ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
33{
34 const ROLE_ACTION_ASSIGN = 'Assign';
35 const ROLE_ACTION_DEASSIGN = 'Detach';
36
37 protected static $active_plugins = null;
38 protected static $default_role = null;
39
40
46 public static function getDefaultRole($a_server_id)
47 {
48 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
49 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
50
51 return self::$default_role =
53 }
54
60 public static function getAllPossibleRoles($a_server_id)
61 {
62 global $DIC;
63
64 $ilDB = $DIC['ilDB'];
65
66 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
67 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
68 $res = $ilDB->query($query);
69 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
70 $roles[$row->role_id] = $row->role_id;
71 }
72 $gr = self::getDefaultRole($a_server_id);
73 $roles[$gr] = $gr;
74 return $roles ? $roles : array();
75 }
76
77 // begin-patch ldap_multiple
83 public static function getAttributeNames($a_server_id)
84 {
85 global $DIC;
86
87 $ilDB = $DIC['ilDB'];
88
89 $query = "SELECT DISTINCT(att_name) " .
90 "FROM ldap_role_assignments " .
91 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
92 $res = $ilDB->query($query);
93 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
94 $name = strtolower(trim($row->att_name));
95 if ($name) {
96 $names[] = $name;
97 }
98 }
99
100 $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
101 return $names ? $names : array();
102 }
103
104 // begin-patch ldap_multiple
118 public static function getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
119 {
120 global $DIC;
121
122 $ilDB = $DIC['ilDB'];
123 $rbacadmin = $DIC['rbacadmin'];
124 $rbacreview = $DIC['rbacreview'];
125 $ilSetting = $DIC['ilSetting'];
126 $ilLog = $DIC['ilLog'];
127
128 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
129 "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
130 'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
131
132 $res = $ilDB->query($query);
133 $roles = array();
134 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
135 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
137
138 $matches = $rule->matches($a_usr_data);
139 if ($matches and $row->add_on_update) {
140 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
141 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
142 }
143 if (!$matches and $row->remove_on_update) {
144 $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
145 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
146 }
147 }
148
149 // Check if there is minimum on global role
150 $deassigned_global = 0;
151 foreach ($roles as $role_data) {
152 if ($role_data['type'] == 'Global' and
153 $role_data['action'] == self::ROLE_ACTION_DEASSIGN) {
154 $deassigned_global++;
155 }
156 }
157 if (count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global) {
158 $ilLog->info(': No global role left. Assigning to default role.');
159 $roles[] = self::parseRole(
160 self::getDefaultRole($a_server_id),
161 self::ROLE_ACTION_ASSIGN
162 );
163 }
164
165 return $roles ? $roles : array();
166 }
167
168
179 public static function getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
180 {
181 global $DIC;
182
183 $ilDB = $DIC['ilDB'];
184 $ilLog = $DIC['ilLog'];
185
186 $query = "SELECT rule_id FROM ldap_role_assignments " .
187 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
188 $res = $ilDB->query($query);
189
190 $num_matches = 0;
191 $roles = array();
192 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
193 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
195
196 if ($rule->matches($a_usr_data)) {
197 $num_matches++;
198 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
199 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
200 }
201 }
202
203 // DONE: check for global role
204 $found_global = false;
205 foreach ($roles as $role_data) {
206 if ($role_data['type'] == 'Global') {
207 $found_global = true;
208 break;
209 }
210 }
211 if (!$found_global) {
212 $ilLog->info(': No matching rule found. Assigning to default role.');
213 $roles[] = self::parseRole(
214 self::getDefaultRole($a_server_id),
215 self::ROLE_ACTION_ASSIGN
216 );
217 }
218
219 return $roles ? $roles : array();
220 }
221
229 public static function callPlugin($a_plugin_id, $a_user_data)
230 {
231 global $DIC;
232
233 $ilPluginAdmin = $DIC['ilPluginAdmin'];
234
235 if (self::$active_plugins == null) {
236 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
238 'LDAP',
239 'ldaphk'
240 );
241 }
242
243 $assigned = false;
244 foreach (self::$active_plugins as $plugin_name) {
245 $ok = false;
246 $plugin_obj = $ilPluginAdmin->getPluginObject(
248 'LDAP',
249 'ldaphk',
250 $plugin_name
251 );
252
253 if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
254 $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
255 }
256
257 if ($ok) {
258 $assigned = true;
259 }
260 }
261 return $assigned;
262 }
263
264 // begin-patch ldap_multiple
265
271 protected static function getAdditionalPluginAttributes($a_server_id)
272 {
273 global $DIC;
274
275 $ilPluginAdmin = $DIC['ilPluginAdmin'];
276
277 if (self::$active_plugins == null) {
278 self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
280 'LDAP',
281 'ldaphk'
282 );
283 }
284
285 $attributes = array();
286 foreach (self::$active_plugins as $plugin_name) {
287 $ok = false;
288 $plugin_obj = $ilPluginAdmin->getPluginObject(
290 'LDAP',
291 'ldaphk',
292 $plugin_name
293 );
294
295 if ($plugin_obj instanceof ilLDAPRoleAssignmentPlugin) {
296 $attributes = array_merge($attributes, $plugin_obj->getAdditionalAttributeNames());
297 }
298 }
299 return $attributes ? $attributes : array();
300 }
301
302
309 protected static function parseRole($a_role_id, $a_action)
310 {
311 global $DIC;
312
313 $rbacreview = $DIC['rbacreview'];
314
315 return array(
316 'id' => $a_role_id,
317 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
318 'action' => $a_action
319 );
320 }
321}
An exception for terminatinating execution or to throw for unit testing.
const IL_COMP_SERVICE
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
@classDescription Do role assignemnts
static getAllPossibleRoles($a_server_id)
Get all assignable roles (used for import parser)
static parseRole($a_role_id, $a_action)
Parse role.
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
static getDefaultRole($a_server_id)
Get default global role.
static getAttributeNames($a_server_id)
get all possible attribute names
static getAdditionalPluginAttributes($a_server_id)
Fetch additional attributes from plugin.
static getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global t...
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
static _lookupTitle($a_id)
lookup object title
global $DIC
Definition: goto.php:24
Interface for ldap role assignment plugins.
if($format !==null) $name
Definition: metadata.php:230
$attributes
Definition: metadata.php:231
global $ilSetting
Definition: privfeed.php:17
$query
foreach($_POST as $key=> $value) $res
global $ilDB