ilShibbolethRoleAssignmentRules Class Reference

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V. More...

Collaboration diagram for ilShibbolethRoleAssignmentRules:

Static Public Member Functions
static	getCountRules ()
static	updateAssignments (int $a_usr_id, array $a_data)
static	doAssignments (int $a_usr_id, array $a_data)
static	callPlugin (string $a_plugin_id, array $a_user_data)

Detailed Description

This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Learning e.V.

ILIAS is licensed with the GPL-3.0, see https://www.gnu.org/licenses/gpl-3.0.en.html You should have received a copy of said license along with the source code, too.

If this is not the case or you just want to try ILIAS, you'll find us at: https://www.ilias.de https://github.com/ILIAS-eLearning Shibboleth role assignment rules

Author

Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Fabian Schmid fabia.nosp@m.n.sc.nosp@m.hmid@.nosp@m.ilub.nosp@m..unib.nosp@m.e.ch

Version

$Id$

Definition at line 28 of file class.ilShibbolethRoleAssignmentRules.php.

Member Function Documentation

callPlugin()

static ilShibbolethRoleAssignmentRules::callPlugin ( string  $a_plugin_id, array  $a_user_data  )

static

Definition at line 120 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, and XapiProxy\$plugin.

Referenced by ilShibbolethRoleAssignmentRule\doesMatch(), and ilShibbolethRoleAssignmentRule\matches().

                                                                              : bool
    {
        global $DIC;
        foreach ($DIC['component.factory']->getActivePluginsInSlot('shibhk') as $plugin) {
            if ($plugin->checkRoleAssignment($a_plugin_id, $a_user_data)) {
                return true;
            }
        }
        return false;
    }

Here is the caller graph for this function:

doAssignments()

static ilShibbolethRoleAssignmentRules::doAssignments ( int  $a_usr_id, array  $a_data  )

static

Definition at line 92 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $res, ilObject\_lookupTitle(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthProviderShibboleth\doAuthentication().

                                                                      : bool
    {
        global $DIC;
        $db = $DIC->database();
        $rbac_admin = $DIC->rbac()->admin();
        $logger = $DIC->logger()->root();
        $query = "SELECT rule_id,add_on_update FROM shib_role_assignment WHERE add_on_update = 1";
        $num_matches = 0;
        $res = $db->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
            if ($rule->doesMatch($a_data)) {
                $num_matches++;
                $logger->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                $rbac_admin->assignUser($rule->getRoleId(), $a_usr_id);
            }
        }
        // Assign to default if no matching found
        if ($num_matches === 0) {
            $settings = new ilShibbolethSettings();
            $default_role = $settings->getDefaultRole();
            $logger->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
            $rbac_admin->assignUser($default_role, $a_usr_id);
        }

        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getCountRules()

static ilShibbolethRoleAssignmentRules::getCountRules ( )

static

Definition at line 50 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthShibbolethSettingsGUI\parseRulesTable().

                                          : int
    {
        global $DIC;
        $db = $DIC->database();
        $query = "SELECT COUNT(*) num FROM shib_role_assignment ";
        $res = $db->query($query);
        $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
        return (int) ($row->num ?? 0);
    }

Here is the caller graph for this function:

updateAssignments()

static ilShibbolethRoleAssignmentRules::updateAssignments ( int  $a_usr_id, array  $a_data  )

static

Definition at line 60 of file class.ilShibbolethRoleAssignmentRules.php.

References $DIC, $res, ilObject\_lookupTitle(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilAuthProviderShibboleth\doAuthentication().

                                                                          : bool
    {
        global $DIC;
        $db = $DIC->database();
        $rbac_admin = $DIC->rbac()->admin();
        $rbac_review = $DIC->rbac()->review();
        $logger = $DIC->logger()->root();
        $query = "SELECT rule_id,add_on_update,remove_on_update FROM shib_role_assignment " . "WHERE add_on_update = 1 OR remove_on_update = 1";
        $res = $db->query($query);
        while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
            $rule = new ilShibbolethRoleAssignmentRule($row->rule_id);
            //                  $matches = $rule->matches($a_data);
            if ($row->add_on_update && $rule->doesMatch($a_data)) {
                $logger->write(__METHOD__ . ': Assigned to role ' . ilObject::_lookupTitle($rule->getRoleId()));
                $rbac_admin->assignUser($rule->getRoleId(), $a_usr_id);
            }
            if ($row->remove_on_update && !$rule->doesMatch($a_data)) {
                $logger->write(__METHOD__ . ': Deassigned from role ' . ilObject::_lookupTitle($rule->getRoleId()));
                $rbac_admin->deassignUser($rule->getRoleId(), $a_usr_id);
            }
        }
        // check if is assigned to minimum one global role
        if (!array_intersect($rbac_review->assignedRoles($a_usr_id), $rbac_review->getGlobalRoles())) {
            $settings = new ilShibbolethSettings();
            $default_role = $settings->getDefaultRole();
            $logger->write(__METHOD__ . ': Assigned to default role ' . ilObject::_lookupTitle($default_role));
            $rbac_admin->assignUser($default_role, $a_usr_id);
        }

        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

---

The documentation for this class was generated from the following file:

• components/ILIAS/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php