ILIAS  release_8 Revision v8.24
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1<?php
27class ilAuthShibbolethSettingsGUI
28{
29 private const PARAM_RULE_ID = 'rule_id';
30
31 private ?\ilPropertyFormGUI $form = null;
32 private ?ilShibbolethRoleAssignmentRule $rule = null;
33 private \ilCtrl $ctrl;
34 private \ilTabsGUI $tabs_gui;
35 private \ilLanguage $lng;
36 private \ilGlobalTemplateInterface $tpl;
37 private int $ref_id;
38 private ilComponentRepository $component_repository;
39 private \ILIAS\DI\RBACServices $rbac;
40 private ilAccessHandler $access;
41 private \ILIAS\HTTP\Wrapper\WrapperFactory $wrapper;
42 private \ILIAS\Refinery\Factory $refinery;
43 private ilShibbolethSettings $shib_settings;
44 private ilSetting $global_settings;
45 private ilRbacReview $rbac_review;
46
47 public function __construct(int $a_auth_ref_id)
48 {
49 global $DIC;
50 $this->ctrl = $DIC->ctrl();
51 $this->wrapper = $DIC->http()->wrapper();
52 $this->refinery = $DIC->refinery();
53 $this->rbac = $DIC->rbac();
54 $this->access = $DIC->access();
55 $this->tabs_gui = $DIC->tabs();
56 $this->lng = $DIC->language();
57 $this->lng->loadLanguageModule('shib');
58 $this->tpl = $DIC->ui()->mainTemplate();
59 $this->ref_id = $a_auth_ref_id;
60 $this->component_repository = $DIC["component.repository"];
61 $this->shib_settings = new ilShibbolethSettings();
62 $this->global_settings = $DIC['ilSetting'];
63 $this->rbac_review = $DIC['rbacreview'];
64 }
65
66 public function executeCommand(): void
67 {
68 $cmd = $this->ctrl->getCmd();
69 if (!$this->access->checkAccess('read', '', $this->ref_id)) {
70 throw new ilException('Permission denied');
71 }
72 if (!$this->access->checkAccess('write', '', $this->ref_id) && $cmd !== "settings") {
73 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
74 $this->ctrl->redirect($this, "settings");
75 }
76 $this->setSubTabs();
77 if (!$cmd) {
78 $cmd = "settings";
79 }
80 $this->$cmd();
81 }
82
83 public function settings(): void
84 {
85 $this->tabs_gui->setSubTabActive('shib_settings');
86 $form = new ilShibbolethSettingsForm(
87 $this->shib_settings,
88 $this->ctrl->getLinkTarget($this, 'save')
89 );
90
91 $this->tpl->setContent($form->getHTML());
92 }
93
94 public function save(): void
95 {
96 $form = new ilShibbolethSettingsForm(
97 $this->shib_settings,
98 $this->ctrl->getLinkTarget($this, 'save')
99 );
100 $form->setValuesByPost();
101 if ($form->saveObject()) {
102 $this->tpl->setOnScreenMessage('success', $this->lng->txt("shib_settings_saved"), true);
103 $this->ctrl->redirect($this, 'settings');
104 }
105 $this->tpl->setContent($form->getHTML());
106 }
107
108 protected function roleAssignment(): bool
109 {
110 $this->tabs_gui->setSubTabActive('shib_role_assignment');
111 $this->initFormRoleAssignment('default');
112 $this->tpl->addBlockFile(
113 'ADM_CONTENT',
114 'adm_content',
115 'tpl.shib_role_assignment.html',
116 'Services/AuthShibboleth'
117 );
118 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
119 if (($html = $this->parseRulesTable()) !== '') {
120 $this->tpl->setVariable('RULE_TABLE', $html);
121 }
122
123 return true;
124 }
125
126 protected function parseRulesTable(): string
127 {
128 if (ilShibbolethRoleAssignmentRules::getCountRules() === 0) {
129 return '';
130 }
131 $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
132 $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
133 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
134 $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
135 $rules_table->setSelectAllCheckbox(self::PARAM_RULE_ID);
136
137 return $rules_table->getHTML();
138 }
139
140 protected function confirmDeleteRules(): bool
141 {
142 if (!$this->wrapper->post()->has('rule_ids')) {
143 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
144 $this->roleAssignment();
145
146 return false;
147 }
148 $this->tabs_gui->setSubTabActive('shib_role_assignment');
149 $c_gui = new ilConfirmationGUI();
150 // set confirm/cancel commands
151 $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
152 $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
153 $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
154 $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
155
156 $rule_ids = $this->wrapper->post()->retrieve(
157 'rule_ids',
158 $this->refinery->to()->listOf($this->refinery->to()->int())
159 );
160 foreach ($rule_ids as $rule_id) {
161 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
162 $info = ilObject::_lookupTitle($rule->getRoleId());
163 $info .= " (";
164 $info .= $rule->conditionToString();
165 $info .= ')';
166 $c_gui->addItem('rule_ids[]', $rule_id, $info);
167 }
168 $this->tpl->setContent($c_gui->getHTML());
169 return true;
170 }
171
172 protected function deleteRules(): bool
173 {
174 if (!$this->wrapper->post()->has('rule_ids')) {
175 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
176 $this->roleAssignment();
177
178 return false;
179 }
180 $rule_ids = $this->wrapper->post()->retrieve(
181 'rule_ids',
182 $this->refinery->to()->listOf($this->refinery->to()->int())
183 );
184 foreach ($rule_ids as $rule_id) {
185 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
186 $rule->delete();
187 }
188 $this->tpl->setOnScreenMessage('success', $this->lng->txt('shib_deleted_rule'));
189 $this->roleAssignment();
190
191 return true;
192 }
193
194 protected function initFormRoleAssignment(string $a_mode = 'default'): void
195 {
196 $this->form = new ilPropertyFormGUI();
197 $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
198 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
199 if ($a_mode === 'default') {
200 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
201 $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
202 $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
203 } else {
204 $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
205 $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
206 $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
207 }
208 // Role selection
209 $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
210 $role->setRequired(true);
211 $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
212 $role->addOption($global);
213 $role_select = new ilSelectInputGUI('', 'role_id');
214 $role_select->setOptions($this->prepareRoleSelect());
215 $global->addSubItem($role_select);
216 $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
217 $role->addOption($local);
218 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', self::class, 'addRoleAutoCompleteObject');
219 $role_search->setSize(40);
220 $local->addSubItem($role_search);
221 $role->setInfo($this->lng->txt('shib_role_name_info'));
222 $this->form->addItem($role);
223 // Update options
224 $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
225 $update->setValue($this->lng->txt('shib_check_role_assignment'));
226 $add = new ilCheckboxInputGUI('', 'add_missing');
227 $add->setOptionTitle($this->lng->txt('shib_add_missing'));
228 $add->setValue(1);
229 $update->addSubItem($add);
230 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
231 $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
232 $remove->setValue(1);
233 $update->addSubItem($remove);
234 $this->form->addItem($update);
235 // Assignment type
236 $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
237 $kind->setValue(1);
238 $kind->setRequired(true);
239 $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
240 $attr->setInfo($this->lng->txt('shib_attr_info'));
241 $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
242 $name->setSize(32);
243 $attr->addSubItem($name);
244 $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
245 $value->setSize(32);
246 $attr->addSubItem($value);
247 $kind->addOption($attr);
248 $pl_active = $this->component_repository->getPluginSlotById('shibhk')->hasActivePlugins();
249 $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
250 $pl->setInfo($this->lng->txt('shib_plugin_info'));
251 $pl->setDisabled(!$pl_active);
252 $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
253 $id->setDisabled(!$pl_active);
254 $id->setSize(3);
255 $id->setMaxLength(3);
256 $id->setMaxValue(999);
257 $id->setMinValue(1);
258 $pl->addSubItem($id);
259 $kind->addOption($pl);
260 $this->form->addItem($kind);
261 }
262
263 public function addRoleAutoCompleteObject(): void
264 {
265 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
266 }
267
268 protected function addRoleAssignmentRule(): bool
269 {
270 if (!$this->access->checkAccess('write', '', $this->ref_id)) {
271 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
272 $this->roleAssignment();
273
274 return false;
275 }
276 $this->initFormRoleAssignment();
277 if (!$this->form->checkInput() || ($err = $this->checkInput())) {
278 if (isset($err)) {
279 $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
280 }
281 $this->tabs_gui->setSubTabActive('shib_role_assignment');
282 $this->form->setValuesByPost();
283 $this->tpl->addBlockFile(
284 'ADM_CONTENT',
285 'adm_content',
286 'tpl.shib_role_assignment.html',
287 'Services/AuthShibboleth'
288 );
289 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
290 if (($html = $this->parseRulesTable()) !== '') {
291 $this->tpl->setVariable('RULE_TABLE', $html);
292 }
293
294 return true;
295 }
296 $this->rule->add();
297 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
298 $this->roleAssignment();
299
300 return true;
301 }
302
303 protected function editRoleAssignment(): bool
304 {
305 $this->ctrl->saveParameter($this, self::PARAM_RULE_ID);
306 $this->tabs_gui->setSubTabActive('shib_role_assignment');
307 $this->initFormRoleAssignment('update');
308 $this->getRuleValues();
309 $this->tpl->addBlockFile(
310 'ADM_CONTENT',
311 'adm_content',
312 'tpl.shib_role_assignment.html',
313 'Services/AuthShibboleth'
314 );
315 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
316
317 return true;
318 }
319
320 protected function updateRoleAssignmentRule(): bool
321 {
322 if (!$this->access->checkAccess('write', '', $this->ref_id)) {
323 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
324 $this->roleAssignment();
325
326 return false;
327 }
328 $this->initFormRoleAssignment();
329 $err = false;
330 $role_id = $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int());
331
332 if (!$this->form->checkInput() || $err = $this->checkInput($role_id)) {
333 if ($err) {
334 $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
335 }
336 $this->tabs_gui->setSubTabActive('shib_role_assignment');
337 $this->form->setValuesByPost();
338 $this->tpl->addBlockFile(
339 'ADM_CONTENT',
340 'adm_content',
341 'tpl.shib_role_assignment.html',
342 'Services/AuthShibboleth'
343 );
344 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
345
346 return true;
347 }
348 $this->rule->update();
349 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
350 $this->roleAssignment();
351
352 return true;
353 }
354
355 private function loadRule(int $a_rule_id = 0): ilShibbolethRoleAssignmentRule
356 {
357 $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
358 if ((int) $this->form->getInput('role_name') === 0) {
359 $this->rule->setRoleId($this->form->getInput('role_id'));
360 } elseif ($this->form->getInput('role_search')) {
361 $parser = new ilQueryParser($this->form->getInput('role_search'));
362 // TODO: Handle minWordLength
363 $parser->setMinWordLength(1);
364 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
365 $parser->parse();
366 $object_search = new ilLikeObjectSearch($parser);
367 $object_search->setFilter(array('role'));
368 $res = $object_search->performSearch();
369 $entries = $res->getEntries();
370 if (count($entries) === 1) {
371 $role = current($entries);
372 $this->rule->setRoleId($role['obj_id']);
373 } elseif (count($entries) > 1) {
374 $this->rule->setRoleId(-1);
375 }
376 }
377 $this->rule->setName($this->form->getInput('attr_name'));
378 $this->rule->setValue($this->form->getInput('attr_value'));
379 $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
380 $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
381 $this->rule->enablePlugin((int) $this->form->getInput('kind') === 2);
382 $this->rule->setPluginId($this->form->getInput('plugin_id'));
383
384 return $this->rule;
385 }
386
387 private function getRuleValues(): void
388 {
389 $rule_id = $this->wrapper->query()->has(self::PARAM_RULE_ID)
390 ? $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int())
391 : 0;
392
393 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
394 $role = $rule->getRoleId();
395 if ($this->rbac->review()->isGlobalRole($role)) {
396 $values['role_name'] = 0;
397 $values['role_id'] = $role;
398 } else {
399 $values['role_name'] = 1;
400 $values['role_search'] = ilObject::_lookupTitle($role);
401 }
402 $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
403 $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
404 $values['attr_name'] = $rule->getName();
405 $values['attr_value'] = $rule->getValue();
406 if (!$rule->isPluginActive()) {
407 $values['kind'] = 1;
408 } else {
409 $values['kind'] = 2;
410 $values['plugin_id'] = $rule->getPluginId();
411 }
412 $this->form->setValuesByArray($values);
413 }
414
415 private function checkInput($a_rule_id = 0): string
416 {
417 $this->loadRule($a_rule_id);
418
419 return $this->rule->validate();
420 }
421
425 private function prepareRoleSelect(): array
426 {
427 $global_roles = ilUtil::_sortIds($this->rbac_review->getGlobalRoles(), 'object_data', 'title', 'obj_id');
428 $select[0] = $this->lng->txt('links_select_one');
429 foreach ($global_roles as $role_id) {
430 $select[$role_id] = ilObject::_lookupTitle($role_id);
431 }
432
433 return $select;
434 }
435
436 protected function setSubTabs(): bool
437 {
438 if (!(bool) $this->global_settings->get('shib_active', '0')) {
439 return false;
440 }
441 $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
442 $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
443
444 return true;
445 }
446}
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilAuthShibbolethSettingsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthShibbolethSettingsGUI.php:28
ilAuthShibbolethSettingsGUI\$wrapper
ILIAS HTTP Wrapper WrapperFactory $wrapper
Definition: class.ilAuthShibbolethSettingsGUI.php:41
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:27
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:25
ilException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilException.php:26
ilNonEditableValueGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilNonEditableValueGUI.php:27
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:27
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:31
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:27
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:27
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRoleAutoCompleteInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRoleAutoCompleteInputGUI.php:27
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:57
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:27
ilSetting
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilSetting.php:27
ilShibbolethSettingsForm
Class ilShibbolethSettingsForm.
Definition: class.ilShibbolethSettingsForm.php:29
ilShibbolethSettings
Class ilShibbolethSettings.
Definition: class.ilShibbolethSettings.php:28
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:27
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1223
$DIC
global $DIC
Definition: feed.php:28
$update
$update
Definition: imgupload.php:92
ilAccessHandler
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilAccessHandler.php:27
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:26
$res
$res
Definition: ltiservices.php:69
$name
if($format !==null) $name
Definition: metadata.php:247
ILIAS\Repository\form
form( $class_path, string $cmd)
Definition: trait.GlobalDICGUIServices.php:105