@classDescription Do role assignemnts More...

Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions
static	getDefaultRole ($a_server_id)
	Get default global role. More...

static	getAllPossibleRoles ($a_server_id)
	Get all assignable roles (used for import parser) More...

static	getAttributeNames ($a_server_id)
	get all possible attribute names More...

static	getAssignmentsForUpdate ($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
	@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global type $ilLog More...

static	getAssignmentsForCreation ($a_server_id, $a_usr_name, $a_usr_data)

static	callPlugin ($a_plugin_id, $a_user_data)
	Call plugin check if the condition matches. More...

Data Fields
const	ROLE_ACTION_ASSIGN = 'Assign'

const	ROLE_ACTION_DEASSIGN = 'Detach'

Static Protected Member Functions
static	getAdditionalPluginAttributes ($a_server_id)
	Fetch additional attributes from plugin. More...

static	parseRole ($a_role_id, $a_action)
	Parse role. More...

Static Protected Attributes
static	$active_plugins = null

static	$default_role = null

Detailed Description

@classDescription Do role assignemnts

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Version: $Id$

Definition at line 32 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin	(	$a_plugin_id,
		$a_user_data
	)

static

Call plugin check if the condition matches.

Returns: bool

Parameters

object	$a_plugin_id
object	$a_user_data

Definition at line 216 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $ilPluginAdmin;
        
        if (self::$active_plugins == null) {
            self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
                IL_COMP_SERVICE,
                'LDAP',
                'ldaphk'
            );
        }
        
        $assigned = false;
        foreach (self::$active_plugins as $plugin_name) {
            $ok = false;
            $plugin_obj = $ilPluginAdmin->getPluginObject(
                IL_COMP_SERVICE,
                'LDAP',
                'ldaphk',
                $plugin_name
            );
            
            if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
                $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
            }
            
            if ($ok) {
                $assigned = true;
            }
        }
        return $assigned;
    }

References $ok, and IL_COMP_SERVICE.

Referenced by ilLDAPRoleAssignmentRule\matches().

Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes ( $a_server_id )

staticprotected

Fetch additional attributes from plugin.

Parameters

int $a_server_id

Returns

Definition at line 256 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $ilPluginAdmin;
        
        if (self::$active_plugins == null) {
            self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
                IL_COMP_SERVICE,
                'LDAP',
                'ldaphk'
            );
        }
 
        $attributes = array();
        foreach (self::$active_plugins as $plugin_name) {
            $ok = false;
            $plugin_obj = $ilPluginAdmin->getPluginObject(
                IL_COMP_SERVICE,
                'LDAP',
                'ldaphk',
                $plugin_name
            );
            
            if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
                $attributes = array_merge($attributes, $plugin_obj->getAdditionalAttributeNames());
            }
        }
        return $attributes ? $attributes : array();
    }

References $attributes, $ok, and IL_COMP_SERVICE.

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles ( $a_server_id )

static

Get all assignable roles (used for import parser)

Parameters

int $a_server_id

Returns: array roles

Definition at line 60 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $ilDB;
        
        $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
                'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
        $res = $ilDB->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $roles[$row->role_id] = $row->role_id;
        }
        $gr = self::getDefaultRole($a_server_id);
        $roles[$gr] = $gr;
        return $roles ? $roles : array();
    }

References $ilDB, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and getDefaultRole().

Referenced by ilLDAPAttributeToUser\refresh().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation	(	$a_server_id,
		$a_usr_name,
		$a_usr_data
	)

static

Returns: array role data

Parameters

int	$a_server_id
object	$a_usr_id
object	$a_usr_data

@access public

Definition at line 169 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $ilDB,$ilLog;
        
        $query = "SELECT rule_id FROM ldap_role_assignments " .
                'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
        $res = $ilDB->query($query);
        
        $num_matches = 0;
        $roles = array();
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
            $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
            
            if ($rule->matches($a_usr_data)) {
                $num_matches++;
                $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
                $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
            }
        }
        
        // DONE: check for global role
        $found_global = false;
        foreach ($roles as $role_data) {
            if ($role_data['type'] == 'Global') {
                $found_global = true;
                break;
            }
        }
        if (!$found_global) {
            $ilLog->info(': No matching rule found. Assigning to default role.');
            $roles[] = self::parseRole(
                self::getDefaultRole($a_server_id),
                self::ROLE_ACTION_ASSIGN
            );
        }
        
        return $roles ? $roles : array();
    }

References $ilDB, $ilLog, $query, $res, $row, $rule, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForCreation().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate	(	$a_server_id,
		$a_usr_id,
		$a_usr_name,
		$a_usr_data
	)

static

@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global type $ilLog

Parameters

int	$a_server_id
type	$a_usr_id
type	$a_usr_name
type	$a_usr_data

Returns: array

Definition at line 114 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
        
        $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
            "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
                'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
        
        $res = $ilDB->query($query);
        $roles = array();
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
            $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
            
            $matches = $rule->matches($a_usr_data);
            if ($matches and $row->add_on_update) {
                $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
                $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
            }
            if (!$matches and $row->remove_on_update) {
                $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
                $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
            }
        }
        
        // Check if there is minimum on global role
        $deassigned_global = 0;
        foreach ($roles as $role_data) {
            if ($role_data['type'] == 'Global' and
                $role_data['action'] == self::ROLE_ACTION_DEASSIGN) {
                $deassigned_global++;
            }
        }
        if (count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global) {
            $ilLog->info(': No global role left. Assigning to default role.');
            $roles[] = self::parseRole(
                self::getDefaultRole($a_server_id),
                self::ROLE_ACTION_ASSIGN
            );
        }
        
        return $roles ? $roles : array();
    }

References $ilDB, $ilLog, $ilSetting, $query, $res, $row, $rule, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames ( $a_server_id )

static

get all possible attribute names

Parameters

int $a_server_id

Returns

Definition at line 81 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $ilDB;
        
        $query = "SELECT DISTINCT(att_name) " .
            "FROM ldap_role_assignments " .
            'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
        $res = $ilDB->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $name = strtolower(trim($row->att_name));
            if ($name) {
                $names[] = $name;
            }
        }
        
        $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
        return $names ? $names : array();
    }

References $ilDB, $name, $names, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole ( $a_server_id )

static

Get default global role.

Parameters

int $a_server_id

Returns

Definition at line 46 of file class.ilLDAPRoleAssignmentRules.php.

    {
        include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
        include_once './Services/LDAP/classes/class.ilLDAPServer.php';
            
        return self::$default_role =
            ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
    }

References ilLDAPAttributeMapping\_lookupGlobalRole().

Referenced by getAllPossibleRoles().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole	(	$a_role_id,
		$a_action
	)

staticprotected

Parse role.

Returns

Parameters

int	$a_role_id
string	$a_action

Definition at line 292 of file class.ilLDAPRoleAssignmentRules.php.

    {
        global $rbacreview;
        
        return array(
            'id'                => $a_role_id,
            'type'              => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
            'action'    => $a_action
            );
    }