ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
27 class ilAuthShibbolethSettingsGUI
28 {
29  private const PARAM_RULE_ID = 'rule_id';
30 
31  private ?\ilPropertyFormGUI $form = null;
32  private ?ilShibbolethRoleAssignmentRule $rule = null;
33  private \ilCtrl $ctrl;
34  private \ilTabsGUI $tabs_gui;
35  private \ilLanguage $lng;
36  private \ilGlobalTemplateInterface $tpl;
37  private int $ref_id;
38  private ilComponentRepository $component_repository;
39  private \ILIAS\DI\RBACServices $rbac;
40  private ilAccessHandler $access;
41  private \ILIAS\HTTP\Wrapper\WrapperFactory $wrapper;
42  private \ILIAS\Refinery\Factory $refinery;
43  private ilShibbolethSettings $shib_settings;
44  private ilSetting $global_settings;
45  private ilRbacReview $rbac_review;
46 
47  public function __construct(int $a_auth_ref_id)
48  {
49  global $DIC;
50  $this->ctrl = $DIC->ctrl();
51  $this->wrapper = $DIC->http()->wrapper();
52  $this->refinery = $DIC->refinery();
53  $this->rbac = $DIC->rbac();
54  $this->access = $DIC->access();
55  $this->tabs_gui = $DIC->tabs();
56  $this->lng = $DIC->language();
57  $this->lng->loadLanguageModule('shib');
58  $this->tpl = $DIC->ui()->mainTemplate();
59  $this->ref_id = $a_auth_ref_id;
60  $this->component_repository = $DIC["component.repository"];
61  $this->shib_settings = new ilShibbolethSettings();
62  $this->global_settings = $DIC['ilSetting'];
63  $this->rbac_review = $DIC['rbacreview'];
64  }
65 
66  public function executeCommand(): void
67  {
68  $cmd = $this->ctrl->getCmd();
69  if (!$this->access->checkAccess('read', '', $this->ref_id)) {
70  throw new ilException('Permission denied');
71  }
72  if (!$this->access->checkAccess('write', '', $this->ref_id) && $cmd !== "settings") {
73  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
74  $this->ctrl->redirect($this, "settings");
75  }
76  $this->setSubTabs();
77  if (!$cmd) {
78  $cmd = "settings";
79  }
80  $this->$cmd();
81  }
82 
83  public function settings(): void
84  {
85  $this->tabs_gui->setSubTabActive('shib_settings');
86  $form = new ilShibbolethSettingsForm(
87  $this->shib_settings,
88  $this->ctrl->getLinkTarget($this, 'save')
89  );
90 
91  $this->tpl->setContent($form->getHTML());
92  }
93 
94  public function save(): void
95  {
96  $form = new ilShibbolethSettingsForm(
97  $this->shib_settings,
98  $this->ctrl->getLinkTarget($this, 'save')
99  );
100  $form->setValuesByPost();
101  if ($form->saveObject()) {
102  $this->tpl->setOnScreenMessage('success', $this->lng->txt("shib_settings_saved"), true);
103  $this->ctrl->redirect($this, 'settings');
104  }
105  $this->tpl->setContent($form->getHTML());
106  }
107 
108  protected function roleAssignment(): bool
109  {
110  $this->tabs_gui->setSubTabActive('shib_role_assignment');
111  $this->initFormRoleAssignment('default');
112  $this->tpl->addBlockFile(
113  'ADM_CONTENT',
114  'adm_content',
115  'tpl.shib_role_assignment.html',
116  'Services/AuthShibboleth'
117  );
118  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
119  if (($html = $this->parseRulesTable()) !== '') {
120  $this->tpl->setVariable('RULE_TABLE', $html);
121  }
122 
123  return true;
124  }
125 
126  protected function parseRulesTable(): string
127  {
128  if (ilShibbolethRoleAssignmentRules::getCountRules() === 0) {
129  return '';
130  }
131  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
132  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
133  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
134  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
135  $rules_table->setSelectAllCheckbox(self::PARAM_RULE_ID);
136 
137  return $rules_table->getHTML();
138  }
139 
140  protected function confirmDeleteRules(): bool
141  {
142  if (!$this->wrapper->post()->has('rule_ids')) {
143  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
144  $this->roleAssignment();
145 
146  return false;
147  }
148  $this->tabs_gui->setSubTabActive('shib_role_assignment');
149  $c_gui = new ilConfirmationGUI();
150  // set confirm/cancel commands
151  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
152  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
153  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
154  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
155 
156  $rule_ids = $this->wrapper->post()->retrieve(
157  'rule_ids',
158  $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
159  );
160  foreach ($rule_ids as $rule_id) {
161  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
162  $info = ilObject::_lookupTitle($rule->getRoleId());
163  $info .= " (";
164  $info .= $rule->conditionToString();
165  $info .= ')';
166  $c_gui->addItem('rule_ids[]', $rule_id, $info);
167  }
168  $this->tpl->setContent($c_gui->getHTML());
169  return true;
170  }
171 
172  protected function deleteRules(): bool
173  {
174  if (!$this->wrapper->post()->has('rule_ids')) {
175  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
176  $this->roleAssignment();
177 
178  return false;
179  }
180  $rule_ids = $this->wrapper->post()->retrieve(
181  'rule_ids',
182  $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
183  );
184  foreach ($rule_ids as $rule_id) {
185  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
186  $rule->delete();
187  }
188  $this->tpl->setOnScreenMessage('success', $this->lng->txt('shib_deleted_rule'));
189  $this->roleAssignment();
190 
191  return true;
192  }
193 
194  protected function initFormRoleAssignment(string $a_mode = 'default'): void
195  {
196  $this->form = new ilPropertyFormGUI();
197  $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
198  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
199  if ($a_mode === 'default') {
200  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
201  $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
202  $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
203  } else {
204  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
205  $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
206  $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
207  }
208  // Role selection
209  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
210  $role->setRequired(true);
211  $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
212  $role->addOption($global);
213  $role_select = new ilSelectInputGUI('', 'role_id');
214  $role_select->setOptions($this->prepareRoleSelect());
215  $global->addSubItem($role_select);
216  $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
217  $role->addOption($local);
218  $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', self::class, 'addRoleAutoCompleteObject');
219  $role_search->setSize(40);
220  $local->addSubItem($role_search);
221  $role->setInfo($this->lng->txt('shib_role_name_info'));
222  $this->form->addItem($role);
223  // Update options
224  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
225  $update->setValue($this->lng->txt('shib_check_role_assignment'));
226  $add = new ilCheckboxInputGUI('', 'add_missing');
227  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
228  $add->setValue(1);
229  $update->addSubItem($add);
230  $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
231  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
232  $remove->setValue(1);
233  $update->addSubItem($remove);
234  $this->form->addItem($update);
235  // Assignment type
236  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
237  $kind->setValue(1);
238  $kind->setRequired(true);
239  $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
240  $attr->setInfo($this->lng->txt('shib_attr_info'));
241  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
242  $name->setSize(32);
243  $attr->addSubItem($name);
244  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
245  $value->setSize(32);
246  $attr->addSubItem($value);
247  $kind->addOption($attr);
248  $pl_active = $this->component_repository->getPluginSlotById('shibhk')->hasActivePlugins();
249  $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
250  $pl->setInfo($this->lng->txt('shib_plugin_info'));
251  $pl->setDisabled(!$pl_active);
252  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
253  $id->setDisabled(!$pl_active);
254  $id->setSize(3);
255  $id->setMaxLength(3);
256  $id->setMaxValue(999);
257  $id->setMinValue(1);
258  $pl->addSubItem($id);
259  $kind->addOption($pl);
260  $this->form->addItem($kind);
261  }
262 
263  public function addRoleAutoCompleteObject(): void
264  {
265  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
266  }
267 
268  protected function addRoleAssignmentRule(): bool
269  {
270  if (!$this->access->checkAccess('write', '', $this->ref_id)) {
271  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
272  $this->roleAssignment();
273 
274  return false;
275  }
276  $this->initFormRoleAssignment();
277  if (!$this->form->checkInput() || ($err = $this->checkInput())) {
278  if (isset($err)) {
279  $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
280  }
281  $this->tabs_gui->setSubTabActive('shib_role_assignment');
282  $this->form->setValuesByPost();
283  $this->tpl->addBlockFile(
284  'ADM_CONTENT',
285  'adm_content',
286  'tpl.shib_role_assignment.html',
287  'Services/AuthShibboleth'
288  );
289  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
290  if (($html = $this->parseRulesTable()) !== '') {
291  $this->tpl->setVariable('RULE_TABLE', $html);
292  }
293 
294  return true;
295  }
296  $this->rule->add();
297  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
298  $this->roleAssignment();
299 
300  return true;
301  }
302 
303  protected function editRoleAssignment(): bool
304  {
305  $this->ctrl->saveParameter($this, self::PARAM_RULE_ID);
306  $this->tabs_gui->setSubTabActive('shib_role_assignment');
307  $this->initFormRoleAssignment('update');
308  $this->getRuleValues();
309  $this->tpl->addBlockFile(
310  'ADM_CONTENT',
311  'adm_content',
312  'tpl.shib_role_assignment.html',
313  'Services/AuthShibboleth'
314  );
315  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
316 
317  return true;
318  }
319 
320  protected function updateRoleAssignmentRule(): bool
321  {
322  if (!$this->access->checkAccess('write', '', $this->ref_id)) {
323  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
324  $this->roleAssignment();
325 
326  return false;
327  }
328  $this->initFormRoleAssignment();
329  $err = false;
330  $role_id = $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int());
331 
332  if (!$this->form->checkInput() || $err = $this->checkInput($role_id)) {
333  if ($err) {
334  $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
335  }
336  $this->tabs_gui->setSubTabActive('shib_role_assignment');
337  $this->form->setValuesByPost();
338  $this->tpl->addBlockFile(
339  'ADM_CONTENT',
340  'adm_content',
341  'tpl.shib_role_assignment.html',
342  'Services/AuthShibboleth'
343  );
344  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
345 
346  return true;
347  }
348  $this->rule->update();
349  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
350  $this->roleAssignment();
351 
352  return true;
353  }
354 
355  private function loadRule(int $a_rule_id = 0): ilShibbolethRoleAssignmentRule
356  {
357  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
358  if ((int) $this->form->getInput('role_name') === 0) {
359  $this->rule->setRoleId($this->form->getInput('role_id'));
360  } elseif ($this->form->getInput('role_search')) {
361  $parser = new ilQueryParser($this->form->getInput('role_search'));
362  // TODO: Handle minWordLength
363  $parser->setMinWordLength(1);
364  $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
365  $parser->parse();
366  $object_search = new ilLikeObjectSearch($parser);
367  $object_search->setFilter(array('role'));
368  $res = $object_search->performSearch();
369  $entries = $res->getEntries();
370  if (count($entries) === 1) {
371  $role = current($entries);
372  $this->rule->setRoleId($role['obj_id']);
373  } elseif (count($entries) > 1) {
374  $this->rule->setRoleId(-1);
375  }
376  }
377  $this->rule->setName($this->form->getInput('attr_name'));
378  $this->rule->setValue($this->form->getInput('attr_value'));
379  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
380  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
381  $this->rule->enablePlugin((int) $this->form->getInput('kind') === 2);
382  $this->rule->setPluginId($this->form->getInput('plugin_id'));
383 
384  return $this->rule;
385  }
386 
387  private function getRuleValues(): void
388  {
389  $rule_id = $this->wrapper->query()->has(self::PARAM_RULE_ID)
390  ? $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int())
391  : 0;
392 
393  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
394  $role = $rule->getRoleId();
395  if ($this->rbac->review()->isGlobalRole($role)) {
396  $values['role_name'] = 0;
397  $values['role_id'] = $role;
398  } else {
399  $values['role_name'] = 1;
400  $values['role_search'] = ilObject::_lookupTitle($role);
401  }
402  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
403  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
404  $values['attr_name'] = $rule->getName();
405  $values['attr_value'] = $rule->getValue();
406  if (!$rule->isPluginActive()) {
407  $values['kind'] = 1;
408  } else {
409  $values['kind'] = 2;
410  $values['plugin_id'] = $rule->getPluginId();
411  }
412  $this->form->setValuesByArray($values);
413  }
414 
415  private function checkInput($a_rule_id = 0): string
416  {
417  $this->loadRule($a_rule_id);
418 
419  return $this->rule->validate();
420  }
421 
425  private function prepareRoleSelect(): array
426  {
427  $global_roles = ilUtil::_sortIds($this->rbac_review->getGlobalRoles(), 'object_data', 'title', 'obj_id');
428  $select[0] = $this->lng->txt('links_select_one');
429  foreach ($global_roles as $role_id) {
430  $select[$role_id] = ilObject::_lookupTitle($role_id);
431  }
432 
433  return $select;
434  }
435 
436  protected function setSubTabs(): bool
437  {
438  if (!(bool) $this->global_settings->get('shib_active', '0')) {
439  return false;
440  }
441  $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
442  $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
443 
444  return true;
445  }
446 }
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
$res
$res
Definition: ltiservices.php:69
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:25
ilAuthShibbolethSettingsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthShibbolethSettingsGUI.php:27
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:26
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:30
ilRadioOption\setInfo
setInfo(string $a_info)
Definition: class.ilRadioOption.php:54
ilShibbolethSettingsForm
Class ilShibbolethSettingsForm.
Definition: class.ilShibbolethSettingsForm.php:29
$DIC
global $DIC
Definition: feed.php:28
ilQueryParser\setMinWordLength
setMinWordLength(int $a_length)
Definition: class.ilQueryParser.php:77
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:57
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:834
ilFormPropertyGUI\setRequired
setRequired(bool $a_required)
Definition: class.ilFormPropertyGUI.php:155
ilRoleAutoCompleteInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRoleAutoCompleteInputGUI.php:26
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1218
ILIAS\Repository\form
form( $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:126
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilShibbolethSettings
Class ilShibbolethSettings.
Definition: class.ilShibbolethSettings.php:28
ilAuthShibbolethSettingsGUI\$wrapper
ILIAS HTTP Wrapper WrapperFactory $wrapper
Definition: class.ilAuthShibbolethSettingsGUI.php:41