ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
ilLDAPRoleAssignmentRules Class Reference

Do role assignemnts. More...

+ Collaboration diagram for ilLDAPRoleAssignmentRules:

Static Public Member Functions

static getDefaultRole (int $a_server_id)
 
static getAllPossibleRoles (int $a_server_id)
 Get all assignable roles (used for import parser) More...
 
static getAttributeNames ($a_server_id)
 get all possible attribute names More...
 
static getAssignmentsForUpdate (int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
 
static getAssignmentsForCreation (int $a_server_id, string $a_usr_name, array $a_usr_data)
 
static callPlugin (int $a_plugin_id, array $a_user_data)
 Call plugin check if the condition matches. More...
 

Static Protected Member Functions

static getAdditionalPluginAttributes ()
 Fetch additional attributes from plugin. More...
 
static parseRole (int $a_role_id, string $a_action)
 

Static Protected Attributes

static int $default_role = null
 

Private Attributes

const ROLE_ACTION_ASSIGN = 'Assign'
 
const ROLE_ACTION_DEASSIGN = 'Detach'
 

Detailed Description

Do role assignemnts.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 26 of file class.ilLDAPRoleAssignmentRules.php.

Member Function Documentation

◆ callPlugin()

static ilLDAPRoleAssignmentRules::callPlugin ( int  $a_plugin_id,
array  $a_user_data 
)
static

Call plugin check if the condition matches.

Definition at line 183 of file class.ilLDAPRoleAssignmentRules.php.

183 : bool
184 {
185 global $DIC;
186
187 $component_factory = $DIC["component.factory"];
188 foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
189 if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
190 return true;
191 }
192 }
193 return false;
194 }
global $DIC
Definition: shib_login.php:26

References $DIC, and XapiProxy\$plugin.

Referenced by ilLDAPRoleAssignmentRule\matches().

+ Here is the caller graph for this function:

◆ getAdditionalPluginAttributes()

static ilLDAPRoleAssignmentRules::getAdditionalPluginAttributes ( )
staticprotected

Fetch additional attributes from plugin.

Returns
string[]

Definition at line 200 of file class.ilLDAPRoleAssignmentRules.php.

200 : array
201 {
202 global $DIC;
203
204 $attributes = array();
205 $component_factory = $DIC["component.factory"];
206 foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
207 $attributes[] = $plugin->getAdditionalAttributeNames();
208 }
209
210 return array_merge(...$attributes);
211 }

References $DIC, and XapiProxy\$plugin.

◆ getAllPossibleRoles()

static ilLDAPRoleAssignmentRules::getAllPossibleRoles ( int  $a_server_id)
static

Get all assignable roles (used for import parser)

Returns
array<int, int> array of roles assigned

Definition at line 43 of file class.ilLDAPRoleAssignmentRules.php.

43 : array
44 {
45 global $DIC;
46
47 $ilDB = $DIC['ilDB'];
48
49 $roles = [];
50 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
51 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
52 $res = $ilDB->query($query);
53 //TODO fix this array which is always the some digit twice
54 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
55 //TODO if key is int it will get autoconverted to int
56 $roles[$row->role_id] = (int) $row->role_id;
57 }
58
59 $gr = self::getDefaultRole($a_server_id);
60 $roles[$gr] = $gr;
61
62 return $roles;
63 }
$res
Definition: ltiservices.php:69

References $DIC, $ilDB, $res, ilDBConstants\FETCHMODE_OBJECT, getDefaultRole(), and ILIAS\Repository\int().

Referenced by ilLDAPAttributeToUser\refresh().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForCreation()

static ilLDAPRoleAssignmentRules::getAssignmentsForCreation ( int  $a_server_id,
string  $a_usr_name,
array  $a_usr_data 
)
static
Returns
array role data

Definition at line 140 of file class.ilLDAPRoleAssignmentRules.php.

140 : array
141 {
142 global $DIC;
143
144 $ilDB = $DIC['ilDB'];
145 $ilLog = $DIC['ilLog'];
146
147 $query = "SELECT rule_id FROM ldap_role_assignments " .
148 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
149 $res = $ilDB->query($query);
150
151 $roles = [];
152 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
153 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
154
155 if ($rule->matches($a_usr_data)) {
156 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
157 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
158 }
159 }
160
161 // DONE: check for global role
162 $found_global = false;
163 foreach ($roles as $role_data) {
164 if ($role_data['type'] === 'Global') {
165 $found_global = true;
166 break;
167 }
168 }
169 if (!$found_global) {
170 $ilLog->info(': No matching rule found. Assigning to default role.');
171 $roles[] = self::parseRole(
172 self::getDefaultRole($a_server_id),
173 self::ROLE_ACTION_ASSIGN
174 );
175 }
176
177 return $roles;
178 }
static _getInstanceByRuleId(int $a_rule_id)
static parseRole(int $a_role_id, string $a_action)
static _lookupTitle(int $obj_id)

References $DIC, $ilDB, $res, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForCreation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignmentsForUpdate()

static ilLDAPRoleAssignmentRules::getAssignmentsForUpdate ( int  $a_server_id,
  $a_usr_id,
  $a_usr_name,
  $a_usr_data 
)
static

Definition at line 90 of file class.ilLDAPRoleAssignmentRules.php.

90 : array
91 {
92 global $DIC;
93
94 $ilDB = $DIC['ilDB'];
95 $rbacreview = $DIC['rbacreview'];
96 $ilLog = $DIC['ilLog'];
97
98 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
99 "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
100 'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
101
102 $res = $ilDB->query($query);
103 $roles = [];
104 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
105 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
106
107 $matches = $rule->matches($a_usr_data);
108 if ($matches && $row->add_on_update) {
109 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
110 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
111 }
112 if (!$matches && $row->remove_on_update) {
113 $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
114 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
115 }
116 }
117
118 // Check if there is minimum on global role
119 $deassigned_global = 0;
120 foreach ($roles as $role_data) {
121 if ($role_data['type'] === 'Global' &&
122 $role_data['action'] === self::ROLE_ACTION_DEASSIGN) {
123 $deassigned_global++;
124 }
125 }
126 if (count($rbacreview->assignedGlobalRoles($a_usr_id)) === $deassigned_global) {
127 $ilLog->info(': No global role left. Assigning to default role.');
128 $roles[] = self::parseRole(
129 self::getDefaultRole($a_server_id),
130 self::ROLE_ACTION_ASSIGN
131 );
132 }
133
134 return $roles;
135 }

References $DIC, $ilDB, $res, ilLDAPRoleAssignmentRule\_getInstanceByRuleId(), ilObject\_lookupTitle(), ilDBConstants\FETCHMODE_OBJECT, and parseRole().

Referenced by ilLDAPAttributeToUser\parseRoleAssignmentsForUpdate().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAttributeNames()

static ilLDAPRoleAssignmentRules::getAttributeNames (   $a_server_id)
static

get all possible attribute names

Returns
string[]

Definition at line 69 of file class.ilLDAPRoleAssignmentRules.php.

69 : array
70 {
71 global $DIC;
72
73 $ilDB = $DIC['ilDB'];
74
75 $query = "SELECT DISTINCT(att_name) " .
76 "FROM ldap_role_assignments " .
77 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
78 $res = $ilDB->query($query);
79 $names = [];
80 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
81 $name = strtolower(trim($row->att_name ?? ''));
82 if ($name) {
83 $names[] = $name;
84 }
85 }
86
87 return array_merge($names, self::getAdditionalPluginAttributes());
88 }

References $DIC, $ilDB, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilLDAPQuery\fetchUserProfileFields(), and ilLDAPServer\getPearAtributeArray().

+ Here is the caller graph for this function:

◆ getDefaultRole()

static ilLDAPRoleAssignmentRules::getDefaultRole ( int  $a_server_id)
static

Definition at line 33 of file class.ilLDAPRoleAssignmentRules.php.

33 : int
34 {
35 return self::$default_role =
37 }
static _lookupGlobalRole(int $a_server_id)

References ilLDAPAttributeMapping\_lookupGlobalRole().

Referenced by getAllPossibleRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ parseRole()

static ilLDAPRoleAssignmentRules::parseRole ( int  $a_role_id,
string  $a_action 
)
staticprotected

Definition at line 213 of file class.ilLDAPRoleAssignmentRules.php.

213 : array
214 {
215 global $DIC;
216
217 $rbacreview = $DIC['rbacreview'];
218
219 return [
220 'id' => $a_role_id,
221 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
222 'action' => $a_action
223 ];
224 }

References $DIC.

Referenced by getAssignmentsForCreation(), and getAssignmentsForUpdate().

+ Here is the caller graph for this function:

Field Documentation

◆ $default_role

int ilLDAPRoleAssignmentRules::$default_role = null
staticprotected

Definition at line 31 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_ASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN = 'Assign'
private

Definition at line 28 of file class.ilLDAPRoleAssignmentRules.php.

◆ ROLE_ACTION_DEASSIGN

const ilLDAPRoleAssignmentRules::ROLE_ACTION_DEASSIGN = 'Detach'
private

Definition at line 29 of file class.ilLDAPRoleAssignmentRules.php.


The documentation for this class was generated from the following file: