d4/d11/class_8ilShibbolethRoleAssignmentRules_8php_source.html

 <?php
 /*
     +-----------------------------------------------------------------------------+
     | ILIAS open source                                                           |
     +-----------------------------------------------------------------------------+
     | Copyright (c) 1998-2006 ILIAS open source, University of Cologne            |
     |                                                                             |
     | This program is free software; you can redistribute it and/or               |
     | modify it under the terms of the GNU General Public License                 |
     | as published by the Free Software Foundation; either version 2              |
     | of the License, or (at your option) any later version.                      |
     |                                                                             |
     | This program is distributed in the hope that it will be useful,             |
     | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
     | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
     | GNU General Public License for more details.                                |
     |                                                                             |
     | You should have received a copy of the GNU General Public License           |
     | along with this program; if not, write to the Free Software                 |
     | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
     +-----------------------------------------------------------------------------+
 */

 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';

 class ilShibbolethRoleAssignmentRules
 {
     protected static $active_plugins = null;


     public static function getAllRules()
     {
         global $DIC;
         $ilDB = $DIC['ilDB'];
         $rules = array();
         $query = "SELECT rule_id FROM shib_role_assignment ORDER BY rule_id";
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $rules[$row->rule_id] = new ilShibbolethRoleAssignmentRule($row->rule_id);
         }

         return $rules;
     }


     public static function getCountRules()
     {
         global $DIC;
         $ilDB = $DIC['ilDB'];
         $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             return $row->num;
         }

         return 0;
     }


     public static function updateAssignments($a_usr_id, $a_data)
     {
         require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');

         global $DIC;
         $ilDB = $DIC['ilDB'];
         $rbacadmin = $DIC['rbacadmin'];
         $rbacreview = $DIC['rbacreview'];
         $ilLog = $DIC['ilLog'];
         $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
             //                  $matches = $rule->matches($a_data);
             if ($rule->doesMatch($a_data) and $row->add_on_update) {
                 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
             }
             if (!$rule->doesMatch($a_data) and $row->remove_on_update) {
                 $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
                 $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
             }
         }
         // check if is assigned to minimum one global role
         if (!array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
             $default_role = shibConfig::getInstance()->getUserDefaultRole();
             $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
             $rbacadmin->assignUser($default_role, $a_usr_id);
         }

         return true;
     }


     public static function doAssignments($a_usr_id, $a_data)
     {
         global $DIC;
         $ilDB = $DIC['ilDB'];
         $rbacadmin = $DIC['rbacadmin'];
         $ilLog = $DIC['ilLog'];
         $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
         $num_matches = 0;
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
             if ($rule->doesMatch($a_data)) {
                 $num_matches++;
                 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
             }
         }
         // Assign to default if no matching found
         if (!$num_matches) {
             $default_role = shibConfig::getInstance()->getUserDefaultRole();
             $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
             $rbacadmin->assignUser($default_role, $a_usr_id);
         }

         return true;
     }


     public static function callPlugin($a_plugin_id, $a_user_data)
     {
         global $DIC;
         $ilPluginAdmin = $DIC['ilPluginAdmin'];
         if (self::$active_plugins == null) {
             self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
         }
         $assigned = false;
         foreach (self::$active_plugins as $plugin_name) {
             $ok = false;
             $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
             if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
                 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
             }
             if ($ok) {
                 $assigned = true;
             }
         }

         return $assigned;
     }
 }
ilShibbolethRoleAssignmentRules\getCountRules
static getCountRules()
Definition: class.ilShibbolethRoleAssignmentRules.php:62

ilShibbolethRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:156

$DIC
global $DIC
Definition: saml.php:7

ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988

ilShibbolethRoleAssignmentRules
Shibboleth role assignment rules.
Definition: class.ilShibbolethRoleAssignmentRules.php:36

shibConfig\getInstance
static getInstance()
Definition: class.shibConfig.php:208

$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

$rule
$rule
Definition: showstats.php:43

ilShibbolethRoleAssignmentPlugin
Interface for shibboleth role assignment plugins.
Definition: interface.ilShibbolethRoleAssignmentPlugin.php:33

ilShibbolethRoleAssignmentRules\doAssignments
static doAssignments($a_usr_id, $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:122

$query
$query
Definition: proxy_ylocal.php:13

$ok
$ok
Definition: UtfNormalTest.php:80

$ilLog
$ilLog
Definition: inc.setup_header.php:123

$row
$row
Definition: migrateto20.php:360

$ilDB
global $ilDB
Definition: storeScorm2004.php:16

ilShibbolethRoleAssignmentRules\$active_plugins
static $active_plugins
Definition: class.ilShibbolethRoleAssignmentRules.php:38

php

and

ilDBConstants\FETCHMODE_OBJECT
const FETCHMODE_OBJECT
Definition: class.ilDBConstants.php:13

ilShibbolethRoleAssignmentRules\updateAssignments
static updateAssignments($a_usr_id, $a_data)
Definition: class.ilShibbolethRoleAssignmentRules.php:82

ilShibbolethRoleAssignmentRule
Shibboleth role assignment rule.
Definition: class.ilShibbolethRoleAssignmentRule.php:35

IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6