ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
10 class ilLDAPRoleAssignmentRule
11 {
12  private static $instances = null;
13 
17  private $logger = null;
18 
22  private $db = null;
23 
24  const TYPE_GROUP = 1;
25  const TYPE_ATTRIBUTE = 2;
26  const TYPE_PLUGIN = 3;
27 
28  private $server_id = 0;
29  private $plugin_active = false;
30  private $add_on_update = false;
31  private $remove_on_update = false;
32  private $plugin_id = 0;
33 
34 
42  private function __construct($a_id = 0)
43  {
44  $this->db = $GLOBALS['DIC']->database();
45  $this->logger = $GLOBALS['DIC']->logger()->auth();
46 
47  $this->rule_id = $a_id;
48  $this->read();
49  }
50 
59  public static function _getInstanceByRuleId($a_rule_id)
60  {
61  if (isset(self::$instances[$a_rule_id])) {
62  return self::$instances[$a_rule_id];
63  }
64  return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
65  }
66 
71  public static function hasRulesForUpdate()
72  {
73  global $ilDB;
74 
75  $query = 'SELECT COUNT(*) num FROM ldap_role_assignments ' .
76  'WHERE add_on_update = 1 ' .
77  'OR remove_on_update = 1 ';
78  $res = $ilDB->query($query);
79  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
80  return $row->num > 0;
81  }
82 
88  public function matches($a_user_data)
89  {
90  switch ($this->getType()) {
91  case self::TYPE_PLUGIN:
92  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
93  return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
94 
95  case self::TYPE_ATTRIBUTE:
96 
97  $attn = strtolower($this->getAttributeName());
98 
99  if (!isset($a_user_data[$attn])) {
100  return false;
101  }
102 
103  if (!is_array($a_user_data[$attn])) {
104  $attribute_val = array(0 => $a_user_data[$attn]);
105  } else {
106  $attribute_val = $a_user_data[$attn];
107  }
108 
109  foreach ($attribute_val as $value) {
110  if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
111  $this->logger->debug(': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
112  return true;
113  }
114  }
115  return false;
116 
117  case self::TYPE_GROUP:
118  return $this->isGroupMember($a_user_data);
119 
120  }
121  }
122 
123  protected function wildcardCompare($a_str1, $a_str2)
124  {
125  $pattern = str_replace('*', '.*?', $a_str1);
126  $this->logger->debug(': Replace pattern:' . $pattern . ' => ' . $a_str2);
127  return (bool) preg_match('/^' . $pattern . '$/i', $a_str2);
128  }
129 
138  private function isGroupMember($a_user_data)
139  {
140  if ($this->isMemberAttributeDN()) {
141  $user_cmp = $a_user_data['dn'];
142  } else {
143  $user_cmp = $a_user_data['ilExternalAccount'];
144  }
145 
146  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
147  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
148 
149  $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
150 
151  try {
152  $query = new ilLDAPQuery($server);
153  $query->bind();
154  $res = $query->query(
155  $this->getDN(),
156  sprintf(
157  '(%s=%s)',
158  $this->getMemberAttribute(),
159  $user_cmp
160  ),
161  IL_LDAP_SCOPE_BASE,
162  array('dn')
163  );
164  return $res->numRows() ? true : false;
165  } catch (ilLDAPQueryException $e) {
166  $this->logger->warning(': Caught Exception: ' . $e->getMessage());
167  return false;
168  }
169  }
170 
171 
172 
179  public static function _getRules($a_server_id)
180  {
181  $ilDB = $GLOBALS['DIC']->database();
182 
183  $query = "SELECT rule_id FROM ldap_role_assignments " .
184  "WHERE server_id = " . $ilDB->quote($a_server_id, 'integer');
185  $res = $ilDB->query($query);
186  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
187  $rules[] = self::_getInstanceByRuleId($row->rule_id);
188  }
189  return $rules ? $rules : array();
190  }
191 
199  public function setRoleId($a_role_id)
200  {
201  $this->role_id = $a_role_id;
202  }
203 
210  public function getRoleId()
211  {
212  return $this->role_id;
213  }
214 
221  public function getRuleId()
222  {
223  return $this->rule_id;
224  }
225 
233  public function setServerId($a_id)
234  {
235  $this->server_id = $a_id;
236  }
237 
244  public function getServerId()
245  {
246  return $this->server_id;
247  }
248 
256  public function setType($a_type)
257  {
258  $this->type = $a_type;
259  }
260 
268  public function getType()
269  {
270  return $this->type;
271  }
272 
280  public function setDN($a_dn)
281  {
282  $this->dn = $a_dn;
283  }
284 
291  public function getDN()
292  {
293  return $this->dn;
294  }
295 
303  public function setMemberAttribute($a_attribute)
304  {
305  $this->member_attribute = $a_attribute;
306  }
307 
314  public function getMemberAttribute()
315  {
316  return $this->member_attribute;
317  }
318 
326  public function setMemberIsDN($a_status)
327  {
328  $this->member_is_dn = $a_status;
329  }
330 
337  public function isMemberAttributeDN()
338  {
339  return (bool) $this->member_is_dn;
340  }
341 
349  public function setAttributeName($a_name)
350  {
351  $this->attribute_name = $a_name;
352  }
353 
360  public function getAttributeName()
361  {
362  return $this->attribute_name;
363  }
364 
372  public function setAttributeValue($a_value)
373  {
374  $this->attribute_value = $a_value;
375  }
376 
383  public function getAttributeValue()
384  {
385  return $this->attribute_value;
386  }
387 
388  public function enableAddOnUpdate($a_status)
389  {
390  $this->add_on_update = $a_status;
391  }
392 
393  public function isAddOnUpdateEnabled()
394  {
395  return (bool) $this->add_on_update;
396  }
397 
398  public function enableRemoveOnUpdate($a_status)
399  {
400  $this->remove_on_update = $a_status;
401  }
402 
403  public function isRemoveOnUpdateEnabled()
404  {
405  return (bool) $this->remove_on_update;
406  }
407 
408  public function setPluginId($a_id)
409  {
410  $this->plugin_id = $a_id;
411  }
412 
413  public function getPluginId()
414  {
415  return $this->plugin_id;
416  }
417 
418  public function isPluginActive()
419  {
420  return (bool) $this->getType() == self::TYPE_PLUGIN;
421  }
422 
423 
430  public function conditionToString()
431  {
432  $lng = $GLOBALS['DIC']->language();
433 
434  switch ($this->getType()) {
435  case self::TYPE_PLUGIN:
436  return $lng->txt('ldap_plugin_id') . ': ' . $this->getPluginId();
437 
438  case self::TYPE_GROUP:
439  $dn_arr = explode(',', $this->getDN());
440  return $dn_arr[0];
441 
442 
443  case self::TYPE_ATTRIBUTE:
444  return $this->getAttributeName() . '=' . $this->getAttributeValue();
445  }
446  }
447 
448 
456  public function create()
457  {
458  $ilDB = $this->db;
459  $next_id = $ilDB->nextId('ldap_role_assignments');
460 
461  $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, " .
462  "add_on_update, remove_on_update, plugin_id ) " .
463  "VALUES( " .
464  $this->db->quote($this->getServerId(), 'integer') . ", " .
465  $this->db->quote($next_id, 'integer') . ", " .
466  $this->db->quote($this->getType(), 'integer') . ", " .
467  $this->db->quote($this->getDN(), 'text') . ", " .
468  $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
469  $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
470  $this->db->quote($this->getAttributeName(), 'text') . ", " .
471  $this->db->quote($this->getAttributeValue(), 'text') . ", " .
472  $this->db->quote($this->getRoleId(), 'integer') . ", " .
473  $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
474  $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
475  $this->db->quote($this->getPluginId(), 'integer') . ' ' .
476  ")";
477  $res = $ilDB->manipulate($query);
478  $this->rule_id = $next_id;
479 
480  return true;
481  }
482 
489  public function update()
490  {
491  $ilDB = $this->db;
492 
493  $query = "UPDATE ldap_role_assignments " .
494  "SET server_id = " . $this->db->quote($this->getServerId(), 'integer') . ", " .
495  "type = " . $this->db->quote($this->getType(), 'integer') . ", " .
496  "dn = " . $this->db->quote($this->getDN(), 'text') . ", " .
497  "attribute = " . $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
498  "isdn = " . $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
499  "att_name = " . $this->db->quote($this->getAttributeName(), 'text') . ", " .
500  "att_value = " . $this->db->quote($this->getAttributeValue(), 'text') . ", " .
501  "role_id = " . $this->db->quote($this->getRoleId(), 'integer') . ", " .
502  "add_on_update = " . $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
503  'remove_on_update = ' . $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
504  'plugin_id = ' . $this->db->quote($this->getPluginId(), 'integer') . ' ' .
505  "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
506  $res = $ilDB->manipulate($query);
507  return true;
508  }
509 
516  public function validate()
517  {
518  global $ilErr;
519 
520  $ilErr->setMessage('');
521 
522  if (!$this->getRoleId()) {
523  $ilErr->setMessage('fill_out_all_required_fields');
524  return false;
525  }
526  switch ($this->getType()) {
527  case self::TYPE_GROUP:
528  if (!strlen($this->getDN()) or !strlen($this->getMemberAttribute())) {
529  $ilErr->setMessage('fill_out_all_required_fields');
530  return false;
531  }
532  break;
533  case self::TYPE_ATTRIBUTE:
534  if (!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue())) {
535  $ilErr->setMessage('fill_out_all_required_fields');
536  return false;
537  }
538  break;
539 
540  case self::TYPE_PLUGIN:
541  if (!$this->getPluginId()) {
542  $ilErr->setMessage('ldap_err_missing_plugin_id');
543  return false;
544  }
545  break;
546 
547  default:
548  $ilErr->setMessage('ldap_no_type_given');
549  return false;
550  }
551  return true;
552  }
553 
560  public function delete()
561  {
562  $ilDB = $this->db;
563 
564  $query = "DELETE FROM ldap_role_assignments " .
565  "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
566  $res = $ilDB->manipulate($query);
567  return true;
568  }
575  private function read()
576  {
577  $ilDB = $this->db;
578 
579  $query = "SELECT * FROM ldap_role_assignments " .
580  "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
581 
582  $res = $this->db->query($query);
583  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
584  $this->setServerId($row->server_id);
585  $this->setType($row->type);
586  $this->setDN($row->dn);
587  $this->setMemberAttribute($row->attribute);
588  $this->setMemberIsDN($row->isdn);
589  $this->setAttributeName($row->att_name);
590  $this->setAttributeValue($row->att_value);
591  $this->setRoleId($row->role_id);
592  $this->enableAddOnUpdate($row->add_on_update);
593  $this->enableRemoveOnUpdate($row->remove_on_update);
594  $this->setPluginId($row->plugin_id);
595  }
596  }
597 }
$ilErr
global $ilErr
Definition: raiseError.php:16
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:71
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:88
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:349
$type
$type
Definition: proxy_ylocal.php:10
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:337
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:138
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:372
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:179
$a_type
$a_type
Definition: workflow.php:92
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:216
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$server
$server
Definition: getUserInfo.php:12
$lng
global $lng
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:326
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10