ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilShibbolethRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRule.php';
25
36class ilShibbolethRoleAssignmentRules
37{
38 protected static $active_plugins = null;
39
40
44 public static function getAllRules()
45 {
46 global $DIC;
47 $ilDB = $DIC['ilDB'];
48 $rules = array();
52 $query = "SELECT rule_id FROM shib_role_assignment ORDER BY rule_id";
53 $res = $ilDB->query($query);
54 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
55 $rules[$row->rule_id] = new ilShibbolethRoleAssignmentRule($row->rule_id);
56 }
57
58 return $rules;
59 }
60
61
62 public static function getCountRules()
63 {
64 global $DIC;
65 $ilDB = $DIC['ilDB'];
66 $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
67 $res = $ilDB->query($query);
68 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
69 return $row->num;
70 }
71
72 return 0;
73 }
74
75
82 public static function updateAssignments($a_usr_id, $a_data)
83 {
84 require_once('./Services/AuthShibboleth/classes/Config/class.shibConfig.php');
85
86 global $DIC;
87 $ilDB = $DIC['ilDB'];
88 $rbacadmin = $DIC['rbacadmin'];
89 $rbacreview = $DIC['rbacreview'];
90 $ilLog = $DIC['ilLog'];
91 $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
92 $res = $ilDB->query($query);
93 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
94 $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
95 // $matches = $rule->matches($a_data);
96 if ($rule->doesMatch($a_data) and $row->add_on_update) {
97 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
98 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
99 }
100 if (!$rule->doesMatch($a_data) and $row->remove_on_update) {
101 $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
102 $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
103 }
104 }
105 // check if is assigned to minimum one global role
106 if (!array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
107 $default_role = shibConfig::getInstance()->getUserDefaultRole();
108 $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
109 $rbacadmin->assignUser($default_role, $a_usr_id);
110 }
111
112 return true;
113 }
114
115
122 public static function doAssignments($a_usr_id, $a_data)
123 {
124 global $DIC;
125 $ilDB = $DIC['ilDB'];
126 $rbacadmin = $DIC['rbacadmin'];
127 $ilLog = $DIC['ilLog'];
128 $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
129 $num_matches = 0;
130 $res = $ilDB->query($query);
131 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
132 $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
133 if ($rule->doesMatch($a_data)) {
134 $num_matches++;
135 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
136 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
137 }
138 }
139 // Assign to default if no matching found
140 if (!$num_matches) {
141 $default_role = shibConfig::getInstance()->getUserDefaultRole();
142 $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
143 $rbacadmin->assignUser($default_role, $a_usr_id);
144 }
145
146 return true;
147 }
148
149
156 public static function callPlugin($a_plugin_id, $a_user_data)
157 {
158 global $DIC;
159 $ilPluginAdmin = $DIC['ilPluginAdmin'];
160 if (self::$active_plugins == null) {
161 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk');
162 }
163 $assigned = false;
164 foreach (self::$active_plugins as $plugin_name) {
165 $ok = false;
166 $plugin_obj = $ilPluginAdmin->getPluginObject(IL_COMP_SERVICE, 'AuthShibboleth', 'shibhk', $plugin_name);
167 if ($plugin_obj instanceof ilShibbolethRoleAssignmentPlugin) {
168 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
169 }
170 if ($ok) {
171 $assigned = true;
172 }
173 }
174
175 return $assigned;
176 }
177}
php
An exception for terminatinating execution or to throw for unit testing.
IL_COMP_SERVICE
const IL_COMP_SERVICE
Definition: class.ilComponent.php:6
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:991
shibConfig\getInstance
static getInstance()
Definition: class.shibConfig.php:214
$DIC
global $DIC
Definition: goto.php:24
ilShibbolethRoleAssignmentPlugin
Interface for shibboleth role assignment plugins.
Definition: interface.ilShibbolethRoleAssignmentPlugin.php:34
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19