ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
10class ilLDAPRoleAssignmentRule
11{
12 private static $instances = null;
13
17 private $logger = null;
18
22 private $db = null;
23
24 const TYPE_GROUP = 1;
25 const TYPE_ATTRIBUTE = 2;
26 const TYPE_PLUGIN = 3;
27
28 private $server_id = 0;
29 private $plugin_active = false;
30 private $add_on_update = false;
31 private $remove_on_update = false;
32 private $plugin_id = 0;
33
34
42 private function __construct($a_id = 0)
43 {
44 $this->db = $GLOBALS['DIC']->database();
45 $this->logger = $GLOBALS['DIC']->logger()->auth();
46
47 $this->rule_id = $a_id;
48 $this->read();
49 }
50
59 public static function _getInstanceByRuleId($a_rule_id)
60 {
61 if (isset(self::$instances[$a_rule_id])) {
62 return self::$instances[$a_rule_id];
63 }
64 return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
65 }
66
71 public static function hasRulesForUpdate()
72 {
73 global $ilDB;
74
75 $query = 'SELECT COUNT(*) num FROM ldap_role_assignments ' .
76 'WHERE add_on_update = 1 ' .
77 'OR remove_on_update = 1 ';
78 $res = $ilDB->query($query);
79 $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
80 return $row->num > 0;
81 }
82
88 public function matches($a_user_data)
89 {
90 switch ($this->getType()) {
91 case self::TYPE_PLUGIN:
92 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
93 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
94
95 case self::TYPE_ATTRIBUTE:
96
97 $attn = strtolower($this->getAttributeName());
98
99 if (!isset($a_user_data[$attn])) {
100 return false;
101 }
102
103 if (!is_array($a_user_data[$attn])) {
104 $attribute_val = array(0 => $a_user_data[$attn]);
105 } else {
106 $attribute_val = $a_user_data[$attn];
107 }
108
109 foreach ($attribute_val as $value) {
110 if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
111 $this->logger->debug(': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
112 return true;
113 }
114 }
115 return false;
116
117 case self::TYPE_GROUP:
118 return $this->isGroupMember($a_user_data);
119
120 }
121 }
122
123 protected function wildcardCompare($a_str1, $a_str2)
124 {
125 $pattern = str_replace('*', '.*?', $a_str1);
126 $this->logger->debug(': Replace pattern:' . $pattern . ' => ' . $a_str2);
127 return (bool) preg_match('/^' . $pattern . '$/i', $a_str2);
128 }
129
138 private function isGroupMember($a_user_data)
139 {
140 if ($this->isMemberAttributeDN()) {
141 $user_cmp = $a_user_data['dn'];
142 } else {
143 $user_cmp = $a_user_data['ilExternalAccount'];
144 }
145
146 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
147 include_once('Services/LDAP/classes/class.ilLDAPServer.php');
148
149 $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
150
151 try {
152 $query = new ilLDAPQuery($server);
153 $query->bind();
154 $res = $query->query(
155 $this->getDN(),
156 sprintf(
157 '(%s=%s)',
158 $this->getMemberAttribute(),
159 $user_cmp
160 ),
161 IL_LDAP_SCOPE_BASE,
162 array('dn')
163 );
164 return $res->numRows() ? true : false;
165 } catch (ilLDAPQueryException $e) {
166 $this->logger->warning(': Caught Exception: ' . $e->getMessage());
167 return false;
168 }
169 }
170
171
172
179 public static function _getRules($a_server_id)
180 {
181 $ilDB = $GLOBALS['DIC']->database();
182
183 $query = "SELECT rule_id FROM ldap_role_assignments " .
184 "WHERE server_id = " . $ilDB->quote($a_server_id, 'integer');
185 $res = $ilDB->query($query);
186 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
187 $rules[] = self::_getInstanceByRuleId($row->rule_id);
188 }
189 return $rules ? $rules : array();
190 }
191
199 public function setRoleId($a_role_id)
200 {
201 $this->role_id = $a_role_id;
202 }
203
210 public function getRoleId()
211 {
212 return $this->role_id;
213 }
214
221 public function getRuleId()
222 {
223 return $this->rule_id;
224 }
225
233 public function setServerId($a_id)
234 {
235 $this->server_id = $a_id;
236 }
237
244 public function getServerId()
245 {
246 return $this->server_id;
247 }
248
256 public function setType($a_type)
257 {
258 $this->type = $a_type;
259 }
260
268 public function getType()
269 {
270 return $this->type;
271 }
272
280 public function setDN($a_dn)
281 {
282 $this->dn = $a_dn;
283 }
284
291 public function getDN()
292 {
293 return $this->dn;
294 }
295
303 public function setMemberAttribute($a_attribute)
304 {
305 $this->member_attribute = $a_attribute;
306 }
307
314 public function getMemberAttribute()
315 {
316 return $this->member_attribute;
317 }
318
326 public function setMemberIsDN($a_status)
327 {
328 $this->member_is_dn = $a_status;
329 }
330
337 public function isMemberAttributeDN()
338 {
339 return (bool) $this->member_is_dn;
340 }
341
349 public function setAttributeName($a_name)
350 {
351 $this->attribute_name = $a_name;
352 }
353
360 public function getAttributeName()
361 {
362 return $this->attribute_name;
363 }
364
372 public function setAttributeValue($a_value)
373 {
374 $this->attribute_value = $a_value;
375 }
376
383 public function getAttributeValue()
384 {
385 return $this->attribute_value;
386 }
387
388 public function enableAddOnUpdate($a_status)
389 {
390 $this->add_on_update = $a_status;
391 }
392
393 public function isAddOnUpdateEnabled()
394 {
395 return (bool) $this->add_on_update;
396 }
397
398 public function enableRemoveOnUpdate($a_status)
399 {
400 $this->remove_on_update = $a_status;
401 }
402
403 public function isRemoveOnUpdateEnabled()
404 {
405 return (bool) $this->remove_on_update;
406 }
407
408 public function setPluginId($a_id)
409 {
410 $this->plugin_id = $a_id;
411 }
412
413 public function getPluginId()
414 {
415 return $this->plugin_id;
416 }
417
418 public function isPluginActive()
419 {
420 return (bool) $this->getType() == self::TYPE_PLUGIN;
421 }
422
423
430 public function conditionToString()
431 {
432 $lng = $GLOBALS['DIC']->language();
433
434 switch ($this->getType()) {
435 case self::TYPE_PLUGIN:
436 return $lng->txt('ldap_plugin_id') . ': ' . $this->getPluginId();
437
438 case self::TYPE_GROUP:
439 $dn_arr = explode(',', $this->getDN());
440 return $dn_arr[0];
441
442
443 case self::TYPE_ATTRIBUTE:
444 return $this->getAttributeName() . '=' . $this->getAttributeValue();
445 }
446 }
447
448
456 public function create()
457 {
458 $ilDB = $this->db;
459 $next_id = $ilDB->nextId('ldap_role_assignments');
460
461 $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, " .
462 "add_on_update, remove_on_update, plugin_id ) " .
463 "VALUES( " .
464 $this->db->quote($this->getServerId(), 'integer') . ", " .
465 $this->db->quote($next_id, 'integer') . ", " .
466 $this->db->quote($this->getType(), 'integer') . ", " .
467 $this->db->quote($this->getDN(), 'text') . ", " .
468 $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
469 $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
470 $this->db->quote($this->getAttributeName(), 'text') . ", " .
471 $this->db->quote($this->getAttributeValue(), 'text') . ", " .
472 $this->db->quote($this->getRoleId(), 'integer') . ", " .
473 $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
474 $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
475 $this->db->quote($this->getPluginId(), 'integer') . ' ' .
476 ")";
477 $res = $ilDB->manipulate($query);
478 $this->rule_id = $next_id;
479
480 return true;
481 }
482
489 public function update()
490 {
491 $ilDB = $this->db;
492
493 $query = "UPDATE ldap_role_assignments " .
494 "SET server_id = " . $this->db->quote($this->getServerId(), 'integer') . ", " .
495 "type = " . $this->db->quote($this->getType(), 'integer') . ", " .
496 "dn = " . $this->db->quote($this->getDN(), 'text') . ", " .
497 "attribute = " . $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
498 "isdn = " . $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
499 "att_name = " . $this->db->quote($this->getAttributeName(), 'text') . ", " .
500 "att_value = " . $this->db->quote($this->getAttributeValue(), 'text') . ", " .
501 "role_id = " . $this->db->quote($this->getRoleId(), 'integer') . ", " .
502 "add_on_update = " . $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
503 'remove_on_update = ' . $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
504 'plugin_id = ' . $this->db->quote($this->getPluginId(), 'integer') . ' ' .
505 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
506 $res = $ilDB->manipulate($query);
507 return true;
508 }
509
516 public function validate()
517 {
518 global $ilErr;
519
520 $ilErr->setMessage('');
521
522 if (!$this->getRoleId()) {
523 $ilErr->setMessage('fill_out_all_required_fields');
524 return false;
525 }
526 switch ($this->getType()) {
527 case self::TYPE_GROUP:
528 if (!strlen($this->getDN()) or !strlen($this->getMemberAttribute())) {
529 $ilErr->setMessage('fill_out_all_required_fields');
530 return false;
531 }
532 break;
533 case self::TYPE_ATTRIBUTE:
534 if (!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue())) {
535 $ilErr->setMessage('fill_out_all_required_fields');
536 return false;
537 }
538 break;
539
540 case self::TYPE_PLUGIN:
541 if (!$this->getPluginId()) {
542 $ilErr->setMessage('ldap_err_missing_plugin_id');
543 return false;
544 }
545 break;
546
547 default:
548 $ilErr->setMessage('ldap_no_type_given');
549 return false;
550 }
551 return true;
552 }
553
560 public function delete()
561 {
562 $ilDB = $this->db;
563
564 $query = "DELETE FROM ldap_role_assignments " .
565 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
566 $res = $ilDB->manipulate($query);
567 return true;
568 }
575 private function read()
576 {
577 $ilDB = $this->db;
578
579 $query = "SELECT * FROM ldap_role_assignments " .
580 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
581
582 $res = $this->db->query($query);
583 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
584 $this->setServerId($row->server_id);
585 $this->setType($row->type);
586 $this->setDN($row->dn);
587 $this->setMemberAttribute($row->attribute);
588 $this->setMemberIsDN($row->isdn);
589 $this->setAttributeName($row->att_name);
590 $this->setAttributeValue($row->att_value);
591 $this->setRoleId($row->role_id);
592 $this->enableAddOnUpdate($row->add_on_update);
593 $this->enableRemoveOnUpdate($row->remove_on_update);
594 $this->setPluginId($row->plugin_id);
595 }
596 }
597}
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
php
An exception for terminatinating execution or to throw for unit testing.
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:138
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:179
ilLDAPRoleAssignmentRule\setMemberAttribute
setMemberAttribute($a_attribute)
@access public
Definition: class.ilLDAPRoleAssignmentRule.php:303
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:88
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:349
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:337
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:71
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:372
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:326
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:216
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$server
$server
Definition: getUserInfo.php:12
$lng
global $lng
Definition: privfeed.php:17
$query
$query
Definition: proxy_ylocal.php:13
$type
$type
Definition: proxy_ylocal.php:10
$ilErr
global $ilErr
Definition: raiseError.php:16
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$a_type
$a_type
Definition: workflow.php:92