ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
13class ilAuthShibbolethSettingsGUI
14{
15
19 private $ctrl;
23 private $ilias;
27 private $tabs_gui;
31 private $lng;
35 private $tpl;
39 private $ref_id;
40
44 private $access;
45
46
53 public function __construct($a_auth_ref_id)
54 {
55 global $DIC;
56 $lng = $DIC['lng'];
57 $ilCtrl = $DIC['ilCtrl'];
58 $tpl = $DIC['tpl'];
59 $ilTabs = $DIC['ilTabs'];
60 $ilias = $DIC['ilias'];
61 $this->ctrl = $ilCtrl;
62 $this->access = $DIC['ilAccess'];
63 $this->tabs_gui = $ilTabs;
64 $this->lng = $lng;
65 $this->lng->loadLanguageModule('shib');
66 $this->ilias = $ilias;
67 $this->tpl = $tpl;
68 $this->ref_id = $a_auth_ref_id;
69 $this->obj_id = ilObject::_lookupObjId($this->ref_id);
70 }
71
72
78 public function executeCommand()
79 {
80 global $DIC;
81 $ilAccess = $DIC['ilAccess'];
82 $ilErr = $DIC['ilErr'];
83 $ilCtrl = $DIC['ilCtrl'];
84 $next_class = $this->ctrl->getNextClass($this);
85 $cmd = $this->ctrl->getCmd();
86 if (!$ilAccess->checkAccess('read', '', $this->ref_id)) {
87 $ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $ilErr->WARNING);
88 }
89 if (!$ilAccess->checkAccess('write', '', $this->ref_id) && $cmd != "settings") {
90 ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
91 $ilCtrl->redirect($this, "settings");
92 }
93 $this->setSubTabs();
94 switch ($next_class) {
95 default:
96 if (!$cmd) {
97 $cmd = "settings";
98 }
99 $this->$cmd();
100 break;
101 }
102
103 return true;
104 }
105
106
107 public function settings()
108 {
109 global $DIC;
110 $rbacreview = $DIC['rbacreview'];
111 $this->tabs_gui->setSubTabActive('shib_settings');
112 // set already saved data or default value for port
113 $settings = $this->ilias->getAllSettings();
114 // Compose role list
115 $role_list = $rbacreview->getRolesByFilter(2);
116 $role = array();
117 if (!isset($settings["shib_user_default_role"])) {
118 $settings["shib_user_default_role"] = 4;
119 }
120 if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '') {
121 $settings["shib_idp_list"] = "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai";
122 }
123 if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == '') {
124 $settings["shib_login_button"] = "templates/default/images/shib_login_button.png";
125 }
126 if (!isset($settings["shib_hos_type"]) || $settings["shib_hos_type"] == '') {
127 $settings["shib_hos_type"] = 'internal_wayf';
128 }
129 foreach ($role_list as $data) {
130 $role[$data["obj_id"]] = $data["title"];
131 }
132 // Set text field content
133 $shib_settings = array(
134 'shib_login',
135 'shib_title',
136 'shib_firstname',
137 'shib_lastname',
138 'shib_email',
139 'shib_gender',
140 'shib_institution',
141 'shib_department',
142 'shib_zipcode',
143 'shib_city',
144 'shib_country',
145 'shib_street',
146 'shib_phone_office',
147 'shib_phone_home',
148 'shib_phone_mobile',
149 'shib_language',
150 'shib_matriculation',
151 );
152 //set PropertyFormGUI
153 include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
154 $propertys = new ilPropertyFormGUI();
155 $propertys->setTitle($this->lng->txt("shib"));
156 $propertys->setFormAction($this->ctrl->getFormAction($this, "save"));
157
158 if ($this->access->checkAccess('write', '', $this->ref_id)) {
159 $propertys->addCommandButton("save", $this->lng->txt("save"));
160 }
161
162 $propertys->addCommandButton("settings", $this->lng->txt("cancel"));
163 //set enable shibboleth support
164 $enable = new ilCheckboxInputGUI();
165 $enable->setTitle($this->lng->txt("shib_active"));
166 $read_me_link = "./Services/AuthShibboleth/README.SHIBBOLETH.txt";
167 $info = "<a href='" . $read_me_link . "' target='_blank'>" . $this->lng->txt("auth_shib_instructions") . "</a>";
168 $enable->setInfo($info);
169 $enable->setPostVar("shib[active]");
170 $enable->setChecked($settings["shib_active"]);
171 //set allow local authentication
172 $local = new ilCheckboxInputGUI();
173 $local->setTitle($this->lng->txt("auth_allow_local"));
174 $local->setPostVar("shib[auth_allow_local]");
175 $local->setChecked($settings['shib_auth_allow_local']);
176 //set user default role
177 $defaultrole = new ilSelectInputGUI();
178 $defaultrole->setTitle($this->lng->txt("shib_user_default_role"));
179 $defaultrole->setPostVar("shib[user_default_role]");
180 $defaultrole->setOptions($role);
181 $defaultrole->setRequired(true);
182 $defaultrole->setValue($settings["shib_user_default_role"]);
183 // Administrator must activate new user accounts
184 $activate_new = new ilCheckboxInputGUI($this->lng->txt("shib_activate_new"), "shib[activate_new]");
185 $activate_new->setInfo($this->lng->txt("shib_activate_new_info"));
186 $activate_new->setChecked($settings["shib_activate_new"]);
187 //set name of federation
188 $name = new ilTextInputGUI();
189 $name->setTitle($this->lng->txt("shib_federation_name"));
190 $name->setPostVar("shib[federation_name]");
191 $name->setSize(40);
192 $name->setMaxLength(50);
193 $name->setRequired(true);
194 $name->setValue(stripslashes($settings["shib_federation_name"]));
195 //set Organize selection group
196 include_once("./Services/Form/classes/class.ilRadioGroupInputGUI.php");
197 include_once("./Services/Form/classes/class.ilRadioOption.php");
198 $organize = new ilRadioGroupInputGUI();
199 $organize->setTitle($this->lng->txt("shib_login_type"));
200 $organize->setPostVar("shib[hos_type]");
201 $organize->setRequired(true);
202 $organize->setValue($settings["shib_hos_type"]);
203 //set 1. option internalwayf
204 $internalwayf = new ilRadioOption();
205 $internalwayf->setTitle($this->lng->txt("shib_login_internal_wayf"));
206 $internalwayf->setValue("internal_wayf");
207 //set 1. option internalwayf textbox idplist
208 $idplist = new ilTextAreaInputGUI();
209 $idplist->setInfo($this->lng->txt("shib_idp_list"));
210 $idplist->setPostVar("shib[idp_list]");
211 $idplist->setRows(3);
212 $idplist->setCols(50);
213 $idplist->setValue($settings["shib_idp_list"]);
214 //set 2. Option externalwayf
215 $externalwayf = new ilRadioOption();
216 $externalwayf->setTitle($this->lng->txt("shib_login_external_wayf"));
217 $externalwayf->setValue("external_wayf");
218 //set 2. Option externalwayf textfield path to login button image
219 $loginbutton = new ilTextInputGUI();
220 $loginbutton->setInfo($this->lng->txt("shib_login_button"));
221 $loginbutton->setPostVar("shib[login_button]");
222 $loginbutton->setSize(50);
223 $loginbutton->setMaxLength(255);
224 $loginbutton->setValue($settings["shib_login_button"]);
225 //set 3. Option embeddedwayf
226 $embeddedwayf = new ilRadioOption();
227 $embeddedwayf->setTitle($this->lng->txt("shib_login_embedded_wayf"));
228 $embeddedwayf->setInfo($this->lng->txt("shib_login_embedded_wayf_description"));
229 $embeddedwayf->setValue("embedded_wayf");
230 //set login instructions
231 $logininstruction = new ilTextAreaInputGUI();
232 $logininstruction->setTitle($this->lng->txt("auth_login_instructions"));
233 $logininstruction->setPostVar("shib[login_instructions]");
234 $logininstruction->setRows(3);
235 $logininstruction->setCols(50);
236 $logininstruction->setValue(stripslashes($settings["shib_login_instructions"]));
237 //set path to data manipulation API
238 $dataconv = new ilTextInputGUI();
239 $dataconv->setTitle($this->lng->txt("shib_data_conv"));
240 $dataconv->setPostVar("shib[data_conv]");
241 $dataconv->setSize(80);
242 $dataconv->setMaxLength(512);
243 $dataconv->setValue($settings["shib_data_conv"]);
244 //field mappings
245 $fields = array();
246 foreach ($shib_settings as $setting) {
247 $field = str_replace('shib_', '', $setting);
248 $textinput = new ilTextInputGUI();
249 $textinput->setTitle($this->lng->txt($setting));
250 $textinput->setPostVar("shib[" . $field . "]");
251 $textinput->setValue($settings[$setting]);
252 $textinput->setSize(40);
253 $textinput->setMaxLength(50);
254 $checkinput = new ilCheckboxInputGUI("");
255 $checkinput->setOptionTitle($this->lng->txt("shib_update"));
256 $checkinput->setPostVar("shib[update_" . $field . "]");
257 $checkinput->setChecked($settings["shib_update_" . $field]);
258 if ($setting == 'shib_login' || $setting == 'shib_firstname'
259 || $setting == 'shib_lastname'
260 || $setting == 'shib_email'
261 ) {
262 $textinput->setRequired(true);
263 }
264 $fields[$setting] = array( "text" => $textinput, "check" => $checkinput );
265 }
266 $propertys->addItem($enable);
267 $propertys->addItem($local);
268 $propertys->addItem($activate_new);
269 $propertys->addItem($defaultrole);
270 $propertys->addItem($name);
271 $internalwayf->addSubItem($idplist);
272 $organize->addOption($internalwayf);
273 $externalwayf->addSubItem($loginbutton);
274 $organize->addOption($externalwayf);
275 $organize->addOption($embeddedwayf);
276 $propertys->addItem($organize);
277 $propertys->addItem($logininstruction);
278 $propertys->addItem($dataconv);
279 foreach ($shib_settings as $setting) {
280 $propertys->addItem($fields[$setting]["text"]);
281 if ($setting != "shib_login") {
282 $propertys->addItem($fields[$setting]["check"]);
283 }
284 }
285 $this->tpl->setContent($propertys->getHTML());
286 }
287
288
289 public function save()
290 {
291 $required = array("login", "hos_type", "firstname", "lastname", "email", "user_default_role", "federation_name");
292 array_walk($required, function (&$item) {
293 if (!$_POST["shib"][$item]) {
294 ilUtil::sendFailure($this->lng->txt("fill_out_all_required_fields"), true);
295 $this->ctrl->redirect($this, 'settings');
296 }
297 });
298
299 // validate api
300 if ($_POST["shib"]["data_conv"] && $_POST["shib"]["data_conv"] != '' && !is_readable($_POST["shib"]["data_conv"])) {
301 ilUtil::sendFailure($this->lng->txt("shib_data_conv_warning"), true);
302 $this->ctrl->redirect($this, 'settings');
303 }
304 // all ok. save settings
305 $shib_settings = array(
306 'shib_login',
307 'shib_title',
308 'shib_firstname',
309 'shib_lastname',
310 'shib_email',
311 'shib_gender',
312 'shib_institution',
313 'shib_department',
314 'shib_zipcode',
315 'shib_city',
316 'shib_country',
317 'shib_street',
318 'shib_phone_office',
319 'shib_phone_home',
320 'shib_phone_mobile',
321 'shib_language',
322 'shib_matriculation'
323 );
324 foreach ($shib_settings as $setting) {
325 $field = str_replace('shib_', '', $setting);
326 if ($_POST["shib"]["update_" . $field] != "1") {
327 $_POST["shib"]["update_" . $field] = "0";
328 }
329 $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
330 $this->ilias->setSetting("shib_update_" . $field, $_POST["shib"]["update_" . $field]);
331 }
332 if ($_POST["shib"]["active"] != "1") {
333 $this->ilias->setSetting("shib_active", "0");
334 $this->ilias->setSetting("shibboleth_active", "0");
335 } else {
336 $this->ilias->setSetting("shib_active", "1");
337 $this->ilias->setSetting("shibboleth_active", "1");
338 }
339 $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
340 $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
341 $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
342 $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
343 $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
344 $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
345 $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
346 $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local'] == '1') ? '1' : '0');
347 $this->ilias->setSetting("shib_activate_new", ($_POST['shib']['activate_new'] == '1') ? '1' : '0');
348
349 ilUtil::sendSuccess($this->lng->txt("shib_settings_saved"), true);
350 $this->ctrl->redirect($this, 'settings');
351 }
352
353
354 protected function roleAssignment()
355 {
356 $this->tabs_gui->setSubTabActive('shib_role_assignment');
357 $this->initFormRoleAssignment('default');
358 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
359 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
360 if (strlen($html = $this->parseRulesTable())) {
361 $this->tpl->setVariable('RULE_TABLE', $html);
362 }
363
364 return true;
365 }
366
367
368 protected function parseRulesTable()
369 {
370 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php');
371 if (ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
372 return '';
373 }
374 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentTableGUI.php');
375 $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
376 $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
377 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
378 $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
379 $rules_table->setSelectAllCheckbox("rule_id");
380
381 return $rules_table->getHTML();
382 }
383
384
393 protected function confirmDeleteRules()
394 {
395 if (!is_array($_POST['rule_ids'])) {
396 ilUtil::sendFailure($this->lng->txt('select_one'));
397 $this->roleAssignment();
398
399 return false;
400 }
401 $this->tabs_gui->setSubTabActive('shib_role_assignment');
402 include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
403 $c_gui = new ilConfirmationGUI();
404 // set confirm/cancel commands
405 $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
406 $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
407 $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
408 $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
409 // add items to delete
410 include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
411 foreach ($_POST["rule_ids"] as $rule_id) {
412 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
413 $info = ilObject::_lookupTitle($rule->getRoleId());
414 $info .= " (";
415 $info .= $rule->conditionToString();
416 $info .= ')';
417 $c_gui->addItem('rule_ids[]', $rule_id, $info);
418 }
419 $this->tpl->setContent($c_gui->getHTML());
420 }
421
422
429 protected function deleteRules()
430 {
431 if (!is_array($_POST['rule_ids'])) {
432 ilUtil::sendFailure($this->lng->txt('select_once'));
433 $this->roleAssignment();
434
435 return false;
436 }
437 include_once('Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
438 foreach ($_POST["rule_ids"] as $rule_id) {
439 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
440 $rule->delete();
441 }
442 ilUtil::sendSuccess($this->lng->txt('shib_deleted_rule'));
443 $this->roleAssignment();
444
445 return true;
446 }
447
448
449 protected function initFormRoleAssignment($a_mode = 'default')
450 {
451 include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
452 $this->form = new ilPropertyFormGUI();
453 $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
454 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
455 if ($a_mode == 'default') {
456 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
457 $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
458 $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
459 } else {
460 $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
461 $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
462 $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
463 }
464 // Role selection
465 $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
466 $role->setRequired(true);
467 $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
468 $role->addOption($global);
469 $role_select = new ilSelectInputGUI('', 'role_id');
470 $role_select->setOptions($this->prepareRoleSelect());
471 $global->addSubItem($role_select);
472 $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
473 $role->addOption($local);
474 include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
475 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
476 $role_search->setSize(40);
477 $local->addSubItem($role_search);
478 include_once './Services/AccessControl/classes/class.ilRoleAutoComplete.php';
479 $role->setInfo($this->lng->txt('shib_role_name_info'));
480 $this->form->addItem($role);
481 // Update options
482 $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
483 $update->setValue($this->lng->txt('shib_check_role_assignment'));
484 $add = new ilCheckboxInputGUI('', 'add_missing');
485 $add->setOptionTitle($this->lng->txt('shib_add_missing'));
486 $add->setValue(1);
487 $update->addSubItem($add);
488 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
489 $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
490 $remove->setValue(1);
491 $update->addSubItem($remove);
492 $this->form->addItem($update);
493 // Assignment type
494 $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
495 $kind->setValue(1);
496 $kind->setRequired(true);
497 $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
498 $attr->setInfo($this->lng->txt('shib_attr_info'));
499 $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
500 $name->setSize(32);
501 $attr->addSubItem($name);
502 $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
503 $value->setSize(32);
504 $attr->addSubItem($value);
505 $kind->addOption($attr);
506 $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
507 $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
508 $pl->setInfo($this->lng->txt('shib_plugin_info'));
509 $pl->setDisabled(!$pl_active);
510 $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
511 $id->setDisabled(!$pl_active);
512 $id->setSize(3);
513 $id->setMaxLength(3);
514 $id->setMaxValue(999);
515 $id->setMinValue(1);
516 $pl->addSubItem($id);
517 $kind->addOption($pl);
518 $this->form->addItem($kind);
519 }
520
521
525 public function addRoleAutoCompleteObject()
526 {
527 include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
528 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
529 }
530
531
532 protected function addRoleAssignmentRule()
533 {
534 global $DIC;
535 $ilAccess = $DIC['ilAccess'];
536 $ilErr = $DIC['ilErr'];
537 if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
538 ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
539 $this->roleAssignment();
540
541 return false;
542 }
543 $this->initFormRoleAssignment();
544 if (!$this->form->checkInput() or ($err = $this->checkInput())) {
545 if ($err) {
546 ilUtil::sendFailure($this->lng->txt($err));
547 }
548 $this->tabs_gui->setSubTabActive('shib_role_assignment');
549 $this->form->setValuesByPost();
550 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
551 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
552 if (strlen($html = $this->parseRulesTable())) {
553 $this->tpl->setVariable('RULE_TABLE', $html);
554 }
555
556 return true;
557 }
558 // Redirects if required
559 $this->showLocalRoleSelection();
560 $this->rule->add();
561 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
562 $this->roleAssignment();
563
564 return true;
565 }
566
567
573 protected function editRoleAssignment()
574 {
575 $this->ctrl->setParameter($this, 'rule_id', (int) $_GET['rule_id']);
576 $this->tabs_gui->setSubTabActive('shib_role_assignment');
577 $this->initFormRoleAssignment('update');
578 $this->getRuleValues();
579 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
580 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
581
582 return true;
583 }
584
585
586 protected function updateRoleAssignmentRule()
587 {
588 global $DIC;
589 $ilAccess = $DIC['ilAccess'];
590 $ilErr = $DIC['ilErr'];
591 if (!$ilAccess->checkAccess('write', '', $this->ref_id)) {
592 ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
593 $this->roleAssignment();
594
595 return false;
596 }
597 $this->initFormRoleAssignment();
598 if (!$this->form->checkInput() or ($err = $this->checkInput((int) $_REQUEST['rule_id']))) {
599 if ($err) {
600 ilUtil::sendFailure($this->lng->txt($err));
601 }
602 $this->tabs_gui->setSubTabActive('shib_role_assignment');
603 $this->form->setValuesByPost();
604 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.shib_role_assignment.html', 'Services/AuthShibboleth');
605 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
606
607 return true;
608 }
609 $this->showLocalRoleSelection('update');
610 $this->rule->update();
611 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
612 $this->roleAssignment();
613
614 return true;
615 }
616
617
618 private function loadRule($a_rule_id = 0)
619 {
620 include_once('./Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php');
621 $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
622 if ($this->form->getInput('role_name') == 0) {
623 $this->rule->setRoleId($this->form->getInput('role_id'));
624 } elseif ($this->form->getInput('role_search')) {
625 // Search role
626 include_once './Services/Search/classes/class.ilQueryParser.php';
627 $parser = new ilQueryParser($this->form->getInput('role_search'));
628 // TODO: Handle minWordLength
629 $parser->setMinWordLength(1, true);
630 $parser->setCombination(QP_COMBINATION_AND);
631 $parser->parse();
632 include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
633 $object_search = new ilLikeObjectSearch($parser);
634 $object_search->setFilter(array( 'role' ));
635 $res = $object_search->performSearch();
636 $entries = $res->getEntries();
637 if (count($entries) == 1) {
638 $role = current($entries);
639 $this->rule->setRoleId($role['obj_id']);
640 } elseif (count($entries) > 1) {
641 $this->rule->setRoleId(-1);
642 }
643 }
644 $this->rule->setName($this->form->getInput('attr_name'));
645 $this->rule->setValue($this->form->getInput('attr_value'));
646 $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
647 $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
648 $this->rule->enablePlugin($this->form->getInput('kind') == 2);
649 $this->rule->setPluginId($this->form->getInput('plugin_id'));
650
651 return $this->rule;
652 }
653
654
655 private function getRuleValues()
656 {
657 global $DIC;
658 $rbacreview = $DIC['rbacreview'];
659 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
660 $rule = new ilShibbolethRoleAssignmentRule((int) $_GET['rule_id']);
661 $role = $rule->getRoleId();
662 if ($rbacreview->isGlobalRole($role)) {
663 $values['role_name'] = 0;
664 $values['role_id'] = $role;
665 } else {
666 $values['role_name'] = 1;
667 $values['role_search'] = ilObject::_lookupTitle($role);
668 }
669 $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
670 $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
671 $values['attr_name'] = $rule->getName();
672 $values['attr_value'] = $rule->getValue();
673 if (!$rule->isPluginActive()) {
674 $values['kind'] = 1;
675 } else {
676 $values['kind'] = 2;
677 $values['plugin_id'] = $rule->getPluginId();
678 }
679 $this->form->setValuesByArray($values);
680 }
681
682
683 private function checkInput($a_rule_id = 0)
684 {
685 $this->loadRule($a_rule_id);
686
687 return $this->rule->validate();
688 }
689
690
691 private function showLocalRoleSelection()
692 {
693 if ($this->rule->getRoleId() > 0) {
694 return false;
695 }
696 $_SESSION['shib_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
697 $_SESSION['shib_role_ass']['search'] = $this->form->getInput('role_search');
698 $_SESSION['shib_role_ass']['add_on_update'] = $this->rule->isAddOnUpdateEnabled();
699 $_SESSION['shib_role_ass']['remove_on_update'] = $this->rule->isRemoveOnUpdateEnabled();
700 $_SESSION['shib_role_ass']['name'] = $this->rule->getName();
701 $_SESSION['shib_role_ass']['value'] = $this->rule->getValue();
702 $_SESSION['shib_role_ass']['plugin'] = $this->rule->isPluginActive();
703 $_SESSION['shib_role_ass']['plugin_id'] = $this->rule->getPluginId();
704 $this->ctrl->redirect($this, 'chooseRole');
705 }
706
707
708 protected function chooseRole()
709 {
710 $this->tabs_gui->setSubTabActive('shib_role_assignment');
711 include_once './Services/Search/classes/class.ilQueryParser.php';
712 $parser = new ilQueryParser($_SESSION['shib_role_ass']['search']);
713 $parser->setMinWordLength(1, true);
714 $parser->setCombination(QP_COMBINATION_AND);
715 $parser->parse();
716 include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
717 $object_search = new ilLikeObjectSearch($parser);
718 $object_search->setFilter(array( 'role' ));
719 $res = $object_search->performSearch();
720 $entries = $res->getEntries();
721 include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
722 $table = new ilRoleSelectionTableGUI($this, 'chooseRole');
723 $table->setTitle($this->lng->txt('shib_role_selection'));
724 $table->addMultiCommand('saveRoleSelection', $this->lng->txt('shib_choose_role'));
725 $table->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
726 $table->parse($entries);
727 $this->tpl->setContent($table->getHTML());
728
729 return true;
730 }
731
732
733 protected function saveRoleSelection()
734 {
735 $rule = new ilShibbolethRoleAssignmentRule($_SESSION['shib_role_ass']['rule_id']);
736 $rule->setRoleId((int) $_POST['role_id']);
737 $rule->setName($_SESSION['shib_role_ass']['name']);
738 $rule->setValue($_SESSION['shib_role_ass']['value']);
739 $rule->enablePlugin($_SESSION['shib_role_ass']['plugin']);
740 $rule->setPluginId($_SESSION['shib_role_ass']['plugin_id']);
741 $rule->enableAddOnUpdate($_SESSION['shib_role_ass']['add_on_update']);
742 $rule->enableRemoveOnUpdate($_SESSION['shib_role_ass']['remove_on_update']);
743 if ($rule->getRuleId()) {
744 $rule->update();
745 } else {
746 $rule->add();
747 }
748 ilUtil::sendSuccess($this->lng->txt('settings_saved'));
749 unset($_SESSION['shib_role_ass']);
750 $this->roleAssignment();
751 }
752
753
759 private function hasActiveRoleAssignmentPlugins()
760 {
761 global $DIC;
762 $ilPluginAdmin = $DIC['ilPluginAdmin'];
763
764 return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk'));
765 }
766
767
768 private function prepareRoleSelect($a_as_select = true)
769 {
770 global $DIC;
771 $rbacreview = $DIC['rbacreview'];
772 $ilObjDataCache = $DIC['ilObjDataCache'];
773 $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(), 'object_data', 'title', 'obj_id');
774 $select[0] = $this->lng->txt('links_select_one');
775 foreach ($global_roles as $role_id) {
776 $select[$role_id] = ilObject::_lookupTitle($role_id);
777 }
778
779 return $select;
780 }
781
782
783 protected function setSubTabs()
784 {
785 global $DIC;
786 $ilSetting = $DIC['ilSetting'];
787 include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
788 if ($ilSetting->get('shib_active') == 0 and ilShibbolethRoleAssignmentRules::getCountRules() == 0) {
789 return false;
790 }
791 // DONE: show sub tabs if there is any role assignment rule
792 $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
793 $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
794
795 return true;
796 }
797}
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
php
An exception for terminatinating execution or to throw for unit testing.
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
QP_COMBINATION_AND
const QP_COMBINATION_AND
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilQueryParser.php:20
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:14
ilAuthShibbolethSettingsGUI\addRoleAutoCompleteObject
addRoleAutoCompleteObject()
Add Member for autoComplete.
Definition: class.ilAuthShibbolethSettingsGUI.php:525
ilAuthShibbolethSettingsGUI\hasActiveRoleAssignmentPlugins
hasActiveRoleAssignmentPlugins()
Check if plugin is active.
Definition: class.ilAuthShibbolethSettingsGUI.php:759
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:14
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1110
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:991
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:14
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:43
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:18
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4422
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4534
$DIC
global $DIC
Definition: goto.php:24
$name
if($format !==null) $name
Definition: metadata.php:230
ilias
redirection script todo: (a better solution should control the processing via a xml file)
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilErr
$ilErr
Definition: raiseError.php:18
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$data
$data
Definition: storeScorm.php:23