/**
* Role Mapping Tab
* @global ilToolbarGUI $ilToolbar
*/
public function roleMapping()
{
global $ilToolbar;
$this->setSubTabs();
$this->tabs_gui->setSubTabActive('ldap_role_mapping');
$ilToolbar->addButton($this->lng->txt("ldap_new_role_assignment"), $this->ctrl->getLinkTarget($this, 'addRoleMapping'));
include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
//Set propertyform for synchronization settings
include_once "./Services/Form/classes/class.ilCombinationInputGUI.php";
$propertie_form = new ilPropertyFormGUI();
$propertie_form->setTitle($this->lng->txt('ldap_role_settings'));
$propertie_form->setFormAction($this->ctrl->getFormAction($this, "saveSyncronizationSettings"));
$propertie_form->addCommandButton("saveSyncronizationSettings", $this->lng->txt('save'));
$role_active = new ilCheckboxInputGUI($this->lng->txt('ldap_role_active'));
$role_active->setPostVar('role_sync_active');
$role_active->setChecked($this->server->enabledRoleSynchronization() ? true : false);
$propertie_form->addItem($role_active);
$binding = new ilCombinationInputGUI($this->lng->txt('ldap_server_binding'));
$binding->setInfo($this->lng->txt('ldap_role_bind_user_info'));
$user = new ilTextInputGUI("");
$user->setPostVar("role_bind_user");
$user->setValue($this->server->getRoleBindDN());
$user->setSize(50);
$user->setMaxLength(255);
$binding->addCombinationItem(0, $user, $this->lng->txt('ldap_role_bind_user'));
$pass = new ilPasswordInputGUI("");
$pass->setPostVar("role_bind_pass");
$pass->setValue($this->server->getRoleBindPassword());
$pass->setSize(12);
$pass->setMaxLength(36);
$pass->setRetype(false);
$binding->addCombinationItem(1, $pass, $this->lng->txt('ldap_role_bind_pass'));
$propertie_form->addItem($binding);
$this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_mappings.html', 'Services/LDAP');
$this->tpl->setVariable("NEW_ASSIGNMENT_TBL", $propertie_form->getHTML());
//Set Group Assignments Table if mappings exist
include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
$mapping_instance = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->server->getServerId());
$mappings = $mapping_instance->getMappings();
if (count($mappings)) {
include_once "./Services/LDAP/classes/class.ilLDAPRoleMappingTableGUI.php";
$table_gui = new ilLDAPRoleMappingTableGUI($this, $this->server->getServerId(), "roleMapping");
$table_gui->setTitle($this->lng->txt('ldap_role_group_assignments'));
$table_gui->setData($mappings);
$this->tpl->setVariable("RULES_TBL", $table_gui->getHTML());
}
}
/**
* delete role and all related data
*
* @access public
* @return boolean true if all object data were removed; false if only a references were removed
*/
function delete()
{
global $rbacadmin, $rbacreview, $ilDB;
$role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
// Temporary bugfix
if ($rbacreview->hasMultipleAssignments($this->getId())) {
$GLOBALS['ilLog']->write(__METHOD__ . ': Found role with multiple assignments: ' . $this->getId());
return false;
}
if ($rbacreview->isAssignable($this->getId(), $this->getParent())) {
// do not delete a global role, if the role is the last
// role a user is assigned to.
//
// Performance improvement: In the code section below, we
// only need to consider _global_ roles. We don't need
// to check for _local_ roles, because a user who has
// a local role _always_ has a global role too.
$last_role_user_ids = array();
if ($this->getParent() == ROLE_FOLDER_ID) {
// The role is a global role: check if
// we find users who aren't assigned to any
// other global role than this one.
$user_ids = $rbacreview->assignedUsers($this->getId());
foreach ($user_ids as $user_id) {
// get all roles each user has
$role_ids = $rbacreview->assignedRoles($user_id);
// is last role?
if (count($role_ids) == 1) {
$last_role_user_ids[] = $user_id;
}
}
}
// users with last role found?
if (count($last_role_user_ids) > 0) {
foreach ($last_role_user_ids as $user_id) {
//echo "<br>last role for user id:".$user_id.":";
// GET OBJECT TITLE
$tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
$user_names[] = $tmp_obj->getFullname();
unset($tmp_obj);
}
// TODO: This check must be done in rolefolder object because if multiple
// roles were selected the other roles are still deleted and the system does not
// give any feedback about this.
$users = implode(', ', $user_names);
$this->ilias->raiseError($this->lng->txt("msg_user_last_role1") . " " . $users . "<br/>" . $this->lng->txt("msg_user_last_role2"), $this->ilias->error_obj->WARNING);
} else {
// IT'S A BASE ROLE
$rbacadmin->deleteRole($this->getId(), $this->getParent());
// Delete ldap role group mappings
include_once './Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
// delete object_data entry
parent::delete();
// delete role_data entry
$query = "DELETE FROM role_data WHERE role_id = " . $ilDB->quote($this->getId(), 'integer');
$res = $ilDB->manipulate($query);
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($this->getId());
$role_desk_item_obj->deleteAll();
}
} else {
// linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
$rbacadmin->deleteLocalRole($this->getId(), $this->getParent());
}
// purge empty rolefolders
//
// Performance improvement: We filter out all role folders
// which still contain roles, _before_ we attempt to purge them.
// This is faster than attempting to purge all role folders,
// and let function purge() of the role folder find out, if
// purging is possible.
$non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
$role_folders = array_diff($role_folders, $non_empty_role_folders);
// Attempt to purge the role folders
foreach ($role_folders as $rolf) {
if (ilObject::_exists($rolf, true)) {
$rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
$rolfObj->purge();
unset($rolfObj);
}
}
return true;
}
private function initRoleMapping()
{
include_once './Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
$this->role_mapping = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId((int) $_GET['ldap_server_id']);
}
/**
* Check if there is any active server with
*
* @access private
* @param
*
*/
private function initServers()
{
$server_ids = ilLDAPServer::_getRoleSyncServerIds();
if (!count($server_ids)) {
return false;
}
// Init servers
include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
$this->active_servers = true;
$this->mappings = array();
foreach ($server_ids as $server_id) {
$this->servers[$server_id] = new ilLDAPServer($server_id);
$this->mappings = ilLDAPRoleGroupMappingSettings::_getAllActiveMappings();
}
$this->mapping_info = array();
$this->mapping_info_strict = array();
foreach ($this->mappings as $mapping) {
foreach ($mapping as $key => $data) {
if (strlen($data['info']) and $data['object_id']) {
$this->mapping_info[$data['object_id']][] = $data['info'];
}
if (strlen($data['info']) && $data['info_type'] == ilLDAPRoleGroupMappingSettings::MAPPING_INFO_ALL) {
$this->mapping_info_strict[$data['object_id']][] = $data['info'];
}
}
}
$this->users = ilObjUser::_getExternalAccountsByAuthMode('ldap', true);
return true;
}
/**
* get items from db
*/
function getItems()
{
include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
$mapping_instance = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->server_id);
$this->setData($mapping_instance->getMappings());
}