.
* ---------------------------------------------------------------------
*/
if (!defined('GLPI_ROOT')) {
die("Sorry. You can't access this file directly");
}
/// Rule collection class for Rights management
class RuleRightCollection extends RuleCollection {
// From RuleCollection
public $stop_on_first_match = false;
static $rightname = 'rule_ldap';
public $orderby = "name";
public $menu_option = 'right';
// Specific ones
/// Array containing results : entity + right
public $rules_entity_rights = [];
/// Array containing results : only entity
public $rules_entity = [];
/// Array containing results : only right
public $rules_rights = [];
function getTitle() {
return __('Authorizations assignment rules');
}
/**
* @see RuleCollection::cleanTestOutputCriterias()
*/
function cleanTestOutputCriterias(array $output) {
if (isset($output["_rule_process"])) {
unset($output["_rule_process"]);
}
return $output;
}
/**
* @see RuleCollection::showTestResults()
*/
function showTestResults($rule, array $output, $global_result) {
$actions = $rule->getActions();
echo "| " . __('Rule results') . " |
|---|
";
echo "";
echo "| "._n('Validation', 'Validations', 1)." | ".
"".Dropdown::getYesNo($global_result)." | ";
if (isset($output["_ldap_rules"]["rules_entities"])) {
echo "
";
echo "| ".__('Entities assignment')." | ";
foreach ($output["_ldap_rules"]["rules_entities"] as $entities) {
foreach ($entities as $entity) {
$this->displayActionByName("entity", $entity[0]);
if (isset($entity[1])) {
$this->displayActionByName("recursive", $entity[1]);
}
}
}
}
if (isset($output["_ldap_rules"]["rules_rights"])) {
echo "
";
echo "| ".__('Rights assignment')." | ";
foreach ($output["_ldap_rules"]["rules_rights"] as $val) {
$this->displayActionByName("profile", $val[0]);
}
}
if (isset($output["_ldap_rules"]["rules_entities_rights"])) {
echo "
";
echo "| ".__('Rights and entities assignment')." | ";
foreach ($output["_ldap_rules"]["rules_entities_rights"] as $val) {
if (is_array($val[0])) {
foreach ($val[0] as $tmp) {
$this->displayActionByName("entity", $tmp);
}
} else {
$this->displayActionByName("entity", $val[0]);
}
if (isset($val[1])) {
$this->displayActionByName("profile", $val[1]);
}
if (isset($val[2])) {
$this->displayActionByName("is_recursive", $val[2]);
}
}
}
if (isset($output["_ldap_rules"])) {
unset($output["_ldap_rules"]);
}
foreach ($output as $criteria => $value) {
if (isset($actions[$criteria])) { // ignore _* fields
if (isset($actions[$criteria]['action_type'])) {
$actiontype = $actions[$criteria]['action_type'];
} else {
$actiontype ='';
}
echo "
";
echo "| ".$actions[$criteria]["name"]." | ";
echo "".$rule->getActionValue($criteria, $actiontype, $value);
echo " |
\n";
}
}
echo "";
}
/**
* Display action using its name
*
* @param $name action name
* @param $value default value
**/
function displayActionByName($name, $value) {
echo "";
switch ($name) {
case "entity" :
echo "| ".Entity::getTypeName(1)." | \n";
echo "".Dropdown::getDropdownName("glpi_entities", $value)." | ";
break;
case "profile" :
echo ""._n('Profile', 'Profiles', Session::getPluralNumber())." | \n";
echo "".Dropdown::getDropdownName("glpi_profiles", $value)." | ";
break;
case "is_recursive" :
echo "".__('Recursive')." | \n";
echo "".Dropdown::getYesNo($value)." | ";
break;
}
echo "
";
}
/**
* Get all the fields needed to perform the rule
*
* @see RuleCollection::getFieldsToLookFor()
**/
function getFieldsToLookFor() {
global $DB;
$params = [];
$iterator = $DB->request([
'SELECT' => 'value',
'DISTINCT' => true,
'FROM' => 'glpi_rulerightparameters',
'LEFT JOIN' => [
'glpi_rulecriterias' => [
'ON' => [
'glpi_rulerightparameters' => 'value',
'glpi_rulecriterias' => 'criteria'
]
],
'glpi_rules' => [
'ON' => [
'glpi_rulecriterias' => 'rules_id',
'glpi_rules' => 'id'
]
]
],
'WHERE' => ['glpi_rules.sub_type' => 'RuleRight']
]);
while ($param = $iterator->next()) {
//Dn is alwsays retreived from ldap : don't need to ask for it !
if ($param["value"] != "dn") {
$params[] = Toolbox::strtolower($param["value"]);
}
}
return $params;
}
/**
* Get the attributes needed for processing the rules
*
* @see RuleCollection::prepareInputDataForProcess()
*
* @param $input input datas
* @param $params extra parameters given
*
* @return an array of attributes
**/
function prepareInputDataForProcess($input, $params) {
$groups = [];
if (isset($input) && is_array($input)) {
$groups = $input;
}
//common parameters
$rule_parameters = [
'TYPE' => $params["type"] ?? "",
'LOGIN' => $params["login"] ?? "",
'MAIL_EMAIL' => $params["email"] ?? $params["mail_email"] ?? "",
'GROUPS' => $groups
];
//IMAP/POP login method
if ($params["type"] == Auth::MAIL) {
$rule_parameters["MAIL_SERVER"] = $params["mail_server"] ?? "";
}
//LDAP type method
if ($params["type"] == Auth::LDAP) {
//Get all the field to retrieve to be able to process rule matching
$rule_fields = $this->getFieldsToLookFor();
//Get all the datas we need from ldap to process the rules
$sz = @ldap_read($params["connection"], $params["userdn"], "objectClass=*",
$rule_fields);
$rule_input = AuthLDAP::get_entries_clean($params["connection"], $sz);
if (count($rule_input)) {
$rule_input = $rule_input[0];
//Get all the ldap fields
$fields = $this->getFieldsForQuery();
foreach ($fields as $field) {
switch (Toolbox::strtoupper($field)) {
case "LDAP_SERVER" :
$rule_parameters["LDAP_SERVER"] = $params["ldap_server"];
break;
default : // ldap criteria (added by user)
if (isset($rule_input[$field])) {
if (!is_array($rule_input[$field])) {
$rule_parameters[$field] = $rule_input[$field];
} else {
if (count($rule_input[$field])) {
foreach ($rule_input[$field] as $key => $val) {
if ($key !== 'count') {
$rule_parameters[$field][] = $val;
}
}
}
}
}
}
}
return $rule_parameters;
}
return $rule_input;
}
return $rule_parameters;
}
/**
* Get the list of fields to be retreived to process rules
**/
function getFieldsForQuery() {
$rule = new RuleRight();
$criterias = $rule->getCriterias();
$fields = [];
foreach ($criterias as $criteria) {
if (!is_array($criteria)) {
continue;
}
if (isset($criteria['virtual']) && $criteria['virtual']) {
$fields[] = $criteria['id'];
} else {
$fields[] = $criteria['field'];
}
}
return $fields;
}
}