Shibboleth role assignment rules. More...

Collaboration diagram for ilShibbolethRoleAssignmentRules:

Static Public Member Functions
static	getCountRules ()

static	updateAssignments (int $a_usr_id, array $a_data)

static	doAssignments (int $a_usr_id, array $a_data)

static	callPlugin (string $a_plugin_id, array $a_user_data)

Static Protected Attributes
static array	$active_plugins = []

Detailed Description

Shibboleth role assignment rules.

Author: Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om; Fabian Schmid fabia.nosp@m.n.sc.nosp@m.hmid@.nosp@m.ilub.nosp@m..unib.nosp@m.e.ch

Version: $Id$

Definition at line 25 of file class.ilShibbolethRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilShibbolethRoleAssignmentRules::callPlugin	(	string	$a_plugin_id,
		array	$a_user_data
	)

static

Definition at line 119 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, and XapiProxy\$plugin.

Referenced by ilShibbolethRoleAssignmentRule\doesMatch(), and ilShibbolethRoleAssignmentRule\matches().

                                                                               : bool
     {
         global $DIC;
         foreach ($DIC['component.factory']->getActivePluginsInSlot('shibhk') as $plugin) {
             if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
                 return true;
             }
         }
         return false;
     }

Here is the caller graph for this function:

◆ doAssignments()

static ilShibbolethRoleAssignmentRules::doAssignments	(	int	$a_usr_id,
		array	$a_data
	)

static

Definition at line 91 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, ILIAS\LTI\ToolProvider\$settings, ilObject\_lookupTitle(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthProviderShibboleth\doAuthentication().

                                                                       : bool
     {
         global $DIC;
         $ilDB = $DIC['ilDB'];
         $rbacadmin = $DIC['rbacadmin'];
         $ilLog = $DIC['ilLog'];
         $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
         $num_matches = 0;
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
             if ($rule->doesMatch($a_data)) {
                 $num_matches++;
                 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
             }
         }
         // Assign to default if no matching found
         if ($num_matches === 0) {
             $settings = new ilShibbolethSettings();
             $default_role = $settings->getDefaultRole();
             $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
             $rbacadmin->assignUser($default_role, $a_usr_id);
         }
 
         return true;
     }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ getCountRules()

static ilShibbolethRoleAssignmentRules::getCountRules ( )

static

Definition at line 49 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthShibbolethSettingsGUI\parseRulesTable().

                                           : int
     {
         global $DIC;
         $ilDB = $DIC['ilDB'];
         $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
         $res = $ilDB->query($query);
         $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
         return (int) ($row->num ?? 0);
     }

Here is the caller graph for this function:

◆ updateAssignments()

static ilShibbolethRoleAssignmentRules::updateAssignments	(	int	$a_usr_id,
		array	$a_data
	)

static

Definition at line 59 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $ilDB, $query, $res, ILIAS\LTI\ToolProvider\$settings, ilObject\_lookupTitle(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthProviderShibboleth\doAuthentication().

                                                                           : bool
     {
         global $DIC;
         $ilDB = $DIC['ilDB'];
         $rbacadmin = $DIC['rbacadmin'];
         $rbacreview = $DIC['rbacreview'];
         $ilLog = $DIC['ilLog'];
         $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
         $res = $ilDB->query($query);
         while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
             $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
             //                  $matches = $rule->matches($a_data);
             if ($rule->doesMatch($a_data) && $row->add_on_update) {
                 $ilLog->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                 $rbacadmin->assignUser($rule->getRoleId(), $a_usr_id);
             }
             if (!$rule->doesMatch($a_data) && $row->remove_on_update) {
                 $ilLog->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
                 $rbacadmin->deassignUser($rule->getRoleId(), $a_usr_id);
             }
         }
         // check if is assigned to minimum one global role
         if (!array_intersect($rbacreview->assignedRoles($a_usr_id), $rbacreview->getGlobalRoles())) {
             $settings = new ilShibbolethSettings();
             $default_role = $settings->getDefaultRole();
             $ilLog->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
             $rbacadmin->assignUser($default_role, $a_usr_id);
         }
 
         return true;
     }