48        include_once 
'./Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
 
   49        include_once 
'./Services/LDAP/classes/class.ilLDAPServer.php';
 
   51        return self::$default_role =
 
   66        $query = 
"SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
 
   67                'WHERE server_id = ' . 
$ilDB->quote($a_server_id, 
'integer');
 
   70            $roles[$row->role_id] = $row->role_id;
 
   74        return $roles ? $roles : array();
 
   89        $query = 
"SELECT DISTINCT(att_name) " .
 
   90            "FROM ldap_role_assignments " .
 
   91            'WHERE server_id = ' . 
$ilDB->quote($a_server_id, 
'integer');
 
   94            $name = strtolower(trim($row->att_name));
 
  100        $names = array_merge((array) $names, self::getAdditionalPluginAttributes($a_server_id));
 
  101        return $names ? $names : array();
 
  123        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  124        $rbacreview = 
$DIC[
'rbacreview'];
 
  126        $ilLog = 
$DIC[
'ilLog'];
 
  128        $query = 
"SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
 
  129            "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
 
  130                'AND server_id = ' . 
$ilDB->quote($a_server_id, 
'integer');
 
  135            include_once 
'./Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
 
  138            $matches = $rule->matches($a_usr_data);
 
  139            if ($matches and $row->add_on_update) {
 
  141                $roles[] = 
self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
 
  143            if (!$matches and $row->remove_on_update) {
 
  144                $ilLog->info(
': Deassigned from role: ' . $a_usr_name . 
' => ' . 
ilObject::_lookupTitle($rule->getRoleId()));
 
  145                $roles[] = 
self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
 
  150        $deassigned_global = 0;
 
  151        foreach ($roles as $role_data) {
 
  152            if ($role_data[
'type'] == 
'Global' and
 
  153                $role_data[
'action'] == self::ROLE_ACTION_DEASSIGN) {
 
  154                $deassigned_global++;
 
  157        if (count($rbacreview->assignedGlobalRoles($a_usr_id)) == $deassigned_global) {
 
  158            $ilLog->info(
': No global role left. Assigning to default role.');
 
  160                self::getDefaultRole($a_server_id),
 
  161                self::ROLE_ACTION_ASSIGN
 
  165        return $roles ? $roles : array();
 
  184        $ilLog = 
$DIC[
'ilLog'];
 
  186        $query = 
"SELECT rule_id FROM ldap_role_assignments " .
 
  187                'WHERE server_id = ' . 
$ilDB->quote($a_server_id, 
'integer');
 
  193            include_once 
'./Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
 
  196            if ($rule->matches($a_usr_data)) {
 
  199                $roles[] = 
self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
 
  204        $found_global = 
false;
 
  205        foreach ($roles as $role_data) {
 
  206            if ($role_data[
'type'] == 
'Global') {
 
  207                $found_global = 
true;
 
  211        if (!$found_global) {
 
  212            $ilLog->info(
': No matching rule found. Assigning to default role.');
 
  214                self::getDefaultRole($a_server_id),
 
  215                self::ROLE_ACTION_ASSIGN
 
  219        return $roles ? $roles : array();
 
  229    public static function callPlugin($a_plugin_id, $a_user_data)
 
  233        $ilPluginAdmin = 
$DIC[
'ilPluginAdmin'];
 
  235        if (self::$active_plugins == 
null) {
 
  236            self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
 
  244        foreach (self::$active_plugins as $plugin_name) {
 
  246            $plugin_obj = $ilPluginAdmin->getPluginObject(
 
  254                $ok = $plugin_obj->checkRoleAssignment($a_plugin_id, $a_user_data);
 
  275        $ilPluginAdmin = 
$DIC[
'ilPluginAdmin'];
 
  277        if (self::$active_plugins == 
null) {
 
  278            self::$active_plugins = $ilPluginAdmin->getActivePluginsForSlot(
 
  286        foreach (self::$active_plugins as $plugin_name) {
 
  288            $plugin_obj = $ilPluginAdmin->getPluginObject(
 
  309    protected static function parseRole($a_role_id, $a_action)
 
  313        $rbacreview = 
$DIC[
'rbacreview'];
 
  317            'type' => $rbacreview->isGlobalRole($a_role_id) ? 
'Global' : 
'Local',
 
  318            'action' => $a_action
 
An exception for terminatinating execution or to throw for unit testing.
static _lookupGlobalRole($a_server_id)
Lookup global role assignment.
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
@classDescription Do role assignemnts
static getAllPossibleRoles($a_server_id)
Get all assignable roles (used for import parser)
static parseRole($a_role_id, $a_action)
Parse role.
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
static getDefaultRole($a_server_id)
Get default global role.
const ROLE_ACTION_DEASSIGN
static getAttributeNames($a_server_id)
get all possible attribute names
static getAdditionalPluginAttributes($a_server_id)
Fetch additional attributes from plugin.
static getAssignmentsForUpdate($a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
@global type $ilDB @global type $rbacadmin @global type $rbacreview @global type $ilSetting @global t...
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
static _lookupTitle($a_id)
lookup object title
Interface for ldap role assignment plugins.
foreach($_POST as $key=> $value) $res