ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
32class ilLDAPRoleAssignmentRules
33{
34 const ROLE_ACTION_ASSIGN = 'Assign';
35 const ROLE_ACTION_DEASSIGN = 'Detach';
36
37 protected static $active_plugins = null;
38 protected static $default_role = null;
39
40
46 public static function getDefaultRole($a_server_id)
47 {
48 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
49 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
50
51 return self::$default_role =
52 ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
53 }
54
60 public static function getAllPossibleRoles($a_server_id)
61 {
62 global $ilDB;
63
64 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
65 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
66 $res = $ilDB->query($query);
67 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
68 $roles[$row->role_id] = $row->role_id;
69 }
70 $gr = self::getDefaultRole($a_server_id);
71 $roles[$gr] = $gr;
72 return $roles ? $roles : array();
73 }
74
75 // begin-patch ldap_multiple
81 public static function getAttributeNames($a_server_id)
82 {
83 global $ilDB;
84
85 $query = "SELECT DISTINCT(att_name) " .
86 "FROM ldap_role_assignments " .
87 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
88 $res = $ilDB->query($query);
89 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
90 $name = strtolower(trim($row->att_name));
91 if ($name) {
92 $names[] = $name;
93 }
94 }
95
96 $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
97 return $names ? $names : array();
98 }
99
100 // begin-patch ldap_multiple
114 public static function getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
115 {
116 global $ilDB,$rbacadmin,$rbacreview,$ilSetting,$ilLog;
117
118 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
119 "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
120 'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
121
122 $res = $ilDB->query($query);
123 $roles = array();
124 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
125 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
126 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
127
128 $matches = $rule->matches($a_usr_data);
129 if ($matches and $row->add_on_update) {
130 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
131 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
132 }
133 if (!$matches and $row->remove_on_update) {
134 $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
135 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
136 }
137 }
138
139 // Check if there is minimum on global role
140 $deassigned_global = 0;
141 foreach ($roles as $role_data) {
142 if ($role_data['type'] == 'Global' and
143 $role_data['action'] == self::ROLE_ACTION_DEASSIGN) {
144 $deassigned_global++;
145 }
146 }
147 if (count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global) {
148 $ilLog->info(': No global role left. Assigning to default role.');
149 $roles[] = self::parseRole(
150 self::getDefaultRole($a_server_id),
151 self::ROLE_ACTION_ASSIGN
152 );
153 }
154
155 return $roles ? $roles : array();
156 }
157
158
169 public static function getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
170 {
171 global $ilDB,$ilLog;
172
173 $query = "SELECT rule_id FROM ldap_role_assignments " .
174 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
175 $res = $ilDB->query($query);
176
177 $num_matches = 0;
178 $roles = array();
179 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
180 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
181 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
182
183 if ($rule->matches($a_usr_data)) {
184 $num_matches++;
185 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
186 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
187 }
188 }
189
190 // DONE: check for global role
191 $found_global = false;
192 foreach ($roles as $role_data) {
193 if ($role_data['type'] == 'Global') {
194 $found_global = true;
195 break;
196 }
197 }
198 if (!$found_global) {
199 $ilLog->info(': No matching rule found. Assigning to default role.');
200 $roles[] = self::parseRole(
201 self::getDefaultRole($a_server_id),
202 self::ROLE_ACTION_ASSIGN
203 );
204 }
205
206 return $roles ? $roles : array();
207 }
208
216 public static function callPlugin($a_plugin_id, $a_user_data)
217 {
218 global $ilPluginAdmin;
219
220 if (self::$active_plugins == null) {
221 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
222 IL_COMP_SERVICE,
223 'LDAP',
224 'ldaphk'
225 );
226 }
227
228 $assigned = false;
229 foreach (self::$active_plugins as $plugin_name) {
230 $ok = false;
231 $plugin_obj = $ilPluginAdmin->getPluginObject(
232 IL_COMP_SERVICE,
233 'LDAP',
234 'ldaphk',
235 $plugin_name
236 );
237
238 if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
239 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
240 }
241
242 if ($ok) {
243 $assigned = true;
244 }
245 }
246 return $assigned;
247 }
248
249 // begin-patch ldap_multiple
250
256 protected static function getAdditionalPluginAttributes($a_server_id)
257 {
258 global $ilPluginAdmin;
259
260 if (self::$active_plugins == null) {
261 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
262 IL_COMP_SERVICE,
263 'LDAP',
264 'ldaphk'
265 );
266 }
267
268 $attributes = array();
269 foreach (self::$active_plugins as $plugin_name) {
270 $ok = false;
271 $plugin_obj = $ilPluginAdmin->getPluginObject(
272 IL_COMP_SERVICE,
273 'LDAP',
274 'ldaphk',
275 $plugin_name
276 );
277
278 if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
279 $attributes = array_merge($attributes, $plugin_obj->getAdditionalAttributeNames());
280 }
281 }
282 return $attributes ? $attributes : array();
283 }
284
285
292 protected static function parseRole($a_role_id, $a_action)
293 {
294 global $rbacreview;
295
296 return array(
297 'id' => $a_role_id,
298 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
299 'action' => $a_action
300 );
301 }
302}
php
An exception for terminatinating execution or to throw for unit testing.
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:97
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
ilLDAPRoleAssignmentRules
@classDescription Do role assignemnts
Definition: class.ilLDAPRoleAssignmentRules.php:33
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles($a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:60
ilLDAPRoleAssignmentRules\parseRole
static parseRole($a_role_id, $a_action)
Parse role.
Definition: class.ilLDAPRoleAssignmentRules.php:292
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:216
ilLDAPRoleAssignmentRules\getDefaultRole
static getDefaultRole($a_server_id)
Get default global role.
Definition: class.ilLDAPRoleAssignmentRules.php:46
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:81
ilLDAPRoleAssignmentRules\getAdditionalPluginAttributes
static getAdditionalPluginAttributes($a_server_id)
Fetch additional attributes from plugin.
Definition: class.ilLDAPRoleAssignmentRules.php:256
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global t...
Definition: class.ilLDAPRoleAssignmentRules.php:114
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:169
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
$ilLog
$ilLog
Definition: inc.setup_header.php:129
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:33
$name
if($format !==null) $name
Definition: metadata.php:146
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$attributes
$attributes
Definition: serviceValidate.php:33
$rule
$rule
Definition: showstats.php:43
$ilDB
global $ilDB
Definition: storeScorm2004.php:19