ILIAS  trunk Revision v12.0_alpha-1227-g7ff6d300864
class.ilAuthShibbolethSettingsGUI.php
Go to the documentation of this file.
1<?php
2
19use ILIAS\DI\RBACServices;
20use ILIAS\HTTP\Wrapper\WrapperFactory;
21use ILIAS\Refinery\Factory as Refinery;
22
32class ilAuthShibbolethSettingsGUI
33{
37 private const PARAM_RULE_ID = 'rule_id';
38
39 private ilAccessHandler $access;
40 private ilComponentRepository $component_repository;
41 private ilCtrl $ctrl;
42 private ?ilPropertyFormGUI $form = null;
43 private ilSetting $global_settings;
44
45 private ilLanguage $lng;
46 private RBACServices $rbac;
47 private ilRbacReview $rbac_review;
48 private Refinery $refinery;
49 private ?ilShibbolethRoleAssignmentRule $rule = null;
50 private ilShibbolethSettings $shib_settings;
51 private ilTabsGUI $tabs_gui;
52 private ilGlobalTemplateInterface $tpl;
53 private WrapperFactory $wrapper;
54
55
56 public function __construct(private int $ref_id)
57 {
58 global $DIC;
59
60 $this->access = $DIC->access();
61 $this->component_repository = $DIC["component.repository"];
62 $this->ctrl = $DIC->ctrl();
63 $this->global_settings = $DIC->settings();
64 $this->lng = $DIC->language();
65 $this->lng->loadLanguageModule('shib');
66 $this->rbac = $DIC->rbac();
67 $this->rbac_review = $DIC->rbac()->review();
68 $this->refinery = $DIC->refinery();
69 $this->shib_settings = new ilShibbolethSettings();
70 $this->tabs_gui = $DIC->tabs();
71 $this->tpl = $DIC->ui()->mainTemplate();
72 $this->wrapper = $DIC->http()->wrapper();
73 }
74
79 public function executeCommand(): void
80 {
81 $cmd = $this->ctrl->getCmd();
82 if (!$this->access->checkAccess('read', '', $this->ref_id)) {
83 throw new ilException('Permission denied');
84 }
85 if ($cmd !== "settings" && !$this->access->checkAccess('write', '', $this->ref_id)) {
86 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
87 $this->ctrl->redirect($this, "settings");
88 }
89 $this->setSubTabs();
90 if (!$cmd) {
91 $cmd = "settings";
92 }
93 $this->$cmd();
94 }
95
99 public function settings(): void
100 {
101 $this->tabs_gui->activateSubTab('shib_settings');
102 $form = new ilShibbolethSettingsForm(
103 $this->ref_id,
104 $this,
105 $this->shib_settings,
106 $this->ctrl->getLinkTarget($this, 'save'),
107 $this->ctrl->getLinkTarget($this, 'settings')
108 );
109
110 $this->tpl->setContent($form->getHTML());
111 }
112
116 public function save(): void
117 {
118 $form = new ilShibbolethSettingsForm(
119 $this->ref_id,
120 $this,
121 $this->shib_settings,
122 $this->ctrl->getLinkTarget($this, 'save'),
123 $this->ctrl->getLinkTarget($this, 'settings')
124 );
125 $form->setValuesByPost();
126 if ($form->saveObject()) {
127 $this->tpl->setOnScreenMessage('success', $this->lng->txt("shib_settings_saved"), true);
128 $this->ctrl->redirect($this, 'settings');
129 }
130 $this->tpl->setContent($form->getHTML());
131 }
132
136 protected function roleAssignment(): bool
137 {
138 $this->tabs_gui->activateSubTab('shib_role_assignment');
139 $this->initFormRoleAssignment();
140 $this->tpl->addBlockFile(
141 'ADM_CONTENT',
142 'adm_content',
143 'tpl.shib_role_assignment.html',
144 'components/ILIAS/AuthShibboleth'
145 );
146 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
147 if (($html = $this->parseRulesTable()) !== '') {
148 $this->tpl->setVariable('RULE_TABLE', $html);
149 }
150
151 return true;
152 }
153
157 protected function parseRulesTable(): string
158 {
159 if (ilShibbolethRoleAssignmentRules::getCountRules() === 0) {
160 return '';
161 }
162 $rules_table = new ilShibbolethRoleAssignmentTableGUI($this, 'roleAssignment');
163 $rules_table->setTitle($this->lng->txt('shib_rules_tables'));
164 $rules_table->parse(ilShibbolethRoleAssignmentRules::getAllRules());
165 $rules_table->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
166 $rules_table->setSelectAllCheckbox(self::PARAM_RULE_ID);
167
168 return $rules_table->getHTML();
169 }
170
174 protected function confirmDeleteRules(): bool
175 {
176 if (!$this->wrapper->post()->has('rule_ids')) {
177 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
178 $this->settings();
179
180 return false;
181 }
182 $this->tabs_gui->activateTab('shib_role_assignment');
183 $c_gui = new ilConfirmationGUI();
184 // set confirm/cancel commands
185 $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
186 $c_gui->setHeaderText($this->lng->txt("shib_confirm_del_role_ass"));
187 $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignment");
188 $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
189
190 $rule_ids = $this->wrapper->post()->retrieve(
191 'rule_ids',
192 $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
193 );
194 foreach ($rule_ids as $rule_id) {
195 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
196 $info = ilObject::_lookupTitle($rule->getRoleId());
197 $info .= " (";
198 $info .= $rule->conditionToString();
199 $info .= ')';
200 $c_gui->addItem('rule_ids[]', $rule_id, $info);
201 }
202 $this->tpl->setContent($c_gui->getHTML());
203 return true;
204 }
205
209 protected function deleteRules(): bool
210 {
211 if (!$this->wrapper->post()->has('rule_ids')) {
212 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
213 $this->roleAssignment();
214
215 return false;
216 }
217 $rule_ids = $this->wrapper->post()->retrieve(
218 'rule_ids',
219 $this->refinery->to()->listOf($this->refinery->kindlyTo()->int())
220 );
221 foreach ($rule_ids as $rule_id) {
222 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
223 $rule->delete();
224 }
225 $this->tpl->setOnScreenMessage('success', $this->lng->txt('shib_deleted_rule'));
226 $this->roleAssignment();
227
228 return true;
229 }
230
234 protected function initFormRoleAssignment(string $a_mode = 'default'): void
235 {
236 $this->form = new ilPropertyFormGUI();
237 $this->form->setFormAction($this->ctrl->getFormAction($this, 'cancel'));
238 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
239 if ($a_mode === 'default') {
240 $this->form->setTitle($this->lng->txt('shib_role_ass_table'));
241 $this->form->addCommandButton('addRoleAssignmentRule', $this->lng->txt('shib_new_rule'));
242 $this->form->addCommandButton('settings', $this->lng->txt('cancel'));
243 } else {
244 $this->form->setTitle($this->lng->txt('shib_update_role_ass_table'));
245 $this->form->addCommandButton('updateRoleAssignmentRule', $this->lng->txt('save'));
246 $this->form->addCommandButton('roleAssignment', $this->lng->txt('cancel'));
247 }
248 // Role selection
249 $role = new ilRadioGroupInputGUI($this->lng->txt('shib_role_name'), 'role_name');
250 $role->setRequired(true);
251 $global = new ilRadioOption($this->lng->txt('shib_global_role'), 0);
252 $role->addOption($global);
253 $role_select = new ilSelectInputGUI('', 'role_id');
254 $role_select->setOptions($this->prepareRoleSelect());
255 $global->addSubItem($role_select);
256 $local = new ilRadioOption($this->lng->txt('shib_local_role'), 1);
257 $role->addOption($local);
258 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', self::class, 'addRoleAutoCompleteObject');
259 $role_search->setSize(40);
260 $local->addSubItem($role_search);
261 $role->setInfo($this->lng->txt('shib_role_name_info'));
262 $this->form->addItem($role);
263 // Update options
264 $update = new ilNonEditableValueGUI($this->lng->txt('shib_update_roles'), 'update_roles');
265 $update->setValue($this->lng->txt('shib_check_role_assignment'));
266 $add = new ilCheckboxInputGUI('', 'add_missing');
267 $add->setOptionTitle($this->lng->txt('shib_add_missing'));
268 $add->setValue(1);
269 $update->addSubItem($add);
270 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
271 $remove->setOptionTitle($this->lng->txt('shib_remove_deprecated'));
272 $remove->setValue(1);
273 $update->addSubItem($remove);
274 $this->form->addItem($update);
275 // Assignment type
276 $kind = new ilRadioGroupInputGUI($this->lng->txt('shib_assignment_type'), 'kind');
277 $kind->setValue(1);
278 $kind->setRequired(true);
279 $attr = new ilRadioOption($this->lng->txt('shib_attribute'), 1);
280 $attr->setInfo($this->lng->txt('shib_attr_info'));
281 $name = new ilTextInputGUI($this->lng->txt('shib_attribute_name'), 'attr_name');
282 $name->setSize(32);
283 $attr->addSubItem($name);
284 $value = new ilTextInputGUI($this->lng->txt('shib_attribute_value'), 'attr_value');
285 $value->setSize(32);
286 $attr->addSubItem($value);
287 $kind->addOption($attr);
288 $pl_active = $this->component_repository->getPluginSlotById('shibhk')->hasActivePlugins();
289 $pl = new ilRadioOption($this->lng->txt('shib_plugin'), 2);
290 $pl->setInfo($this->lng->txt('shib_plugin_info'));
291 $pl->setDisabled(!$pl_active);
292 $id = new ilNumberInputGUI($this->lng->txt('shib_plugin_id'), 'plugin_id');
293 $id->setDisabled(!$pl_active);
294 $id->setSize(3);
295 $id->setMaxLength(3);
296 $id->setMaxValue(999);
297 $id->setMinValue(1);
298 $pl->addSubItem($id);
299 $kind->addOption($pl);
300 $this->form->addItem($kind);
301 }
302
303 public function addRoleAutoCompleteObject(): void
304 {
305 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
306 }
307
311 protected function addRoleAssignmentRule(): bool
312 {
313 if (!$this->access->checkAccess('write', '', $this->ref_id)) {
314 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
315 $this->roleAssignment();
316
317 return false;
318 }
319 $this->initFormRoleAssignment();
320 if (!$this->form->checkInput() || ($err = $this->checkInput())) {
321 if (isset($err)) {
322 $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
323 }
324 $this->tabs_gui->activateSubTab('shib_role_assignment');
325 $this->form->setValuesByPost();
326 $this->tpl->addBlockFile(
327 'ADM_CONTENT',
328 'adm_content',
329 'tpl.shib_role_assignment.html',
330 'components/ILIAS/AuthShibboleth'
331 );
332 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
333 if (($html = $this->parseRulesTable()) !== '') {
334 $this->tpl->setVariable('RULE_TABLE', $html);
335 }
336
337 return true;
338 }
339 $this->rule->add();
340 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
341 $this->roleAssignment();
342
343 return true;
344 }
345
349 protected function editRoleAssignment(): bool
350 {
351 $this->ctrl->saveParameter($this, self::PARAM_RULE_ID);
352 $this->tabs_gui->activateSubTab('shib_role_assignment');
353 $this->initFormRoleAssignment('update');
354 $this->getRuleValues();
355 $this->tpl->addBlockFile(
356 'ADM_CONTENT',
357 'adm_content',
358 'tpl.shib_role_assignment.html',
359 'components/ILIAS/AuthShibboleth'
360 );
361 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
362
363 return true;
364 }
365
369 protected function updateRoleAssignmentRule(): bool
370 {
371 if (!$this->access->checkAccess('write', '', $this->ref_id)) {
372 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
373 $this->roleAssignment();
374
375 return false;
376 }
377 $this->initFormRoleAssignment();
378 $err = false;
379 $role_id = $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int());
380
381 if (!$this->form->checkInput() || $err = $this->checkInput($role_id)) {
382 if ($err) {
383 $this->tpl->setOnScreenMessage('failure', $this->lng->txt($err));
384 }
385 $this->tabs_gui->activateSubTab('shib_role_assignment');
386 $this->form->setValuesByPost();
387 $this->tpl->addBlockFile(
388 'ADM_CONTENT',
389 'adm_content',
390 'tpl.shib_role_assignment.html',
391 'components/ILIAS/AuthShibboleth'
392 );
393 $this->tpl->setVariable('NEW_RULE_TABLE', $this->form->getHTML());
394
395 return true;
396 }
397 $this->rule->update();
398 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
399 $this->roleAssignment();
400
401 return true;
402 }
403
404 private function loadRule(int $a_rule_id = 0): ilShibbolethRoleAssignmentRule
405 {
406 $this->rule = new ilShibbolethRoleAssignmentRule($a_rule_id);
407 if ((int) $this->form->getInput('role_name') === 0) {
408 $this->rule->setRoleId($this->form->getInput('role_id'));
409 } elseif ($this->form->getInput('role_search')) {
410 $parser = new ilQueryParser($this->form->getInput('role_search'));
411 // TODO: Handle minWordLength
412 $parser->setMinWordLength(1);
413 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
414 $parser->parse();
415 $object_search = new ilLikeObjectSearch($parser);
416 $object_search->setFilter(['role']);
417 $res = $object_search->performSearch();
418 $entries = $res->getEntries();
419 if (count($entries) === 1) {
420 $role = current($entries);
421 $this->rule->setRoleId($role['obj_id']);
422 } elseif (count($entries) > 1) {
423 $this->rule->setRoleId(-1);
424 }
425 }
426 $this->rule->setName($this->form->getInput('attr_name'));
427 $this->rule->setValue($this->form->getInput('attr_value'));
428 $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
429 $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
430 $this->rule->enablePlugin((int) $this->form->getInput('kind') === 2);
431 $this->rule->setPluginId($this->form->getInput('plugin_id'));
432
433 return $this->rule;
434 }
435
436 private function getRuleValues(): void
437 {
438 $rule_id = $this->wrapper->query()->has(self::PARAM_RULE_ID)
439 ? $this->wrapper->query()->retrieve(self::PARAM_RULE_ID, $this->refinery->kindlyTo()->int())
440 : 0;
441
442 $rule = new ilShibbolethRoleAssignmentRule($rule_id);
443 $role = $rule->getRoleId();
444 if ($this->rbac->review()->isGlobalRole($role)) {
445 $values['role_name'] = 0;
446 $values['role_id'] = $role;
447 } else {
448 $values['role_name'] = 1;
449 $values['role_search'] = ilObject::_lookupTitle($role);
450 }
451 $values['add_missing'] = (int) $rule->isAddOnUpdateEnabled();
452 $values['remove_deprecated'] = (int) $rule->isRemoveOnUpdateEnabled();
453 $values['attr_name'] = $rule->getName();
454 $values['attr_value'] = $rule->getValue();
455 if (!$rule->isPluginActive()) {
456 $values['kind'] = 1;
457 } else {
458 $values['kind'] = 2;
459 $values['plugin_id'] = $rule->getPluginId();
460 }
461 $this->form->setValuesByArray($values);
462 }
463
464 private function checkInput(int $a_rule_id = 0): string
465 {
466 $this->loadRule($a_rule_id);
467
468 return $this->rule->validate();
469 }
470
474 private function prepareRoleSelect(): array
475 {
476 $global_roles = ilUtil::_sortIds($this->rbac_review->getGlobalRoles(), 'object_data', 'title', 'obj_id');
477 $select[0] = $this->lng->txt('links_select_one');
478 foreach ($global_roles as $role_id) {
479 $select[$role_id] = ilObject::_lookupTitle($role_id);
480 }
481
482 return $select;
483 }
484
488 protected function setSubTabs(): bool
489 {
490 if (!$this->global_settings->get('shib_active', '0')) {
491 return false;
492 }
493 $this->tabs_gui->addSubTabTarget('shib_settings', $this->ctrl->getLinkTarget($this, 'settings'));
494 $this->tabs_gui->addSubTabTarget('shib_role_assignment', $this->ctrl->getLinkTarget($this, 'roleAssignment'));
495
496 return true;
497 }
498}
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ILIAS\DI\RBACServices
Provides fluid interface to RBAC services.
Definition: RBACServices.php:25
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ilAuthShibbolethSettingsGUI
Class ilAuthShibbolethSettingsGUI.
Definition: class.ilAuthShibbolethSettingsGUI.php:33
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:28
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:27
ilCtrl
Class ilCtrl provides processing control methods.
Definition: class.ilCtrl.php:36
ilException
Base class for ILIAS Exception handling.
Definition: class.ilException.php:26
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:28
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:28
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:28
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:28
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:58
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:28
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:27
ilShibbolethRoleAssignmentRule
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethRoleAssignmentRule.php:30
ilShibbolethRoleAssignmentTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethRoleAssignmentTableGUI.php:29
ilShibbolethSettingsForm
Class ilShibbolethSettingsForm.
Definition: class.ilShibbolethSettingsForm.php:32
ilShibbolethSettings
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilShibbolethSettings.php:25
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:26
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:28
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1219
$info
$info
Definition: entry_point.php:21
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:25
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
ILIAS\Repository\form
form(?array $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:138
$DIC
global $DIC
Definition: shib_login.php:26