ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
14{
15
19 private $dic;
23 private $ctrl;
27 private $ilias;
31 private $tabs_gui;
35 private $lng;
39 private $tpl;
43 private $ref_id;
44
45
52 public function __construct($a_auth_ref_id)
53 {
54 global $DIC;
55 $this->dic = $DIC;
56 $lng = $this->dic['lng'];
57 $ilCtrl = $this->dic['ilCtrl'];
58 $tpl = $this->dic['tpl'];
59 $ilTabs = $this->dic['ilTabs'];
60 $ilias = $this->dic['ilias'];
61 $this->ctrl = $ilCtrl;
62 $this->tabs_gui = $ilTabs;
63 $this->lng = $lng;
64 $this->lng->loadLanguageModule('shib');
65 $this->ilias = $ilias;
66 $this->tpl = $tpl;
67 $this->ref_id = $a_auth_ref_id;
68 $this->obj_id = ilObject::_lookupObjId($this->ref_id);
69 }
70
71
77 public function executeCommand()
78 {
79 global $DIC;
80 $rbacsystem = $DIC->rbac();
81 $ilErr = $DIC['ilErr'];
82 $ilCtrl = $DIC['ilCtrl'];
83 $next_class = $this->ctrl->getNextClass($this);
84 $cmd = $this->ctrl->getCmd();
85 if (!$rbacsystem->system()->checkAccess("visible,read", $this->ref_id)) {
86 $ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $ilErr->WARNING);
87 $ilCtrl->redirect($this, "settings");
88 }
89
90 $this->setSubTabs();
91 switch ($next_class) {
92 default:
93 if (!$cmd) {
94 $cmd = "settings";
95 }
96 $this->$cmd();
97 break;
98 }
99
100 return true;
101 }
102
103
104 public function settings()
105 {
106 global $DIC;
107 $rbacreview = $DIC['rbacreview'];
108 $this->tabs_gui->setSubTabActive('shib_settings');
109 // set already saved data or default value for port
110 $settings = $this->ilias->getAllSettings();
111 // Compose role list
112 $role_list = $rbacreview->getRolesByFilter(2);
113 $role = array();
114 if (!isset($settings["shib_user_default_role"])) {
115 $settings["shib_user_default_role"] = 4;
116 }
117 if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '') {
118 $settings["shib_idp_list"] = "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
119 }
120 if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == '') {
121 $settings["shib_login_button"] = "templates/default/images/shib_login_button.png";
122 }
123 if (!isset($settings["shib_hos_type"]) || $settings["shib_hos_type"] == '') {
124 $settings["shib_hos_type"] = 'internal_wayf';
125 }
126 foreach ($role_list as $data) {
127 $role[$data["obj_id"]] = $data["title"];
128 }
129 // Set text field content
130 $shib_settings = array(
131 'shib_login',
132 'shib_title',
133 'shib_firstname',
134 'shib_lastname',
135 'shib_email',
136 'shib_gender',
137 'shib_institution',
138 'shib_department',
139 'shib_zipcode',
140 'shib_city',
141 'shib_country',
142 'shib_street',
143 'shib_phone_office',
144 'shib_phone_home',
145 'shib_phone_mobile',
146 'shib_language',
147 'shib_matriculation',
148 );
149 //set PropertyFormGUI
150 include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
151 $propertys = new ilPropertyFormGUI();
152 $propertys->setTitle($this->lng->txt("shib"));
153 $propertys->setFormAction($this->ctrl->getFormAction($this, "save"));
154 if ($this->dic->rbac()->system()->checkAccess('write', $this->ref_id)) {
155 $propertys->addCommandButton("save", $this->lng->txt("save"));
156 $propertys->addCommandButton("settings", $this->lng->txt("cancel"));
157 }
158 //set enable shibboleth support
159 $enable = new ilCheckboxInputGUI();
160 $enable->setTitle($this->lng->txt("shib_active"));
161 $read_me_link = "./Services/AuthShibboleth/README.SHIBBOLETH.txt";
162 $info = "<a href='" . $read_me_link . "' target='_blank'>" . $this->lng->txt("auth_shib_instructions") . "</a>";
163 $enable->setInfo($info);
164 $enable->setPostVar("shib[active]");
165 $enable->setChecked($settings["shib_active"]);
166 //set allow local authentication
167 $local = new ilCheckboxInputGUI();
168 $local->setTitle($this->lng->txt("auth_allow_local"));
169 $local->setPostVar("shib[auth_allow_local]");
170 $local->setChecked($settings['shib_auth_allow_local']);
171 //set user default role
172 $defaultrole = new ilSelectInputGUI();
173 $defaultrole->setTitle($this->lng->txt("shib_user_default_role"));
174 $defaultrole->setPostVar("shib[user_default_role]");
175 $defaultrole->setOptions($role);
176 $defaultrole->setRequired(true);
177 $defaultrole->setValue($settings["shib_user_default_role"]);
178 // Administrator must activate new user accounts
179 $activate_new = new ilCheckboxInputGUI($this->lng->txt("shib_activate_new"), "shib[activate_new]");
180 $activate_new->setInfo($this->lng->txt("shib_activate_new_info"));
181 $activate_new->setChecked($settings["shib_activate_new"]);
182 //set name of federation
183 $name = new ilTextInputGUI();
184 $name->setTitle($this->lng->txt("shib_federation_name"));
185 $name->setPostVar("shib[federation_name]");
186 $name->setSize(40);
187 $name->setMaxLength(50);
188 $name->setRequired(true);
189 $name->setValue(stripslashes($settings["shib_federation_name"]));
190 //set Organize selection group
191 include_once("./Services/Form/classes/class.ilRadioGroupInputGUI.php");
192 include_once("./Services/Form/classes/class.ilRadioOption.php");
193 $organize = new ilRadioGroupInputGUI();
194 $organize->setTitle($this->lng->txt("shib_login_type"));
195 $organize->setPostVar("shib[hos_type]");
196 $organize->setRequired(true);
197 $organize->setValue($settings["shib_hos_type"]);
198 //set 1. option internalwayf
199 $internalwayf = new ilRadioOption();
200 $internalwayf->setTitle($this->lng->txt("shib_login_internal_wayf"));
201 $internalwayf->setValue("internal_wayf");
202 //set 1. option internalwayf textbox idplist
203 $idplist = new ilTextAreaInputGUI();
204 $idplist->setInfo($this->lng->txt("shib_idp_list"));
205 $idplist->setPostVar("shib[idp_list]");
206 $idplist->setRows(3);
207 $idplist->setCols(50);
208 $idplist->setValue($settings["shib_idp_list"]);
209 //set 2. Option externalwayf
210 $externalwayf = new ilRadioOption();
211 $externalwayf->setTitle($this->lng->txt("shib_login_external_wayf"));
212 $externalwayf->setValue("external_wayf");
213 //set 2. Option externalwayf textfield path to login button image
214 $loginbutton = new ilTextInputGUI();
215 $loginbutton->setInfo($this->lng->txt("shib_login_button"));
216 $loginbutton->setPostVar("shib[login_button]");
217 $loginbutton->setSize(50);
218 $loginbutton->setMaxLength(255);
219 $loginbutton->setValue($settings["shib_login_button"]);
220 //set 3. Option embeddedwayf
221 $embeddedwayf = new ilRadioOption();
222 $embeddedwayf->setTitle($this->lng->txt("shib_login_embedded_wayf"));
223 $embeddedwayf->setInfo($this->lng->txt("shib_login_embedded_wayf_description"));
224 $embeddedwayf->setValue("embedded_wayf");
225 //set login instructions
226 $logininstruction = new ilTextAreaInputGUI();
227 $logininstruction->setTitle($this->lng->txt("auth_login_instructions"));
228 $logininstruction->setPostVar("shib[login_instructions]");
229 $logininstruction->setRows(3);
230 $logininstruction->setCols(50);
231 $logininstruction->setValue(stripslashes($settings["shib_login_instructions"]));
232 //set path to data manipulation API
233 $dataconv = new ilTextInputGUI();
234 $dataconv->setTitle($this->lng->txt("shib_data_conv"));
235 $dataconv->setPostVar("shib[data_conv]");
236 $dataconv->setSize(80);
237 $dataconv->setMaxLength(512);
238 $dataconv->setValue($settings["shib_data_conv"]);
239 //field mappings
240 $fields = array();
241 foreach ($shib_settings as $setting) {
242 $field = str_replace('shib_', '', $setting);
243 $textinput = new ilTextInputGUI();
244 $textinput->setTitle($this->lng->txt($setting));
245 $textinput->setPostVar("shib[" . $field . "]");
246 $textinput->setValue($settings[$setting]);
247 $textinput->setSize(40);
248 $textinput->setMaxLength(50);
249 $checkinput = new ilCheckboxInputGUI("");
250 $checkinput->setOptionTitle($this->lng->txt("shib_update"));
251 $checkinput->setPostVar("shib[update_" . $field . "]");
252 $checkinput->setChecked($settings["shib_update_" . $field]);
253 if ($setting == 'shib_login' || $setting == 'shib_firstname'
254 || $setting == 'shib_lastname'
255 || $setting == 'shib_email'
256 ) {
257 $textinput->setRequired(true);
258 }
259 $fields[$setting] = array( "text" => $textinput, "check" => $checkinput );
260 }
261 $propertys->addItem($enable);
262 $propertys->addItem($local);
263 $propertys->addItem($activate_new);
264 $propertys->addItem($defaultrole);
265 $propertys->addItem($name);
266 $internalwayf->addSubItem($idplist);
267 $organize->addOption($internalwayf);
268 $externalwayf->addSubItem($loginbutton);
269 $organize->addOption($externalwayf);
270 $organize->addOption($embeddedwayf);
271 $propertys->addItem($organize);
272 $propertys->addItem($logininstruction);
273 $propertys->addItem($dataconv);
274 foreach ($shib_settings as $setting) {
275 $propertys->addItem($fields[$setting]["text"]);
276 if ($setting != "shib_login") {
277 $propertys->addItem($fields[$setting]["check"]);
278 }
279 }
280 $this->tpl->setContent($propertys->getHTML());
281 }
282
283
284 public function save()
285 {
286 $required = array("login", "hos_type", "firstname", "lastname", "email", "user_default_role", "federation_name");
287 array_walk($required, function (&$item) {
288 if (!$_POST["shib"][$item]) {
289 ilUtil::sendFailure($this->lng->txt("fill_out_all_required_fields"), true);
290 $this->ctrl->redirect($this, 'settings');
291 }
292 });
293
294 // validate api
295 if ($_POST["shib"]["data_conv"] && $_POST["shib"]["data_conv"] != '' && !is_readable($_POST["shib"]["data_conv"])) {
296 ilUtil::sendFailure($this->lng->txt("shib_data_conv_warning"), true);
297 $this->ctrl->redirect($this, 'settings');
298 }
299 // all ok. save settings
300 $shib_settings = array(
301 'shib_login',
302 'shib_title',
303 'shib_firstname',
304 'shib_lastname',
305 'shib_email',
306 'shib_gender',
307 'shib_institution',
308 'shib_department',
309 'shib_zipcode',
310 'shib_city',
311 'shib_country',
312 'shib_street',
313 'shib_phone_office',
314 'shib_phone_home',
315 'shib_phone_mobile',
316 'shib_language',
317 'shib_matriculation'
318 );
319 foreach ($shib_settings as $setting) {
320 $field = str_replace('shib_', '', $setting);
321 if ($_POST["shib"]["update_" . $field] != "1") {
322 $_POST["shib"]["update_" . $field] = "0";
323 }
324 $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
325 $this->ilias->setSetting("shib_update_" . $field, $_POST["shib"]["update_" . $field]);
326 }
327 if ($_POST["shib"]["active"] != "1") {
328 $this->ilias->setSetting("shib_active", "0");
329 $this->ilias->setSetting("shibboleth_active", "0");
330 } else {
331 $this->ilias->setSetting("shib_active", "1");
332 $this->ilias->setSetting("shibboleth_active", "1");
333 }
334 $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
335 $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
336 $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
337 $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
338 $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
339 $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
340 $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
341 $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local'] == '1') ? '1' : '0');
342 $this->ilias->setSetting("shib_activate_new", ($_POST['shib']['activate_new'] == '1') ? '1' : '0');
343
344 ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"), true);
345 $this->ctrl->redirect($this, 'settings');
346 }
347
348
349 protected function roleAssignment()
350 {
351 $this->tabs_gui->setSubTabActive('shib_role_assignment');
352 $this->initFormRoleAssignment('default');
353 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
354 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
355 if (strlen($html = $this->parseRulesTable())) {
356 $this->tpl->setVariable('RULE_TABLE', $html);
357 }
358
359 return true;
360 }
361
362
363 protected function parseRulesTable()
364 {
365 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
367 return '';
368 }
369 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
370 $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
371 $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
372 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
373 $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
374 $rules_table->setSelectAllCheckbox("rule_id");
375
376 return $rules_table->getHTML();
377 }
378
379
388 protected function confirmDeleteRules()
389 {
390 if (!is_array($_POST['rule_ids'])) {
391 ilUtil::sendFailure($this->lng->txt('select_one'));
392 $this->roleAssignment();
393
394 return false;
395 }
396 $this->tabs_gui->setSubTabActive('shib_role_assignment');
397 include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
398 $c_gui = new ilConfirmationGUI();
399 // set confirm/cancel commands
400 $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
401 $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
402 $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
403 $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
404 // add items to delete
405 include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
406 foreach ($_POST["rule_ids"] as $rule_id) {
408 $info = ilObject::_lookupTitle($rule->getRoleId());
409 $info .= " (";
410 $info .= $rule->conditionToString();
411 $info .= ')';
412 $c_gui->addItem('rule_ids[]', $rule_id, $info);
413 }
414 $this->tpl->setContent($c_gui->getHTML());
415 }
416
417
424 protected function deleteRules()
425 {
426 if (!is_array($_POST['rule_ids'])) {
427 ilUtil::sendFailure($this->lng->txt('select_once'));
428 $this->roleAssignment();
429
430 return false;
431 }
432 include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
433 foreach ($_POST["rule_ids"] as $rule_id) {
435 $rule->delete();
436 }
437 ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
438 $this->roleAssignment();
439
440 return true;
441 }
442
443
444 protected function initFormRoleAssignment($a_mode = 'default')
445 {
446 include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
447 $this->form = new ilPropertyFormGUI();
448 $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
449 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
450 if ($a_mode == 'default') {
451 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
452 $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
453 $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
454 } else {
455 $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
456 $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
457 $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
458 }
459 // Role selection
460 $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
461 $role->setRequired(true);
462 $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
463 $role->addOption($global);
464 $role_select = new ilSelectInputGUI('', 'role_id');
465 $role_select->setOptions($this->prepareRoleSelect());
466 $global->addSubItem($role_select);
467 $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
468 $role->addOption($local);
469 include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
470 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
471 $role_search->setSize(40);
472 $local->addSubItem($role_search);
473 include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
474 $role->setInfo($this->lng->txt('shib_role_name_info'));
475 $this->form->addItem($role);
476 // Update options
477 $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
478 $update->setValue($this->lng->txt('shib_check_role_assignment'));
479 $add = new ilCheckboxInputGUI('', 'add_missing');
480 $add->setOptionTitle($this->lng->txt('shib_add_missing'));
481 $add->setValue(1);
482 $update->addSubItem($add);
483 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
484 $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
485 $remove->setValue(1);
486 $update->addSubItem($remove);
487 $this->form->addItem($update);
488 // Assignment type
489 $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
490 $kind->setValue(1);
491 $kind->setRequired(true);
492 $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
493 $attr->setInfo($this->lng->txt('shib_attr_info'));
494 $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
495 $name->setSize(32);
496 $attr->addSubItem($name);
497 $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
498 $value->setSize(32);
499 $attr->addSubItem($value);
500 $kind->addOption($attr);
501 $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
502 $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
503 $pl->setInfo($this->lng->txt('shib_plugin_info'));
504 $pl->setDisabled(!$pl_active);
505 $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
506 $id->setDisabled(!$pl_active);
507 $id->setSize(3);
508 $id->setMaxLength(3);
509 $id->setMaxValue(999);
510 $id->setMinValue(1);
511 $pl->addSubItem($id);
512 $kind->addOption($pl);
513 $this->form->addItem($kind);
514 }
515
516
521 {
522 include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
524 }
525
526
527 protected function addRoleAssignmentRule()
528 {
529 global $DIC;
530 $ilAccess = $DIC['ilAccess'];
531 $ilErr = $DIC['ilErr'];
532 if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
533 ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
534 $this->roleAssignment();
535
536 return false;
537 }
538 $this->initFormRoleAssignment();
539 if (!$this->form->checkInput() or ($err = $this->checkInput())) {
540 if ($err) {
541 ilUtil::sendFailure($this->lng->txt($err));
542 }
543 $this->tabs_gui->setSubTabActive('shib_role_assignment');
544 $this->form->setValuesByPost();
545 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
546 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
547 if (strlen($html = $this->parseRulesTable())) {
548 $this->tpl->setVariable('RULE_TABLE', $html);
549 }
550
551 return true;
552 }
553 // Redirects if required
554 $this->showLocalRoleSelection();
555 $this->rule->add();
556 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
557 $this->roleAssignment();
558
559 return true;
560 }
561
562
568 protected function editRoleAssignment()
569 {
570 $this->ctrl->setParameter($this, 'rule_id', (int) $_GET['rule_id']);
571 $this->tabs_gui->setSubTabActive('shib_role_assignment');
572 $this->initFormRoleAssignment('update');
573 $this->getRuleValues();
574 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
575 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
576
577 return true;
578 }
579
580
581 protected function updateRoleAssignmentRule()
582 {
583 global $DIC;
584 $ilAccess = $DIC['ilAccess'];
585 $ilErr = $DIC['ilErr'];
586 if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
587 ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
588 $this->roleAssignment();
589
590 return false;
591 }
592 $this->initFormRoleAssignment();
593 if (!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id']))) {
594 if ($err) {
595 ilUtil::sendFailure($this->lng->txt($err));
596 }
597 $this->tabs_gui->setSubTabActive('shib_role_assignment');
598 $this->form->setValuesByPost();
599 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
600 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
601
602 return true;
603 }
604 $this->showLocalRoleSelection('update');
605 $this->rule->update();
606 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
607 $this->roleAssignment();
608
609 return true;
610 }
611
612
613 private function loadRule($a_rule_id = 0)
614 {
615 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
616 $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
617 if ($this->form->getInput('role_name') == 0) {
618 $this->rule->setRoleId($this->form->getInput('role_id'));
619 } elseif ($this->form->getInput('role_search')) {
620 // Search role
621 include_once './Services/Search/classes/class.ilQueryParser.php';
622 $parser = new ilQueryParser($this->form->getInput('role_search'));
623 // TODO: Handle minWordLength
624 $parser->setMinWordLength(1, true);
625 $parser->setCombination(QP_COMBINATION_AND);
626 $parser->parse();
627 include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
628 $object_search = new ilLikeObjectSearch($parser);
629 $object_search->setFilter(array( 'role' ));
630 $res = $object_search->performSearch();
631 $entries = $res->getEntries();
632 if (count($entries) == 1) {
633 $role = current($entries);
634 $this->rule->setRoleId($role['obj_id']);
635 } elseif (count($entries) > 1) {
636 $this->rule->setRoleId(-1);
637 }
638 }
639 $this->rule->setName($this->form->getInput('attr_name'));
640 $this->rule->setValue($this->form->getInput('attr_value'));
641 $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
642 $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
643 $this->rule->enablePlugin($this->form->getInput('kind') == 2);
644 $this->rule->setPluginId($this->form->getInput('plugin_id'));
645
646 return $this->rule;
647 }
648
649
650 private function getRuleValues()
651 {
652 global $DIC;
653 $rbacreview = $DIC['rbacreview'];
654 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
655 $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
656 $role = $rule->getRoleId();
657 if ($rbacreview->isGlobalRole($role)) {
658 $values['role_name'] = 0;
659 $values['role_id'] = $role;
660 } else {
661 $values['role_name'] = 1;
662 $values['role_search'] = ilObject::_lookupTitle($role);
663 }
664 $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
665 $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
666 $values['attr_name'] = $rule->getName();
667 $values['attr_value'] = $rule->getValue();
668 if (!$rule->isPluginActive()) {
669 $values['kind'] = 1;
670 } else {
671 $values['kind'] = 2;
672 $values['plugin_id'] = $rule->getPluginId();
673 }
674 $this->form->setValuesByArray($values);
675 }
676
677
678 private function checkInput($a_rule_id = 0)
679 {
680 $this->loadRule($a_rule_id);
681
682 return $this->rule->validate();
683 }
684
685
686 private function showLocalRoleSelection()
687 {
688 if ($this->rule->getRoleId() > 0) {
689 return false;
690 }
691 $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
692 $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
693 $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
694 $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
695 $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
696 $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
697 $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
698 $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
699 $this->ctrl->redirect($this, 'chooseRole');
700 }
701
702
703 protected function chooseRole()
704 {
705 $this->tabs_gui->setSubTabActive('shib_role_assignment');
706 include_once './Services/Search/classes/class.ilQueryParser.php';
707 $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
708 $parser->setMinWordLength(1, true);
709 $parser->setCombination(QP_COMBINATION_AND);
710 $parser->parse();
711 include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
712 $object_search = new ilLikeObjectSearch($parser);
713 $object_search->setFilter(array( 'role' ));
714 $res = $object_search->performSearch();
715 $entries = $res->getEntries();
716 include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
717 $table = new ilRoleSelectionTableGUI($this, 'chooseRole');
718 $table->setTitle($this->lng->txt('shib_role_selection'));
719 $table->addMultiCommand('saveRoleSelection', $this->lng->txt('shib_choose_role'));
720 $table->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
721 $table->parse($entries);
722 $this->tpl->setContent($table->getHTML());
723
724 return true;
725 }
726
727
728 protected function saveRoleSelection()
729 {
730 $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
731 $rule->setRoleId((int) $_POST['role_id']);
732 $rule->setName($_SESSION['shib_role_ass']['name']);
733 $rule->setValue($_SESSION['shib_role_ass']['value']);
734 $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
735 $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
736 $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
737 $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
738 if ($rule->getRuleId()) {
739 $rule->update();
740 } else {
741 $rule->add();
742 }
743 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
744 unset($_SESSION['shib_role_ass']);
745 $this->roleAssignment();
746 }
747
748
755 {
756 global $DIC;
757 $ilPluginAdmin = $DIC['ilPluginAdmin'];
758
759 return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk'));
760 }
761
762
763 private function prepareRoleSelect($a_as_select = true)
764 {
765 global $DIC;
766 $rbacreview = $DIC['rbacreview'];
767 $ilObjDataCache = $DIC['ilObjDataCache'];
768 $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(), 'object_data', 'title', 'obj_id');
769 $select[0] = $this->lng->txt('links_select_one');
770 foreach ($global_roles as $role_id) {
771 $select[$role_id] = ilObject::_lookupTitle($role_id);
772 }
773
774 return $select;
775 }
776
777
778 protected function setSubTabs()
779 {
780 global $DIC;
781 $ilSetting = $DIC['ilSetting'];
782 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
783 if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
784 return false;
785 }
786 // DONE: show sub tabs if there is any role assignment rule
787 $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
788 $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
789
790 return true;
791 }
792}
$parser
Definition: BPMN2Parser.php:23
$_GET["client_id"]
$_POST["username"]
$_SESSION["AccountId"]
An exception for terminatinating execution or to throw for unit testing.
const IL_COMP_SERVICE
const QP_COMBINATION_AND
Class ilAuthShibbolethSettingsGUI.
addRoleAutoCompleteObject()
Add Member for autoComplete.
hasActiveRoleAssignmentPlugins()
Check if plugin is active.
This class represents a checkbox property in a property form.
Confirmation screen class.
This class represents a non editable value in a property form.
This class represents a number property in a property form.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
This class represents a role + autocomplete feature form input.
static echoAutoCompleteList()
Static asynchronous default auto complete function.
This class represents a selection list property in a property form.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
$html
Definition: example_001.php:87
if(!array_key_exists('StateId', $_REQUEST)) $id
global $ilCtrl
Definition: ilias.php:18
if($format !==null) $name
Definition: metadata.php:146
$info
Definition: index.php:5
redirection script todo: (a better solution should control the processing via a xml file)
global $ilSetting
Definition: privfeed.php:17
if(empty($password)) $table
Definition: pwgen.php:24
global $ilErr
Definition: raiseError.php:16
global $DIC
Definition: saml.php:7
foreach($_POST as $key=> $value) $res
$rule
Definition: showstats.php:43