diff options
| author | Arne Schröder, M. A. <schroeder@data-quest.de> | 2024-12-19 14:48:40 +0000 |
|---|---|---|
| committer | Rasmus Fuhse <fuhse@data-quest.de> | 2024-12-19 14:48:40 +0000 |
| commit | a4d431b8a07c0c7ab25242a38f1950b4f6107813 (patch) | |
| tree | 46ea74dd78d310b4cb5b3bc7b3f6217317a52a69 | |
| parent | 7cbba1ec8a0de90e02632fe06beebb2e672a07a2 (diff) | |
Resolve "Erweiterte Rollenzuweisung für ILIAS-Accounts"
Closes #4267
Merge request studip/studip!3370
| -rw-r--r-- | app/controllers/admin/ilias_interface.php | 59 | ||||
| -rw-r--r-- | app/views/admin/ilias_interface/edit_permissions.php | 98 | ||||
| -rw-r--r-- | lib/ilias_interface/ConnectedIlias.php | 25 | ||||
| -rw-r--r-- | lib/ilias_interface/IliasSoap.php | 35 |
4 files changed, 196 insertions, 21 deletions
diff --git a/app/controllers/admin/ilias_interface.php b/app/controllers/admin/ilias_interface.php index 750e33d..9399a63 100644 --- a/app/controllers/admin/ilias_interface.php +++ b/app/controllers/admin/ilias_interface.php @@ -51,6 +51,8 @@ class Admin_IliasInterfaceController extends AuthenticatedController PageLayout::setHelpKeyword('Basis.Ilias'); $this->modules_available = ConnectedIlias::getSupportedModuleTypes(); + $this->studip_roles = ['autor', 'tutor', 'dozent', 'admin', 'root']; + $this->sidebar = Sidebar::get(); } @@ -151,7 +153,8 @@ class Admin_IliasInterfaceController extends AuthenticatedController 'author_role_name' => 'Author', 'author_role' => '', - 'author_perm' => 'tutor' + 'author_perm' => 'tutor', + 'additional_roles' => [] ]; // fetch existing indicies from previously connected ILIAS installations @@ -258,6 +261,9 @@ class Admin_IliasInterfaceController extends AuthenticatedController { $this->ilias_config = $this->ilias_configs[$index]; $this->ilias_index = $index; + + $connected_ilias = new ConnectedIlias($index); + $this->global_roles = $connected_ilias->soap_client->getRoles('global', -1); } /** @@ -283,7 +289,7 @@ class Admin_IliasInterfaceController extends AuthenticatedController { CSRFProtection::verifyUnsafeRequest(); - if (Request::submitted('submit')) { + if (Request::submittedSome('submit', 'add_additional_role', 'remove_additional_role')) { // set basic server settings if (Request::getInstance()->offsetExists('ilias_name')) { $this->ilias_configs[$index]['name'] = Request::get('ilias_name'); @@ -373,10 +379,59 @@ class Admin_IliasInterfaceController extends AuthenticatedController // set permissions settings if (Request::getInstance()->offsetExists('ilias_author_role_name')) { + $this->global_roles = $connected_ilias->soap_client->getRoles('global', -1); $this->ilias_configs[$index]['author_role_name'] = Request::get('ilias_author_role_name'); $this->ilias_configs[$index]['author_perm'] = Request::get('ilias_author_perm'); $this->ilias_configs[$index]['allow_change_account'] = Request::get('ilias_allow_change_account'); + // remove ilias role assignment + if ( + Request::submitted('remove_additional_role') + && Request::option('studip_role') + && array_key_exists('additional_roles', $this->ilias_configs[$index]) + ) { + $studip_role = Request::option('studip_role'); + $ilias_role = Request::option('remove_additional_role'); + if ( + in_array($studip_role, $this->studip_roles) + && array_key_exists($studip_role, $this->ilias_configs[$index]['additional_roles']) + && array_key_exists($ilias_role, $this->ilias_configs[$index]['additional_roles'][$studip_role]) + ) { + unset($this->ilias_configs[$index]['additional_roles'][$studip_role][$ilias_role]); + PageLayout::postSuccess(sprintf(_('ILIAS-Rollenzuweisung der Stud.IP-Rechtestufe %s wurde entfernt.'), $studip_role)); + } + } + + // add ilias role assignment + if ( + Request::submitted('add_additional_role') + && Request::option('add_studip_role') + && Request::option('add_ilias_role') + ) { + $studip_role = Request::option('add_studip_role'); + $ilias_role = Request::option('add_ilias_role'); + $role_already_assigned = false; + if (!array_key_exists('additional_roles', $this->ilias_configs[$index])) { + $this->ilias_configs[$index]['additional_roles'] = []; + } + if ( + in_array($studip_role, $this->studip_roles) + && (array_key_exists($ilias_role, $this->global_roles)) + ) { + if (!array_key_exists($studip_role, $this->ilias_configs[$index]['additional_roles'])) { + $this->ilias_configs[$index]['additional_roles'][$studip_role] = []; + } + if (array_key_exists($ilias_role, $this->global_roles)) { + $this->ilias_configs[$index]['additional_roles'][$studip_role][$ilias_role] = [ + 'id' => $this->global_roles[$ilias_role]['id'], + 'name' => $this->global_roles[$ilias_role]['name']]; + PageLayout::postSuccess(sprintf(_('ILIAS-Rolle %s wird Stud.IP-Rechtestufe %s zugewiesen.'), $this->global_roles[$ilias_role]['name'], $studip_role)); + } else { + PageLayout::postError(_('ILIAS-Rolle nicht gefunden.')); + } + } + } + //store config entry Config::get()->store('ILIAS_INTERFACE_SETTINGS', $this->ilias_configs); PageLayout::postSuccess(_('ILIAS-Berechtigungseinstellungen wurden gespeichert.')); diff --git a/app/views/admin/ilias_interface/edit_permissions.php b/app/views/admin/ilias_interface/edit_permissions.php index ef85091..3410a02 100644 --- a/app/views/admin/ilias_interface/edit_permissions.php +++ b/app/views/admin/ilias_interface/edit_permissions.php @@ -7,26 +7,86 @@ ?> <form class="default" action="<?= $controller->url_for('admin/ilias_interface/save/'.$ilias_index) ?>" method="post"> <?= CSRFProtection::tokenTag() ?> - <label> - <span class="required"><?= _('Rollen-Template zum Erstellen von Lernobjekten') ?></span> - <input type="text" name="ilias_author_role_name" size="50" maxlength="255" value="<?= $ilias_config['author_role_name'] ? htmlReady($ilias_config['author_role_name']) : 'Author' ?>" required> - </label> - <label> - <span class="required"><?= _('Erforderliche Rechtestufe zum Erstellen von Lernobjekten') ?></span> - <select name="ilias_author_perm"> - <option value="autor" <?=$ilias_config['author_perm'] == 'autor' ? 'selected' : ''?>><?=_('autor')?></option> - <option value="tutor" <?=$ilias_config['author_perm'] == 'tutor' ? 'selected' : ''?>><?=_('tutor')?></option> - <option value="dozent" <?=(($ilias_config['author_perm'] == 'dozent') OR ! $ilias_config['author_perm']) ? 'selected' : ''?>><?=_('dozent')?></option> - <option value="admin" <?=$ilias_config['author_perm'] == 'admin' ? 'selected' : ''?>><?=_('admin')?></option> - <option value="root" <?=$ilias_config['author_perm'] == 'root' ? 'selected' : ''?>><?=_('root')?></option> - </select> - </label> - <label> - <input type="checkbox" name="ilias_allow_change_account" value="1" <?= $ilias_config['allow_change_account'] ? 'checked' : '' ?>> - <span><?= _('Stud.IP-User können sich bestehende ILIAS-Accounts manuell zuordnen') ?></span> - </label> + <fieldset> + <legend> + <?= _('Anlegen von Inhalten') ?> + </legend> + <label> + <span class="required"><?= _('Rollentemplate zum Erstellen von Lernobjekten') ?></span> + <input type="text" name="ilias_author_role_name" size="50" maxlength="255" value="<?= $ilias_config['author_role_name'] ? htmlReady($ilias_config['author_role_name']) : 'Author' ?>" required> + </label> + <label> + <span class="required"><?= _('Erforderliche Rechtestufe zum Erstellen von Lernobjekten') ?></span> + <select name="ilias_author_perm"> + <option value="autor" <?=$ilias_config['author_perm'] == 'autor' ? 'selected' : ''?>><?=_('autor')?></option> + <option value="tutor" <?=$ilias_config['author_perm'] == 'tutor' ? 'selected' : ''?>><?=_('tutor')?></option> + <option value="dozent" <?=(($ilias_config['author_perm'] == 'dozent') OR ! $ilias_config['author_perm']) ? 'selected' : ''?>><?=_('dozent')?></option> + <option value="admin" <?=$ilias_config['author_perm'] == 'admin' ? 'selected' : ''?>><?=_('admin')?></option> + <option value="root" <?=$ilias_config['author_perm'] == 'root' ? 'selected' : ''?>><?=_('root')?></option> + </select> + </label> + <label> + <input type="checkbox" name="ilias_allow_change_account" value="1" <?= $ilias_config['allow_change_account'] ? 'checked' : '' ?>> + <span><?= _('Stud.IP-User können sich bestehende ILIAS-Accounts manuell zuordnen') ?></span> + </label> + </fieldset> <footer data-dialog-button> <?= Studip\Button::createAccept(_('Speichern'), 'submit') ?> - <?= Studip\Button::createCancel(_('Abbrechen'), 'cancel', ['data-dialog' => 'close']) ?> + <?= Studip\Button::createCancel(_('Schließen'), 'cancel', ['data-dialog' => 'close']) ?> </footer> + <fieldset> + <legend> + <?= _('Rollenzuweisungen') ?> + </legend> + <? if (array_key_exists('additional_roles', $ilias_config) && is_array($ilias_config['additional_roles']) && is_array($global_roles)) : ?> + <? foreach ($ilias_config['additional_roles'] as $studip_role => $ilias_roles) : ?> + <? if (count($ilias_roles) > 0) : ?> + <div id="ilias_studip_role_<?=htmlReady($studip_role)?>"><?= sprintf(_('Rechtestufe %s erhält zusätzliche globale Rolle(n):'), htmlReady($studip_role)) ?> + <ul> + <? foreach ($ilias_roles as $role_data) : ?> + <li><?= htmlReady(sprintf(_('%s (ID %s)'), $role_data['name'], $role_data['id'])) ?> + <?= Icon::create('trash')->asInput([ + 'class' => 'text-bottom', + 'title' => _('Diese Rollenzuweisung entfernen'), + 'data-confirm' => _('Sind Sie sicher, dass Sie diese ILIAS-Rollenzuweisung entfernen wollen?'), + 'formaction' => $controller->url_for( + 'admin/ilias_interface/save/'.$ilias_index, + [ + 'remove_additional_role' => $role_data['id'], + 'studip_role' => $studip_role, + ] + ) + ])?></li> + <? endforeach ?> + </ul></div> + <br> + <? endif ?> + <? endforeach ?> + <? endif ?> + <? if (is_array($global_roles) && is_array($studip_roles)) : ?> + <section> + <span><?= _('Stud.IP-Rechtestufe') ?></span> + <label> + <select name="add_studip_role" aria-label="<?= _('Stud.IP-Rechtestufe')?>"> + <option><?=_('-- Bitte auswählen --')?></option> + <? foreach ($studip_roles as $studip_role) : ?> + <option><?= htmlReady($studip_role) ?></option> + <? endforeach ?> + </select> + </label> + <span><?= _('ILIAS-Rolle') ?></span> + <label> + <select name="add_ilias_role" aria-label="<?= _('ILIAS-Rolle')?>"> + <option><?=_('-- Bitte auswählen --')?></option> + <? foreach ($global_roles as $role_data) : ?> + <option value="<?= htmlReady($role_data['id']) ?>"> + <?= htmlReady(sprintf(_('%s (ID %s)'), $role_data['name'], $role_data['id'])) ?> + </option> + <? endforeach ?> + </select> + </label> + <?= Studip\Button::create(_('Zusätzliche Rolle zuweisen und speichern'), 'add_additional_role') ?> + </section> + <? endif ?> + </fieldset> </form> diff --git a/lib/ilias_interface/ConnectedIlias.php b/lib/ilias_interface/ConnectedIlias.php index e90f75b..0dc1723 100644 --- a/lib/ilias_interface/ConnectedIlias.php +++ b/lib/ilias_interface/ConnectedIlias.php @@ -383,6 +383,18 @@ class ConnectedIlias $this->user->id = $user_id; $this->user->login = $this->ilias_config['user_prefix'].$this->user->studip_login; + // add additional roles + $temp_user = User::find($this->user->studip_id); + + if ( + array_key_exists('additional_roles', $this->ilias_config) + && array_key_exists($temp_user->perms, $this->ilias_config['additional_roles']) + ) { + foreach ($this->ilias_config['additional_roles'][$temp_user->perms] as $role_data) { + $this->soap_client->addUserRoleEntry($user_id, $role_data['id']); + } + } + $this->user->setConnection(IliasUser::USER_TYPE_CREATED); return true; } @@ -403,6 +415,17 @@ class ConnectedIlias return false; } $update_user = new IliasUser($this->index, $this->ilias_config['version'], $user->id); + + // add additional roles + if ( + array_key_exists('additional_roles', $this->ilias_config) + && array_key_exists($user->perms, $this->ilias_config['additional_roles']) + ) { + foreach ($this->ilias_config['additional_roles'][$user->perms] as $role_data) { + $this->soap_client->addUserRoleEntry($update_user->id, $role_data['id']); + } + } + // don't update ldap user if (! $this->ilias_config['user_prefix'] && $this->ilias_config['ldap_enable'] && @@ -412,10 +435,12 @@ class ConnectedIlias } elseif ($this->ilias_config['no_account_updates']) { return true; } + // if user is manually connected don't update user data if ($update_user->getUserType() == IliasUser::USER_TYPE_ORIGINAL) { return true; } + $this->soap_client->setCachingStatus(false); $this->soap_client->clearCache(); if ($update_user->isConnected() && $update_user->id && $this->soap_client->lookupUser($update_user->login)) { diff --git a/lib/ilias_interface/IliasSoap.php b/lib/ilias_interface/IliasSoap.php index 7bef42f..585595b 100644 --- a/lib/ilias_interface/IliasSoap.php +++ b/lib/ilias_interface/IliasSoap.php @@ -707,6 +707,41 @@ class IliasSoap extends StudipSoapClient } /** + * get roles + * + * gets roles of given type for given object + * + * @param string $role_type type of role (global|local|user|user_login|template or empty) + * @param string $id reference id, user id, or -1 for all available roles of given type + * @return array|false role-objects + */ + public function getRoles(string $role_type, string $id) + { + $param = [ + 'sid' => $this->getSID(), + 'role_type' => $role_type, + 'id' => $id + ]; + $result = $this->call('getRoles', $param); + if ($result) { + $s = simplexml_load_string($result); + $role_array = []; + + foreach ($s->Role as $role) { + $id_parts = explode('_role_', (string) $role->attributes()->id); + $role_array[$id_parts[1]] = [ + 'id' => $id_parts[1], + 'type' => (string) $role->attributes()->role_type, + 'name' => (string) $role->Title, + 'description' => (string) $role->Description, + ]; + } + return $role_array; + } + return false; + } + + /** * add role * * adds a new role |