Collaboration diagram for ilLDAPRoleAssignmentRule:

Public Member Functions
	matches ($a_user_data)
	Check if a rule matches. More...

	setRoleId ($a_role_id)
	set role id More...

	getRoleId ()
	get role id More...

	getRuleId ()
	get id More...

	setServerId ($a_id)
	set server id More...

	getServerId ()
	get server id More...

	setType ($a_type)
	set type More...

	getType ()
	getType More...

	setDN ($a_dn)
	set dn More...

	getDN ()
	get dn More...

	setMemberAttribute ($a_attribute)
	public More...

	getMemberAttribute ()
	get attribute More...

	setMemberIsDN ($a_status)
	set member attribute is dn More...

	isMemberAttributeDN ()
	is member attribute dn More...

	setAttributeName ($a_name)
	set attribute name More...

	getAttributeName ()
	get attribute name More...

	setAttributeValue ($a_value)
	set attribute value More...

	getAttributeValue ()
	get atrtibute value More...

	enableAddOnUpdate ($a_status)

	isAddOnUpdateEnabled ()

	enableRemoveOnUpdate ($a_status)

	isRemoveOnUpdateEnabled ()

	setPluginId ($a_id)

	getPluginId ()

	isPluginActive ()

	conditionToString ()
	condition to string More...

	create ()
	create More...

	update ()
	update More...

	validate ()
	validate More...

	delete ()
	delete rule More...

Static Public Member Functions
static	_getInstanceByRuleId ($a_rule_id)
	get instance by rule id More...

static	hasRulesForUpdate ()
	Check if there any rule for updates. More...

static	_getRules ($a_server_id)
	Get all rules. More...

Data Fields
const	TYPE_GROUP = 1

const	TYPE_ATTRIBUTE = 2

const	TYPE_PLUGIN = 3

Protected Member Functions
	wildcardCompare ($a_str1, $a_str2)

Private Member Functions
	__construct ($a_id=0)
	Constructor. More...

	isGroupMember ($a_user_data)
	Check if user is member of specific group. More...

	read ()
	load from db More...

Private Attributes
	$logger = null

	$db = null

	$server_id = 0

	$plugin_active = false

	$add_on_update = false

	$remove_on_update = false

	$plugin_id = 0

Static Private Attributes
static	$instances = null

Detailed Description

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 10 of file class.ilLDAPRoleAssignmentRule.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPRoleAssignmentRule::__construct ( $a_id = 0 )

private

Constructor.

private

Parameters

int rule id

Definition at line 42 of file class.ilLDAPRoleAssignmentRule.php.

References $GLOBALS, and read().

     {
         $this->db = $GLOBALS['DIC']->database();
         $this->logger = $GLOBALS['DIC']->logger()->auth();
 
         $this->rule_id = $a_id;
         $this->read();
     }

Here is the call graph for this function:

Member Function Documentation

◆ _getInstanceByRuleId()

static ilLDAPRoleAssignmentRule::_getInstanceByRuleId ( $a_rule_id )

static

get instance by rule id

public

Parameters

int rule id

Definition at line 59 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by ilLDAPSettingsGUI\confirmDeleteRules(), ilLDAPSettingsGUI\deleteRules(), ilLDAPSettingsGUI\editRoleAssignment(), ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), ilLDAPRoleAssignmentRules\getAssignmentsForUpdate(), ilLDAPSettingsGUI\loadRoleAssignmentRule(), and ilLDAPSettingsGUI\roleAssignments().

     {
         if (isset(self::$instances[$a_rule_id])) {
             return self::$instances[$a_rule_id];
         }
         return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
     }

Here is the caller graph for this function:

◆ _getRules()

static ilLDAPRoleAssignmentRule::_getRules ( $a_server_id )

static

Get all rules.

public

Returns: ilLDAPRoleAssignmentRule

Definition at line 182 of file class.ilLDAPRoleAssignmentRule.php.

References $GLOBALS, $ilDB, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPServer\delete(), ilLDAPSettingsGUI\getRoleAssignmentTable(), and ilLDAPSettingsGUI\roleAssignments().

     {
         $ilDB = $GLOBALS['DIC']->database();
         
         $query = "SELECT rule_id FROM ldap_role_assignments " .
                 "WHERE server_id = " . $ilDB->quote($a_server_id, 'integer');
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $rules[] = self::_getInstanceByRuleId($row->rule_id);
         }
         return $rules ? $rules : array();
     }

Here is the caller graph for this function:

◆ conditionToString()

ilLDAPRoleAssignmentRule::conditionToString ( )

condition to string

public

Definition at line 433 of file class.ilLDAPRoleAssignmentRule.php.

References $GLOBALS, $lng, getAttributeName(), getAttributeValue(), getDN(), getPluginId(), and getType().

     {
         $lng = $GLOBALS['DIC']->language();
         
         switch ($this->getType()) {
             case self::TYPE_PLUGIN:
                 return $lng->txt('ldap_plugin_id') . ': ' . $this->getPluginId();
             
             case self::TYPE_GROUP:
                 $dn_arr = explode(',', $this->getDN());
                 return $dn_arr[0];
                 
             
             case self::TYPE_ATTRIBUTE:
                 return $this->getAttributeName() . '=' . $this->getAttributeValue();
         }
     }

Here is the call graph for this function:

◆ create()

ilLDAPRoleAssignmentRule::create ( )

create

public

Parameters

Definition at line 459 of file class.ilLDAPRoleAssignmentRule.php.

References $db, $ilDB, $query, $res, getAttributeName(), getAttributeValue(), getDN(), getMemberAttribute(), getPluginId(), getRoleId(), getServerId(), getType(), isAddOnUpdateEnabled(), isMemberAttributeDN(), and isRemoveOnUpdateEnabled().

     {
         $ilDB = $this->db;
         $next_id = $ilDB->nextId('ldap_role_assignments');
 
         $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, " .
             "add_on_update, remove_on_update, plugin_id ) " .
             "VALUES( " .
             $this->db->quote($this->getServerId(), 'integer') . ", " .
             $this->db->quote($next_id, 'integer') . ", " .
             $this->db->quote($this->getType(), 'integer') . ", " .
             $this->db->quote($this->getDN(), 'text') . ", " .
             $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
             $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
             $this->db->quote($this->getAttributeName(), 'text') . ", " .
             $this->db->quote($this->getAttributeValue(), 'text') . ", " .
             $this->db->quote($this->getRoleId(), 'integer') . ", " .
             $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
             $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
             $this->db->quote($this->getPluginId(), 'integer') . ' ' .
             ")";
         $res = $ilDB->manipulate($query);
         $this->rule_id = $next_id;
                 
         return true;
     }

Here is the call graph for this function:

◆ delete()

ilLDAPRoleAssignmentRule::delete ( )

delete rule

public

Definition at line 565 of file class.ilLDAPRoleAssignmentRule.php.

References $db, $ilDB, $query, $res, and getRuleId().

     {
         $ilDB = $this->db;
         
         $query = "DELETE FROM ldap_role_assignments " .
             "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
         $res = $ilDB->manipulate($query);
         return true;
     }

Here is the call graph for this function:

◆ enableAddOnUpdate()

ilLDAPRoleAssignmentRule::enableAddOnUpdate ( $a_status )

Definition at line 391 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->add_on_update = $a_status;
     }

Here is the caller graph for this function:

◆ enableRemoveOnUpdate()

ilLDAPRoleAssignmentRule::enableRemoveOnUpdate ( $a_status )

Definition at line 401 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->remove_on_update = $a_status;
     }

Here is the caller graph for this function:

◆ getAttributeName()

ilLDAPRoleAssignmentRule::getAttributeName ( )

get attribute name

public

Definition at line 363 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by conditionToString(), create(), matches(), update(), and validate().

     {
         return $this->attribute_name;
     }

Here is the caller graph for this function:

◆ getAttributeValue()

ilLDAPRoleAssignmentRule::getAttributeValue ( )

get atrtibute value

public

Definition at line 386 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by conditionToString(), create(), matches(), update(), and validate().

     {
         return $this->attribute_value;
     }

Here is the caller graph for this function:

◆ getDN()

ilLDAPRoleAssignmentRule::getDN ( )

get dn

public

Definition at line 294 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by conditionToString(), create(), isGroupMember(), update(), and validate().

     {
         return $this->dn;
     }

Here is the caller graph for this function:

◆ getMemberAttribute()

ilLDAPRoleAssignmentRule::getMemberAttribute ( )

get attribute

public

Definition at line 317 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by create(), isGroupMember(), update(), and validate().

     {
         return $this->member_attribute;
     }

Here is the caller graph for this function:

◆ getPluginId()

ilLDAPRoleAssignmentRule::getPluginId ( )

Definition at line 416 of file class.ilLDAPRoleAssignmentRule.php.

References $plugin_id.

Referenced by conditionToString(), create(), matches(), update(), and validate().

     {
         return $this->plugin_id;
     }

Here is the caller graph for this function:

◆ getRoleId()

ilLDAPRoleAssignmentRule::getRoleId ( )

get role id

public

Definition at line 213 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by create(), matches(), update(), and validate().

     {
         return $this->role_id;
     }

Here is the caller graph for this function:

◆ getRuleId()

ilLDAPRoleAssignmentRule::getRuleId ( )

get id

public

Definition at line 224 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by delete(), read(), and update().

     {
         return $this->rule_id;
     }

Here is the caller graph for this function:

◆ getServerId()

ilLDAPRoleAssignmentRule::getServerId ( )

get server id

public

Definition at line 247 of file class.ilLDAPRoleAssignmentRule.php.

References $server_id.

Referenced by create(), isGroupMember(), and update().

     {
         return $this->server_id;
     }

Here is the caller graph for this function:

◆ getType()

ilLDAPRoleAssignmentRule::getType ( )

getType

public

Parameters

Definition at line 271 of file class.ilLDAPRoleAssignmentRule.php.

References $type.

Referenced by conditionToString(), create(), isPluginActive(), matches(), update(), and validate().

     {
         return $this->type;
     }

Here is the caller graph for this function:

◆ hasRulesForUpdate()

static ilLDAPRoleAssignmentRule::hasRulesForUpdate ( )

static

Check if there any rule for updates.

Returns

Definition at line 71 of file class.ilLDAPRoleAssignmentRule.php.

References $DIC, $ilDB, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPUserSynchronisation\isUpdateRequired().

     {
         global $DIC;
 
         $ilDB = $DIC['ilDB'];
         
         $query = 'SELECT COUNT(*) num FROM ldap_role_assignments ' .
             'WHERE add_on_update = 1 ' .
             'OR remove_on_update = 1 ';
         $res = $ilDB->query($query);
         $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
         return $row->num > 0;
     }

Here is the caller graph for this function:

◆ isAddOnUpdateEnabled()

ilLDAPRoleAssignmentRule::isAddOnUpdateEnabled ( )

Definition at line 396 of file class.ilLDAPRoleAssignmentRule.php.

References $add_on_update.

Referenced by create(), and update().

     {
         return (bool) $this->add_on_update;
     }

Here is the caller graph for this function:

◆ isGroupMember()

ilLDAPRoleAssignmentRule::isGroupMember ( $a_user_data )

private

Check if user is member of specific group.

private

Parameters

array	user data
array	user_data

Definition at line 140 of file class.ilLDAPRoleAssignmentRule.php.

References $query, $res, $server, getDN(), ilLDAPServer\getInstanceByServerId(), getMemberAttribute(), getServerId(), IL_LDAP_SCOPE_BASE, and isMemberAttributeDN().

Referenced by matches().

     {
         $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
 
         if ($this->isMemberAttributeDN()) {
             if ($server->enabledEscapeDN()) {
                 $user_cmp = ldap_escape($a_user_data['dn'], "", LDAP_ESCAPE_FILTER);
             } else {
                 $user_cmp = $a_user_data['dn'];
             }
         } else {
             $user_cmp = $a_user_data['ilExternalAccount'];
         }
         
         try {
             $query = new ilLDAPQuery($server);
             $query->bind();
             $res = $query->query(
                 $this->getDN(),
                 sprintf(
                     '(%s=%s)',
                     $this->getMemberAttribute(),
                     $user_cmp
                 ),
                 IL_LDAP_SCOPE_BASE,
                 array('dn')
             );
             return $res->numRows() ? true : false;
         } catch (ilLDAPQueryException $e) {
             $this->logger->warning(': Caught Exception: ' . $e->getMessage());
             return false;
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isMemberAttributeDN()

ilLDAPRoleAssignmentRule::isMemberAttributeDN ( )

is member attribute dn

public

Definition at line 340 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by create(), isGroupMember(), and update().

     {
         return (bool) $this->member_is_dn;
     }

Here is the caller graph for this function:

◆ isPluginActive()

ilLDAPRoleAssignmentRule::isPluginActive ( )

Definition at line 421 of file class.ilLDAPRoleAssignmentRule.php.

References getType().

     {
         return (bool) $this->getType() == self::TYPE_PLUGIN;
     }

Here is the call graph for this function:

◆ isRemoveOnUpdateEnabled()

ilLDAPRoleAssignmentRule::isRemoveOnUpdateEnabled ( )

Definition at line 406 of file class.ilLDAPRoleAssignmentRule.php.

References $remove_on_update.

Referenced by create(), and update().

     {
         return (bool) $this->remove_on_update;
     }

Here is the caller graph for this function:

◆ matches()

ilLDAPRoleAssignmentRule::matches ( $a_user_data )

Check if a rule matches.

Returns

Parameters

object $a_user_data

Definition at line 90 of file class.ilLDAPRoleAssignmentRule.php.

References ilObject\_lookupTitle(), ilLDAPRoleAssignmentRules\callPlugin(), getAttributeName(), getAttributeValue(), getPluginId(), getRoleId(), getType(), isGroupMember(), and wildcardCompare().

     {
         switch ($this->getType()) {
             case self::TYPE_PLUGIN:
                 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
                 
             case self::TYPE_ATTRIBUTE:
                 
                 $attn = strtolower($this->getAttributeName());
                 
                 if (!isset($a_user_data[$attn])) {
                     return false;
                 }
 
                 if (!is_array($a_user_data[$attn])) {
                     $attribute_val = array(0 => $a_user_data[$attn]);
                 } else {
                     $attribute_val = $a_user_data[$attn];
                 }
                 
                 foreach ($attribute_val as $value) {
                     if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
                         $this->logger->debug(': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
                         return true;
                     }
                 }
                 return false;
 
             case self::TYPE_GROUP:
                 return $this->isGroupMember($a_user_data);
                 
         }
     }

Here is the call graph for this function:

◆ read()

ilLDAPRoleAssignmentRule::read ( )

private

load from db

private

Definition at line 580 of file class.ilLDAPRoleAssignmentRule.php.

References $db, $ilDB, $query, $res, $row, enableAddOnUpdate(), enableRemoveOnUpdate(), ilDBConstants\FETCHMODE_OBJECT, getRuleId(), setAttributeName(), setAttributeValue(), setDN(), setMemberAttribute(), setMemberIsDN(), setPluginId(), setRoleId(), setServerId(), and setType().

Referenced by __construct().

     {
         $ilDB = $this->db;
         
         $query = "SELECT * FROM ldap_role_assignments " .
             "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
         
         $res = $this->db->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $this->setServerId($row->server_id);
             $this->setType($row->type);
             $this->setDN($row->dn);
             $this->setMemberAttribute($row->attribute);
             $this->setMemberIsDN($row->isdn);
             $this->setAttributeName($row->att_name);
             $this->setAttributeValue($row->att_value);
             $this->setRoleId($row->role_id);
             $this->enableAddOnUpdate($row->add_on_update);
             $this->enableRemoveOnUpdate($row->remove_on_update);
             $this->setPluginId($row->plugin_id);
         }
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ setAttributeName()

ilLDAPRoleAssignmentRule::setAttributeName ( $a_name )

set attribute name

public

Parameters

Definition at line 352 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->attribute_name = $a_name;
     }

Here is the caller graph for this function:

◆ setAttributeValue()

ilLDAPRoleAssignmentRule::setAttributeValue ( $a_value )

set attribute value

public

Parameters

string value

Definition at line 375 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->attribute_value = $a_value;
     }

Here is the caller graph for this function:

◆ setDN()

ilLDAPRoleAssignmentRule::setDN ( $a_dn )

set dn

public

Parameters

string dn

Definition at line 283 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->dn = $a_dn;
     }

Here is the caller graph for this function:

◆ setMemberAttribute()

ilLDAPRoleAssignmentRule::setMemberAttribute ( $a_attribute )

public

Parameters

Definition at line 306 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->member_attribute = $a_attribute;
     }

Here is the caller graph for this function:

◆ setMemberIsDN()

ilLDAPRoleAssignmentRule::setMemberIsDN ( $a_status )

set member attribute is dn

public

Parameters

bool status

Definition at line 329 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->member_is_dn = $a_status;
     }

Here is the caller graph for this function:

◆ setPluginId()

ilLDAPRoleAssignmentRule::setPluginId ( $a_id )

Definition at line 411 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->plugin_id = $a_id;
     }

Here is the caller graph for this function:

◆ setRoleId()

ilLDAPRoleAssignmentRule::setRoleId ( $a_role_id )

set role id

public

Parameters

int	role id of global role

Definition at line 202 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->role_id = $a_role_id;
     }

Here is the caller graph for this function:

◆ setServerId()

ilLDAPRoleAssignmentRule::setServerId ( $a_id )

set server id

public

Parameters

int server id

Definition at line 236 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by read().

     {
         $this->server_id = $a_id;
     }

Here is the caller graph for this function:

◆ setType()

ilLDAPRoleAssignmentRule::setType ( $a_type )

set type

public

Parameters

int type

Definition at line 259 of file class.ilLDAPRoleAssignmentRule.php.

References $a_type.

Referenced by read().

     {
         $this->type = $a_type;
     }

Here is the caller graph for this function:

◆ update()

ilLDAPRoleAssignmentRule::update ( )

update

public

Definition at line 492 of file class.ilLDAPRoleAssignmentRule.php.

References $db, $ilDB, $query, $res, getAttributeName(), getAttributeValue(), getDN(), getMemberAttribute(), getPluginId(), getRoleId(), getRuleId(), getServerId(), getType(), isAddOnUpdateEnabled(), isMemberAttributeDN(), and isRemoveOnUpdateEnabled().

     {
         $ilDB = $this->db;
         
         $query = "UPDATE ldap_role_assignments " .
             "SET server_id = " . $this->db->quote($this->getServerId(), 'integer') . ", " .
             "type = " . $this->db->quote($this->getType(), 'integer') . ", " .
             "dn = " . $this->db->quote($this->getDN(), 'text') . ", " .
             "attribute = " . $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
             "isdn = " . $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
             "att_name = " . $this->db->quote($this->getAttributeName(), 'text') . ", " .
             "att_value = " . $this->db->quote($this->getAttributeValue(), 'text') . ", " .
             "role_id = " . $this->db->quote($this->getRoleId(), 'integer') . ", " .
             "add_on_update = " . $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
             'remove_on_update = ' . $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
             'plugin_id = ' . $this->db->quote($this->getPluginId(), 'integer') . ' ' .
             "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
         $res = $ilDB->manipulate($query);
         return true;
     }

Here is the call graph for this function:

◆ validate()

ilLDAPRoleAssignmentRule::validate ( )

validate

public

Definition at line 519 of file class.ilLDAPRoleAssignmentRule.php.

References $DIC, $ilErr, getAttributeName(), getAttributeValue(), getDN(), getMemberAttribute(), getPluginId(), getRoleId(), and getType().

     {
         global $DIC;
 
         $ilErr = $DIC['ilErr'];
         
         $ilErr->setMessage('');
         
         if (!$this->getRoleId()) {
             $ilErr->setMessage('fill_out_all_required_fields');
             return false;
         }
         switch ($this->getType()) {
             case self::TYPE_GROUP:
                 if (!strlen($this->getDN()) or !strlen($this->getMemberAttribute())) {
                     $ilErr->setMessage('fill_out_all_required_fields');
                     return false;
                 }
                 break;
             case self::TYPE_ATTRIBUTE:
                 if (!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue())) {
                     $ilErr->setMessage('fill_out_all_required_fields');
                     return false;
                 }
                 break;
                 
             case self::TYPE_PLUGIN:
                 if (!$this->getPluginId()) {
                     $ilErr->setMessage('ldap_err_missing_plugin_id');
                     return false;
                 }
                 break;
                 
             default:
                 $ilErr->setMessage('ldap_no_type_given');
                 return false;
         }
         return true;
     }

Here is the call graph for this function:

◆ wildcardCompare()

ilLDAPRoleAssignmentRule::wildcardCompare	(	$a_str1,
		$a_str2
	)

protected

Definition at line 125 of file class.ilLDAPRoleAssignmentRule.php.

Referenced by matches().

     {
         $pattern = str_replace('*', '.*?', $a_str1);
         $this->logger->debug(': Replace pattern:' . $pattern . ' => ' . $a_str2);
         return (bool) preg_match('/^' . $pattern . '$/i', $a_str2);
     }