ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
10 class ilLDAPRoleAssignmentRule
11 {
12  private static $instances = null;
13 
17  private $logger = null;
18 
22  private $db = null;
23 
24  const TYPE_GROUP = 1;
25  const TYPE_ATTRIBUTE = 2;
26  const TYPE_PLUGIN = 3;
27 
28  private $server_id = 0;
29  private $plugin_active = false;
30  private $add_on_update = false;
31  private $remove_on_update = false;
32  private $plugin_id = 0;
33 
34 
42  private function __construct($a_id = 0)
43  {
44  $this->db = $GLOBALS['DIC']->database();
45  $this->logger = $GLOBALS['DIC']->logger()->auth();
46 
47  $this->rule_id = $a_id;
48  $this->read();
49  }
50 
59  public static function _getInstanceByRuleId($a_rule_id)
60  {
61  if (isset(self::$instances[$a_rule_id])) {
62  return self::$instances[$a_rule_id];
63  }
64  return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
65  }
66 
71  public static function hasRulesForUpdate()
72  {
73  global $DIC;
74 
75  $ilDB = $DIC['ilDB'];
76 
77  $query = 'SELECT COUNT(*) num FROM ldap_role_assignments ' .
78  'WHERE add_on_update = 1 ' .
79  'OR remove_on_update = 1 ';
80  $res = $ilDB->query($query);
81  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
82  return $row->num > 0;
83  }
84 
90  public function matches($a_user_data)
91  {
92  switch ($this->getType()) {
93  case self::TYPE_PLUGIN:
94  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
95  return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
96 
97  case self::TYPE_ATTRIBUTE:
98 
99  $attn = strtolower($this->getAttributeName());
100 
101  if (!isset($a_user_data[$attn])) {
102  return false;
103  }
104 
105  if (!is_array($a_user_data[$attn])) {
106  $attribute_val = array(0 => $a_user_data[$attn]);
107  } else {
108  $attribute_val = $a_user_data[$attn];
109  }
110 
111  foreach ($attribute_val as $value) {
112  if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
113  $this->logger->debug(': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
114  return true;
115  }
116  }
117  return false;
118 
119  case self::TYPE_GROUP:
120  return $this->isGroupMember($a_user_data);
121 
122  }
123  }
124 
125  protected function wildcardCompare($a_str1, $a_str2)
126  {
127  $pattern = str_replace('*', '.*?', $a_str1);
128  $this->logger->debug(': Replace pattern:' . $pattern . ' => ' . $a_str2);
129  return (bool) preg_match('/^' . $pattern . '$/i', $a_str2);
130  }
131 
140  private function isGroupMember($a_user_data)
141  {
142  $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
143 
144  if ($this->isMemberAttributeDN()) {
145  if ($server->enabledEscapeDN()) {
146  $user_cmp = ldap_escape($a_user_data['dn'], "", LDAP_ESCAPE_FILTER);
147  } else {
148  $user_cmp = $a_user_data['dn'];
149  }
150  } else {
151  $user_cmp = $a_user_data['ilExternalAccount'];
152  }
153 
154  try {
155  $query = new ilLDAPQuery($server);
156  $query->bind();
157  $res = $query->query(
158  $this->getDN(),
159  sprintf(
160  '(%s=%s)',
161  $this->getMemberAttribute(),
162  $user_cmp
163  ),
164  IL_LDAP_SCOPE_BASE,
165  array('dn')
166  );
167  return $res->numRows() ? true : false;
168  } catch (ilLDAPQueryException $e) {
169  $this->logger->warning(': Caught Exception: ' . $e->getMessage());
170  return false;
171  }
172  }
173 
174 
175 
182  public static function _getRules($a_server_id)
183  {
184  $ilDB = $GLOBALS['DIC']->database();
185 
186  $query = "SELECT rule_id FROM ldap_role_assignments " .
187  "WHERE server_id = " . $ilDB->quote($a_server_id, 'integer');
188  $res = $ilDB->query($query);
189  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
190  $rules[] = self::_getInstanceByRuleId($row->rule_id);
191  }
192  return $rules ? $rules : array();
193  }
194 
202  public function setRoleId($a_role_id)
203  {
204  $this->role_id = $a_role_id;
205  }
206 
213  public function getRoleId()
214  {
215  return $this->role_id;
216  }
217 
224  public function getRuleId()
225  {
226  return $this->rule_id;
227  }
228 
236  public function setServerId($a_id)
237  {
238  $this->server_id = $a_id;
239  }
240 
247  public function getServerId()
248  {
249  return $this->server_id;
250  }
251 
259  public function setType($a_type)
260  {
261  $this->type = $a_type;
262  }
263 
271  public function getType()
272  {
273  return $this->type;
274  }
275 
283  public function setDN($a_dn)
284  {
285  $this->dn = $a_dn;
286  }
287 
294  public function getDN()
295  {
296  return $this->dn;
297  }
298 
306  public function setMemberAttribute($a_attribute)
307  {
308  $this->member_attribute = $a_attribute;
309  }
310 
317  public function getMemberAttribute()
318  {
319  return $this->member_attribute;
320  }
321 
329  public function setMemberIsDN($a_status)
330  {
331  $this->member_is_dn = $a_status;
332  }
333 
340  public function isMemberAttributeDN()
341  {
342  return (bool) $this->member_is_dn;
343  }
344 
352  public function setAttributeName($a_name)
353  {
354  $this->attribute_name = $a_name;
355  }
356 
363  public function getAttributeName()
364  {
365  return $this->attribute_name;
366  }
367 
375  public function setAttributeValue($a_value)
376  {
377  $this->attribute_value = $a_value;
378  }
379 
386  public function getAttributeValue()
387  {
388  return $this->attribute_value;
389  }
390 
391  public function enableAddOnUpdate($a_status)
392  {
393  $this->add_on_update = $a_status;
394  }
395 
396  public function isAddOnUpdateEnabled()
397  {
398  return (bool) $this->add_on_update;
399  }
400 
401  public function enableRemoveOnUpdate($a_status)
402  {
403  $this->remove_on_update = $a_status;
404  }
405 
406  public function isRemoveOnUpdateEnabled()
407  {
408  return (bool) $this->remove_on_update;
409  }
410 
411  public function setPluginId($a_id)
412  {
413  $this->plugin_id = $a_id;
414  }
415 
416  public function getPluginId()
417  {
418  return $this->plugin_id;
419  }
420 
421  public function isPluginActive()
422  {
423  return (bool) $this->getType() == self::TYPE_PLUGIN;
424  }
425 
426 
433  public function conditionToString()
434  {
435  $lng = $GLOBALS['DIC']->language();
436 
437  switch ($this->getType()) {
438  case self::TYPE_PLUGIN:
439  return $lng->txt('ldap_plugin_id') . ': ' . $this->getPluginId();
440 
441  case self::TYPE_GROUP:
442  $dn_arr = explode(',', $this->getDN());
443  return $dn_arr[0];
444 
445 
446  case self::TYPE_ATTRIBUTE:
447  return $this->getAttributeName() . '=' . $this->getAttributeValue();
448  }
449  }
450 
451 
459  public function create()
460  {
461  $ilDB = $this->db;
462  $next_id = $ilDB->nextId('ldap_role_assignments');
463 
464  $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, " .
465  "add_on_update, remove_on_update, plugin_id ) " .
466  "VALUES( " .
467  $this->db->quote($this->getServerId(), 'integer') . ", " .
468  $this->db->quote($next_id, 'integer') . ", " .
469  $this->db->quote($this->getType(), 'integer') . ", " .
470  $this->db->quote($this->getDN(), 'text') . ", " .
471  $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
472  $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
473  $this->db->quote($this->getAttributeName(), 'text') . ", " .
474  $this->db->quote($this->getAttributeValue(), 'text') . ", " .
475  $this->db->quote($this->getRoleId(), 'integer') . ", " .
476  $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
477  $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
478  $this->db->quote($this->getPluginId(), 'integer') . ' ' .
479  ")";
480  $res = $ilDB->manipulate($query);
481  $this->rule_id = $next_id;
482 
483  return true;
484  }
485 
492  public function update()
493  {
494  $ilDB = $this->db;
495 
496  $query = "UPDATE ldap_role_assignments " .
497  "SET server_id = " . $this->db->quote($this->getServerId(), 'integer') . ", " .
498  "type = " . $this->db->quote($this->getType(), 'integer') . ", " .
499  "dn = " . $this->db->quote($this->getDN(), 'text') . ", " .
500  "attribute = " . $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
501  "isdn = " . $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
502  "att_name = " . $this->db->quote($this->getAttributeName(), 'text') . ", " .
503  "att_value = " . $this->db->quote($this->getAttributeValue(), 'text') . ", " .
504  "role_id = " . $this->db->quote($this->getRoleId(), 'integer') . ", " .
505  "add_on_update = " . $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
506  'remove_on_update = ' . $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
507  'plugin_id = ' . $this->db->quote($this->getPluginId(), 'integer') . ' ' .
508  "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
509  $res = $ilDB->manipulate($query);
510  return true;
511  }
512 
519  public function validate()
520  {
521  global $DIC;
522 
523  $ilErr = $DIC['ilErr'];
524 
525  $ilErr->setMessage('');
526 
527  if (!$this->getRoleId()) {
528  $ilErr->setMessage('fill_out_all_required_fields');
529  return false;
530  }
531  switch ($this->getType()) {
532  case self::TYPE_GROUP:
533  if (!strlen($this->getDN()) or !strlen($this->getMemberAttribute())) {
534  $ilErr->setMessage('fill_out_all_required_fields');
535  return false;
536  }
537  break;
538  case self::TYPE_ATTRIBUTE:
539  if (!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue())) {
540  $ilErr->setMessage('fill_out_all_required_fields');
541  return false;
542  }
543  break;
544 
545  case self::TYPE_PLUGIN:
546  if (!$this->getPluginId()) {
547  $ilErr->setMessage('ldap_err_missing_plugin_id');
548  return false;
549  }
550  break;
551 
552  default:
553  $ilErr->setMessage('ldap_no_type_given');
554  return false;
555  }
556  return true;
557  }
558 
565  public function delete()
566  {
567  $ilDB = $this->db;
568 
569  $query = "DELETE FROM ldap_role_assignments " .
570  "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
571  $res = $ilDB->manipulate($query);
572  return true;
573  }
580  private function read()
581  {
582  $ilDB = $this->db;
583 
584  $query = "SELECT * FROM ldap_role_assignments " .
585  "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
586 
587  $res = $this->db->query($query);
588  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
589  $this->setServerId($row->server_id);
590  $this->setType($row->type);
591  $this->setDN($row->dn);
592  $this->setMemberAttribute($row->attribute);
593  $this->setMemberIsDN($row->isdn);
594  $this->setAttributeName($row->att_name);
595  $this->setAttributeValue($row->att_value);
596  $this->setRoleId($row->role_id);
597  $this->enableAddOnUpdate($row->add_on_update);
598  $this->enableRemoveOnUpdate($row->remove_on_update);
599  $this->setPluginId($row->plugin_id);
600  }
601  }
602 }
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:71
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:90
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:352
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:340
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:140
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:375
$server
$server
Definition: sabredav.php:48
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:182
$ilErr
$ilErr
Definition: raiseError.php:18
$a_type
$a_type
Definition: workflow.php:92
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:229
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$lng
$lng
Definition: save_question_post_data.php:23
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
$query
$query
Definition: proxy_ylocal.php:13
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:329
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702