ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Static Public Member Functions | Static Protected Attributes
ilShibbolethRoleAssignmentRules Class Reference

Shibboleth role assignment rules. More...

+ Collaboration diagram for ilShibbolethRoleAssignmentRules:

Static Public Member Functions

static getCountRules ()
 
static updateAssignments ($a_usr_id, $a_data)
 
static doAssignments ($a_usr_id, $a_data)
 
static callPlugin ($a_plugin_id, $a_user_data)
 

Static Protected Attributes

static $active_plugins = null
 

Detailed Description

Shibboleth role assignment rules.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Fabian Schmid fabia.nosp@m.n.sc.nosp@m.hmid@.nosp@m.ilub.nosp@m..unib.nosp@m.e.ch
Version
$Id$

Definition at line 36 of file class.ilShibbolethRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilShibbolethRoleAssignmentRules::callPlugin (   $a_plugin_id,
  $a_user_data 
)
static
Parameters
$a_plugin_id
$a_user_data
Returns
bool

Definition at line 156 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ok, and IL_COMP_SERVICE.

Referenced by ilShibbolethRoleAssignmentRule\doesMatch(), and ilShibbolethRoleAssignmentRule\matches().

157  {
158  global $DIC;
159  $ilPluginAdmin = $DIC['ilPluginAdmin'];
160  if (self::$active_plugins == null) {
161  self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
162  }
163  $assigned = false;
164  foreach (self::$active_plugins as $plugin_name) {
165  $ok = false;
166  $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
167  if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
168  $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
169  }
170  if ($ok) {
171  $assigned = true;
172  }
173  }
174 
175  return $assigned;
176  }
$DIC
global $DIC
Definition: saml.php:7
ilShibbolethRoleAssignmentPlugin
Interface for shibboleth role assignment plugins.
Definition: interface.ilShibbolethRoleAssignmentPlugin.php:33
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
+ Here is the caller graph for this function:

◆ doAssignments()

static ilShibbolethRoleAssignmentRules::doAssignments (   $a_usr_id,
  $a_data 
)
static
Parameters
$a_usr_id
$a_data
Returns
bool

Definition at line 122 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ilDB, $ilLog, $query, $res, $row, $rule, ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ilAuthProviderShibboleth\doAuthentication().

123  {
124  global $DIC;
125  $ilDB = $DIC['ilDB'];
126  $rbacadmin = $DIC['rbacadmin'];
127  $ilLog = $DIC['ilLog'];
128  $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
129  $num_matches = 0;
130  $res = $ilDB->query($query);
131  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
132  $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
133  if ($rule->doesMatch($a_data)) {
134  $num_matches++;
135  $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
136  $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
137  }
138  }
139  // Assign to default if no matching found
140  if (!$num_matches) {
141  $default_role = shibConfig::getInstance()->getUserDefaultRole();
142  $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
143  $rbacadmin->assignUser($default_role, $a_usr_id);
144  }
145 
146  return true;
147  }
$DIC
global $DIC
Definition: saml.php:7
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
shibConfig\getInstance
static getInstance()
Definition: class.shibConfig.php:208
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
$query
$query
Definition: proxy_ylocal.php:13
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getCountRules()

static ilShibbolethRoleAssignmentRules::getCountRules ( )
static

Definition at line 62 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, $row, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthShibbolethSettingsGUI\parseRulesTable(), and ilAuthShibbolethSettingsGUI\setSubTabs().

63  {
64  global $DIC;
65  $ilDB = $DIC['ilDB'];
66  $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
67  $res = $ilDB->query($query);
68  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
69  return $row->num;
70  }
71 
72  return 0;
73  }
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ updateAssignments()

static ilShibbolethRoleAssignmentRules::updateAssignments (   $a_usr_id,
  $a_data 
)
static
Parameters
$a_usr_id
$a_data
Returns
bool

Definition at line 82 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ilDB, $ilLog, $query, $res, $row, $rule, ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and shibConfig\getInstance().

Referenced by ilAuthProviderShibboleth\doAuthentication().

83  {
84  require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');
85 
86  global $DIC;
87  $ilDB = $DIC['ilDB'];
88  $rbacadmin = $DIC['rbacadmin'];
89  $rbacreview = $DIC['rbacreview'];
90  $ilLog = $DIC['ilLog'];
91  $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
92  $res = $ilDB->query($query);
93  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
94  $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
95  // $matches = $rule->matches($a_data);
96  if ($rule->doesMatch($a_data) and $row->add_on_update) {
97  $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
98  $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
99  }
100  if (!$rule->doesMatch($a_data) and $row->remove_on_update) {
101  $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
102  $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
103  }
104  }
105  // check if is assigned to minimum one global role
106  if (!array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
107  $default_role = shibConfig::getInstance()->getUserDefaultRole();
108  $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
109  $rbacadmin->assignUser($default_role, $a_usr_id);
110  }
111 
112  return true;
113  }
$DIC
global $DIC
Definition: saml.php:7
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
shibConfig\getInstance
static getInstance()
Definition: class.shibConfig.php:208
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$rule
$rule
Definition: showstats.php:43
$query
$query
Definition: proxy_ylocal.php:13
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $active_plugins

ilShibbolethRoleAssignmentRules::$active_plugins = null
staticprotected

Definition at line 38 of file class.ilShibbolethRoleAssignmentRules.php.

The documentation for this class was generated from the following file: