ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
13class ilAuthShibbolethSettingsGUI
14{
15
19 private $ctrl;
23 private $ilias;
27 private $tabs_gui;
31 private $lng;
35 private $tpl;
39 private $ref_id;
40
41
48 public function __construct($a_auth_ref_id)
49 {
50 global $DIC;
51 $lng = $DIC['lng'];
52 $ilCtrl = $DIC['ilCtrl'];
53 $tpl = $DIC['tpl'];
54 $ilTabs = $DIC['ilTabs'];
55 $ilias = $DIC['ilias'];
56 $this->ctrl = $ilCtrl;
57 $this->tabs_gui = $ilTabs;
58 $this->lng = $lng;
59 $this->lng->loadLanguageModule('shib');
60 $this->ilias = $ilias;
61 $this->tpl = $tpl;
62 $this->ref_id = $a_auth_ref_id;
63 $this->obj_id = ilObject::_lookupObjId($this->ref_id);
64 }
65
66
72 public function executeCommand()
73 {
74 global $DIC;
75 $ilAccess = $DIC['ilAccess'];
76 $ilErr = $DIC['ilErr'];
77 $ilCtrl = $DIC['ilCtrl'];
78 $next_class = $this->ctrl->getNextClass($this);
79 $cmd = $this->ctrl->getCmd();
80 if (!$ilAccess->checkAccess('read', '', $this->ref_id)) {
81 $ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $ilErr->WARNING);
82 }
83 if (!$ilAccess->checkAccess('write', '', $this->ref_id) && $cmd != "settings") {
84 ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
85 $ilCtrl->redirect($this, "settings");
86 }
87 $this->setSubTabs();
88 switch ($next_class) {
89 default:
90 if (!$cmd) {
91 $cmd = "settings";
92 }
93 $this->$cmd();
94 break;
95 }
96
97 return true;
98 }
99
100
101 public function settings()
102 {
103 global $DIC;
104 $rbacreview = $DIC['rbacreview'];
105 $this->tabs_gui->setSubTabActive('shib_settings');
106 // set already saved data or default value for port
107 $settings = $this->ilias->getAllSettings();
108 // Compose role list
109 $role_list = $rbacreview->getRolesByFilter(2);
110 $role = array();
111 if (!isset($settings["shib_user_default_role"])) {
112 $settings["shib_user_default_role"] = 4;
113 }
114 if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '') {
115 $settings["shib_idp_list"] = "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
116 }
117 if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == '') {
118 $settings["shib_login_button"] = "templates/default/images/shib_login_button.png";
119 }
120 if (!isset($settings["shib_hos_type"]) || $settings["shib_hos_type"] == '') {
121 $settings["shib_hos_type"] = 'internal_wayf';
122 }
123 foreach ($role_list as $data) {
124 $role[$data["obj_id"]] = $data["title"];
125 }
126 // Set text field content
127 $shib_settings = array(
128 'shib_login',
129 'shib_title',
130 'shib_firstname',
131 'shib_lastname',
132 'shib_email',
133 'shib_gender',
134 'shib_institution',
135 'shib_department',
136 'shib_zipcode',
137 'shib_city',
138 'shib_country',
139 'shib_street',
140 'shib_phone_office',
141 'shib_phone_home',
142 'shib_phone_mobile',
143 'shib_language',
144 'shib_matriculation',
145 );
146 //set PropertyFormGUI
147 include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
148 $propertys = new ilPropertyFormGUI();
149 $propertys->setTitle($this->lng->txt("shib"));
150 $propertys->setFormAction($this->ctrl->getFormAction($this, "save"));
151 $propertys->addCommandButton("save", $this->lng->txt("save"));
152 $propertys->addCommandButton("settings", $this->lng->txt("cancel"));
153 //set enable shibboleth support
154 $enable = new ilCheckboxInputGUI();
155 $enable->setTitle($this->lng->txt("shib_active"));
156 $read_me_link = "./Services/AuthShibboleth/README.SHIBBOLETH.txt";
157 $info = "<a href='" . $read_me_link . "' target='_blank'>" . $this->lng->txt("auth_shib_instructions") . "</a>";
158 $enable->setInfo($info);
159 $enable->setPostVar("shib[active]");
160 $enable->setChecked($settings["shib_active"]);
161 //set allow local authentication
162 $local = new ilCheckboxInputGUI();
163 $local->setTitle($this->lng->txt("auth_allow_local"));
164 $local->setPostVar("shib[auth_allow_local]");
165 $local->setChecked($settings['shib_auth_allow_local']);
166 //set user default role
167 $defaultrole = new ilSelectInputGUI();
168 $defaultrole->setTitle($this->lng->txt("shib_user_default_role"));
169 $defaultrole->setPostVar("shib[user_default_role]");
170 $defaultrole->setOptions($role);
171 $defaultrole->setRequired(true);
172 $defaultrole->setValue($settings["shib_user_default_role"]);
173 // Administrator must activate new user accounts
174 $activate_new = new ilCheckboxInputGUI($this->lng->txt("shib_activate_new"), "shib[activate_new]");
175 $activate_new->setInfo($this->lng->txt("shib_activate_new_info"));
176 $activate_new->setChecked($settings["shib_activate_new"]);
177 //set name of federation
178 $name = new ilTextInputGUI();
179 $name->setTitle($this->lng->txt("shib_federation_name"));
180 $name->setPostVar("shib[federation_name]");
181 $name->setSize(40);
182 $name->setMaxLength(50);
183 $name->setRequired(true);
184 $name->setValue(stripslashes($settings["shib_federation_name"]));
185 //set Organize selection group
186 include_once("./Services/Form/classes/class.ilRadioGroupInputGUI.php");
187 include_once("./Services/Form/classes/class.ilRadioOption.php");
188 $organize = new ilRadioGroupInputGUI();
189 $organize->setTitle($this->lng->txt("shib_login_type"));
190 $organize->setPostVar("shib[hos_type]");
191 $organize->setRequired(true);
192 $organize->setValue($settings["shib_hos_type"]);
193 //set 1. option internalwayf
194 $internalwayf = new ilRadioOption();
195 $internalwayf->setTitle($this->lng->txt("shib_login_internal_wayf"));
196 $internalwayf->setValue("internal_wayf");
197 //set 1. option internalwayf textbox idplist
198 $idplist = new ilTextAreaInputGUI();
199 $idplist->setInfo($this->lng->txt("shib_idp_list"));
200 $idplist->setPostVar("shib[idp_list]");
201 $idplist->setRows(3);
202 $idplist->setCols(50);
203 $idplist->setValue($settings["shib_idp_list"]);
204 //set 2. Option externalwayf
205 $externalwayf = new ilRadioOption();
206 $externalwayf->setTitle($this->lng->txt("shib_login_external_wayf"));
207 $externalwayf->setValue("external_wayf");
208 //set 2. Option externalwayf textfield path to login button image
209 $loginbutton = new ilTextInputGUI();
210 $loginbutton->setInfo($this->lng->txt("shib_login_button"));
211 $loginbutton->setPostVar("shib[login_button]");
212 $loginbutton->setSize(50);
213 $loginbutton->setMaxLength(255);
214 $loginbutton->setValue($settings["shib_login_button"]);
215 //set 3. Option embeddedwayf
216 $embeddedwayf = new ilRadioOption();
217 $embeddedwayf->setTitle($this->lng->txt("shib_login_embedded_wayf"));
218 $embeddedwayf->setInfo($this->lng->txt("shib_login_embedded_wayf_description"));
219 $embeddedwayf->setValue("embedded_wayf");
220 //set login instructions
221 $logininstruction = new ilTextAreaInputGUI();
222 $logininstruction->setTitle($this->lng->txt("auth_login_instructions"));
223 $logininstruction->setPostVar("shib[login_instructions]");
224 $logininstruction->setRows(3);
225 $logininstruction->setCols(50);
226 $logininstruction->setValue(stripslashes($settings["shib_login_instructions"]));
227 //set path to data manipulation API
228 $dataconv = new ilTextInputGUI();
229 $dataconv->setTitle($this->lng->txt("shib_data_conv"));
230 $dataconv->setPostVar("shib[data_conv]");
231 $dataconv->setSize(80);
232 $dataconv->setMaxLength(512);
233 $dataconv->setValue($settings["shib_data_conv"]);
234 //field mappings
235 $fields = array();
236 foreach ($shib_settings as $setting) {
237 $field = str_replace('shib_', '', $setting);
238 $textinput = new ilTextInputGUI();
239 $textinput->setTitle($this->lng->txt($setting));
240 $textinput->setPostVar("shib[" . $field . "]");
241 $textinput->setValue($settings[$setting]);
242 $textinput->setSize(40);
243 $textinput->setMaxLength(50);
244 $checkinput = new ilCheckboxInputGUI("");
245 $checkinput->setOptionTitle($this->lng->txt("shib_update"));
246 $checkinput->setPostVar("shib[update_" . $field . "]");
247 $checkinput->setChecked($settings["shib_update_" . $field]);
248 if ($setting == 'shib_login' || $setting == 'shib_firstname'
249 || $setting == 'shib_lastname'
250 || $setting == 'shib_email'
251 ) {
252 $textinput->setRequired(true);
253 }
254 $fields[$setting] = array( "text" => $textinput, "check" => $checkinput );
255 }
256 $propertys->addItem($enable);
257 $propertys->addItem($local);
258 $propertys->addItem($activate_new);
259 $propertys->addItem($defaultrole);
260 $propertys->addItem($name);
261 $internalwayf->addSubItem($idplist);
262 $organize->addOption($internalwayf);
263 $externalwayf->addSubItem($loginbutton);
264 $organize->addOption($externalwayf);
265 $organize->addOption($embeddedwayf);
266 $propertys->addItem($organize);
267 $propertys->addItem($logininstruction);
268 $propertys->addItem($dataconv);
269 foreach ($shib_settings as $setting) {
270 $propertys->addItem($fields[$setting]["text"]);
271 if ($setting != "shib_login") {
272 $propertys->addItem($fields[$setting]["check"]);
273 }
274 }
275 $this->tpl->setContent($propertys->getHTML());
276 }
277
278
279 public function save()
280 {
281 $required = array("login", "hos_type", "firstname", "lastname", "email", "user_default_role", "federation_name");
282 array_walk($required, function (&$item) {
283 if (!$_POST["shib"][$item]) {
284 ilUtil::sendFailure($this->lng->txt("fill_out_all_required_fields"), true);
285 $this->ctrl->redirect($this, 'settings');
286 }
287 });
288
289 // validate api
290 if ($_POST["shib"]["data_conv"] && $_POST["shib"]["data_conv"] != '' && !is_readable($_POST["shib"]["data_conv"])) {
291 ilUtil::sendFailure($this->lng->txt("shib_data_conv_warning"), true);
292 $this->ctrl->redirect($this, 'settings');
293 }
294 // all ok. save settings
295 $shib_settings = array(
296 'shib_login',
297 'shib_title',
298 'shib_firstname',
299 'shib_lastname',
300 'shib_email',
301 'shib_gender',
302 'shib_institution',
303 'shib_department',
304 'shib_zipcode',
305 'shib_city',
306 'shib_country',
307 'shib_street',
308 'shib_phone_office',
309 'shib_phone_home',
310 'shib_phone_mobile',
311 'shib_language',
312 'shib_matriculation'
313 );
314 foreach ($shib_settings as $setting) {
315 $field = str_replace('shib_', '', $setting);
316 if ($_POST["shib"]["update_" . $field] != "1") {
317 $_POST["shib"]["update_" . $field] = "0";
318 }
319 $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
320 $this->ilias->setSetting("shib_update_" . $field, $_POST["shib"]["update_" . $field]);
321 }
322 if ($_POST["shib"]["active"] != "1") {
323 $this->ilias->setSetting("shib_active", "0");
324 $this->ilias->setSetting("shibboleth_active", "0");
325 } else {
326 $this->ilias->setSetting("shib_active", "1");
327 $this->ilias->setSetting("shibboleth_active", "1");
328 }
329 $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
330 $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
331 $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
332 $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
333 $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
334 $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
335 $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
336 $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local'] == '1') ? '1' : '0');
337 $this->ilias->setSetting("shib_activate_new", ($_POST['shib']['activate_new'] == '1') ? '1' : '0');
338
339 ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"), true);
340 $this->ctrl->redirect($this, 'settings');
341 }
342
343
344 protected function roleAssignment()
345 {
346 $this->tabs_gui->setSubTabActive('shib_role_assignment');
347 $this->initFormRoleAssignment('default');
348 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
349 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
350 if (strlen($html = $this->parseRulesTable())) {
351 $this->tpl->setVariable('RULE_TABLE', $html);
352 }
353
354 return true;
355 }
356
357
358 protected function parseRulesTable()
359 {
360 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
361 if (ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
362 return '';
363 }
364 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
365 $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
366 $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
367 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
368 $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
369 $rules_table->setSelectAllCheckbox("rule_id");
370
371 return $rules_table->getHTML();
372 }
373
374
383 protected function confirmDeleteRules()
384 {
385 if (!is_array($_POST['rule_ids'])) {
386 ilUtil::sendFailure($this->lng->txt('select_one'));
387 $this->roleAssignment();
388
389 return false;
390 }
391 $this->tabs_gui->setSubTabActive('shib_role_assignment');
392 include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
393 $c_gui = new ilConfirmationGUI();
394 // set confirm/cancel commands
395 $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
396 $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
397 $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
398 $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
399 // add items to delete
400 include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
401 foreach ($_POST["rule_ids"] as $rule_id) {
402 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
403 $info = ilObject::_lookupTitle($rule->getRoleId());
404 $info .= " (";
405 $info .= $rule->conditionToString();
406 $info .= ')';
407 $c_gui->addItem('rule_ids[]', $rule_id, $info);
408 }
409 $this->tpl->setContent($c_gui->getHTML());
410 }
411
412
419 protected function deleteRules()
420 {
421 if (!is_array($_POST['rule_ids'])) {
422 ilUtil::sendFailure($this->lng->txt('select_once'));
423 $this->roleAssignment();
424
425 return false;
426 }
427 include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
428 foreach ($_POST["rule_ids"] as $rule_id) {
429 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
430 $rule->delete();
431 }
432 ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
433 $this->roleAssignment();
434
435 return true;
436 }
437
438
439 protected function initFormRoleAssignment($a_mode = 'default')
440 {
441 include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
442 $this->form = new ilPropertyFormGUI();
443 $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
444 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
445 if ($a_mode == 'default') {
446 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
447 $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
448 $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
449 } else {
450 $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
451 $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
452 $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
453 }
454 // Role selection
455 $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
456 $role->setRequired(true);
457 $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
458 $role->addOption($global);
459 $role_select = new ilSelectInputGUI('', 'role_id');
460 $role_select->setOptions($this->prepareRoleSelect());
461 $global->addSubItem($role_select);
462 $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
463 $role->addOption($local);
464 include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
465 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
466 $role_search->setSize(40);
467 $local->addSubItem($role_search);
468 include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
469 $role->setInfo($this->lng->txt('shib_role_name_info'));
470 $this->form->addItem($role);
471 // Update options
472 $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
473 $update->setValue($this->lng->txt('shib_check_role_assignment'));
474 $add = new ilCheckboxInputGUI('', 'add_missing');
475 $add->setOptionTitle($this->lng->txt('shib_add_missing'));
476 $add->setValue(1);
477 $update->addSubItem($add);
478 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
479 $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
480 $remove->setValue(1);
481 $update->addSubItem($remove);
482 $this->form->addItem($update);
483 // Assignment type
484 $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
485 $kind->setValue(1);
486 $kind->setRequired(true);
487 $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
488 $attr->setInfo($this->lng->txt('shib_attr_info'));
489 $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
490 $name->setSize(32);
491 $attr->addSubItem($name);
492 $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
493 $value->setSize(32);
494 $attr->addSubItem($value);
495 $kind->addOption($attr);
496 $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
497 $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
498 $pl->setInfo($this->lng->txt('shib_plugin_info'));
499 $pl->setDisabled(!$pl_active);
500 $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
501 $id->setDisabled(!$pl_active);
502 $id->setSize(3);
503 $id->setMaxLength(3);
504 $id->setMaxValue(999);
505 $id->setMinValue(1);
506 $pl->addSubItem($id);
507 $kind->addOption($pl);
508 $this->form->addItem($kind);
509 }
510
511
515 public function addRoleAutoCompleteObject()
516 {
517 include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
518 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
519 }
520
521
522 protected function addRoleAssignmentRule()
523 {
524 global $DIC;
525 $ilAccess = $DIC['ilAccess'];
526 $ilErr = $DIC['ilErr'];
527 if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
528 ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
529 $this->roleAssignment();
530
531 return false;
532 }
533 $this->initFormRoleAssignment();
534 if (!$this->form->checkInput() or ($err = $this->checkInput())) {
535 if ($err) {
536 ilUtil::sendFailure($this->lng->txt($err));
537 }
538 $this->tabs_gui->setSubTabActive('shib_role_assignment');
539 $this->form->setValuesByPost();
540 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
541 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
542 if (strlen($html = $this->parseRulesTable())) {
543 $this->tpl->setVariable('RULE_TABLE', $html);
544 }
545
546 return true;
547 }
548 // Redirects if required
549 $this->showLocalRoleSelection();
550 $this->rule->add();
551 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
552 $this->roleAssignment();
553
554 return true;
555 }
556
557
563 protected function editRoleAssignment()
564 {
565 $this->ctrl->setParameter($this, 'rule_id', (int) $_GET['rule_id']);
566 $this->tabs_gui->setSubTabActive('shib_role_assignment');
567 $this->initFormRoleAssignment('update');
568 $this->getRuleValues();
569 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
570 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
571
572 return true;
573 }
574
575
576 protected function updateRoleAssignmentRule()
577 {
578 global $DIC;
579 $ilAccess = $DIC['ilAccess'];
580 $ilErr = $DIC['ilErr'];
581 if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
582 ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
583 $this->roleAssignment();
584
585 return false;
586 }
587 $this->initFormRoleAssignment();
588 if (!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id']))) {
589 if ($err) {
590 ilUtil::sendFailure($this->lng->txt($err));
591 }
592 $this->tabs_gui->setSubTabActive('shib_role_assignment');
593 $this->form->setValuesByPost();
594 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
595 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
596
597 return true;
598 }
599 $this->showLocalRoleSelection('update');
600 $this->rule->update();
601 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
602 $this->roleAssignment();
603
604 return true;
605 }
606
607
608 private function loadRule($a_rule_id = 0)
609 {
610 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
611 $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
612 if ($this->form->getInput('role_name') == 0) {
613 $this->rule->setRoleId($this->form->getInput('role_id'));
614 } elseif ($this->form->getInput('role_search')) {
615 // Search role
616 include_once './Services/Search/classes/class.ilQueryParser.php';
617 $parser = new ilQueryParser($this->form->getInput('role_search'));
618 // TODO: Handle minWordLength
619 $parser->setMinWordLength(1, true);
620 $parser->setCombination(QP_COMBINATION_AND);
621 $parser->parse();
622 include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
623 $object_search = new ilLikeObjectSearch($parser);
624 $object_search->setFilter(array( 'role' ));
625 $res = $object_search->performSearch();
626 $entries = $res->getEntries();
627 if (count($entries) == 1) {
628 $role = current($entries);
629 $this->rule->setRoleId($role['obj_id']);
630 } elseif (count($entries) > 1) {
631 $this->rule->setRoleId(-1);
632 }
633 }
634 $this->rule->setName($this->form->getInput('attr_name'));
635 $this->rule->setValue($this->form->getInput('attr_value'));
636 $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
637 $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
638 $this->rule->enablePlugin($this->form->getInput('kind') == 2);
639 $this->rule->setPluginId($this->form->getInput('plugin_id'));
640
641 return $this->rule;
642 }
643
644
645 private function getRuleValues()
646 {
647 global $DIC;
648 $rbacreview = $DIC['rbacreview'];
649 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
650 $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
651 $role = $rule->getRoleId();
652 if ($rbacreview->isGlobalRole($role)) {
653 $values['role_name'] = 0;
654 $values['role_id'] = $role;
655 } else {
656 $values['role_name'] = 1;
657 $values['role_search'] = ilObject::_lookupTitle($role);
658 }
659 $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
660 $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
661 $values['attr_name'] = $rule->getName();
662 $values['attr_value'] = $rule->getValue();
663 if (!$rule->isPluginActive()) {
664 $values['kind'] = 1;
665 } else {
666 $values['kind'] = 2;
667 $values['plugin_id'] = $rule->getPluginId();
668 }
669 $this->form->setValuesByArray($values);
670 }
671
672
673 private function checkInput($a_rule_id = 0)
674 {
675 $this->loadRule($a_rule_id);
676
677 return $this->rule->validate();
678 }
679
680
681 private function showLocalRoleSelection()
682 {
683 if ($this->rule->getRoleId() > 0) {
684 return false;
685 }
686 $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
687 $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
688 $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
689 $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
690 $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
691 $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
692 $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
693 $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
694 $this->ctrl->redirect($this, 'chooseRole');
695 }
696
697
698 protected function chooseRole()
699 {
700 $this->tabs_gui->setSubTabActive('shib_role_assignment');
701 include_once './Services/Search/classes/class.ilQueryParser.php';
702 $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
703 $parser->setMinWordLength(1, true);
704 $parser->setCombination(QP_COMBINATION_AND);
705 $parser->parse();
706 include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
707 $object_search = new ilLikeObjectSearch($parser);
708 $object_search->setFilter(array( 'role' ));
709 $res = $object_search->performSearch();
710 $entries = $res->getEntries();
711 include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
712 $table = new ilRoleSelectionTableGUI($this, 'chooseRole');
713 $table->setTitle($this->lng->txt('shib_role_selection'));
714 $table->addMultiCommand('saveRoleSelection', $this->lng->txt('shib_choose_role'));
715 $table->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
716 $table->parse($entries);
717 $this->tpl->setContent($table->getHTML());
718
719 return true;
720 }
721
722
723 protected function saveRoleSelection()
724 {
725 $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
726 $rule->setRoleId((int) $_POST['role_id']);
727 $rule->setName($_SESSION['shib_role_ass']['name']);
728 $rule->setValue($_SESSION['shib_role_ass']['value']);
729 $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
730 $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
731 $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
732 $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
733 if ($rule->getRuleId()) {
734 $rule->update();
735 } else {
736 $rule->add();
737 }
738 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
739 unset($_SESSION['shib_role_ass']);
740 $this->roleAssignment();
741 }
742
743
749 private function hasActiveRoleAssignmentPlugins()
750 {
751 global $DIC;
752 $ilPluginAdmin = $DIC['ilPluginAdmin'];
753
754 return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk'));
755 }
756
757
758 private function prepareRoleSelect($a_as_select = true)
759 {
760 global $DIC;
761 $rbacreview = $DIC['rbacreview'];
762 $ilObjDataCache = $DIC['ilObjDataCache'];
763 $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(), 'object_data', 'title', 'obj_id');
764 $select[0] = $this->lng->txt('links_select_one');
765 foreach ($global_roles as $role_id) {
766 $select[$role_id] = ilObject::_lookupTitle($role_id);
767 }
768
769 return $select;
770 }
771
772
773 protected function setSubTabs()
774 {
775 global $DIC;
776 $ilSetting = $DIC['ilSetting'];
777 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
778 if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
779 return false;
780 }
781 // DONE: show sub tabs if there is any role assignment rule
782 $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
783 $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
784
785 return true;
786 }
787}
$parser
$parser
Definition: BPMN2Parser.php:23
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
php
An exception for terminatinating execution or to throw for unit testing.
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
QP_COMBINATION_AND
const QP_COMBINATION_AND
Definition: class.ilQueryParser.php:35
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:14
ilAuthShibbolethSettingsGUI\addRoleAutoCompleteObject
addRoleAutoCompleteObject()
Add Member for autoComplete.
Definition: class.ilAuthShibbolethSettingsGUI.php:515
ilAuthShibbolethSettingsGUI\hasActiveRoleAssignmentPlugins
hasActiveRoleAssignmentPlugins()
Check if plugin is active.
Definition: class.ilAuthShibbolethSettingsGUI.php:749
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:14
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:14
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:43
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:18
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4405
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4497
$name
$name
Definition: client_example.php:35
$html
$html
Definition: example_001.php:87
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$info
$info
Definition: index.php:5
ilias
redirection script todo: (a better solution should control the processing via a xml file)
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$table
if(empty($password)) $table
Definition: pwgen.php:24
$ilErr
$ilErr
Definition: raiseError.php:18
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
$values
$values
Definition: testOperations.php:7
$data
$data
Definition: bench.php:6