ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
10class ilLDAPRoleAssignmentRule
11{
12 private static $instances = null;
13
17 private $logger = null;
18
22 private $db = null;
23
24 const TYPE_GROUP = 1;
25 const TYPE_ATTRIBUTE = 2;
26 const TYPE_PLUGIN = 3;
27
28 private $server_id = 0;
29 private $plugin_active = false;
30 private $add_on_update = false;
31 private $remove_on_update = false;
32 private $plugin_id = 0;
33
34
42 private function __construct($a_id = 0)
43 {
44 $this->db = $GLOBALS['DIC']->database();
45 $this->logger = $GLOBALS['DIC']->logger()->auth();
46
47 $this->rule_id = $a_id;
48 $this->read();
49 }
50
59 public static function _getInstanceByRuleId($a_rule_id)
60 {
61 if (isset(self::$instances[$a_rule_id])) {
62 return self::$instances[$a_rule_id];
63 }
64 return self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id);
65 }
66
71 public static function hasRulesForUpdate()
72 {
73 global $DIC;
74
75 $ilDB = $DIC['ilDB'];
76
77 $query = 'SELECT COUNT(*) num FROM ldap_role_assignments ' .
78 'WHERE add_on_update = 1 ' .
79 'OR remove_on_update = 1 ';
80 $res = $ilDB->query($query);
81 $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
82 return $row->num > 0;
83 }
84
90 public function matches($a_user_data)
91 {
92 switch ($this->getType()) {
93 case self::TYPE_PLUGIN:
94 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
95 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
96
97 case self::TYPE_ATTRIBUTE:
98
99 $attn = strtolower($this->getAttributeName());
100
101 if (!isset($a_user_data[$attn])) {
102 return false;
103 }
104
105 if (!is_array($a_user_data[$attn])) {
106 $attribute_val = array(0 => $a_user_data[$attn]);
107 } else {
108 $attribute_val = $a_user_data[$attn];
109 }
110
111 foreach ($attribute_val as $value) {
112 if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
113 $this->logger->debug(': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
114 return true;
115 }
116 }
117 return false;
118
119 case self::TYPE_GROUP:
120 return $this->isGroupMember($a_user_data);
121
122 }
123 }
124
125 protected function wildcardCompare($a_str1, $a_str2)
126 {
127 $pattern = str_replace('*', '.*?', $a_str1);
128 $this->logger->debug(': Replace pattern:' . $pattern . ' => ' . $a_str2);
129 return (bool) preg_match('/^' . $pattern . '$/i', $a_str2);
130 }
131
140 private function isGroupMember($a_user_data)
141 {
142 $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
143
144 if ($this->isMemberAttributeDN()) {
145 if ($server->enabledEscapeDN()) {
146 $user_cmp = ldap_escape($a_user_data['dn'], "", LDAP_ESCAPE_FILTER);
147 } else {
148 $user_cmp = $a_user_data['dn'];
149 }
150 } else {
151 $user_cmp = $a_user_data['ilExternalAccount'];
152 }
153
154 try {
155 $query = new ilLDAPQuery($server);
156 $query->bind();
157 $res = $query->query(
158 $this->getDN(),
159 sprintf(
160 '(%s=%s)',
161 $this->getMemberAttribute(),
162 $user_cmp
163 ),
164 IL_LDAP_SCOPE_BASE,
165 array('dn')
166 );
167 return $res->numRows() ? true : false;
168 } catch (ilLDAPQueryException $e) {
169 $this->logger->warning(': Caught Exception: ' . $e->getMessage());
170 return false;
171 }
172 }
173
174
175
182 public static function _getRules($a_server_id)
183 {
184 $ilDB = $GLOBALS['DIC']->database();
185
186 $query = "SELECT rule_id FROM ldap_role_assignments " .
187 "WHERE server_id = " . $ilDB->quote($a_server_id, 'integer');
188 $res = $ilDB->query($query);
189 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
190 $rules[] = self::_getInstanceByRuleId($row->rule_id);
191 }
192 return $rules ? $rules : array();
193 }
194
202 public function setRoleId($a_role_id)
203 {
204 $this->role_id = $a_role_id;
205 }
206
213 public function getRoleId()
214 {
215 return $this->role_id;
216 }
217
224 public function getRuleId()
225 {
226 return $this->rule_id;
227 }
228
236 public function setServerId($a_id)
237 {
238 $this->server_id = $a_id;
239 }
240
247 public function getServerId()
248 {
249 return $this->server_id;
250 }
251
259 public function setType($a_type)
260 {
261 $this->type = $a_type;
262 }
263
271 public function getType()
272 {
273 return $this->type;
274 }
275
283 public function setDN($a_dn)
284 {
285 $this->dn = $a_dn;
286 }
287
294 public function getDN()
295 {
296 return $this->dn;
297 }
298
306 public function setMemberAttribute($a_attribute)
307 {
308 $this->member_attribute = $a_attribute;
309 }
310
317 public function getMemberAttribute()
318 {
319 return $this->member_attribute;
320 }
321
329 public function setMemberIsDN($a_status)
330 {
331 $this->member_is_dn = $a_status;
332 }
333
340 public function isMemberAttributeDN()
341 {
342 return (bool) $this->member_is_dn;
343 }
344
352 public function setAttributeName($a_name)
353 {
354 $this->attribute_name = $a_name;
355 }
356
363 public function getAttributeName()
364 {
365 return $this->attribute_name;
366 }
367
375 public function setAttributeValue($a_value)
376 {
377 $this->attribute_value = $a_value;
378 }
379
386 public function getAttributeValue()
387 {
388 return $this->attribute_value;
389 }
390
391 public function enableAddOnUpdate($a_status)
392 {
393 $this->add_on_update = $a_status;
394 }
395
396 public function isAddOnUpdateEnabled()
397 {
398 return (bool) $this->add_on_update;
399 }
400
401 public function enableRemoveOnUpdate($a_status)
402 {
403 $this->remove_on_update = $a_status;
404 }
405
406 public function isRemoveOnUpdateEnabled()
407 {
408 return (bool) $this->remove_on_update;
409 }
410
411 public function setPluginId($a_id)
412 {
413 $this->plugin_id = $a_id;
414 }
415
416 public function getPluginId()
417 {
418 return $this->plugin_id;
419 }
420
421 public function isPluginActive()
422 {
423 return (bool) $this->getType() == self::TYPE_PLUGIN;
424 }
425
426
433 public function conditionToString()
434 {
435 $lng = $GLOBALS['DIC']->language();
436
437 switch ($this->getType()) {
438 case self::TYPE_PLUGIN:
439 return $lng->txt('ldap_plugin_id') . ': ' . $this->getPluginId();
440
441 case self::TYPE_GROUP:
442 $dn_arr = explode(',', $this->getDN());
443 return $dn_arr[0];
444
445
446 case self::TYPE_ATTRIBUTE:
447 return $this->getAttributeName() . '=' . $this->getAttributeValue();
448 }
449 }
450
451
459 public function create()
460 {
461 $ilDB = $this->db;
462 $next_id = $ilDB->nextId('ldap_role_assignments');
463
464 $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, " .
465 "add_on_update, remove_on_update, plugin_id ) " .
466 "VALUES( " .
467 $this->db->quote($this->getServerId(), 'integer') . ", " .
468 $this->db->quote($next_id, 'integer') . ", " .
469 $this->db->quote($this->getType(), 'integer') . ", " .
470 $this->db->quote($this->getDN(), 'text') . ", " .
471 $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
472 $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
473 $this->db->quote($this->getAttributeName(), 'text') . ", " .
474 $this->db->quote($this->getAttributeValue(), 'text') . ", " .
475 $this->db->quote($this->getRoleId(), 'integer') . ", " .
476 $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
477 $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
478 $this->db->quote($this->getPluginId(), 'integer') . ' ' .
479 ")";
480 $res = $ilDB->manipulate($query);
481 $this->rule_id = $next_id;
482
483 return true;
484 }
485
492 public function update()
493 {
494 $ilDB = $this->db;
495
496 $query = "UPDATE ldap_role_assignments " .
497 "SET server_id = " . $this->db->quote($this->getServerId(), 'integer') . ", " .
498 "type = " . $this->db->quote($this->getType(), 'integer') . ", " .
499 "dn = " . $this->db->quote($this->getDN(), 'text') . ", " .
500 "attribute = " . $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
501 "isdn = " . $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
502 "att_name = " . $this->db->quote($this->getAttributeName(), 'text') . ", " .
503 "att_value = " . $this->db->quote($this->getAttributeValue(), 'text') . ", " .
504 "role_id = " . $this->db->quote($this->getRoleId(), 'integer') . ", " .
505 "add_on_update = " . $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
506 'remove_on_update = ' . $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
507 'plugin_id = ' . $this->db->quote($this->getPluginId(), 'integer') . ' ' .
508 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
509 $res = $ilDB->manipulate($query);
510 return true;
511 }
512
519 public function validate()
520 {
521 global $DIC;
522
523 $ilErr = $DIC['ilErr'];
524
525 $ilErr->setMessage('');
526
527 if (!$this->getRoleId()) {
528 $ilErr->setMessage('fill_out_all_required_fields');
529 return false;
530 }
531 switch ($this->getType()) {
532 case self::TYPE_GROUP:
533 if (!strlen($this->getDN()) or !strlen($this->getMemberAttribute())) {
534 $ilErr->setMessage('fill_out_all_required_fields');
535 return false;
536 }
537 break;
538 case self::TYPE_ATTRIBUTE:
539 if (!strlen($this->getAttributeName()) or !strlen($this->getAttributeValue())) {
540 $ilErr->setMessage('fill_out_all_required_fields');
541 return false;
542 }
543 break;
544
545 case self::TYPE_PLUGIN:
546 if (!$this->getPluginId()) {
547 $ilErr->setMessage('ldap_err_missing_plugin_id');
548 return false;
549 }
550 break;
551
552 default:
553 $ilErr->setMessage('ldap_no_type_given');
554 return false;
555 }
556 return true;
557 }
558
565 public function delete()
566 {
567 $ilDB = $this->db;
568
569 $query = "DELETE FROM ldap_role_assignments " .
570 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
571 $res = $ilDB->manipulate($query);
572 return true;
573 }
580 private function read()
581 {
582 $ilDB = $this->db;
583
584 $query = "SELECT * FROM ldap_role_assignments " .
585 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
586
587 $res = $this->db->query($query);
588 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
589 $this->setServerId($row->server_id);
590 $this->setType($row->type);
591 $this->setDN($row->dn);
592 $this->setMemberAttribute($row->attribute);
593 $this->setMemberIsDN($row->isdn);
594 $this->setAttributeName($row->att_name);
595 $this->setAttributeValue($row->att_value);
596 $this->setRoleId($row->role_id);
597 $this->enableAddOnUpdate($row->add_on_update);
598 $this->enableRemoveOnUpdate($row->remove_on_update);
599 $this->setPluginId($row->plugin_id);
600 }
601 }
602}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
php
An exception for terminatinating execution or to throw for unit testing.
true
return true
Flag indicating whether or not HTTP headers will be sent when outputting captcha image/audio.
Definition: class.ilIniFile.php:168
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember($a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:140
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:182
ilLDAPRoleAssignmentRule\setMemberAttribute
setMemberAttribute($a_attribute)
@access public
Definition: class.ilLDAPRoleAssignmentRule.php:306
ilLDAPRoleAssignmentRule\matches
matches($a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:90
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName($a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:352
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:340
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:71
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId($a_rule_id)
get instance by rule id
Definition: class.ilLDAPRoleAssignmentRule.php:59
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue($a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:375
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN($a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:329
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin($a_plugin_id, $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:229
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:991
$server
$server
Definition: dummy_client.php:12
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$type
$type
Definition: proxy_ylocal.php:10
$ilErr
$ilErr
Definition: raiseError.php:18
$lng
$lng
Definition: save_question_post_data.php:23
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19