ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
ilAuthProviderLTI Class Reference

OAuth based lti authentication. More...

+ Inheritance diagram for ilAuthProviderLTI:
+ Collaboration diagram for ilAuthProviderLTI:

Public Member Functions

 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 
 getLogger ()
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (ilAuthStatus $status)
 

Static Public Member Functions

static getAuthModeByKey (string $a_auth_key)
 Get auth mode by key. More...
 
static getKeyByAuthMode (string $a_auth_mode)
 Get auth id by auth mode. More...
 
static getActiveAuthModes ()
 get all active authmode server ids More...
 
static getAuthModes ()
 
static lookupConsumer (int $a_sid)
 Lookup consumer title. More...
 
static getServerIdByAuthMode (string $a_auth_mode)
 Get auth id by auth mode. More...
 
static isAuthModeLTI (string $a_auth_mode)
 Check if user auth mode is LTI. More...
 

Data Fields

const AUTH_MODE_PREFIX = 'lti'
 

Protected Member Functions

 findAuthKeyId (string $a_oauth_consumer_key)
 find consumer key id More...
 
 findAuthPrefix (int $a_lti_id)
 find lti id More...
 
 findGlobalRole (int $a_lti_id)
 find global role of consumer More...
 
 findUserId (string $a_oauth_user, string $a_oauth_id, string $a_user_prefix)
 Find user by auth mode and lti id. More...
 
 updateUser (int $a_local_user_id, ilLTIPlatform $consumer)
 update existing user @access protected More...
 
 createUser (ilLTIPlatform $consumer)
 create new user @access protected More...
 
 handleLocalRoleAssignments (int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id=null)
 
 mapLTIRoleToLocalRole (string $lti_role, ilLTIProviderObjectSetting $settings)
 Maps an LTI role (URI or simple name) to a local ILIAS role ID. More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 

Protected Attributes

string $launchReturnUrl = ""
 

Private Attributes

ilLTIDataConnector $dataConnector = null
 
string $lti_context_id = ""
 
int $ref_id = 0
 
ilLTITool $provider = null
 
array $messageParameters = null
 
ilLogger $logger = null
 

Detailed Description

OAuth based lti authentication.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Uwe Kohnle kohnl.nosp@m.e@in.nosp@m.terne.nosp@m.tleh.nosp@m.rer-g.nosp@m.mbh..nosp@m.de
Stefan Schneider

Definition at line 27 of file class.ilAuthProviderLTI.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderLTI::__construct ( ilAuthCredentials  $credentials)

Constructor.

Reimplemented from ilAuthProvider.

Definition at line 43 of file class.ilAuthProviderLTI.php.

44 {
46 $this->logger = ilLoggerFactory::getLogger('ltis');
47 }
ilAuthCredentials $credentials
static getLogger(string $a_component_id)
Get component logger.
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc

References ilAuthProvider\$credentials, ILIAS\GlobalScreen\Provider\__construct(), ilLoggerFactory\getLogger(), and ILIAS\Repository\logger().

+ Here is the call graph for this function:

Member Function Documentation

◆ createUser()

ilAuthProviderLTI::createUser ( ilLTIPlatform  $consumer)
protected

create new user @access protected

Parameters
ilLTIPlatform$consumer
Returns
int
Exceptions
ilPasswordException
ilUserException

Definition at line 424 of file class.ilAuthProviderLTI.php.

424 : int
425 {
426 global $ilClientIniFile, $DIC;
427 // if (empty($this->messageParameters)) {
428 // $status->setReason('empty_lti_message_parameters');
429 // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
430 // return false;
431 // }
432 $userObj = new ilObjUser();
433 $local_user = ilAuthUtils::_generateLogin($consumer->getPrefix() . '_' . $this->getCredentials()->getUsername());
434
435 $newUser["login"] = $local_user;
436 if (isset($this->messageParameters['lis_person_name_given'])) {
437 $newUser["firstname"] = $this->messageParameters['lis_person_name_given'];
438 } else {
439 $newUser["firstname"] = '-';
440 }
441 if (isset($this->messageParameters['lis_person_name_family'])) {
442 $newUser["lastname"] = $this->messageParameters['lis_person_name_family'];
443 } else {
444 $newUser["lastname"] = '-';
445 }
446 $newUser['email'] = $this->messageParameters['lis_person_contact_email_primary'];
447
448 // set "plain md5" password (= no valid password)
449 // $newUser["passwd"] = "";
450 $newUser["passwd_type"] = ilObjUser::PASSWD_CRYPTED;
451
452 $newUser["auth_mode"] = 'lti_' . $consumer->getExtConsumerId();
453 $newUser['ext_account'] = $this->getCredentials()->getUsername();
454 $newUser["profile_incomplete"] = 0;
455
456 // ILIAS 8
457 //check
458 $newUser["gender"] = 'n';
459 $newUser["title"] = null;
460 $newUser["birthday"] = null;
461 $newUser["institution"] = null;
462 $newUser["department"] = null;
463 $newUser["street"] = null;
464 $newUser["city"] = null;
465 $newUser["zipcode"] = null;
466 $newUser["country"] = null;
467 $newUser["sel_country"] = null;
468 $newUser["phone_office"] = null;
469 $newUser["phone_home"] = null;
470 $newUser["phone_mobile"] = null;
471 $newUser["fax"] = null;
472 $newUser["matriculation"] = null;
473 $newUser["second_email"] = null;
474 $newUser["hobby"] = null;
475 $newUser["client_ip"] = null;
476 $newUser["passwd_salt"] = null;//$newUser->getPasswordSalt();
477 $newUser["latitude"] = null;
478 $newUser["longitude"] = null;
479 $newUser["loc_zoom"] = null;
480 $newUser["last_login"] = null;
481 $newUser["first_login"] = null;
482 $newUser["last_profile_prompt"] = null;
483 $newUser["last_update"] = ilUtil::now();
484 $newUser["create_date"] = ilUtil::now();
485 $newUser["referral_comment"] = null;
486 $newUser["approve_date"] = null;
487 $newUser["agree_date"] = null;
488 $newUser["inactivation_date"] = null;
489 $newUser["time_limit_from"] = null;
490 $newUser["time_limit_until"] = null;
491 $newUser["is_self_registered"] = null;
492 //end to check
493
494 $newUser["passwd_enc_type"] = "";
495 $newUser["active"] = true;
496 $newUser["time_limit_owner"] = 7;
497 $newUser["time_limit_unlimited"] = 0;
498 $newUser["time_limit_message"] = 0;
499 $newUser["passwd"] = " ";
500 // $newUser["last_update"]
501
502 // system data
503 $userObj->assignData($newUser);
504 $userObj->setTitle($userObj->getFullname());
505 $userObj->setDescription($userObj->getEmail());
506
507 // set user language
508 $userObj->setLanguage($consumer->getLanguage());
509
510 // Time limit
511 $userObj->setTimeLimitOwner(7);
512 $userObj->setTimeLimitUnlimited(false);
513 $userObj->setTimeLimitFrom(time() - 5);
514 // todo ?
515 $userObj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
516
517 // Create user in DB
518 $userObj->setOwner(6);
519 $userObj->create();
520 $userObj->setActive(true);
521 // $userObj->updateOwner();
522 $userObj->setLastPasswordChangeTS(time());
523 $userObj->saveAsNew();
524 $userObj->writePrefs();
525
526 $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $userObj->getId());
527
528 $this->getLogger()->info('Created new lti user with uid: ' . $userObj->getId() . ' and login: ' . $userObj->getLogin());
529 return $userObj->getId();
530 }
static _generateLogin(string $a_login)
generate free login by starting with a default string and adding postfix numbers
User class.
const PASSWD_CRYPTED
static now()
Return current timestamp in Y-m-d H:i:s format.
global $DIC
Definition: shib_login.php:26
$GLOBALS["DIC"]
Definition: wac.php:54

References $DIC, $GLOBALS, ilAuthUtils\_generateLogin(), ilAuthProvider\getCredentials(), ilLTIPlatform\getExtConsumerId(), ilLTIPlatform\getLanguage(), ilAuthProvider\getLogger(), ilLTIPlatform\getPrefix(), ilLTIPlatform\getRole(), ilUtil\now(), and ilObjUser\PASSWD_CRYPTED.

+ Here is the call graph for this function:

◆ findAuthKeyId()

ilAuthProviderLTI::findAuthKeyId ( string  $a_oauth_consumer_key)
protected

find consumer key id

Parameters
string$a_oauth_consumer_key
Returns
int

Definition at line 160 of file class.ilAuthProviderLTI.php.

160 : int
161 {
162 global $ilDB;
163
164 $query = 'SELECT consumer_pk from lti2_consumer where consumer_key = ' . $ilDB->quote(
165 $a_oauth_consumer_key,
166 'text'
167 );
168 // $query = 'SELECT id from lti_ext_consumer where consumer_key = '.$ilDB->quote($a_oauth_consumer_key,'text');
169 $this->getLogger()->debug($query);
170 $res = $ilDB->query($query);
171
172 $lti_id = 0;
173 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
174 $lti_id = $row->consumer_pk;
175 // $lti_id = $row->id;
176 }
177 $this->getLogger()->debug('External consumer key is: ' . (int) $lti_id);
178 return $lti_id;
179 }
$res
Definition: ltiservices.php:69

References $ilDB, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

+ Here is the call graph for this function:

◆ findAuthPrefix()

ilAuthProviderLTI::findAuthPrefix ( int  $a_lti_id)
protected

find lti id

Parameters
int$a_lti_id
Returns
string

Definition at line 186 of file class.ilAuthProviderLTI.php.

186 : string
187 {
188 global $ilDB;
189
190 $query = 'SELECT prefix from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
191 $this->getLogger()->debug($query);
192 $res = $ilDB->query($query);
193
194 // $prefix = 'lti'.$a_lti_id.'_';
195 $prefix = '';
196 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
197 $prefix = $row->prefix;
198 }
199 $this->getLogger()->debug('LTI prefix: ' . $prefix);
200 return $prefix;
201 }

References $ilDB, $res, ilDBConstants\FETCHMODE_OBJECT, and ilAuthProvider\getLogger().

+ Here is the call graph for this function:

◆ findGlobalRole()

ilAuthProviderLTI::findGlobalRole ( int  $a_lti_id)
protected

find global role of consumer

Parameters
int$a_lti_id
Returns
int|null

Definition at line 208 of file class.ilAuthProviderLTI.php.

208 : ?int
209 {
210 global $ilDB;
211
212 $query = 'SELECT role from lti_ext_consumer where id = ' . $ilDB->quote($a_lti_id, 'integer');
213 $this->getLogger()->debug($query);
214 $res = $ilDB->query($query);
215
216 $role = null;
217 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
218 $role = (int) $row->role;
219 }
220 $this->getLogger()->debug('LTI role: ' . $role);
221 return $role;
222 }

References $ilDB, $res, ilDBConstants\FETCHMODE_OBJECT, ilAuthProvider\getLogger(), and ILIAS\Repository\int().

+ Here is the call graph for this function:

◆ findUserId()

ilAuthProviderLTI::findUserId ( string  $a_oauth_user,
string  $a_oauth_id,
string  $a_user_prefix 
)
protected

Find user by auth mode and lti id.

Parameters
string$a_oauth_user
string$a_oauth_id
string$a_user_prefix
Returns
int

Definition at line 356 of file class.ilAuthProviderLTI.php.

356 : int
357 {
359 self::AUTH_MODE_PREFIX . '_' . $a_oauth_id,
360 $a_oauth_user
361 );
362 $user_id = 0;
363 if ($user_name) {
364 $user_id = ilObjUser::_lookupId($user_name);
365 }
366 $this->getLogger()->debug('Found user with auth mode lti_' . $a_oauth_id . ' with user_id: ' . $user_id);
367 return $user_id;
368 }
static _lookupId(string|array $a_user_str)
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user

References $user_id, ilObjUser\_checkExternalAuthAccount(), ilObjUser\_lookupId(), and ilAuthProvider\getLogger().

+ Here is the call graph for this function:

◆ getActiveAuthModes()

static ilAuthProviderLTI::getActiveAuthModes ( )
static

get all active authmode server ids

Returns
array

Definition at line 81 of file class.ilAuthProviderLTI.php.

81 : array
82 {
83 global $ilDB;
84
85 // move to connector
86 $query = 'SELECT consumer_pk from lti2_consumer where enabled = ' . $ilDB->quote(1, 'integer');
87 $res = $ilDB->query($query);
88
89 $sids = array();
90 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
91 $sids[] = $row->consumer_pk;
92 }
93 return $sids;
94 }

References $ilDB, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_isExternalAccountEnabled().

+ Here is the caller graph for this function:

◆ getAuthModeByKey()

static ilAuthProviderLTI::getAuthModeByKey ( string  $a_auth_key)
static

Get auth mode by key.

Parameters
string$a_auth_mode
Returns
string auth_mode

Definition at line 54 of file class.ilAuthProviderLTI.php.

54 : string
55 {
56 $auth_arr = explode('_', $a_auth_key);
57 if (count($auth_arr) > 1) {
58 return 'lti_' . $auth_arr[1];
59 }
60 return 'lti';
61 }

Referenced by ilAuthUtils\_getAuthModeName().

+ Here is the caller graph for this function:

◆ getAuthModes()

static ilAuthProviderLTI::getAuthModes ( )
static
Returns
array

Definition at line 99 of file class.ilAuthProviderLTI.php.

99 : array
100 {
101 global $ilDB;
102
103 // move to connector
104 $query = 'SELECT distinct(consumer_pk) consumer_pk from lti2_consumer';
105 $res = $ilDB->query($query);
106
107 $sids = array();
108 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
109 $sids[] = $row->consumer_pk;
110 }
111 return $sids;
112 }

References $ilDB, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthUtils\_getActiveAuthModes(), and ilAuthUtils\_getAllAuthModes().

+ Here is the caller graph for this function:

◆ getKeyByAuthMode()

static ilAuthProviderLTI::getKeyByAuthMode ( string  $a_auth_mode)
static

Get auth id by auth mode.

Parameters
string$a_auth_mode
Returns
int|string auth_mode

Definition at line 68 of file class.ilAuthProviderLTI.php.

69 {
70 $auth_arr = explode('_', $a_auth_mode);
71 if (count($auth_arr) > 1) {
72 return ilAuthUtils::AUTH_PROVIDER_LTI . '_' . $auth_arr[1];
73 }
75 }
const int AUTH_PROVIDER_LTI

References ilAuthUtils\AUTH_PROVIDER_LTI.

Referenced by ilAuthUtils\_getAuthMode().

+ Here is the caller graph for this function:

◆ getServerIdByAuthMode()

static ilAuthProviderLTI::getServerIdByAuthMode ( string  $a_auth_mode)
static

Get auth id by auth mode.

Parameters
string$a_auth_mode
Returns
int|null

Definition at line 131 of file class.ilAuthProviderLTI.php.

131 : ?int
132 {
133 if (self::isAuthModeLTI($a_auth_mode)) {
134 $auth_arr = explode('_', $a_auth_mode);
135 return (int) $auth_arr[1];
136 }
137 return null;
138 }

Referenced by ilAuthUtils\getAuthModeTranslation().

+ Here is the caller graph for this function:

◆ handleLocalRoleAssignments()

ilAuthProviderLTI::handleLocalRoleAssignments ( int  $user_id,
ilLTIPlatform  $consumer,
int  $target_ref_id,
int  $default_rol_id = null 
)
protected

Definition at line 532 of file class.ilAuthProviderLTI.php.

532 : bool
533 {
534 global $DIC;
535 $this->getLogger()->info('$target_ref_id: ' . $target_ref_id);
536 if (!$target_ref_id) {
537 $this->getLogger()->warning('No target id given');
538 return false;
539 }
540
541 $obj_settings = new ilLTIProviderObjectSetting($target_ref_id, $consumer->getExtConsumerId());
542
543 $roles = $this->messageParameters['roles'] ?? '';
544
545 if (!is_string($roles) || empty($roles)) {
546 $this->getLogger()->warning('No role information given or invalid role format.');
547 return false;
548 }
549
550 $this->getLogger()->info("Deassigning all roles for user: " . $user_id);
551 $DIC->rbac()->admin()->deassignUser($obj_settings->getTutorRole(), $user_id);
552 $DIC->rbac()->admin()->deassignUser($obj_settings->getMemberRole(), $user_id);
553 $DIC->rbac()->admin()->deassignUser($obj_settings->getAdminRole(), $user_id);
554
555 $role_arr = is_array($roles) ? $roles : explode(',', $roles);
556
557 $this->getLogger()->info('Recieved roles: ' . implode(', ', $role_arr));
558
559 $tree = $DIC->repositoryTree();
560 $parent = $tree->getParentId($target_ref_id);
561 if ($parent != 1) {
562 $this->handleLocalRoleAssignments($user_id, $consumer, $parent, $obj_settings->getMemberRole());
563 }
564 foreach ($role_arr as $role) {
565 $role = trim($role);
566 $local_role_id = $this->mapLTIRoleToLocalRole($role, $obj_settings) == 0 && $default_rol_id != null ? $default_rol_id : $this->mapLTIRoleToLocalRole($role, $obj_settings);
567 if (isset($local_role_id)) {
568 $this->getLogger()->info('Assigning local role ID: ' . $local_role_id . ' for LTI role: ' . $role . ' to user ID: ' . $user_id);
569 $DIC->rbac()->admin()->assignUser($local_role_id, $user_id);
570 } else {
571 $this->getLogger()->info('No local role mapping found for LTI role: ' . $role);
572 }
573 }
574
575 return true;
576 }
handleLocalRoleAssignments(int $user_id, ilLTIPlatform $consumer, int $target_ref_id, int $default_rol_id=null)
mapLTIRoleToLocalRole(string $lti_role, ilLTIProviderObjectSetting $settings)
Maps an LTI role (URI or simple name) to a local ILIAS role ID.

References $DIC, $user_id, ilLTIPlatform\getExtConsumerId(), ilAuthProvider\getLogger(), handleLocalRoleAssignments(), and mapLTIRoleToLocalRole().

Referenced by handleLocalRoleAssignments().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAuthModeLTI()

static ilAuthProviderLTI::isAuthModeLTI ( string  $a_auth_mode)
static

Check if user auth mode is LTI.

Parameters
string$a_auth_mode
Returns
bool

Definition at line 145 of file class.ilAuthProviderLTI.php.

145 : bool
146 {
147 if (!$a_auth_mode) {
148 ilLoggerFactory::getLogger('ltis')->warning('No auth mode given.');
149 return false;
150 }
151 $auth_arr = explode('_', $a_auth_mode);
152 return ($auth_arr[0] == ilAuthUtils::AUTH_PROVIDER_LTI) and $auth_arr[1];
153 }

References ilAuthUtils\AUTH_PROVIDER_LTI, and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

◆ lookupConsumer()

static ilAuthProviderLTI::lookupConsumer ( int  $a_sid)
static

Lookup consumer title.

Parameters
int$a_sid
Returns
string

Definition at line 119 of file class.ilAuthProviderLTI.php.

119 : string
120 {
121 $connector = new ilLTIDataConnector();
122 $consumer = ilLTIPlatform::fromRecordId($a_sid, $connector);
123 return $consumer->getTitle();
124 }
static fromRecordId(int|string $id, DataConnector $dataConnector)
Load the platform from the database by its record ID.

References ilLTIPlatform\fromRecordId().

Referenced by ilAuthUtils\getAuthModeTranslation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ mapLTIRoleToLocalRole()

ilAuthProviderLTI::mapLTIRoleToLocalRole ( string  $lti_role,
ilLTIProviderObjectSetting  $settings 
)
protected

Maps an LTI role (URI or simple name) to a local ILIAS role ID.

Parameters
string$lti_role
ilLTIProviderObjectSetting$settings
Returns
int|null The ILIAS role ID, or null if no mapping is found.

Definition at line 585 of file class.ilAuthProviderLTI.php.

585 : ?int
586 {
587 // Prioritize more specific roles (sub-roles)
588 $role_map = [
589 // System Roles
590 'http://purl.imsglobal.org/vocab/lti/system/person#TestUser' => null, // Example: No mapping for TestUser
591 'http://purl.imsglobal.org/vocab/lis/v2/system/person#Administrator' => $settings->getAdminRole(),
592 'http://purl.imsglobal.org/vocab/lis/v2/system/person#None' => null,
593 'http://purl.imsglobal.org/vocab/lis/v2/system/person#AccountAdmin' => null, // No direct mapping
594 'http://purl.imsglobal.org/vocab/lis/v2/system/person#Creator' => null, // No direct mapping
595 'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysAdmin' => null, // No direct mapping
596 'http://purl.imsglobal.org/vocab/lis/v2/system/person#SysSupport' => null, // No direct mapping
597 'http://purl.imsglobal.org/vocab/lis/v2/system/person#User' => null, // No direct mapping
598
599 // Institution Roles
600 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator' => $settings->getAdminRole(),
601 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Faculty' => $settings->getTutorRole(),
602 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Guest' => null, // No direct mapping
603 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#None' => null,
604 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Other' => null, // No direct mapping
605 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Staff' => null, // No direct mapping
606 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Student' => $settings->getMemberRole(),
607 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Alumni' => null, // No direct mapping
608 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Instructor' => $settings->getTutorRole(),
609 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Learner' => $settings->getMemberRole(),
610 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Member' => $settings->getMemberRole(),
611 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Mentor' => null, // No direct mapping
612 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Observer' => null, // No direct mapping
613 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#ProspectiveStudent' => null, // No direct mapping
614
615 // Context Roles (Main)
616 'http://purl.imsglobal.org/vocab/lis/v2/membership#Administrator' => $settings->getAdminRole(),
617 'http://purl.imsglobal.org/vocab/lis/v2/membership#ContentDeveloper' => null, // No direct mapping
618 'http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor' => $settings->getTutorRole(),
619 'http://purl.imsglobal.org/vocab/lis/v2/membership#Learner' => $settings->getMemberRole(),
620 'http://purl.imsglobal.org/vocab/lis/v2/membership#Mentor' => null, // No direct mapping
621 'http://purl.imsglobal.org/vocab/lis/v2/membership#Manager' => $settings->getAdminRole(), // Potentially map to admin
622 'http://purl.imsglobal.org/vocab/lis/v2/membership#Member' => $settings->getMemberRole(),
623 'http://purl.imsglobal.org/vocab/lis/v2/membership#Officer' => null, // No direct mapping
624
625 // Context Sub-Roles (TeachingAssistant)
626 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistant' => $settings->getTutorRole(),
627 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantGroup' => $settings->getTutorRole(),
628 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantOffering' => $settings->getTutorRole(),
629 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSection' => $settings->getTutorRole(),
630 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantSectionAssociation' => $settings->getTutorRole(),
631 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#TeachingAssistantTemplate' => $settings->getTutorRole(),
632 // Context Sub-Roles (Grader)
633 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Grader' => $settings->getTutorRole(), // Map Grader to Tutor
634 // Context Sub-Roles (GuestInstructor, Lecturer, PrimaryInstructor, SecondaryInstructor)
635 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#GuestInstructor' => $settings->getTutorRole(),
636 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#Lecturer' => $settings->getTutorRole(),
637 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#PrimaryInstructor' => $settings->getTutorRole(),
638 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#SecondaryInstructor' => $settings->getTutorRole(),
639 // Context Sub-Roles (ExternalInstructor)
640 'http://purl.imsglobal.org/vocab/lis/v2/membership/Instructor#ExternalInstructor' => $settings->getTutorRole(),
641
642 // Context Sub-Roles (ExternalLearner, GuestLearner, Learner, NonCreditLearner)
643 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#ExternalLearner' => $settings->getMemberRole(),
644 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#GuestLearner' => $settings->getMemberRole(),
645 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#Learner' => $settings->getMemberRole(),
646 'http://purl.imsglobal.org/vocab/lis/v2/membership/Learner#NonCreditLearner' => $settings->getMemberRole(),
647
648 // Context Sub-Roles (AreaManager, CourseCoordinator, ExternalObserver, Manager, Observer)
649 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#AreaManager' => $settings->getAdminRole(),
650 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#CourseCoordinator' => null,
651 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#ExternalObserver' => null,
652 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Manager' => $settings->getAdminRole(),
653 'http://purl.imsglobal.org/vocab/lis/v2/membership/Manager#Observer' => null,
654
655 // Context Sub-Roles (Advisor, Auditor, ExternalAdvisor, ExternalAuditor, ExternalLearningFacilitator, ExternalMentor, ExternalReviewer, ExternalTutor, LearningFacilitator, Mentor, Reviewer, Tutor)
656 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Advisor' => null,
657 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Auditor' => null,
658 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAdvisor' => null,
659 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalAuditor' => null,
660 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalLearningFacilitator' => null,
661 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalMentor' => null,
662 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalReviewer' => null,
663 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#ExternalTutor' => null,
664 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#LearningFacilitator' => null,
665 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Mentor' => null,
666 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Reviewer' => null,
667 'http://purl.imsglobal.org/vocab/lis/v2/membership/Mentor#Tutor' => $settings->getTutorRole(), // Map Tutor to Tutor
668
669 // Context Sub-Roles (Chair, Communications, Secretary, Treasurer, Vice-Chair)
670 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Chair' => null,
671 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Communications' => null,
672 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Secretary' => null,
673 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Treasurer' => null,
674 'http://purl.imsglobal.org/vocab/lis/v2/membership/Officer#Vice-Chair' => null,
675
676 // Context Sub-Roles (ContentDeveloper, ContentExpert, ExternalContentExpert, Librarian)
677 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentDeveloper' => null,
678 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentExpert' => null,
679 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ExternalContentExpert' => null,
680 'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#Librarian' => null,
681
682 // Context Sub-Roles (Member)
683 'http://purl.imsglobal.org/vocab/lis/v2/membership/Member#Member' => $settings->getMemberRole(),
684
685 // Context Sub-Roles (Administrator, Developer, ExternalDeveloper, ExternalSupport, ExternalSystemAdministrator, Support, SystemAdministrator)
686 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Administrator' => $settings->getAdminRole(),
687 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Developer' => null,
688 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalDeveloper' => null,
689 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSupport' => null,
690 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#ExternalSystemAdministrator' => null,
691 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support' => null,
692 'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#SystemAdministrator' => null,
693 ];
694
695 // LTI 1.0/1.1 simple names (supported for backward compatibility)
696 $simple_name_map = [
697 'Instructor' => $settings->getTutorRole(),
698 'Learner' => $settings->getMemberRole(),
699 'ContentDeveloper' => null,
700 'Administrator' => $settings->getAdminRole(),
701 'Mentor' => null,
702 'Manager' => $settings->getAdminRole(),
703 'Member' => $settings->getMemberRole(),
704 'Officer' => null,
705 ];
706
707
708 if (isset($role_map[$lti_role])) {
709 return $role_map[$lti_role];
710 } elseif (isset($simple_name_map[$lti_role])) {
711 // Check for simple names
712 return $simple_name_map[$lti_role];
713 }
714
715 return null;
716 }

References ilLTIProviderObjectSetting\getAdminRole(), ilLTIProviderObjectSetting\getMemberRole(), and ilLTIProviderObjectSetting\getTutorRole().

Referenced by handleLocalRoleAssignments().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateUser()

ilAuthProviderLTI::updateUser ( int  $a_local_user_id,
ilLTIPlatform  $consumer 
)
protected

update existing user @access protected

Parameters
int$a_local_user_id
ilLTIPlatform$consumer
Returns
int

Definition at line 377 of file class.ilAuthProviderLTI.php.

377 : int
378 {
379 global $ilClientIniFile, $DIC;
380 // if (empty($this->messageParameters)) {
381 // $status->setReason('empty_lti_message_parameters');
382 // $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATION_FAILED);
383 // return false;
384 // }
385 $user_obj = new ilObjUser($a_local_user_id);
386 if (isset($this->messageParameters['lis_person_name_given'])) {
387 $user_obj->setFirstname($this->messageParameters['lis_person_name_given']);
388 } else {
389 $user_obj->setFirstname('-');
390 }
391 if (isset($this->messageParameters['lis_person_name_family'])) {
392 $user_obj->setLastname($this->messageParameters['lis_person_name_family']);
393 } else {
394 $user_obj->setLastname('-');
395 }
396 $user_obj->setEmail($this->messageParameters['lis_person_contact_email_primary']);
397
398 $user_obj->setActive(true);
399
400 $until = $user_obj->getTimeLimitUntil();
401
402 if ($until < (time() + (int) $ilClientIniFile->readVariable('session', 'expire'))) {
403 $user_obj->setTimeLimitFrom(time() - 60);
404 $user_obj->setTimeLimitUntil(time() + (int) $ilClientIniFile->readVariable("session", "expire"));
405 }
406 $user_obj->update();
407 $user_obj->refreshLogin();
408
409 $GLOBALS['DIC']->rbac()->admin()->assignUser($consumer->getRole(), $user_obj->getId());
410 $this->getLogger()->debug('Assigned user to: ' . $consumer->getRole());
411
412 $this->getLogger()->info('Update of lti user with uid: ' . $user_obj->getId() . ' and login: ' . $user_obj->getLogin());
413 return $user_obj->getId();
414 }

References $DIC, $GLOBALS, ilAuthProvider\getLogger(), and ilLTIPlatform\getRole().

+ Here is the call graph for this function:

Field Documentation

◆ $dataConnector

ilLTIDataConnector ilAuthProviderLTI::$dataConnector = null
private

Definition at line 30 of file class.ilAuthProviderLTI.php.

◆ $launchReturnUrl

string ilAuthProviderLTI::$launchReturnUrl = ""
protected

Definition at line 36 of file class.ilAuthProviderLTI.php.

◆ $logger

ilLogger ilAuthProviderLTI::$logger = null
private

Definition at line 38 of file class.ilAuthProviderLTI.php.

◆ $lti_context_id

string ilAuthProviderLTI::$lti_context_id = ""
private

Definition at line 31 of file class.ilAuthProviderLTI.php.

◆ $messageParameters

array ilAuthProviderLTI::$messageParameters = null
private

Definition at line 34 of file class.ilAuthProviderLTI.php.

◆ $provider

ilLTITool ilAuthProviderLTI::$provider = null
private

Definition at line 33 of file class.ilAuthProviderLTI.php.

◆ $ref_id

int ilAuthProviderLTI::$ref_id = 0
private

Definition at line 32 of file class.ilAuthProviderLTI.php.

◆ AUTH_MODE_PREFIX

const ilAuthProviderLTI::AUTH_MODE_PREFIX = 'lti'

Definition at line 29 of file class.ilAuthProviderLTI.php.


The documentation for this class was generated from the following file: