ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1<?php
2
19use ILIAS\DI\RBACServices;
20use ILIAS\HTTP\Wrapper\WrapperFactory;
21use ILIAS\Refinery\Factory as Refinery;
22
32class ilAuthShibbolethSettingsGUI
33{
37 private const PARAM_RULE_ID = 'rule_id';
38
39 private ilAccessHandler $access;
40 private ilComponentRepository $component_repository;
41 private ilCtrl $ctrl;
42 private ?ilPropertyFormGUI $form = null;
43 private ilSetting $global_settings;
44
45 private ilLanguage $lng;
46 private RBACServices $rbac;
47 private ilRbacReview $rbac_review;
48 private Refinery $refinery;
49 private ?ilShibbolethRoleAssignmentRule $rule = null;
50 private ilShibbolethSettings $shib_settings;
51 private ilTabsGUI $tabs_gui;
52 private ilGlobalTemplateInterface $tpl;
53 private WrapperFactory $wrapper;
54
55
56 public function __construct(private int $ref_id)
57 {
58 global $DIC;
59
60 $this->access = $DIC->access();
61 $this->component_repository = $DIC["component.repository"];
62 $this->ctrl = $DIC->ctrl();
63 $this->global_settings = $DIC->settings();
64 $this->lng = $DIC->language();
65 $this->lng->loadLanguageModule('shib');
66 $this->rbac = $DIC->rbac();
67 $this->rbac_review = $DIC->rbac()->review();
68 $this->refinery = $DIC->refinery();
69 $this->shib_settings = new ilShibbolethSettings();
70 $this->tabs_gui = $DIC->tabs();
71 $this->tpl = $DIC->ui()->mainTemplate();
72 $this->wrapper = $DIC->http()->wrapper();
73 }
74
79 public function executeCommand(): void
80 {
81 $cmd = $this->ctrl->getCmd();
82 if (!$this->access->checkAccess('read', '', $this->ref_id)) {
83 throw new ilException('Permission denied');
84 }
85 if ($cmd !== "settings" && !$this->access->checkAccess('write', '', $this->ref_id)) {
86 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
87 $this->ctrl->redirect($this, "settings");
88 }
89 $this->setSubTabs();
90 if (!$cmd) {
91 $cmd = "settings";
92 }
93 $this->$cmd();
94 }
95
99 public function settings(): void
100 {
101 $this->tabs_gui->activateSubTab('shib_settings');
102 $form = new ilShibbolethSettingsForm(
103 $this->shib_settings,
104 $this->ctrl->getLinkTarget($this, 'save')
105 );
106
107 $this->tpl->setContent($form->getHTML());
108 }
109
113 public function save(): void
114 {
115 $form = new ilShibbolethSettingsForm(
116 $this->shib_settings,
117 $this->ctrl->getLinkTarget($this, 'save')
118 );
119 $form->setValuesByPost();
120 if ($form->saveObject()) {
121 $this->tpl->setOnScreenMessage('success', $this->lng->txt("shib_settings_saved"), true);
122 $this->ctrl->redirect($this, 'settings');
123 }
124 $this->tpl->setContent($form->getHTML());
125 }
126
130 protected function roleAssignment(): bool
131 {
132 $this->tabs_gui->activateSubTab('shib_role_assignment');
133 $this->initFormRoleAssignment();
134 $this->tpl->addBlockFile(
135 'ADM_CONTENT',
136 'adm_content',
137 'tpl.shib_role_assignment.html',
138 'components/ILIAS/AuthShibboleth'
139 );
140 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
141 if (($html = $this->parseRulesTable()) !== '') {
142 $this->tpl->setVariable('RULE_TABLE', $html);
143 }
144
145 return true;
146 }
147
151 protected function parseRulesTable(): string
152 {
153 if (ilShibbolethRoleAssignmentRules::getCountRules() === 0) {
154 return '';
155 }
156 $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
157 $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
158 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
159 $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
160 $rules_table->setSelectAllCheckbox(self::PARAM_RULE_ID);
161
162 return $rules_table->getHTML();
163 }
164
168 protected function confirmDeleteRules(): bool
169 {
170 if (!$this->wrapper->post()->has('rule_ids')) {
171 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
172 $this->roleAssignment();
173
174 return false;
175 }
176 $this->tabs_gui->activateTab('shib_role_assignment');
177 $c_gui = new ilConfirmationGUI();
178 // set confirm/cancel commands
179 $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
180 $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
181 $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
182 $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
183
184 $rule_ids = $this->wrapper->post()->retrieve(
185 'rule_ids',
186 $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
187 );
188 foreach ($rule_ids as $rule_id) {
189 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
190 $info = ilObject::_lookupTitle($rule->getRoleId());
191 $info .= " (";
192 $info .= $rule->conditionToString();
193 $info .= ')';
194 $c_gui->addItem('rule_ids[]', $rule_id, $info);
195 }
196 $this->tpl->setContent($c_gui->getHTML());
197 return true;
198 }
199
203 protected function deleteRules(): bool
204 {
205 if (!$this->wrapper->post()->has('rule_ids')) {
206 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
207 $this->roleAssignment();
208
209 return false;
210 }
211 $rule_ids = $this->wrapper->post()->retrieve(
212 'rule_ids',
213 $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
214 );
215 foreach ($rule_ids as $rule_id) {
216 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
217 $rule->delete();
218 }
219 $this->tpl->setOnScreenMessage('success', $this->lng->txt('shib_deleted_rule'));
220 $this->roleAssignment();
221
222 return true;
223 }
224
228 protected function initFormRoleAssignment(string $a_mode = 'default'): void
229 {
230 $this->form = new ilPropertyFormGUI();
231 $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
232 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
233 if ($a_mode === 'default') {
234 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
235 $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
236 $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
237 } else {
238 $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
239 $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
240 $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
241 }
242 // Role selection
243 $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
244 $role->setRequired(true);
245 $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
246 $role->addOption($global);
247 $role_select = new ilSelectInputGUI('', 'role_id');
248 $role_select->setOptions($this->prepareRoleSelect());
249 $global->addSubItem($role_select);
250 $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
251 $role->addOption($local);
252 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', self::class, 'addRoleAutoCompleteObject');
253 $role_search->setSize(40);
254 $local->addSubItem($role_search);
255 $role->setInfo($this->lng->txt('shib_role_name_info'));
256 $this->form->addItem($role);
257 // Update options
258 $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
259 $update->setValue($this->lng->txt('shib_check_role_assignment'));
260 $add = new ilCheckboxInputGUI('', 'add_missing');
261 $add->setOptionTitle($this->lng->txt('shib_add_missing'));
262 $add->setValue(1);
263 $update->addSubItem($add);
264 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
265 $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
266 $remove->setValue(1);
267 $update->addSubItem($remove);
268 $this->form->addItem($update);
269 // Assignment type
270 $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
271 $kind->setValue(1);
272 $kind->setRequired(true);
273 $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
274 $attr->setInfo($this->lng->txt('shib_attr_info'));
275 $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
276 $name->setSize(32);
277 $attr->addSubItem($name);
278 $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
279 $value->setSize(32);
280 $attr->addSubItem($value);
281 $kind->addOption($attr);
282 $pl_active = $this->component_repository->getPluginSlotById('shibhk')->hasActivePlugins();
283 $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
284 $pl->setInfo($this->lng->txt('shib_plugin_info'));
285 $pl->setDisabled(!$pl_active);
286 $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
287 $id->setDisabled(!$pl_active);
288 $id->setSize(3);
289 $id->setMaxLength(3);
290 $id->setMaxValue(999);
291 $id->setMinValue(1);
292 $pl->addSubItem($id);
293 $kind->addOption($pl);
294 $this->form->addItem($kind);
295 }
296
297 public function addRoleAutoCompleteObject(): void
298 {
299 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
300 }
301
305 protected function addRoleAssignmentRule(): bool
306 {
307 if (!$this->access->checkAccess('write', '', $this->ref_id)) {
308 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
309 $this->roleAssignment();
310
311 return false;
312 }
313 $this->initFormRoleAssignment();
314 if (!$this->form->checkInput() || ($err = $this->checkInput())) {
315 if (isset($err)) {
316 $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
317 }
318 $this->tabs_gui->activateSubTab('shib_role_assignment');
319 $this->form->setValuesByPost();
320 $this->tpl->addBlockFile(
321 'ADM_CONTENT',
322 'adm_content',
323 'tpl.shib_role_assignment.html',
324 'components/ILIAS/AuthShibboleth'
325 );
326 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
327 if (($html = $this->parseRulesTable()) !== '') {
328 $this->tpl->setVariable('RULE_TABLE', $html);
329 }
330
331 return true;
332 }
333 $this->rule->add();
334 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
335 $this->roleAssignment();
336
337 return true;
338 }
339
343 protected function editRoleAssignment(): bool
344 {
345 $this->ctrl->saveParameter($this, self::PARAM_RULE_ID);
346 $this->tabs_gui->activateSubTab('shib_role_assignment');
347 $this->initFormRoleAssignment('update');
348 $this->getRuleValues();
349 $this->tpl->addBlockFile(
350 'ADM_CONTENT',
351 'adm_content',
352 'tpl.shib_role_assignment.html',
353 'components/ILIAS/AuthShibboleth'
354 );
355 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
356
357 return true;
358 }
359
363 protected function updateRoleAssignmentRule(): bool
364 {
365 if (!$this->access->checkAccess('write', '', $this->ref_id)) {
366 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
367 $this->roleAssignment();
368
369 return false;
370 }
371 $this->initFormRoleAssignment();
372 $err = false;
373 $role_id = $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int());
374
375 if (!$this->form->checkInput() || $err = $this->checkInput($role_id)) {
376 if ($err) {
377 $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
378 }
379 $this->tabs_gui->activateSubTab('shib_role_assignment');
380 $this->form->setValuesByPost();
381 $this->tpl->addBlockFile(
382 'ADM_CONTENT',
383 'adm_content',
384 'tpl.shib_role_assignment.html',
385 'components/ILIAS/AuthShibboleth'
386 );
387 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
388
389 return true;
390 }
391 $this->rule->update();
392 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
393 $this->roleAssignment();
394
395 return true;
396 }
397
398 private function loadRule(int $a_rule_id = 0): ilShibbolethRoleAssignmentRule
399 {
400 $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
401 if ((int) $this->form->getInput('role_name') === 0) {
402 $this->rule->setRoleId($this->form->getInput('role_id'));
403 } elseif ($this->form->getInput('role_search')) {
404 $parser = new ilQueryParser($this->form->getInput('role_search'));
405 // TODO: Handle minWordLength
406 $parser->setMinWordLength(1);
407 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
408 $parser->parse();
409 $object_search = new ilLikeObjectSearch($parser);
410 $object_search->setFilter(['role']);
411 $res = $object_search->performSearch();
412 $entries = $res->getEntries();
413 if (count($entries) === 1) {
414 $role = current($entries);
415 $this->rule->setRoleId($role['obj_id']);
416 } elseif (count($entries) > 1) {
417 $this->rule->setRoleId(-1);
418 }
419 }
420 $this->rule->setName($this->form->getInput('attr_name'));
421 $this->rule->setValue($this->form->getInput('attr_value'));
422 $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
423 $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
424 $this->rule->enablePlugin((int) $this->form->getInput('kind') === 2);
425 $this->rule->setPluginId($this->form->getInput('plugin_id'));
426
427 return $this->rule;
428 }
429
430 private function getRuleValues(): void
431 {
432 $rule_id = $this->wrapper->query()->has(self::PARAM_RULE_ID)
433 ? $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int())
434 : 0;
435
436 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
437 $role = $rule->getRoleId();
438 if ($this->rbac->review()->isGlobalRole($role)) {
439 $values['role_name'] = 0;
440 $values['role_id'] = $role;
441 } else {
442 $values['role_name'] = 1;
443 $values['role_search'] = ilObject::_lookupTitle($role);
444 }
445 $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
446 $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
447 $values['attr_name'] = $rule->getName();
448 $values['attr_value'] = $rule->getValue();
449 if (!$rule->isPluginActive()) {
450 $values['kind'] = 1;
451 } else {
452 $values['kind'] = 2;
453 $values['plugin_id'] = $rule->getPluginId();
454 }
455 $this->form->setValuesByArray($values);
456 }
457
458 private function checkInput(int $a_rule_id = 0): string
459 {
460 $this->loadRule($a_rule_id);
461
462 return $this->rule->validate();
463 }
464
468 private function prepareRoleSelect(): array
469 {
470 $global_roles = ilUtil::_sortIds($this->rbac_review->getGlobalRoles(), 'object_data', 'title', 'obj_id');
471 $select[0] = $this->lng->txt('links_select_one');
472 foreach ($global_roles as $role_id) {
473 $select[$role_id] = ilObject::_lookupTitle($role_id);
474 }
475
476 return $select;
477 }
478
482 protected function setSubTabs(): bool
483 {
484 if (!$this->global_settings->get('shib_active', '0')) {
485 return false;
486 }
487 $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
488 $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
489
490 return true;
491 }
492}
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ILIAS\DI\RBACServices
Provides fluid interface to RBAC services.
Definition: RBACServices.php:25
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:33
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:28
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:27
ilCtrl
Class ilCtrl provides processing control methods.
Definition: class.ilCtrl.php:36
ilException
Base class for ILIAS Exception handling.
Definition: class.ilException.php:26
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:28
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:28
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:28
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:28
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:58
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:28
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ilShibbolethRoleAssignmentRule
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethRoleAssignmentRule.php:30
ilShibbolethRoleAssignmentTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethRoleAssignmentTableGUI.php:29
ilShibbolethSettingsForm
Class ilShibbolethSettingsForm.
Definition: class.ilShibbolethSettingsForm.php:32
ilShibbolethSettings
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethSettings.php:25
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:26
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:28
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1219
$info
$info
Definition: entry_point.php:21
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:25
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
ILIAS\Repository\form
form( $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:139
$DIC
global $DIC
Definition: shib_login.php:26