ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
Static Public Member Functions | Static Protected Member Functions | Static Protected Attributes | Private Attributes
ilLDAPRoleAssignmentRules Class Reference

Do role assignemnts. More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole (int $a_server_id)
 
static getAllPossibleRoles (int $a_server_id)
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ($a_server_id)
 get all possible attribute names More...
 
static getAssignmentsForUpdate (int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
 
static getAssignmentsForCreation (int $a_server_id, string $a_usr_name, array $a_usr_data)
 
static callPlugin (int $a_plugin_id, array $a_user_data)
 Call plugin check if the condition matches. More...
 

Static Protected Member Functions

static getAdditionalPluginAttributes ()
 Fetch additional attributes from plugin. More...
 
static parseRole (int $a_role_id, string $a_action)
 

Static Protected Attributes

static int $default_role = null
 

Private Attributes

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Detailed Description

Do role assignemnts.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 26 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin ( int  $a_plugin_id,
array  $a_user_data 
)
static

Call plugin check if the condition matches.

Definition at line 183 of file class.ilLDAPRoleAssignmentRules.php.

References $DIC, and XapiProxy\$plugin.

Referenced by ilLDAPRoleAssignmentRule\matches().

183  : bool
184  {
185  global $DIC;
186 
187  $component_factory = $DIC["component.factory"];
188  foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
189  if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
190  return true;
191  }
192  }
193  return false;
194  }
$DIC
global $DIC
Definition: feed.php:28
+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes ( )
staticprotected

Fetch additional attributes from plugin.

Returns
string[]

Definition at line 200 of file class.ilLDAPRoleAssignmentRules.php.

References $attributes, $DIC, and XapiProxy\$plugin.

200  : array
201  {
202  global $DIC;
203 
204  $attributes = array();
205  $component_factory = $DIC["component.factory"];
206  foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
207  $attributes[] = $plugin->getAdditionalAttributeNames();
208  }
209 
210  return array_merge(...$attributes);
211  }
$attributes
$attributes
Definition: metadata.php:248
$DIC
global $DIC
Definition: feed.php:28

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles ( int  $a_server_id)
static

Get all assignable roles (used for import parser)

Returns
array<int, int> array of roles assigned

Definition at line 43 of file class.ilLDAPRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and ILIAS\Repository\int().

Referenced by ilLDAPAttributeToUser\refresh().

43  : array
44  {
45  global $DIC;
46 
47  $ilDB = $DIC['ilDB'];
48 
49  $roles = [];
50  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
51  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
52  $res = $ilDB->query($query);
53  //TODO fix this array which is always the some digit twice
54  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
55  //TODO if key is int it will get autoconverted to int
56  $roles[$row->role_id] = (int) $row->role_id;
57  }
58 
59  $gr = self::getDefaultRole($a_server_id);
60  $roles[$gr] = $gr;
61 
62  return $roles;
63  }
$res
$res
Definition: ltiservices.php:69
$DIC
global $DIC
Definition: feed.php:28
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation ( int  $a_server_id,
string  $a_usr_name,
array  $a_usr_data 
)
static
Returns
array role data

Definition at line 140 of file class.ilLDAPRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForCreation().

140  : array
141  {
142  global $DIC;
143 
144  $ilDB = $DIC['ilDB'];
145  $ilLog = $DIC['ilLog'];
146 
147  $query = "SELECT rule_id FROM ldap_role_assignments " .
148  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
149  $res = $ilDB->query($query);
150 
151  $roles = [];
152  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
153  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
154 
155  if ($rule->matches($a_usr_data)) {
156  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
157  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
158  }
159  }
160 
161  // DONE: check for global role
162  $found_global = false;
163  foreach ($roles as $role_data) {
164  if ($role_data['type'] === 'Global') {
165  $found_global = true;
166  break;
167  }
168  }
169  if (!$found_global) {
170  $ilLog->info(': No matching rule found. Assigning to default role.');
171  $roles[] = self::parseRole(
172  self::getDefaultRole($a_server_id),
173  self::ROLE_ACTION_ASSIGN
174  );
175  }
176 
177  return $roles;
178  }
$res
$res
Definition: ltiservices.php:69
$DIC
global $DIC
Definition: feed.php:28
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
$query
$query
Definition: proxy_ylocal.php:13
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate ( int  $a_server_id,
  $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

Definition at line 90 of file class.ilLDAPRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate().

90  : array
91  {
92  global $DIC;
93 
94  $ilDB = $DIC['ilDB'];
95  $rbacreview = $DIC['rbacreview'];
96  $ilLog = $DIC['ilLog'];
97 
98  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
99  "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
100  'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
101 
102  $res = $ilDB->query($query);
103  $roles = [];
104  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
105  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
106 
107  $matches = $rule->matches($a_usr_data);
108  if ($matches && $row->add_on_update) {
109  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
110  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
111  }
112  if (!$matches && $row->remove_on_update) {
113  $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
114  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
115  }
116  }
117 
118  // Check if there is minimum on global role
119  $deassigned_global = 0;
120  foreach ($roles as $role_data) {
121  if ($role_data['type'] === 'Global' &&
122  $role_data['action'] === self::ROLE_ACTION_DEASSIGN) {
123  $deassigned_global++;
124  }
125  }
126  if (count($rbacreview->assignedGlobalRoles($a_usr_id)) === $deassigned_global) {
127  $ilLog->info(': No global role left. Assigning to default role.');
128  $roles[] = self::parseRole(
129  self::getDefaultRole($a_server_id),
130  self::ROLE_ACTION_ASSIGN
131  );
132  }
133 
134  return $roles;
135  }
$res
$res
Definition: ltiservices.php:69
$DIC
global $DIC
Definition: feed.php:28
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
$query
$query
Definition: proxy_ylocal.php:13
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames (   $a_server_id)
static

get all possible attribute names

Returns
string[]

Definition at line 69 of file class.ilLDAPRoleAssignmentRules.php.

References $DIC, $ilDB, $name, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

69  : array
70  {
71  global $DIC;
72 
73  $ilDB = $DIC['ilDB'];
74 
75  $query = "SELECT DISTINCT(att_name) " .
76  "FROM ldap_role_assignments " .
77  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
78  $res = $ilDB->query($query);
79  $names = [];
80  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
81  $name = strtolower(trim($row->att_name ?? ''));
82  if ($name) {
83  $names[] = $name;
84  }
85  }
86 
87  return array_merge($names, self::getAdditionalPluginAttributes());
88  }
$res
$res
Definition: ltiservices.php:69
$DIC
global $DIC
Definition: feed.php:28
$name
if($format !==null) $name
Definition: metadata.php:247
$query
$query
Definition: proxy_ylocal.php:13
+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole ( int  $a_server_id)
static

Definition at line 33 of file class.ilLDAPRoleAssignmentRules.php.

References ilLDAPAttributeMapping\_lookupGlobalRole().

33  : int
34  {
35  return self::$default_role =
36  ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
37  }
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:65
+ Here is the call graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole ( int  $a_role_id,
string  $a_action 
)
staticprotected

Definition at line 213 of file class.ilLDAPRoleAssignmentRules.php.

References $DIC.

213  : array
214  {
215  global $DIC;
216 
217  $rbacreview = $DIC['rbacreview'];
218 
219  return [
220  'id' => $a_role_id,
221  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
222  'action' => $a_action
223  ];
224  }
$DIC
global $DIC
Definition: feed.php:28

Field Documentation

◆ $default_role

int ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 31 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'
private

Definition at line 28 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'
private

Definition at line 29 of file class.ilLDAPRoleAssignmentRules.php.

The documentation for this class was generated from the following file: