ILIAS  release_8 Revision v8.24
class.ilLDAPRoleAssignmentRule.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
25class ilLDAPRoleAssignmentRule
26{
27 public const TYPE_GROUP = 1;
28 public const TYPE_ATTRIBUTE = 2;
29 public const TYPE_PLUGIN = 3;
30
31 private static array $instances = [];
32
33 private ilLogger $logger;
34 private ilDBInterface $db;
35 private ilErrorHandling $ilErr;
36 private ilLanguage $lng;
37
38 private int $rule_id;
39
40 private int $server_id = 0;
41 private bool$add_on_update = false;
42 private bool$remove_on_update = false;
43 private int $plugin_id = 0;
44 private string $attribute_value = '';
45 private string $attribute_name = '';
46 private bool $member_is_dn = false;
47 private string $member_attribute = '';
48 private string $dn = '';
49 private int $type = 0;
50 private int $role_id = 0;
51
52 private function __construct(int $a_rule_id = 0)
53 {
54 global $DIC;
55 $this->db = $DIC->database();
56 $this->logger = $DIC->logger()->auth();
57 $this->ilErr = $DIC['ilErr'];
58 $this->lng = $DIC->language();
59
60 $this->rule_id = $a_rule_id;
61 $this->read();
62 }
63
64 public static function _getInstanceByRuleId(int $a_rule_id): ilLDAPRoleAssignmentRule
65 {
66 return self::$instances[$a_rule_id] ?? (self::$instances[$a_rule_id] = new ilLDAPRoleAssignmentRule($a_rule_id));
67 }
68
72 public static function hasRulesForUpdate(): bool
73 {
74 global $DIC;
75
76 $ilDB = $DIC['ilDB'];
77
78 $query = 'SELECT COUNT(*) num FROM ldap_role_assignments ' .
79 'WHERE add_on_update = 1 ' .
80 'OR remove_on_update = 1 ';
81 $res = $ilDB->query($query);
82 $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
83
84 return $row->num > 0;
85 }
86
90 public function matches(array $a_user_data): bool
91 {
92 switch ($this->getType()) {
93 case self::TYPE_PLUGIN:
94 return ilLDAPRoleAssignmentRules::callPlugin($this->getPluginId(), $a_user_data);
95
96 case self::TYPE_ATTRIBUTE:
97
98 $attn = strtolower($this->getAttributeName());
99
100 if (!isset($a_user_data[$attn])) {
101 return false;
102 }
103
104 if (!is_array($a_user_data[$attn])) {
105 $attribute_val = array(0 => $a_user_data[$attn]);
106 } else {
107 $attribute_val = $a_user_data[$attn];
108 }
109
110 foreach ($attribute_val as $value) {
111 if ($this->wildcardCompare(trim($this->getAttributeValue()), trim($value))) {
112 $this->logger->debug(': Found role mapping: ' . ilObject::_lookupTitle($this->getRoleId()));
113 return true;
114 }
115 }
116 return false;
117
118 case self::TYPE_GROUP:
119 return $this->isGroupMember($a_user_data);
120
121 }
122
123 return false;
124 }
125
126 protected function wildcardCompare(string $a_str1, string $a_str2): bool
127 {
128 $pattern = str_replace('*', '.*?', $a_str1);
129 $this->logger->debug(': Replace pattern:' . $pattern . ' => ' . $a_str2);
130 return preg_match('/^' . $pattern . '$/i', $a_str2) === 1;
131 }
132
139 private function isGroupMember(array $a_user_data): bool
140 {
141 $server = ilLDAPServer::getInstanceByServerId($this->getServerId());
142
143 if ($this->isMemberAttributeDN()) {
144 if ($server->enabledEscapeDN()) {
145 $user_cmp = ldap_escape($a_user_data['dn'], "", LDAP_ESCAPE_FILTER);
146 } else {
147 $user_cmp = $a_user_data['dn'];
148 }
149 } else {
150 $user_cmp = $a_user_data['ilExternalAccount'];
151 }
152
153 try {
154 $query = new ilLDAPQuery($server);
155 $query->bind();
156 $res = $query->query(
157 $this->getDN(),
158 sprintf(
159 '(%s=%s)',
160 $this->getMemberAttribute(),
161 $user_cmp
162 ),
163 ilLDAPServer::LDAP_SCOPE_BASE,
164 array('dn')
165 );
166 return (bool) $res->numRows();
167 } catch (ilLDAPQueryException $e) {
168 $this->logger->warning(': Caught Exception: ' . $e->getMessage());
169 return false;
170 }
171 }
172
173
174
180 public static function _getRules($a_server_id): array
181 {
182 global $DIC;
183 $ilDB = $DIC->database();
184
185 $rules = [];
186
187 $query = "SELECT rule_id FROM ldap_role_assignments " .
188 "WHERE server_id = " . $ilDB->quote($a_server_id, 'integer');
189 $res = $ilDB->query($query);
190 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
191 $rules[] = self::_getInstanceByRuleId((int) $row->rule_id);
192 }
193
194 return $rules;
195 }
196
202 public function setRoleId(int $a_role_id): void
203 {
204 $this->role_id = $a_role_id;
205 }
206
210 public function getRoleId(): int
211 {
212 return $this->role_id;
213 }
214
218 public function getRuleId(): int
219 {
220 return $this->rule_id;
221 }
222
226 public function setServerId(int $a_id): void
227 {
228 $this->server_id = $a_id;
229 }
230
234 public function getServerId(): int
235 {
236 return $this->server_id;
237 }
238
242 public function setType(int $a_type): void
243 {
244 $this->type = $a_type;
245 }
246
250 public function getType(): int
251 {
252 return $this->type;
253 }
254
258 public function setDN(string $a_dn): void
259 {
260 $this->dn = $a_dn;
261 }
262
266 public function getDN(): string
267 {
268 return $this->dn;
269 }
270
271 public function setMemberAttribute(string $a_attribute): void
272 {
273 $this->member_attribute = $a_attribute;
274 }
275
279 public function getMemberAttribute(): string
280 {
281 return $this->member_attribute;
282 }
283
287 public function setMemberIsDN(bool $a_status): void
288 {
289 $this->member_is_dn = $a_status;
290 }
291
295 public function isMemberAttributeDN(): bool
296 {
297 return $this->member_is_dn;
298 }
299
303 public function setAttributeName(string $a_name): void
304 {
305 $this->attribute_name = $a_name;
306 }
307
311 public function getAttributeName(): string
312 {
313 return $this->attribute_name;
314 }
315
319 public function setAttributeValue(string $a_value): void
320 {
321 $this->attribute_value = $a_value;
322 }
323
327 public function getAttributeValue(): string
328 {
329 return $this->attribute_value;
330 }
331
332 public function enableAddOnUpdate(bool $a_status): void
333 {
334 $this->add_on_update = $a_status;
335 }
336
337 public function isAddOnUpdateEnabled(): bool
338 {
339 return $this->add_on_update;
340 }
341
342 public function enableRemoveOnUpdate(bool $a_status): void
343 {
344 $this->remove_on_update = $a_status;
345 }
346
347 public function isRemoveOnUpdateEnabled(): bool
348 {
349 return $this->remove_on_update;
350 }
351
352 public function setPluginId(int $a_id): void
353 {
354 $this->plugin_id = $a_id;
355 }
356
357 public function getPluginId(): int
358 {
359 return $this->plugin_id;
360 }
361
362 public function isPluginActive(): bool
363 {
364 return $this->getType() === self::TYPE_PLUGIN;
365 }
366
367 public function conditionToString(): string
368 {
369 switch ($this->getType()) {
370 case self::TYPE_PLUGIN:
371 return $this->lng->txt('ldap_plugin_id') . ': ' . $this->getPluginId();
372
373 case self::TYPE_GROUP:
374 $dn_arr = explode(',', $this->getDN());
375 return $dn_arr[0];
376
377 case self::TYPE_ATTRIBUTE:
378 return $this->getAttributeName() . '=' . $this->getAttributeValue();
379
380 default:
381 throw new RuntimeException(sprintf('Unknown type: %s', var_export($this->getType(), true)));
382 }
383 }
384
385 public function create(): bool
386 {
387 $next_id = $this->db->nextId('ldap_role_assignments');
388
389 $query = "INSERT INTO ldap_role_assignments (server_id,rule_id,type,dn,attribute,isdn,att_name,att_value,role_id, " .
390 "add_on_update, remove_on_update, plugin_id ) " .
391 "VALUES( " .
392 $this->db->quote($this->getServerId(), 'integer') . ", " .
393 $this->db->quote($next_id, 'integer') . ", " .
394 $this->db->quote($this->getType(), 'integer') . ", " .
395 $this->db->quote($this->getDN(), 'text') . ", " .
396 $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
397 $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
398 $this->db->quote($this->getAttributeName(), 'text') . ", " .
399 $this->db->quote($this->getAttributeValue(), 'text') . ", " .
400 $this->db->quote($this->getRoleId(), 'integer') . ", " .
401 $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
402 $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
403 $this->db->quote($this->getPluginId(), 'integer') . ' ' .
404 ")";
405 $this->db->manipulate($query);
406 $this->rule_id = $next_id;
407
408 return true;
409 }
410
411 public function update(): bool
412 {
413 $query = "UPDATE ldap_role_assignments " .
414 "SET server_id = " . $this->db->quote($this->getServerId(), 'integer') . ", " .
415 "type = " . $this->db->quote($this->getType(), 'integer') . ", " .
416 "dn = " . $this->db->quote($this->getDN(), 'text') . ", " .
417 "attribute = " . $this->db->quote($this->getMemberAttribute(), 'text') . ", " .
418 "isdn = " . $this->db->quote($this->isMemberAttributeDN(), 'integer') . ", " .
419 "att_name = " . $this->db->quote($this->getAttributeName(), 'text') . ", " .
420 "att_value = " . $this->db->quote($this->getAttributeValue(), 'text') . ", " .
421 "role_id = " . $this->db->quote($this->getRoleId(), 'integer') . ", " .
422 "add_on_update = " . $this->db->quote($this->isAddOnUpdateEnabled(), 'integer') . ', ' .
423 'remove_on_update = ' . $this->db->quote($this->isRemoveOnUpdateEnabled(), 'integer') . ', ' .
424 'plugin_id = ' . $this->db->quote($this->getPluginId(), 'integer') . ' ' .
425 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
426 $this->db->manipulate($query);
427
428 return true;
429 }
430
431 public function validate(): bool
432 {
433 $this->ilErr->setMessage('');
434
435 if (!$this->getRoleId()) {
436 $this->ilErr->setMessage('fill_out_all_required_fields');
437 return false;
438 }
439 switch ($this->getType()) {
440 case self::TYPE_GROUP:
441 if ($this->getDN() === '' || $this->getMemberAttribute() === '') {
442 $this->ilErr->setMessage('fill_out_all_required_fields');
443 return false;
444 }
445 break;
446 case self::TYPE_ATTRIBUTE:
447 if ($this->getAttributeName() === '' || $this->getAttributeValue() === '') {
448 $this->ilErr->setMessage('fill_out_all_required_fields');
449 return false;
450 }
451 break;
452
453 case self::TYPE_PLUGIN:
454 if (!$this->getPluginId()) {
455 $this->ilErr->setMessage('ldap_err_missing_plugin_id');
456 return false;
457 }
458 break;
459
460 default:
461 $this->ilErr->setMessage('ldap_no_type_given');
462 return false;
463 }
464
465 return true;
466 }
467
468 public function delete(): bool
469 {
470 $query = "DELETE FROM ldap_role_assignments " .
471 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
472 $this->db->manipulate($query);
473
474 return true;
475 }
476
477 private function read(): void
478 {
479 $query = "SELECT * FROM ldap_role_assignments " .
480 "WHERE rule_id = " . $this->db->quote($this->getRuleId(), 'integer') . " ";
481
482 $res = $this->db->query($query);
483 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
484 $this->setServerId((int) $row->server_id);
485 $this->setType((int) $row->type);
486 if (!is_null($row->dn)) {
487 $this->setDN($row->dn);
488 }
489 if (!is_null($row->attribute)) {
490 $this->setMemberAttribute($row->attribute);
491 }
492 $this->setMemberIsDN((bool) $row->isdn);
493 if (!is_null($row->att_name)) {
494 $this->setAttributeName($row->att_name);
495 }
496 if (!is_null($row->att_value)) {
497 $this->setAttributeValue($row->att_value);
498 }
499 $this->setRoleId((int) $row->role_id);
500 if (!is_null($row->add_on_update)) {
501 $this->enableAddOnUpdate((bool) $row->add_on_update);
502 }
503 if (!is_null($row->remove_on_update)) {
504 $this->enableRemoveOnUpdate((bool) $row->remove_on_update);
505 }
506 if (!is_null($row->plugin_id)) {
507 $this->setPluginId((int) $row->plugin_id);
508 }
509 }
510 }
511}
ilErrorHandling
Error Handling & global info handling uses PEAR error class.
Definition: class.ilErrorHandling.php:39
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:180
ilLDAPRoleAssignmentRule\isGroupMember
isGroupMember(array $a_user_data)
Check if user is member of specific group.
Definition: class.ilLDAPRoleAssignmentRule.php:139
ilLDAPRoleAssignmentRule\setAttributeName
setAttributeName(string $a_name)
set attribute name
Definition: class.ilLDAPRoleAssignmentRule.php:303
ilLDAPRoleAssignmentRule\isMemberAttributeDN
isMemberAttributeDN()
is member attribute dn
Definition: class.ilLDAPRoleAssignmentRule.php:295
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPRoleAssignmentRule\wildcardCompare
wildcardCompare(string $a_str1, string $a_str2)
Definition: class.ilLDAPRoleAssignmentRule.php:126
ilLDAPRoleAssignmentRule\setMemberIsDN
setMemberIsDN(bool $a_status)
set member attribute is dn
Definition: class.ilLDAPRoleAssignmentRule.php:287
ilLDAPRoleAssignmentRule\setAttributeValue
setAttributeValue(string $a_value)
set attribute value
Definition: class.ilLDAPRoleAssignmentRule.php:319
ilLDAPRoleAssignmentRule\setRoleId
setRoleId(int $a_role_id)
set role id
Definition: class.ilLDAPRoleAssignmentRule.php:202
ilLDAPRoleAssignmentRule\matches
matches(array $a_user_data)
Check if a rule matches.
Definition: class.ilLDAPRoleAssignmentRule.php:90
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin(int $a_plugin_id, array $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:183
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLanguage
language handling
Definition: class.ilLanguage.php:44
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:17
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
$server
$server
Definition: dummy_client.php:22
$DIC
global $DIC
Definition: feed.php:28
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:27
$res
$res
Definition: ltiservices.php:69
$query
$query
Definition: proxy_ylocal.php:13