Shibboleth role assignment rules. More...

Collaboration diagram for ilShibbolethRoleAssignmentRules:

Static Public Member Functions
static	getCountRules ()

static	updateAssignments ($a_usr_id, $a_data)

static	doAssignments ($a_usr_id, $a_data)

static	callPlugin ($a_plugin_id, $a_user_data)

Static Protected Attributes
static	$active_plugins = null

Detailed Description

Shibboleth role assignment rules.

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om; Fabian Schmid fabia.nosp@m.n.sc.nosp@m.hmid@.nosp@m.ilub.nosp@m..unib.nosp@m.e.ch

Version: $Id$

Definition at line 36 of file class.ilShibbolethRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilShibbolethRoleAssignmentRules::callPlugin	(	$a_plugin_id,
		$a_user_data
	)

static

Parameters

$a_plugin_id
$a_user_data

Returns: bool

Definition at line 156 of file class.ilShibbolethRoleAssignmentRules.php.

    {
        global $DIC;
        $ilPluginAdmin = $DIC['ilPluginAdmin'];
        if (self::$active_plugins == null) {
            self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
        }
        $assigned = false;
        foreach (self::$active_plugins as $plugin_name) {
            $ok = false;
            $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
            if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
                $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
            }
            if ($ok) {
                $assigned = true;
            }
        }
 
        return $assigned;
    }

References $DIC, $ok, and IL_COMP_SERVICE.

Referenced by ilShibbolethRoleAssignmentRule\doesMatch(), and ilShibbolethRoleAssignmentRule\matches().

Here is the caller graph for this function:

◆ doAssignments()

static ilShibbolethRoleAssignmentRules::doAssignments	(	$a_usr_id,
		$a_data
	)

static

Parameters

$a_usr_id
$a_data

Returns: bool

Definition at line 122 of file class.ilShibbolethRoleAssignmentRules.php.

    {
        global $DIC;
        $ilDB = $DIC['ilDB'];
        $rbacadmin = $DIC['rbacadmin'];
        $ilLog = $DIC['ilLog'];
        $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
        $num_matches = 0;
        $res = $ilDB->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
            if ($rule->doesMatch($a_data)) {
                $num_matches++;
                $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
            }
        }
        // Assign to default if no matching found
        if (!$num_matches) {
            $default_role = shibConfig::getInstance()->getUserDefaultRole();
            $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
            $rbacadmin->assignUser($default_role, $a_usr_id);
        }
 
        return true;
    }

References $DIC, $ilDB, $ilLog, $query, $res, $row, $rule, ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ilAuthProviderShibboleth\doAuthentication().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getCountRules()

static ilShibbolethRoleAssignmentRules::getCountRules ( )

static

Definition at line 62 of file class.ilShibbolethRoleAssignmentRules.php.

    {
        global $DIC;
        $ilDB = $DIC['ilDB'];
        $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
        $res = $ilDB->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            return $row->num;
        }
 
        return 0;
    }

References $DIC, $ilDB, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthShibbolethSettingsGUI\parseRulesTable(), and ilAuthShibbolethSettingsGUI\setSubTabs().

Here is the caller graph for this function:

◆ updateAssignments()

static ilShibbolethRoleAssignmentRules::updateAssignments	(	$a_usr_id,
		$a_data
	)

static

Parameters

$a_usr_id
$a_data

Returns: bool

Definition at line 82 of file class.ilShibbolethRoleAssignmentRules.php.

    {
        require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');
 
        global $DIC;
        $ilDB = $DIC['ilDB'];
        $rbacadmin = $DIC['rbacadmin'];
        $rbacreview = $DIC['rbacreview'];
        $ilLog = $DIC['ilLog'];
        $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
        $res = $ilDB->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
            //                  $matches = $rule->matches($a_data);
            if ($rule->doesMatch($a_data) and $row->add_on_update) {
                $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
            }
            if (!$rule->doesMatch($a_data) and $row->remove_on_update) {
                $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
                $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
            }
        }
        // check if is assigned to minimum one global role
        if (!array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
            $default_role = shibConfig::getInstance()->getUserDefaultRole();
            $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
            $rbacadmin->assignUser($default_role, $a_usr_id);
        }
 
        return true;
    }