ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilLDAPRoleAssignmentRules.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
26 class ilLDAPRoleAssignmentRules
27 {
28  private const ROLE_ACTION_ASSIGN = 'Assign';
29  private const ROLE_ACTION_DEASSIGN = 'Detach';
30 
31  protected static ?int $default_role = null;
32 
33  public static function getDefaultRole(int $a_server_id): int
34  {
35  return self::$default_role =
36  ilLDAPAttributeMapping::_lookupGlobalRole($a_server_id);
37  }
38 
43  public static function getAllPossibleRoles(int $a_server_id): array
44  {
45  global $DIC;
46 
47  $ilDB = $DIC['ilDB'];
48 
49  $roles = [];
50  $query = "SELECT DISTINCT(role_id) FROM ldap_role_assignments " .
51  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
52  $res = $ilDB->query($query);
53  //TODO fix this array which is always the some digit twice
54  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
55  //TODO if key is int it will get autoconverted to int
56  $roles[$row->role_id] = (int) $row->role_id;
57  }
58 
59  $gr = self::getDefaultRole($a_server_id);
60  $roles[$gr] = $gr;
61 
62  return $roles;
63  }
64 
69  public static function getAttributeNames($a_server_id): array
70  {
71  global $DIC;
72 
73  $ilDB = $DIC['ilDB'];
74 
75  $query = "SELECT DISTINCT(att_name) " .
76  "FROM ldap_role_assignments " .
77  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
78  $res = $ilDB->query($query);
79  $names = [];
80  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
81  $name = strtolower(trim($row->att_name ?? ''));
82  if ($name) {
83  $names[] = $name;
84  }
85  }
86 
87  return array_merge($names, self::getAdditionalPluginAttributes());
88  }
89 
90  public static function getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data): array
91  {
92  global $DIC;
93 
94  $ilDB = $DIC['ilDB'];
95  $rbacreview = $DIC['rbacreview'];
96  $ilLog = $DIC['ilLog'];
97 
98  $query = "SELECT rule_id,add_on_update,remove_on_update FROM ldap_role_assignments " .
99  "WHERE (add_on_update = 1 OR remove_on_update = 1) " .
100  'AND server_id = ' . $ilDB->quote($a_server_id, 'integer');
101 
102  $res = $ilDB->query($query);
103  $roles = [];
104  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
105  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
106 
107  $matches = $rule->matches($a_usr_data);
108  if ($matches && $row->add_on_update) {
109  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
110  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
111  }
112  if (!$matches && $row->remove_on_update) {
113  $ilLog->info(': Deassigned from role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
114  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_DEASSIGN);
115  }
116  }
117 
118  // Check if there is minimum on global role
119  $deassigned_global = 0;
120  foreach ($roles as $role_data) {
121  if ($role_data['type'] === 'Global' &&
122  $role_data['action'] === self::ROLE_ACTION_DEASSIGN) {
123  $deassigned_global++;
124  }
125  }
126  if (count($rbacreview->assignedGlobalRoles($a_usr_id)) === $deassigned_global) {
127  $ilLog->info(': No global role left. Assigning to default role.');
128  $roles[] = self::parseRole(
129  self::getDefaultRole($a_server_id),
130  self::ROLE_ACTION_ASSIGN
131  );
132  }
133 
134  return $roles;
135  }
136 
140  public static function getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data): array
141  {
142  global $DIC;
143 
144  $ilDB = $DIC['ilDB'];
145  $ilLog = $DIC['ilLog'];
146 
147  $query = "SELECT rule_id FROM ldap_role_assignments " .
148  'WHERE server_id = ' . $ilDB->quote($a_server_id, 'integer');
149  $res = $ilDB->query($query);
150 
151  $roles = [];
152  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
153  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $row->rule_id);
154 
155  if ($rule->matches($a_usr_data)) {
156  $ilLog->info(': Assigned to role: ' . $a_usr_name . ' => ' . ilObject::_lookupTitle($rule->getRoleId()));
157  $roles[] = self::parseRole($rule->getRoleId(), self::ROLE_ACTION_ASSIGN);
158  }
159  }
160 
161  // DONE: check for global role
162  $found_global = false;
163  foreach ($roles as $role_data) {
164  if ($role_data['type'] === 'Global') {
165  $found_global = true;
166  break;
167  }
168  }
169  if (!$found_global) {
170  $ilLog->info(': No matching rule found. Assigning to default role.');
171  $roles[] = self::parseRole(
172  self::getDefaultRole($a_server_id),
173  self::ROLE_ACTION_ASSIGN
174  );
175  }
176 
177  return $roles;
178  }
179 
183  public static function callPlugin(int $a_plugin_id, array $a_user_data): bool
184  {
185  global $DIC;
186 
187  $component_factory = $DIC["component.factory"];
188  foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
189  if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
190  return true;
191  }
192  }
193  return false;
194  }
195 
200  protected static function getAdditionalPluginAttributes(): array
201  {
202  global $DIC;
203 
204  $attributes = array();
205  $component_factory = $DIC["component.factory"];
206  foreach ($component_factory->getActivePluginsInSlot('ldaphk') as $plugin) {
207  $attributes[] = $plugin->getAdditionalAttributeNames();
208  }
209 
210  return array_merge(...$attributes);
211  }
212 
213  protected static function parseRole(int $a_role_id, string $a_action): array
214  {
215  global $DIC;
216 
217  $rbacreview = $DIC['rbacreview'];
218 
219  return [
220  'id' => $a_role_id,
221  'type' => $rbacreview->isGlobalRole($a_role_id) ? 'Global' : 'Local',
222  'action' => $a_action
223  ];
224  }
225 }
ilLDAPRoleAssignmentRules\getAssignmentsForUpdate
static getAssignmentsForUpdate(int $a_server_id, $a_usr_id, $a_usr_name, $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:90
$res
$res
Definition: ltiservices.php:66
ilLDAPRoleAssignmentRules\parseRole
static parseRole(int $a_role_id, string $a_action)
Definition: class.ilLDAPRoleAssignmentRules.php:213
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilLDAPRoleAssignmentRules\getAdditionalPluginAttributes
static getAdditionalPluginAttributes()
Fetch additional attributes from plugin.
Definition: class.ilLDAPRoleAssignmentRules.php:200
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ilLDAPRoleAssignmentRules\getAllPossibleRoles
static getAllPossibleRoles(int $a_server_id)
Get all assignable roles (used for import parser)
Definition: class.ilLDAPRoleAssignmentRules.php:43
$DIC
global $DIC
Definition: shib_login.php:22
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:65
ilLDAPRoleAssignmentRules\getAssignmentsForCreation
static getAssignmentsForCreation(int $a_server_id, string $a_usr_name, array $a_usr_data)
Definition: class.ilLDAPRoleAssignmentRules.php:140
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
ilLDAPRoleAssignmentRules\callPlugin
static callPlugin(int $a_plugin_id, array $a_user_data)
Call plugin check if the condition matches.
Definition: class.ilLDAPRoleAssignmentRules.php:183