByRuleId($row->rule_id);
199 }
200 return $rules ? $rules : array();
201 }
202
210 public function setRoleId($a_role_id)
211 {
212 $this->role_id = $a_role_id;
213 }
214
221 public function getRoleId()
222 {
223 return $this->role_id;
224 }
225
232 public function getRuleId()
233 {
234 return $this->rule_id;
235 }
236
244 public function setServerId($a_id)
245 {
246 $this->server_id = $a_id;
247 }
248
255 public function getServerId()
256 {
257 return $this->server_id;
258 }
259
267 public function setType($a_type)
268 {
269 $this->type = $a_type;
270 }
271
279 public function getType()
280 {
281 return $this->type;
282 }
283
291 public function setDN($a_dn)
292 {
293 $this->dn = $a_dn;
294 }
295
302 public function getDN()
303 {
304 return $this->dn;
305 }
306
314 public function setMemberAttribute($a_attribute)
315 {
316 $this->member_attribute = $a_attribute;
317 }
318
325 public function getMemberAttribute()
326 {
327 return $this->member_attribute;
328 }
329
337 public function setMemberIsDN($a_status)
338 {
339 $this->member_is_dn = $a_status;
340 }
341
348 public function isMemberAttributeDN()
349 {
350 return (bool) $this->member_is_dn;
351 }
352
360 public function setAttributeName($a_name)
361 {
362 $this->attribute_name = $a_name;
363 }
364
371 public function getAttributeName()
372 {
373 return $this->attribute_name;
374 }
375
383 public function setAttributeValue($a_value)
384 {
385 $this->attribute_value = $a_value;
386 }
387
394 public function getAttributeValue()
395 {
396 return $this->attribute_value;
397 }
398
399 public function enableAddOnUpdate($a_status)
400 {
401 $this->add_on_update = $a_status;
402 }
403
404 public function isAddOnUpdateEnabled()
405 {
406 return (bool) $this->add_on_update;
407 }
408
409 public function enableRemoveOnUpdate($a_status)
410 {
411 $this->remove_on_update = $a_status;
412 }
413
414 public function isRemoveOnUpdateEnabled()
415 {
416 return (bool) $this->remove_on_update;
417 }
418
419 public function setPluginId($a_id)
420 {
421 $this->plugin_id = $a_id;
422 }
423
424 public function getPluginId()
425 {
426 return $this->plugin_id;
427 }
428
429 public function isPluginActive()
430 {
431 return (bool) $this->getType() == self::TYPE_PLUGIN;
432 }
433
434
441 public function conditionToString()
442 {
443 $lng = $GLOBALS['DIC']->language();
444
445 switch($this->getType())
446 {
447 case self::TYPE_PLUGIN:
448 return $lng->txt('ldap_plugin_id').': '.$this->getPluginId();
449
450 case self::TYPE_GROUP:
451 $dn_arr = explode(',',$this->getDN());
452 return $dn_arr[0];
453
454
455 case self::TYPE_ATTRIBUTE:
456 return $this->getAttributeName().'='.$this->getAttributeValue();
457 }
458 }
459
460
468 public function create()
469 {
470 $ilDB = $this->db;
471 $next_id = $ilDB->nextId('ldap_role_assignments');
472
473 $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, ".
474 "add_on_update, remove_on_update, plugin_id ) ".
475 "VALUES( ".
476 $this->db->quote($this->getServerId(),'integer').", ".
477 $this->db->quote($next_id,'integer').", ".
478 $this->db->quote($this->getType(),'integer').", ".
479 $this->db->quote($this->getDN(),'text').", ".
480 $this->db->quote($this->getMemberAttribute(),'text').", ".
481 $this->db->quote($this->isMemberAttributeDN(),'integer').", ".
482 $this->db->quote($this->getAttributeName(),'text').", ".
483 $this->db->quote($this->getAttributeValue(),'text').", ".
484 $this->db->quote($this->getRoleId(),'integer').", ".
485 $this->db->quote($this->isAddOnUpdateEnabled(), 'integer').', '.
486 $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer').', '.
487 $this->db->quote($this->getPluginId(),'integer').' '.
488 ")";
489 $res = $ilDB->manipulate($query);
490 $this->rule_id = $next_id;
491
492 return true;
493 }
494
501 public function update()
502 {
503 $ilDB = $this->db;
504
505 $query = "UPDATE ldap_role_assignments ".
506 "SET server_id = ".$this->db->quote($this->getServerId(),'integer').", ".
507 "type = ".$this->db->quote($this->getType(),'integer').", ".
508 "dn = ".$this->db->quote($this->getDN(),'text').", ".
509 "attribute = ".$this->db->quote($this->getMemberAttribute(),'text').", ".
510 "isdn = ".$this->db->quote($this->isMemberAttributeDN(),'integer').", ".
511 "att_name = ".$this->db->quote($this->getAttributeName(),'text').", ".
512 "att_value = ".$this->db->quote($this->getAttributeValue(),'text').", ".
513 "role_id = ".$this->db->quote($this->getRoleId(),'integer').", ".
514 "add_on_update = ".$this->db->quote($this->isAddOnUpdateEnabled(),'integer').', '.
515 'remove_on_update = '.$this->db->quote($this->isRemoveOnUpdateEnabled(),'integer').', '.
516 'plugin_id = '.$this->db->quote($this->getPluginId(),'integer').' '.
517 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
518 $res = $ilDB->manipulate($query);
519 return true;
520 }
521
528 public function validate()
529 {
530 global $ilErr;
531
532 $ilErr->setMessage('');
533
534 if(!$this->getRoleId())
535 {
536 $ilErr->setMessage('fill_out_all_required_fields');
537 return false;
538 }
539 switch($this->getType())
540 {
541 case self::TYPE_GROUP:
542 if(!strlen($this->getDN()) or !strlen($this->getMemberAttribute()))
543 {
544 $ilErr->setMessage('fill_out_all_required_fields');
545 return false;
546 }
547 break;
548 case self::TYPE_ATTRIBUTE:
549 if(!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue()))
550 {
551 $ilErr->setMessage('fill_out_all_required_fields');
552 return false;
553 }
554 break;
555
556 case self::TYPE_PLUGIN:
557 if(!$this->getPluginId())
558 {
559 $ilErr->setMessage('ldap_err_missing_plugin_id');
560 return false;
561 }
562 break;
563
564 default:
565 $ilErr->setMessage('ldap_no_type_given');
566 return false;
567 }
568 return true;
569 }
570
577 public function delete()
578 {
579 $ilDB = $this->db;
580
581 $query = "DELETE FROM ldap_role_assignments ".
582 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
583 $res = $ilDB->manipulate($query);
584 return true;
585
586 }
593 private function read()
594 {
595 $ilDB = $this->db;
596
597 $query = "SELECT * FROM ldap_role_assignments ".
598 "WHERE rule_id = ".$this->db->quote($this->getRuleId(),'integer')." ";
599
600 $res = $this->db->query($query);
601 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
602 {
603 $this->setServerId($row->server_id);
604 $this->setType($row->type);
605 $this->setDN($row->dn);
606 $this->setMemberAttribute($row->attribute);
607 $this->setMemberIsDN($row->isdn);
608 $this->setAttributeName($row->att_name);
609 $this->setAttributeValue($row->att_value);
610 $this->setRoleId($row->role_id);
611 $this->enableAddOnUpdate($row->add_on_update);
612 $this->enableRemoveOnUpdate($row->remove_on_update);
613 $this->setPluginId($row->plugin_id);
614 }
615 }
616}
617?>
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
php
An exception for terminatinating execution or to throw for unit testing.
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:146
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:189
ilLDAPRoleAssignmentRule\setMemberAttribute
setMemberAttribute($a_attribute)
@access public
Definition: class.ilLDAPRoleAssignmentRule.php:314
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:89
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:360
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:348
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:383
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:337
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:233
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
$server
$server
Definition: dummy_client.php:12
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$lng
global $lng
Definition: privfeed.php:17
$ilErr
global $ilErr
Definition: raiseError.php:16
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$a_type
$a_type
Definition: workflow.php:93