ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
32 class ilLDAPRoleAssignmentRules
33 {
34  const ROLE_ACTION_ASSIGN = 'Assign';
35  const ROLE_ACTION_DEASSIGN = 'Detach';
36 
37  protected static $active_plugins = null;
38  protected static $default_role = null;
39 
40 
46  public static function getDefaultRole($a_server_id)
47  {
48  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
49  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
50 
51  return self::$default_role =
52  ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
53  }
54 
60  public static function getAllPossibleRoles($a_server_id)
61  {
62  global $DIC;
63 
64  $ilDB = $DIC['ilDB'];
65 
66  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
67  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
68  $res = $ilDB->query($query);
69  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
70  $roles[$row->role_id] = $row->role_id;
71  }
72  $gr = self::getDefaultRole($a_server_id);
73  $roles[$gr] = $gr;
74  return $roles ? $roles : array();
75  }
76 
77  // begin-patch ldap_multiple
83  public static function getAttributeNames($a_server_id)
84  {
85  global $DIC;
86 
87  $ilDB = $DIC['ilDB'];
88 
89  $query = "SELECT DISTINCT(att_name) " .
90  "FROM ldap_role_assignments " .
91  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
92  $res = $ilDB->query($query);
93  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
94  $name = strtolower(trim($row->att_name));
95  if ($name) {
96  $names[] = $name;
97  }
98  }
99 
100  $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
101  return $names ? $names : array();
102  }
103 
104  // begin-patch ldap_multiple
118  public static function getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
119  {
120  global $DIC;
121 
122  $ilDB = $DIC['ilDB'];
123  $rbacadmin = $DIC['rbacadmin'];
124  $rbacreview = $DIC['rbacreview'];
125  $ilSetting = $DIC['ilSetting'];
126  $ilLog = $DIC['ilLog'];
127 
128  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
129  "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
130  'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
131 
132  $res = $ilDB->query($query);
133  $roles = array();
134  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
135  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
136  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
137 
138  $matches = $rule->matches($a_usr_data);
139  if ($matches and $row->add_on_update) {
140  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
141  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
142  }
143  if (!$matches and $row->remove_on_update) {
144  $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
145  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
146  }
147  }
148 
149  // Check if there is minimum on global role
150  $deassigned_global = 0;
151  foreach ($roles as $role_data) {
152  if ($role_data['type'] == 'Global' and
153  $role_data['action'] == self::ROLE_ACTION_DEASSIGN) {
154  $deassigned_global++;
155  }
156  }
157  if (count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global) {
158  $ilLog->info(': No global role left. Assigning to default role.');
159  $roles[] = self::parseRole(
160  self::getDefaultRole($a_server_id),
161  self::ROLE_ACTION_ASSIGN
162  );
163  }
164 
165  return $roles ? $roles : array();
166  }
167 
168 
179  public static function getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
180  {
181  global $DIC;
182 
183  $ilDB = $DIC['ilDB'];
184  $ilLog = $DIC['ilLog'];
185 
186  $query = "SELECT rule_id FROM ldap_role_assignments " .
187  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
188  $res = $ilDB->query($query);
189 
190  $num_matches = 0;
191  $roles = array();
192  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
193  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
194  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($row->rule_id);
195 
196  if ($rule->matches($a_usr_data)) {
197  $num_matches++;
198  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
199  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
200  }
201  }
202 
203  // DONE: check for global role
204  $found_global = false;
205  foreach ($roles as $role_data) {
206  if ($role_data['type'] == 'Global') {
207  $found_global = true;
208  break;
209  }
210  }
211  if (!$found_global) {
212  $ilLog->info(': No matching rule found. Assigning to default role.');
213  $roles[] = self::parseRole(
214  self::getDefaultRole($a_server_id),
215  self::ROLE_ACTION_ASSIGN
216  );
217  }
218 
219  return $roles ? $roles : array();
220  }
221 
229  public static function callPlugin($a_plugin_id, $a_user_data)
230  {
231  global $DIC;
232 
233  $ilPluginAdmin = $DIC['ilPluginAdmin'];
234 
235  if (self::$active_plugins == null) {
236  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
237  IL_COMP_SERVICE,
238  'LDAP',
239  'ldaphk'
240  );
241  }
242 
243  $assigned = false;
244  foreach (self::$active_plugins as $plugin_name) {
245  $ok = false;
246  $plugin_obj = $ilPluginAdmin->getPluginObject(
247  IL_COMP_SERVICE,
248  'LDAP',
249  'ldaphk',
250  $plugin_name
251  );
252 
253  if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
254  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
255  }
256 
257  if ($ok) {
258  $assigned = true;
259  }
260  }
261  return $assigned;
262  }
263 
264  // begin-patch ldap_multiple
265 
271  protected static function getAdditionalPluginAttributes($a_server_id)
272  {
273  global $DIC;
274 
275  $ilPluginAdmin = $DIC['ilPluginAdmin'];
276 
277  if (self::$active_plugins == null) {
278  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
279  IL_COMP_SERVICE,
280  'LDAP',
281  'ldaphk'
282  );
283  }
284 
285  $attributes = array();
286  foreach (self::$active_plugins as $plugin_name) {
287  $ok = false;
288  $plugin_obj = $ilPluginAdmin->getPluginObject(
289  IL_COMP_SERVICE,
290  'LDAP',
291  'ldaphk',
292  $plugin_name
293  );
294 
295  if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
296  $attributes = array_merge($attributes, $plugin_obj->getAdditionalAttributeNames());
297  }
298  }
299  return $attributes ? $attributes : array();
300  }
301 
302 
309  protected static function parseRole($a_role_id, $a_action)
310  {
311  global $DIC;
312 
313  $rbacreview = $DIC['rbacreview'];
314 
315  return array(
316  'id' => $a_role_id,
317  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
318  'action' => $a_action
319  );
320  }
321 }
ilLDAPRoleAssignmentRules\getAdditionalPluginAttributes
static getAdditionalPluginAttributes($a_server_id)
Fetch additional attributes from plugin.
Definition: class.ilLDAPRoleAssignmentRules.php:271
ilLDAPRoleAssignmentPlugin
Interface for ldap role assignment plugins.
Definition: interface.ilLDAPRoleAssignmentPlugin.php:32
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:179
$DIC
global $DIC
Definition: saml.php:7
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
Definition: class.ilLDAPAttributeMapping.php:102
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
type $ilDB type $rbacadmin type $rbacreview type $ilSetting type $ilLog
Definition: class.ilLDAPRoleAssignmentRules.php:118
ilLDAPRoleAssignmentRules\getDefaultRole
static getDefaultRole($a_server_id)
Get default global role.
Definition: class.ilLDAPRoleAssignmentRules.php:46
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:83
ilLDAPRoleAssignmentRules\parseRole
static parseRole($a_role_id, $a_action)
Parse role.
Definition: class.ilLDAPRoleAssignmentRules.php:309
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:229
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
$query
$query
Definition: proxy_ylocal.php:13
$attributes
if(array_key_exists('yes', $_REQUEST)) $attributes
Definition: getconsent.php:85
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$row
$row
Definition: migrateto20.php:360
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles($a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:60
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$name
$name
Definition: client_example.php:35
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6