ILIAS  trunk Revision v11.0_alpha-1702-gfd3ecb7f852
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1 <?php
18 use ILIAS\DI\RBACServices;
19 use ILIAS\HTTP\Wrapper\WrapperFactory;
20 use ILIAS\Refinery\Factory as Refinery;
21 
31 class ilAuthShibbolethSettingsGUI
32 {
36  private const PARAM_RULE_ID = 'rule_id';
37 
38  private ilAccessHandler $access;
39  private ilComponentRepository $component_repository;
40  private ilCtrl $ctrl;
41  private ?ilPropertyFormGUI $form = null;
42  private ilSetting $global_settings;
43 
44  private ilLanguage $lng;
45  private RBACServices $rbac;
46  private ilRbacReview $rbac_review;
47  private Refinery $refinery;
48  private ?ilShibbolethRoleAssignmentRule $rule = null;
49  private ilShibbolethSettings $shib_settings;
50  private ilTabsGUI $tabs_gui;
51  private ilGlobalTemplateInterface $tpl;
52  private WrapperFactory $wrapper;
53 
54 
55  public function __construct(private int $ref_id)
56  {
57  global $DIC;
58 
59  $this->access = $DIC->access();
60  $this->component_repository = $DIC["component.repository"];
61  $this->ctrl = $DIC->ctrl();
62  $this->global_settings = $DIC->settings();
63  $this->lng = $DIC->language();
64  $this->lng->loadLanguageModule('shib');
65  $this->rbac = $DIC->rbac();
66  $this->rbac_review = $DIC->rbac()->review();
67  $this->refinery = $DIC->refinery();
68  $this->shib_settings = new ilShibbolethSettings();
69  $this->tabs_gui = $DIC->tabs();
70  $this->tpl = $DIC->ui()->mainTemplate();
71  $this->wrapper = $DIC->http()->wrapper();
72  }
73 
78  public function executeCommand(): void
79  {
80  $cmd = $this->ctrl->getCmd();
81  if (!$this->access->checkAccess('read', '', $this->ref_id)) {
82  throw new ilException('Permission denied');
83  }
84  if ($cmd !== "settings" && !$this->access->checkAccess('write', '', $this->ref_id)) {
85  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
86  $this->ctrl->redirect($this, "settings");
87  }
88  $this->setSubTabs();
89  if (!$cmd) {
90  $cmd = "settings";
91  }
92  $this->$cmd();
93  }
94 
98  public function settings(): void
99  {
100  $this->tabs_gui->activateSubTab('shib_settings');
101  $form = new ilShibbolethSettingsForm(
102  $this->shib_settings,
103  $this->ctrl->getLinkTarget($this, 'save')
104  );
105 
106  $this->tpl->setContent($form->getHTML());
107  }
108 
112  public function save(): void
113  {
114  $form = new ilShibbolethSettingsForm(
115  $this->shib_settings,
116  $this->ctrl->getLinkTarget($this, 'save')
117  );
118  $form->setValuesByPost();
119  if ($form->saveObject()) {
120  $this->tpl->setOnScreenMessage('success', $this->lng->txt("shib_settings_saved"), true);
121  $this->ctrl->redirect($this, 'settings');
122  }
123  $this->tpl->setContent($form->getHTML());
124  }
125 
129  protected function roleAssignment(): bool
130  {
131  $this->tabs_gui->activateSubTab('shib_role_assignment');
132  $this->initFormRoleAssignment();
133  $this->tpl->addBlockFile(
134  'ADM_CONTENT',
135  'adm_content',
136  'tpl.shib_role_assignment.html',
137  'components/ILIAS/AuthShibboleth'
138  );
139  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
140  if (($html = $this->parseRulesTable()) !== '') {
141  $this->tpl->setVariable('RULE_TABLE', $html);
142  }
143 
144  return true;
145  }
146 
150  protected function parseRulesTable(): string
151  {
152  if (ilShibbolethRoleAssignmentRules::getCountRules() === 0) {
153  return '';
154  }
155  $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
156  $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
157  $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
158  $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
159  $rules_table->setSelectAllCheckbox(self::PARAM_RULE_ID);
160 
161  return $rules_table->getHTML();
162  }
163 
167  protected function confirmDeleteRules(): bool
168  {
169  if (!$this->wrapper->post()->has('rule_ids')) {
170  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
171  $this->roleAssignment();
172 
173  return false;
174  }
175  $this->tabs_gui->activateTab('shib_role_assignment');
176  $c_gui = new ilConfirmationGUI();
177  // set confirm/cancel commands
178  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
179  $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
180  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
181  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
182 
183  $rule_ids = $this->wrapper->post()->retrieve(
184  'rule_ids',
185  $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
186  );
187  foreach ($rule_ids as $rule_id) {
188  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
189  $info = ilObject::_lookupTitle($rule->getRoleId());
190  $info .= " (";
191  $info .= $rule->conditionToString();
192  $info .= ')';
193  $c_gui->addItem('rule_ids[]', $rule_id, $info);
194  }
195  $this->tpl->setContent($c_gui->getHTML());
196  return true;
197  }
198 
202  protected function deleteRules(): bool
203  {
204  if (!$this->wrapper->post()->has('rule_ids')) {
205  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
206  $this->roleAssignment();
207 
208  return false;
209  }
210  $rule_ids = $this->wrapper->post()->retrieve(
211  'rule_ids',
212  $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
213  );
214  foreach ($rule_ids as $rule_id) {
215  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
216  $rule->delete();
217  }
218  $this->tpl->setOnScreenMessage('success', $this->lng->txt('shib_deleted_rule'));
219  $this->roleAssignment();
220 
221  return true;
222  }
223 
227  protected function initFormRoleAssignment(string $a_mode = 'default'): void
228  {
229  $this->form = new ilPropertyFormGUI();
230  $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
231  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
232  if ($a_mode === 'default') {
233  $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
234  $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
235  $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
236  } else {
237  $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
238  $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
239  $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
240  }
241  // Role selection
242  $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
243  $role->setRequired(true);
244  $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
245  $role->addOption($global);
246  $role_select = new ilSelectInputGUI('', 'role_id');
247  $role_select->setOptions($this->prepareRoleSelect());
248  $global->addSubItem($role_select);
249  $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
250  $role->addOption($local);
251  $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', self::class, 'addRoleAutoCompleteObject');
252  $role_search->setSize(40);
253  $local->addSubItem($role_search);
254  $role->setInfo($this->lng->txt('shib_role_name_info'));
255  $this->form->addItem($role);
256  // Update options
257  $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
258  $update->setValue($this->lng->txt('shib_check_role_assignment'));
259  $add = new ilCheckboxInputGUI('', 'add_missing');
260  $add->setOptionTitle($this->lng->txt('shib_add_missing'));
261  $add->setValue(1);
262  $update->addSubItem($add);
263  $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
264  $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
265  $remove->setValue(1);
266  $update->addSubItem($remove);
267  $this->form->addItem($update);
268  // Assignment type
269  $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
270  $kind->setValue(1);
271  $kind->setRequired(true);
272  $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
273  $attr->setInfo($this->lng->txt('shib_attr_info'));
274  $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
275  $name->setSize(32);
276  $attr->addSubItem($name);
277  $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
278  $value->setSize(32);
279  $attr->addSubItem($value);
280  $kind->addOption($attr);
281  $pl_active = $this->component_repository->getPluginSlotById('shibhk')->hasActivePlugins();
282  $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
283  $pl->setInfo($this->lng->txt('shib_plugin_info'));
284  $pl->setDisabled(!$pl_active);
285  $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
286  $id->setDisabled(!$pl_active);
287  $id->setSize(3);
288  $id->setMaxLength(3);
289  $id->setMaxValue(999);
290  $id->setMinValue(1);
291  $pl->addSubItem($id);
292  $kind->addOption($pl);
293  $this->form->addItem($kind);
294  }
295 
296  public function addRoleAutoCompleteObject(): void
297  {
298  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
299  }
300 
304  protected function addRoleAssignmentRule(): bool
305  {
306  if (!$this->access->checkAccess('write', '', $this->ref_id)) {
307  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
308  $this->roleAssignment();
309 
310  return false;
311  }
312  $this->initFormRoleAssignment();
313  if (!$this->form->checkInput() || ($err = $this->checkInput())) {
314  if (isset($err)) {
315  $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
316  }
317  $this->tabs_gui->activateSubTab('shib_role_assignment');
318  $this->form->setValuesByPost();
319  $this->tpl->addBlockFile(
320  'ADM_CONTENT',
321  'adm_content',
322  'tpl.shib_role_assignment.html',
323  'components/ILIAS/AuthShibboleth'
324  );
325  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
326  if (($html = $this->parseRulesTable()) !== '') {
327  $this->tpl->setVariable('RULE_TABLE', $html);
328  }
329 
330  return true;
331  }
332  $this->rule->add();
333  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
334  $this->roleAssignment();
335 
336  return true;
337  }
338 
342  protected function editRoleAssignment(): bool
343  {
344  $this->ctrl->saveParameter($this, self::PARAM_RULE_ID);
345  $this->tabs_gui->activateSubTab('shib_role_assignment');
346  $this->initFormRoleAssignment('update');
347  $this->getRuleValues();
348  $this->tpl->addBlockFile(
349  'ADM_CONTENT',
350  'adm_content',
351  'tpl.shib_role_assignment.html',
352  'components/ILIAS/AuthShibboleth'
353  );
354  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
355 
356  return true;
357  }
358 
362  protected function updateRoleAssignmentRule(): bool
363  {
364  if (!$this->access->checkAccess('write', '', $this->ref_id)) {
365  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
366  $this->roleAssignment();
367 
368  return false;
369  }
370  $this->initFormRoleAssignment();
371  $err = false;
372  $role_id = $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int());
373 
374  if (!$this->form->checkInput() || $err = $this->checkInput($role_id)) {
375  if ($err) {
376  $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
377  }
378  $this->tabs_gui->activateSubTab('shib_role_assignment');
379  $this->form->setValuesByPost();
380  $this->tpl->addBlockFile(
381  'ADM_CONTENT',
382  'adm_content',
383  'tpl.shib_role_assignment.html',
384  'components/ILIAS/AuthShibboleth'
385  );
386  $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
387 
388  return true;
389  }
390  $this->rule->update();
391  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
392  $this->roleAssignment();
393 
394  return true;
395  }
396 
397  private function loadRule(int $a_rule_id = 0): ilShibbolethRoleAssignmentRule
398  {
399  $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
400  if ((int) $this->form->getInput('role_name') === 0) {
401  $this->rule->setRoleId($this->form->getInput('role_id'));
402  } elseif ($this->form->getInput('role_search')) {
403  $parser = new ilQueryParser($this->form->getInput('role_search'));
404  // TODO: Handle minWordLength
405  $parser->setMinWordLength(1);
406  $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
407  $parser->parse();
408  $object_search = new ilLikeObjectSearch($parser);
409  $object_search->setFilter(['role']);
410  $res = $object_search->performSearch();
411  $entries = $res->getEntries();
412  if (count($entries) === 1) {
413  $role = current($entries);
414  $this->rule->setRoleId($role['obj_id']);
415  } elseif (count($entries) > 1) {
416  $this->rule->setRoleId(-1);
417  }
418  }
419  $this->rule->setName($this->form->getInput('attr_name'));
420  $this->rule->setValue($this->form->getInput('attr_value'));
421  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
422  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
423  $this->rule->enablePlugin((int) $this->form->getInput('kind') === 2);
424  $this->rule->setPluginId($this->form->getInput('plugin_id'));
425 
426  return $this->rule;
427  }
428 
429  private function getRuleValues(): void
430  {
431  $rule_id = $this->wrapper->query()->has(self::PARAM_RULE_ID)
432  ? $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int())
433  : 0;
434 
435  $rule = new ilShibbolethRoleAssignmentRule($rule_id);
436  $role = $rule->getRoleId();
437  if ($this->rbac->review()->isGlobalRole($role)) {
438  $values['role_name'] = 0;
439  $values['role_id'] = $role;
440  } else {
441  $values['role_name'] = 1;
442  $values['role_search'] = ilObject::_lookupTitle($role);
443  }
444  $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
445  $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
446  $values['attr_name'] = $rule->getName();
447  $values['attr_value'] = $rule->getValue();
448  if (!$rule->isPluginActive()) {
449  $values['kind'] = 1;
450  } else {
451  $values['kind'] = 2;
452  $values['plugin_id'] = $rule->getPluginId();
453  }
454  $this->form->setValuesByArray($values);
455  }
456 
457  private function checkInput(int $a_rule_id = 0): string
458  {
459  $this->loadRule($a_rule_id);
460 
461  return $this->rule->validate();
462  }
463 
467  private function prepareRoleSelect(): array
468  {
469  $global_roles = ilUtil::_sortIds($this->rbac_review->getGlobalRoles(), 'object_data', 'title', 'obj_id');
470  $select[0] = $this->lng->txt('links_select_one');
471  foreach ($global_roles as $role_id) {
472  $select[$role_id] = ilObject::_lookupTitle($role_id);
473  }
474 
475  return $select;
476  }
477 
481  protected function setSubTabs(): bool
482  {
483  if (!$this->global_settings->get('shib_active', '0')) {
484  return false;
485  }
486  $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
487  $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
488 
489  return true;
490  }
491 }
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:26
$res
$res
Definition: ltiservices.php:66
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:24
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:31
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:26
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:25
ilRadioOption\setInfo
setInfo(string $a_info)
Definition: class.ilRadioOption.php:54
ilShibbolethSettingsForm
Class ilShibbolethSettingsForm.
Definition: class.ilShibbolethSettingsForm.php:31
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilQueryParser\setMinWordLength
setMinWordLength(int $a_length)
Definition: class.ilQueryParser.php:77
$ref_id
$ref_id
Definition: ltiauth.php:65
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilShibbolethRoleAssignmentTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethRoleAssignmentTableGUI.php:27
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:57
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:26
$DIC
global $DIC
Definition: shib_login.php:22
ILIAS\DI\RBACServices
Provides fluid interface to RBAC services.
Definition: RBACServices.php:24
ilFormPropertyGUI\setRequired
setRequired(bool $a_required)
Definition: class.ilFormPropertyGUI.php:155
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:26
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1212
ILIAS\Repository\form
form( $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:132
RBACServices
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilShibbolethSettings
Class ilShibbolethSettings.
Definition: class.ilShibbolethSettings.php:8