ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Static Public Member Functions | Data Fields | Static Protected Member Functions | Static Protected Attributes
ilLDAPRoleAssignmentRules Class Reference
Services/LDAP

Do role assignemnts More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole ($a_server_id)
 Get default global role. More...
 
static getAllPossibleRoles ($a_server_id)
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ($a_server_id)
 get all possible attribute names More...
 
static getAssignmentsForUpdate ($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
 type $ilDB type $rbacadmin type $rbacreview type $ilSetting type $ilLog More...
 
static getAssignmentsForCreation ($a_server_id, $a_usr_name, $a_usr_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 Call plugin check if the condition matches. More...
 

Data Fields

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Static Protected Member Functions

static getAdditionalPluginAttributes ($a_server_id)
 Fetch additional attributes from plugin. More...
 
static parseRole ($a_role_id, $a_action)
 Parse role. More...
 

Static Protected Attributes

static $active_plugins = null
 
static $default_role = null
 

Detailed Description

Do role assignemnts

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 32 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static

Call plugin check if the condition matches.

Returns
bool
Parameters
object$a_plugin_id
object$a_user_data

Definition at line 216 of file class.ilLDAPRoleAssignmentRules.php.

References $ok, and IL_COMP_SERVICE.

Referenced by ilLDAPRoleAssignmentRule\matches().

217  {
218  global $ilPluginAdmin;
219 
220  if (self::$active_plugins == null) {
221  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
222  IL_COMP_SERVICE,
223  'LDAP',
224  'ldaphk'
225  );
226  }
227 
228  $assigned = false;
229  foreach (self::$active_plugins as $plugin_name) {
230  $ok = false;
231  $plugin_obj = $ilPluginAdmin->getPluginObject(
232  IL_COMP_SERVICE,
233  'LDAP',
234  'ldaphk',
235  $plugin_name
236  );
237 
238  if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
239  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
240  }
241 
242  if ($ok) {
243  $assigned = true;
244  }
245  }
246  return $assigned;
247  }
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:32
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes (   $a_server_id)
staticprotected

Fetch additional attributes from plugin.

Parameters
int$a_server_id
Returns

Definition at line 256 of file class.ilLDAPRoleAssignmentRules.php.

References $attributes, $ok, array, and IL_COMP_SERVICE.

257  {
258  global $ilPluginAdmin;
259 
260  if (self::$active_plugins == null) {
261  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
262  IL_COMP_SERVICE,
263  'LDAP',
264  'ldaphk'
265  );
266  }
267 
268  $attributes = array();
269  foreach (self::$active_plugins as $plugin_name) {
270  $ok = false;
271  $plugin_obj = $ilPluginAdmin->getPluginObject(
272  IL_COMP_SERVICE,
273  'LDAP',
274  'ldaphk',
275  $plugin_name
276  );
277 
278  if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
279  $attributes = array_merge($attributes, $plugin_obj->getAdditionalAttributeNames());
280  }
281  }
282  return $attributes ? $attributes : array();
283  }
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:32
$attributes
$attributes
Definition: serviceValidate.php:33
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles (   $a_server_id)
static

Get all assignable roles (used for import parser)

Parameters
int$a_server_id
Returns
array roles

Definition at line 60 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $query, $res, $row, array, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\refresh().

61  {
62  global $ilDB;
63 
64  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
65  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
66  $res = $ilDB->query($query);
67  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
68  $roles[$row->role_id] = $row->role_id;
69  }
70  $gr = self::getDefaultRole($a_server_id);
71  $roles[$gr] = $gr;
72  return $roles ? $roles : array();
73  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation (   $a_server_id,
  $a_usr_name,
  $a_usr_data 
)
static
Returns
array role data
Parameters
int$a_server_id
object$a_usr_id
object$a_usr_datapublic

Definition at line 169 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $ilLog, $query, $res, $row, $rule, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), array, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthContainerApache\forceCreation(), and ilLDAPAttributeToUser\parseRoleAssignmentsForCreation().

170  {
171  global $ilDB,$ilLog;
172 
173  $query = "SELECT rule_id FROM ldap_role_assignments " .
174  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
175  $res = $ilDB->query($query);
176 
177  $num_matches = 0;
178  $roles = array();
179  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
180  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
181  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
182 
183  if ($rule->matches($a_usr_data)) {
184  $num_matches++;
185  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
186  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
187  }
188  }
189 
190  // DONE: check for global role
191  $found_global = false;
192  foreach ($roles as $role_data) {
193  if ($role_data['type'] == 'Global') {
194  $found_global = true;
195  break;
196  }
197  }
198  if (!$found_global) {
199  $ilLog->info(': No matching rule found. Assigning to default role.');
200  $roles[] = self::parseRole(
201  self::getDefaultRole($a_server_id),
202  self::ROLE_ACTION_ASSIGN
203  );
204  }
205 
206  return $roles ? $roles : array();
207  }
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
$query
$query
Definition: proxy_ylocal.php:13
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate (   $a_server_id,
  $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

type $ilDB type $rbacadmin type $rbacreview type $ilSetting type $ilLog

Parameters
int$a_server_id
type$a_usr_id
type$a_usr_name
type$a_usr_data
Returns
array

Definition at line 114 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $ilLog, $ilSetting, $query, $res, $row, $rule, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), array, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate().

115  {
116  global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
117 
118  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
119  "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
120  'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
121 
122  $res = $ilDB->query($query);
123  $roles = array();
124  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
125  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
126  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
127 
128  $matches = $rule->matches($a_usr_data);
129  if ($matches and $row->add_on_update) {
130  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
131  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
132  }
133  if (!$matches and $row->remove_on_update) {
134  $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
135  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
136  }
137  }
138 
139  // Check if there is minimum on global role
140  $deassigned_global = 0;
141  foreach ($roles as $role_data) {
142  if ($role_data['type'] == 'Global' and
143  $role_data['action'] == self::ROLE_ACTION_DEASSIGN) {
144  $deassigned_global++;
145  }
146  }
147  if (count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global) {
148  $ilLog->info(': No global role left. Assigning to default role.');
149  $roles[] = self::parseRole(
150  self::getDefaultRole($a_server_id),
151  self::ROLE_ACTION_ASSIGN
152  );
153  }
154 
155  return $roles ? $roles : array();
156  }
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
$query
$query
Definition: proxy_ylocal.php:13
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames (   $a_server_id)
static

get all possible attribute names

Parameters
int$a_server_id
Returns

Definition at line 81 of file class.ilLDAPRoleAssignmentRules.php.

References $ilDB, $name, $names, $query, $res, $row, array, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

82  {
83  global $ilDB;
84 
85  $query = "SELECT DISTINCT(att_name) " .
86  "FROM ldap_role_assignments " .
87  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
88  $res = $ilDB->query($query);
89  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
90  $name = strtolower(trim($row->att_name));
91  if ($name) {
92  $names[] = $name;
93  }
94  }
95 
96  $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
97  return $names ? $names : array();
98  }
$name
if($format !==null) $name
Definition: metadata.php:146
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole (   $a_server_id)
static

Get default global role.

Parameters
int$a_server_id
Returns

Definition at line 46 of file class.ilLDAPRoleAssignmentRules.php.

References ilLDAPAttributeMapping\_lookupGlobalRole().

47  {
48  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
49  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
50 
51  return self::$default_role =
52  ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
53  }
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:97
+ Here is the call graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole (   $a_role_id,
  $a_action 
)
staticprotected

Parse role.

Returns
Parameters
int$a_role_id
string$a_action

Definition at line 292 of file class.ilLDAPRoleAssignmentRules.php.

References array.

293  {
294  global $rbacreview;
295 
296  return array(
297  'id' => $a_role_id,
298  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
299  'action' => $a_action
300  );
301  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

Field Documentation

◆ $active_plugins

ilLDAPRoleAssignmentRules::$active_plugins = null
staticprotected

Definition at line 37 of file class.ilLDAPRoleAssignmentRules.php.

◆ $default_role

ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 38 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'

Definition at line 34 of file class.ilLDAPRoleAssignmentRules.php.

Referenced by ilAuthContainerApache\forceCreation().

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'

Definition at line 35 of file class.ilLDAPRoleAssignmentRules.php.

The documentation for this class was generated from the following file: