ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
26class ilLDAPRoleAssignmentRules
27{
28 private const ROLE_ACTION_ASSIGN = 'Assign';
29 private const ROLE_ACTION_DEASSIGN = 'Detach';
30
31 protected static ?int $default_role = null;
32
33 public static function getDefaultRole(int $a_server_id): int
34 {
35 return self::$default_role =
36 ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
37 }
38
43 public static function getAllPossibleRoles(int $a_server_id): array
44 {
45 global $DIC;
46
47 $ilDB = $DIC['ilDB'];
48
49 $roles = [];
50 $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
51 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
52 $res = $ilDB->query($query);
53 //TODO fix this array which is always the some digit twice
54 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
55 //TODO if key is int it will get autoconverted to int
56 $roles[$row->role_id] = (int) $row->role_id;
57 }
58
59 $gr = self::getDefaultRole($a_server_id);
60 $roles[$gr] = $gr;
61
62 return $roles;
63 }
64
69 public static function getAttributeNames($a_server_id): array
70 {
71 global $DIC;
72
73 $ilDB = $DIC['ilDB'];
74
75 $query = "SELECT DISTINCT(att_name) " .
76 "FROM ldap_role_assignments " .
77 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
78 $res = $ilDB->query($query);
79 $names = [];
80 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
81 $name = strtolower(trim($row->att_name ?? ''));
82 if ($name) {
83 $names[] = $name;
84 }
85 }
86
87 return array_merge($names, self::getAdditionalPluginAttributes());
88 }
89
90 public static function getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data): array
91 {
92 global $DIC;
93
94 $ilDB = $DIC['ilDB'];
95 $rbacreview = $DIC['rbacreview'];
96 $ilLog = $DIC['ilLog'];
97
98 $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
99 "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
100 'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
101
102 $res = $ilDB->query($query);
103 $roles = [];
104 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
105 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
106
107 $matches = $rule->matches($a_usr_data);
108 if ($matches && $row->add_on_update) {
109 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
110 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
111 }
112 if (!$matches && $row->remove_on_update) {
113 $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
114 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
115 }
116 }
117
118 // Check if there is minimum on global role
119 $deassigned_global = 0;
120 foreach ($roles as $role_data) {
121 if ($role_data['type'] === 'Global' &&
122 $role_data['action'] === self::ROLE_ACTION_DEASSIGN) {
123 $deassigned_global++;
124 }
125 }
126 if (count($rbacreview->assignedGlobalRoles($a_usr_id)) === $deassigned_global) {
127 $ilLog->info(': No global role left. Assigning to default role.');
128 $roles[] = self::parseRole(
129 self::getDefaultRole($a_server_id),
130 self::ROLE_ACTION_ASSIGN
131 );
132 }
133
134 return $roles;
135 }
136
140 public static function getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data): array
141 {
142 global $DIC;
143
144 $ilDB = $DIC['ilDB'];
145 $ilLog = $DIC['ilLog'];
146
147 $query = "SELECT rule_id FROM ldap_role_assignments " .
148 'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
149 $res = $ilDB->query($query);
150
151 $roles = [];
152 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
153 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
154
155 if ($rule->matches($a_usr_data)) {
156 $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
157 $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
158 }
159 }
160
161 // DONE: check for global role
162 $found_global = false;
163 foreach ($roles as $role_data) {
164 if ($role_data['type'] === 'Global') {
165 $found_global = true;
166 break;
167 }
168 }
169 if (!$found_global) {
170 $ilLog->info(': No matching rule found. Assigning to default role.');
171 $roles[] = self::parseRole(
172 self::getDefaultRole($a_server_id),
173 self::ROLE_ACTION_ASSIGN
174 );
175 }
176
177 return $roles;
178 }
179
183 public static function callPlugin(int $a_plugin_id, array $a_user_data): bool
184 {
185 global $DIC;
186
187 $component_factory = $DIC["component.factory"];
188 foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
189 if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
190 return true;
191 }
192 }
193 return false;
194 }
195
200 protected static function getAdditionalPluginAttributes(): array
201 {
202 global $DIC;
203
204 $attributes = array();
205 $component_factory = $DIC["component.factory"];
206 foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
207 $attributes[] = $plugin->getAdditionalAttributeNames();
208 }
209
210 return array_merge(...$attributes);
211 }
212
213 protected static function parseRole(int $a_role_id, string $a_action): array
214 {
215 global $DIC;
216
217 $rbacreview = $DIC['rbacreview'];
218
219 return [
220 'id' => $a_role_id,
221 'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
222 'action' => $a_action
223 ];
224 }
225}
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:65
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
ilLDAPRoleAssignmentRules\getAdditionalPluginAttributes
static getAdditionalPluginAttributes()
Fetch additional attributes from plugin.
Definition: class.ilLDAPRoleAssignmentRules.php:200
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles(int $a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:43
ilLDAPRoleAssignmentRules\parseRole
static parseRole(int $a_role_id, string $a_action)
Definition: class.ilLDAPRoleAssignmentRules.php:213
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin(int $a_plugin_id, array $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:183
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:140
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:90
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
$res
$res
Definition: ltiservices.php:69
$DIC
global $DIC
Definition: shib_login.php:26