ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
13 class ilAuthShibbolethSettingsGUI
14 {
15 
19  private $ctrl;
23  private $ilias;
27  private $tabs_gui;
31  private $lng;
35  private $tpl;
39  private $ref_id;
40 
41 
48  public function __construct($a_auth_ref_id)
49  {
50  global $DIC;
51  $lng = $DIC['lng'];
52  $ilCtrl = $DIC['ilCtrl'];
53  $tpl = $DIC['tpl'];
54  $ilTabs = $DIC['ilTabs'];
55  $ilias = $DIC['ilias'];
56  $this->ctrl = $ilCtrl;
57  $this->tabs_gui = $ilTabs;
58  $this->lng = $lng;
59  $this->lng->loadLanguageModule('shib');
60  $this->ilias = $ilias;
61  $this->tpl = $tpl;
62  $this->ref_id = $a_auth_ref_id;
63  $this->obj_id = ilObject::_lookupObjId($this->ref_id);
64  }
65 
66 
72  public function executeCommand()
73  {
74  global $DIC;
75  $ilAccess = $DIC['ilAccess'];
76  $ilErr = $DIC['ilErr'];
77  $ilCtrl = $DIC['ilCtrl'];
78  $next_class = $this->ctrl->getNextClass($this);
79  $cmd = $this->ctrl->getCmd();
80  if (!$ilAccess->checkAccess('read', '', $this->ref_id)) {
81  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $ilErr->WARNING);
82  }
83  if (!$ilAccess->checkAccess('write', '', $this->ref_id) && $cmd != "settings") {
84  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
85  $ilCtrl->redirect($this, "settings");
86  }
87  $this->setSubTabs();
88  switch ($next_class) {
89  default:
90  if (!$cmd) {
91  $cmd = "settings";
92  }
93  $this->$cmd();
94  break;
95  }
96 
97  return true;
98  }
99 
100 
101  public function settings()
102  {
103  global $DIC;
104  $rbacreview = $DIC['rbacreview'];
105  $this->tabs_gui->setSubTabActive('shib_settings');
106  // set already saved data or default value for port
107  $settings = $this->ilias->getAllSettings();
108  // Compose role list
109  $role_list = $rbacreview->getRolesByFilter(2);
110  $role = array();
111  if (!isset($settings["shib_user_default_role"])) {
112  $settings["shib_user_default_role"] = 4;
113  }
114  if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '') {
115  $settings["shib_idp_list"] = "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
116  }
117  if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == '') {
118  $settings["shib_login_button"] = "templates/default/images/shib_login_button.png";
119  }
120  if (!isset($settings["shib_hos_type"]) || $settings["shib_hos_type"] == '') {
121  $settings["shib_hos_type"] = 'internal_wayf';
122  }
123  foreach ($role_list as $data) {
124  $role[$data["obj_id"]] = $data["title"];
125  }
126  // Set text field content
127  $shib_settings = array(
128  'shib_login',
129  'shib_title',
130  'shib_firstname',
131  'shib_lastname',
132  'shib_email',
133  'shib_gender',
134  'shib_institution',
135  'shib_department',
136  'shib_zipcode',
137  'shib_city',
138  'shib_country',
139  'shib_street',
140  'shib_phone_office',
141  'shib_phone_home',
142  'shib_phone_mobile',
143  'shib_language',
144  'shib_matriculation',
145  );
146  //set PropertyFormGUI
147  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
148  $propertys = new ilPropertyFormGUI();
149  $propertys->setTitle($this->lng->txt("shib"));
150  $propertys->setFormAction($this->ctrl->getFormAction($this, "save"));
151  $propertys->addCommandButton("save", $this->lng->txt("save"));
152  $propertys->addCommandButton("settings", $this->lng->txt("cancel"));
153  //set enable shibboleth support
154  $enable = new ilCheckboxInputGUI();
155  $enable->setTitle($this->lng->txt("shib_active"));
156  $read_me_link = "./Services/AuthShibboleth/README.SHIBBOLETH.txt";
157  $info = "<a href='" . $read_me_link . "' target='_blank'>" . $this->lng->txt("auth_shib_instructions") . "</a>";
158  $enable->setInfo($info);
159  $enable->setPostVar("shib[active]");
160  $enable->setChecked($settings["shib_active"]);
161  //set allow local authentication
162  $local = new ilCheckboxInputGUI();
163  $local->setTitle($this->lng->txt("auth_allow_local"));
164  $local->setPostVar("shib[auth_allow_local]");
165  $local->setChecked($settings['shib_auth_allow_local']);
166  //set user default role
167  $defaultrole = new ilSelectInputGUI();
168  $defaultrole->setTitle($this->lng->txt("shib_user_default_role"));
169  $defaultrole->setPostVar("shib[user_default_role]");
170  $defaultrole->setOptions($role);
171  $defaultrole->setRequired(true);
172  $defaultrole->setValue($settings["shib_user_default_role"]);
173  // Administrator must activate new user accounts
174  $activate_new = new ilCheckboxInputGUI($this->lng->txt("shib_activate_new"), "shib[activate_new]");
175  $activate_new->setInfo($this->lng->txt("shib_activate_new_info"));
176  $activate_new->setChecked($settings["shib_activate_new"]);
177  //set name of federation
178  $name = new ilTextInputGUI();
179  $name->setTitle($this->lng->txt("shib_federation_name"));
180  $name->setPostVar("shib[federation_name]");
181  $name->setSize(40);
182  $name->setMaxLength(50);
183  $name->setRequired(true);
184  $name->setValue(stripslashes($settings["shib_federation_name"]));
185  //set Organize selection group
186  include_once("./Services/Form/classes/class.ilRadioGroupInputGUI.php");
187  include_once("./Services/Form/classes/class.ilRadioOption.php");
188  $organize = new ilRadioGroupInputGUI();
189  $organize->setTitle($this->lng->txt("shib_login_type"));
190  $organize->setPostVar("shib[hos_type]");
191  $organize->setRequired(true);
192  $organize->setValue($settings["shib_hos_type"]);
193  //set 1. option internalwayf
194  $internalwayf = new ilRadioOption();
195  $internalwayf->setTitle($this->lng->txt("shib_login_internal_wayf"));
196  $internalwayf->setValue("internal_wayf");
197  //set 1. option internalwayf textbox idplist
198  $idplist = new ilTextAreaInputGUI();
199  $idplist->setInfo($this->lng->txt("shib_idp_list"));
200  $idplist->setPostVar("shib[idp_list]");
201  $idplist->setRows(3);
202  $idplist->setCols(50);
203  $idplist->setValue($settings["shib_idp_list"]);
204  //set 2. Option externalwayf
205  $externalwayf = new ilRadioOption();
206  $externalwayf->setTitle($this->lng->txt("shib_login_external_wayf"));
207  $externalwayf->setValue("external_wayf");
208  //set 2. Option externalwayf textfield path to login button image
209  $loginbutton = new ilTextInputGUI();
210  $loginbutton->setInfo($this->lng->txt("shib_login_button"));
211  $loginbutton->setPostVar("shib[login_button]");
212  $loginbutton->setSize(50);
213  $loginbutton->setMaxLength(255);
214  $loginbutton->setValue($settings["shib_login_button"]);
215  //set 3. Option embeddedwayf
216  $embeddedwayf = new ilRadioOption();
217  $embeddedwayf->setTitle($this->lng->txt("shib_login_embedded_wayf"));
218  $embeddedwayf->setInfo($this->lng->txt("shib_login_embedded_wayf_description"));
219  $embeddedwayf->setValue("embedded_wayf");
220  //set login instructions
221  $logininstruction = new ilTextAreaInputGUI();
222  $logininstruction->setTitle($this->lng->txt("auth_login_instructions"));
223  $logininstruction->setPostVar("shib[login_instructions]");
224  $logininstruction->setRows(3);
225  $logininstruction->setCols(50);
226  $logininstruction->setValue(stripslashes($settings["shib_login_instructions"]));
227  //set path to data manipulation API
228  $dataconv = new ilTextInputGUI();
229  $dataconv->setTitle($this->lng->txt("shib_data_conv"));
230  $dataconv->setPostVar("shib[data_conv]");
231  $dataconv->setSize(80);
232  $dataconv->setMaxLength(512);
233  $dataconv->setValue($settings["shib_data_conv"]);
234  //field mappings
235  $fields = array();
236  foreach ($shib_settings as $setting) {
237  $field = str_replace('shib_', '', $setting);
238  $textinput = new ilTextInputGUI();
239  $textinput->setTitle($this->lng->txt($setting));
240  $textinput->setPostVar("shib[" . $field . "]");
241  $textinput->setValue($settings[$setting]);
242  $textinput->setSize(40);
243  $textinput->setMaxLength(50);
244  $checkinput = new ilCheckboxInputGUI("");
245  $checkinput->setOptionTitle($this->lng->txt("shib_update"));
246  $checkinput->setPostVar("shib[update_" . $field . "]");
247  $checkinput->setChecked($settings["shib_update_" . $field]);
248  if ($setting == 'shib_login' || $setting == 'shib_firstname'
249  || $setting == 'shib_lastname'
250  || $setting == 'shib_email'
251  ) {
252  $textinput->setRequired(true);
253  }
254  $fields[$setting] = array( "text" => $textinput, "check" => $checkinput );
255  }
256  $propertys->addItem($enable);
257  $propertys->addItem($local);
258  $propertys->addItem($activate_new);
259  $propertys->addItem($defaultrole);
260  $propertys->addItem($name);
261  $internalwayf->addSubItem($idplist);
262  $organize->addOption($internalwayf);
263  $externalwayf->addSubItem($loginbutton);
264  $organize->addOption($externalwayf);
265  $organize->addOption($embeddedwayf);
266  $propertys->addItem($organize);
267  $propertys->addItem($logininstruction);
268  $propertys->addItem($dataconv);
269  foreach ($shib_settings as $setting) {
270  $propertys->addItem($fields[$setting]["text"]);
271  if ($setting != "shib_login") {
272  $propertys->addItem($fields[$setting]["check"]);
273  }
274  }
275  $this->tpl->setContent($propertys->getHTML());
276  }
277 
278 
279  public function save()
280  {
281  $required = array("login", "hos_type", "firstname", "lastname", "email", "user_default_role", "federation_name");
282  array_walk($required, function (&$item) {
283  if (!$_POST["shib"][$item]) {
284  ilUtil::sendFailure($this->lng->txt("fill_out_all_required_fields"), true);
285  $this->ctrl->redirect($this, 'settings');
286  }
287  });
288 
289  // validate api
290  if ($_POST["shib"]["data_conv"] && $_POST["shib"]["data_conv"] != '' && !is_readable($_POST["shib"]["data_conv"])) {
291  ilUtil::sendFailure($this->lng->txt("shib_data_conv_warning"), true);
292  $this->ctrl->redirect($this, 'settings');
293  }
294  // all ok. save settings
295  $shib_settings = array(
296  'shib_login',
297  'shib_title',
298  'shib_firstname',
299  'shib_lastname',
300  'shib_email',
301  'shib_gender',
302  'shib_institution',
303  'shib_department',
304  'shib_zipcode',
305  'shib_city',
306  'shib_country',
307  'shib_street',
308  'shib_phone_office',
309  'shib_phone_home',
310  'shib_phone_mobile',
311  'shib_language',
312  'shib_matriculation'
313  );
314  foreach ($shib_settings as $setting) {
315  $field = str_replace('shib_', '', $setting);
316  if ($_POST["shib"]["update_" . $field] != "1") {
317  $_POST["shib"]["update_" . $field] = "0";
318  }
319  $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
320  $this->ilias->setSetting("shib_update_" . $field, $_POST["shib"]["update_" . $field]);
321  }
322  if ($_POST["shib"]["active"] != "1") {
323  $this->ilias->setSetting("shib_active", "0");
324  $this->ilias->setSetting("shibboleth_active", "0");
325  } else {
326  $this->ilias->setSetting("shib_active", "1");
327  $this->ilias->setSetting("shibboleth_active", "1");
328  }
329  $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
330  $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
331  $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
332  $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
333  $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
334  $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
335  $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
336  $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local'] == '1') ? '1' : '0');
337  $this->ilias->setSetting("shib_activate_new", ($_POST['shib']['activate_new'] == '1') ? '1' : '0');
338 
339  ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"), true);
340  $this->ctrl->redirect($this, 'settings');
341  }
342 
343 
344  protected function roleAssignment()
345  {
346  $this->tabs_gui->setSubTabActive('shib_role_assignment');
347  $this->initFormRoleAssignment('default');
348  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
349  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
350  if (strlen($html = $this->parseRulesTable())) {
351  $this->tpl->setVariable('RULE_TABLE', $html);
352  }
353 
354  return true;
355  }
356 
357 
358  protected function parseRulesTable()
359  {
360  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
361  if (ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
362  return '';
363  }
364  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
365  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
366  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
367  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
368  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
369  $rules_table->setSelectAllCheckbox("rule_id");
370 
371  return $rules_table->getHTML();
372  }
373 
374 
383  protected function confirmDeleteRules()
384  {
385  if (!is_array($_POST['rule_ids'])) {
386  ilUtil::sendFailure($this->lng->txt('select_one'));
387  $this->roleAssignment();
388 
389  return false;
390  }
391  $this->tabs_gui->setSubTabActive('shib_role_assignment');
392  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
393  $c_gui = new ilConfirmationGUI();
394  // set confirm/cancel commands
395  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
396  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
397  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
398  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
399  // add items to delete
400  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
401  foreach ($_POST["rule_ids"] as $rule_id) {
402  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
403  $info = ilObject::_lookupTitle($rule->getRoleId());
404  $info .= " (";
405  $info .= $rule->conditionToString();
406  $info .= ')';
407  $c_gui->addItem('rule_ids[]', $rule_id, $info);
408  }
409  $this->tpl->setContent($c_gui->getHTML());
410  }
411 
412 
419  protected function deleteRules()
420  {
421  if (!is_array($_POST['rule_ids'])) {
422  ilUtil::sendFailure($this->lng->txt('select_once'));
423  $this->roleAssignment();
424 
425  return false;
426  }
427  include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
428  foreach ($_POST["rule_ids"] as $rule_id) {
429  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
430  $rule->delete();
431  }
432  ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
433  $this->roleAssignment();
434 
435  return true;
436  }
437 
438 
439  protected function initFormRoleAssignment($a_mode = 'default')
440  {
441  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
442  $this->form = new ilPropertyFormGUI();
443  $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
444  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
445  if ($a_mode == 'default') {
446  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
447  $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
448  $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
449  } else {
450  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
451  $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
452  $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
453  }
454  // Role selection
455  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
456  $role->setRequired(true);
457  $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
458  $role->addOption($global);
459  $role_select = new ilSelectInputGUI('', 'role_id');
460  $role_select->setOptions($this->prepareRoleSelect());
461  $global->addSubItem($role_select);
462  $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
463  $role->addOption($local);
464  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
465  $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
466  $role_search->setSize(40);
467  $local->addSubItem($role_search);
468  include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
469  $role->setInfo($this->lng->txt('shib_role_name_info'));
470  $this->form->addItem($role);
471  // Update options
472  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
473  $update->setValue($this->lng->txt('shib_check_role_assignment'));
474  $add = new ilCheckboxInputGUI('', 'add_missing');
475  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
476  $add->setValue(1);
477  $update->addSubItem($add);
478  $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
479  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
480  $remove->setValue(1);
481  $update->addSubItem($remove);
482  $this->form->addItem($update);
483  // Assignment type
484  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
485  $kind->setValue(1);
486  $kind->setRequired(true);
487  $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
488  $attr->setInfo($this->lng->txt('shib_attr_info'));
489  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
490  $name->setSize(32);
491  $attr->addSubItem($name);
492  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
493  $value->setSize(32);
494  $attr->addSubItem($value);
495  $kind->addOption($attr);
496  $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
497  $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
498  $pl->setInfo($this->lng->txt('shib_plugin_info'));
499  $pl->setDisabled(!$pl_active);
500  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
501  $id->setDisabled(!$pl_active);
502  $id->setSize(3);
503  $id->setMaxLength(3);
504  $id->setMaxValue(999);
505  $id->setMinValue(1);
506  $pl->addSubItem($id);
507  $kind->addOption($pl);
508  $this->form->addItem($kind);
509  }
510 
511 
515  public function addRoleAutoCompleteObject()
516  {
517  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
518  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
519  }
520 
521 
522  protected function addRoleAssignmentRule()
523  {
524  global $DIC;
525  $ilAccess = $DIC['ilAccess'];
526  $ilErr = $DIC['ilErr'];
527  if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
528  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
529  $this->roleAssignment();
530 
531  return false;
532  }
533  $this->initFormRoleAssignment();
534  if (!$this->form->checkInput() or ($err = $this->checkInput())) {
535  if ($err) {
536  ilUtil::sendFailure($this->lng->txt($err));
537  }
538  $this->tabs_gui->setSubTabActive('shib_role_assignment');
539  $this->form->setValuesByPost();
540  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
541  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
542  if (strlen($html = $this->parseRulesTable())) {
543  $this->tpl->setVariable('RULE_TABLE', $html);
544  }
545 
546  return true;
547  }
548  // Redirects if required
549  $this->showLocalRoleSelection();
550  $this->rule->add();
551  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
552  $this->roleAssignment();
553 
554  return true;
555  }
556 
557 
563  protected function editRoleAssignment()
564  {
565  $this->ctrl->setParameter($this, 'rule_id', (int) $_GET['rule_id']);
566  $this->tabs_gui->setSubTabActive('shib_role_assignment');
567  $this->initFormRoleAssignment('update');
568  $this->getRuleValues();
569  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
570  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
571 
572  return true;
573  }
574 
575 
576  protected function updateRoleAssignmentRule()
577  {
578  global $DIC;
579  $ilAccess = $DIC['ilAccess'];
580  $ilErr = $DIC['ilErr'];
581  if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
582  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
583  $this->roleAssignment();
584 
585  return false;
586  }
587  $this->initFormRoleAssignment();
588  if (!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id']))) {
589  if ($err) {
590  ilUtil::sendFailure($this->lng->txt($err));
591  }
592  $this->tabs_gui->setSubTabActive('shib_role_assignment');
593  $this->form->setValuesByPost();
594  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
595  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
596 
597  return true;
598  }
599  $this->showLocalRoleSelection('update');
600  $this->rule->update();
601  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
602  $this->roleAssignment();
603 
604  return true;
605  }
606 
607 
608  private function loadRule($a_rule_id = 0)
609  {
610  include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
611  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
612  if ($this->form->getInput('role_name') == 0) {
613  $this->rule->setRoleId($this->form->getInput('role_id'));
614  } elseif ($this->form->getInput('role_search')) {
615  // Search role
616  include_once './Services/Search/classes/class.ilQueryParser.php';
617  $parser = new ilQueryParser($this->form->getInput('role_search'));
618  // TODO: Handle minWordLength
619  $parser->setMinWordLength(1, true);
620  $parser->setCombination(QP_COMBINATION_AND);
621  $parser->parse();
622  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
623  $object_search = new ilLikeObjectSearch($parser);
624  $object_search->setFilter(array( 'role' ));
625  $res = $object_search->performSearch();
626  $entries = $res->getEntries();
627  if (count($entries) == 1) {
628  $role = current($entries);
629  $this->rule->setRoleId($role['obj_id']);
630  } elseif (count($entries) > 1) {
631  $this->rule->setRoleId(-1);
632  }
633  }
634  $this->rule->setName($this->form->getInput('attr_name'));
635  $this->rule->setValue($this->form->getInput('attr_value'));
636  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
637  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
638  $this->rule->enablePlugin($this->form->getInput('kind') == 2);
639  $this->rule->setPluginId($this->form->getInput('plugin_id'));
640 
641  return $this->rule;
642  }
643 
644 
645  private function getRuleValues()
646  {
647  global $DIC;
648  $rbacreview = $DIC['rbacreview'];
649  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
650  $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
651  $role = $rule->getRoleId();
652  if ($rbacreview->isGlobalRole($role)) {
653  $values['role_name'] = 0;
654  $values['role_id'] = $role;
655  } else {
656  $values['role_name'] = 1;
657  $values['role_search'] = ilObject::_lookupTitle($role);
658  }
659  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
660  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
661  $values['attr_name'] = $rule->getName();
662  $values['attr_value'] = $rule->getValue();
663  if (!$rule->isPluginActive()) {
664  $values['kind'] = 1;
665  } else {
666  $values['kind'] = 2;
667  $values['plugin_id'] = $rule->getPluginId();
668  }
669  $this->form->setValuesByArray($values);
670  }
671 
672 
673  private function checkInput($a_rule_id = 0)
674  {
675  $this->loadRule($a_rule_id);
676 
677  return $this->rule->validate();
678  }
679 
680 
681  private function showLocalRoleSelection()
682  {
683  if ($this->rule->getRoleId() > 0) {
684  return false;
685  }
686  $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
687  $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
688  $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
689  $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
690  $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
691  $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
692  $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
693  $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
694  $this->ctrl->redirect($this, 'chooseRole');
695  }
696 
697 
698  protected function chooseRole()
699  {
700  $this->tabs_gui->setSubTabActive('shib_role_assignment');
701  include_once './Services/Search/classes/class.ilQueryParser.php';
702  $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
703  $parser->setMinWordLength(1, true);
704  $parser->setCombination(QP_COMBINATION_AND);
705  $parser->parse();
706  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
707  $object_search = new ilLikeObjectSearch($parser);
708  $object_search->setFilter(array( 'role' ));
709  $res = $object_search->performSearch();
710  $entries = $res->getEntries();
711  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
712  $table = new ilRoleSelectionTableGUI($this, 'chooseRole');
713  $table->setTitle($this->lng->txt('shib_role_selection'));
714  $table->addMultiCommand('saveRoleSelection', $this->lng->txt('shib_choose_role'));
715  $table->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
716  $table->parse($entries);
717  $this->tpl->setContent($table->getHTML());
718 
719  return true;
720  }
721 
722 
723  protected function saveRoleSelection()
724  {
725  $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
726  $rule->setRoleId((int) $_POST['role_id']);
727  $rule->setName($_SESSION['shib_role_ass']['name']);
728  $rule->setValue($_SESSION['shib_role_ass']['value']);
729  $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
730  $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
731  $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
732  $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
733  if ($rule->getRuleId()) {
734  $rule->update();
735  } else {
736  $rule->add();
737  }
738  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
739  unset($_SESSION['shib_role_ass']);
740  $this->roleAssignment();
741  }
742 
743 
749  private function hasActiveRoleAssignmentPlugins()
750  {
751  global $DIC;
752  $ilPluginAdmin = $DIC['ilPluginAdmin'];
753 
754  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk'));
755  }
756 
757 
758  private function prepareRoleSelect($a_as_select = true)
759  {
760  global $DIC;
761  $rbacreview = $DIC['rbacreview'];
762  $ilObjDataCache = $DIC['ilObjDataCache'];
763  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(), 'object_data', 'title', 'obj_id');
764  $select[0] = $this->lng->txt('links_select_one');
765  foreach ($global_roles as $role_id) {
766  $select[$role_id] = ilObject::_lookupTitle($role_id);
767  }
768 
769  return $select;
770  }
771 
772 
773  protected function setSubTabs()
774  {
775  global $DIC;
776  $ilSetting = $DIC['ilSetting'];
777  include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
778  if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
779  return false;
780  }
781  // DONE: show sub tabs if there is any role assignment rule
782  $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
783  $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
784 
785  return true;
786  }
787 }
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:13
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:17
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$DIC
global $DIC
Definition: saml.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilAuthShibbolethSettingsGUI\hasActiveRoleAssignmentPlugins
hasActiveRoleAssignmentPlugins()
Check if plugin is active.
Definition: class.ilAuthShibbolethSettingsGUI.php:749
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilRadioOption\setInfo
setInfo($a_info)
Set Info.
Definition: class.ilRadioOption.php:71
$ilErr
$ilErr
Definition: raiseError.php:18
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ilFormPropertyGUI\setInfo
setInfo($a_info)
Set Information Text.
Definition: class.ilFormPropertyGUI.php:145
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:43
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4405
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:14
$values
$values
Definition: testOperations.php:7
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilTextInputGUI\setSize
setSize($a_size)
Set Size.
Definition: class.ilTextInputGUI.php:139
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:16
ilias
redirection script todo: (a better solution should control the processing via a xml file) ...
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4497
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:13
$parser
$parser
Definition: BPMN2Parser.php:23
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:13
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:34
$name
$name
Definition: client_example.php:35
QP_COMBINATION_AND
const QP_COMBINATION_AND
Definition: class.ilQueryParser.php:35
$table
if(empty($password)) $table
Definition: pwgen.php:24
$info
$info
Definition: index.php:5
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$html
$html
Definition: example_001.php:87
ilFormPropertyGUI\setRequired
setRequired($a_required)
Set Required.
Definition: class.ilFormPropertyGUI.php:185
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:15
$data
$data
Definition: bench.php:6
ilAuthShibbolethSettingsGUI\addRoleAutoCompleteObject
addRoleAutoCompleteObject()
Add Member for autoComplete.
Definition: class.ilAuthShibbolethSettingsGUI.php:515