00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00040 class ilRbacReview
00041 {
00042 var $log = null;
00043
00048 function ilRbacReview()
00049 {
00050 global $ilDB,$ilErr,$ilias,$ilLog;
00051
00052 $this->log =& $ilLog;
00053
00054
00055 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00056
00057 if (!isset($ilErr))
00058 {
00059 $ilErr = new ilErrorHandling();
00060 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00061 }
00062 else
00063 {
00064 $this->ilErr =& $ilErr;
00065 }
00066 }
00067
00075 function roleExists($a_title,$a_id = 0)
00076 {
00077 if (empty($a_title))
00078 {
00079 $message = get_class($this)."::roleExists(): No title given!";
00080 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00081 }
00082
00083 $clause = ($a_id) ? " AND obj_id != '".$a_id."'" : "";
00084
00085 $q = "SELECT DISTINCT(obj_id) as obj_id FROM object_data ".
00086 "WHERE title ='".addslashes($a_title)."' ".
00087 "AND type IN('role','rolt')".
00088 $clause;
00089 $r = $this->ilDB->query($q);
00090
00091 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00092 {
00093 return $row->obj_id;
00094 }
00095 return false;
00096 }
00097
00106 function __getParentRoles($a_path,$a_templates,$a_keep_protected)
00107 {
00108 global $log;
00109
00110 if (!isset($a_path) or !is_array($a_path))
00111 {
00112 $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
00113 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00114 }
00115
00116 $parent_roles = array();
00117 $role_hierarchy = array();
00118
00119 $child = $this->__getAllRoleFolderIds();
00120
00121
00122 $in = " IN('";
00123 $in .= implode("','",$child);
00124 $in .= "') ";
00125
00126 foreach ($a_path as $path)
00127 {
00128 $q = "SELECT * FROM tree ".
00129 "WHERE child ".$in.
00130 "AND parent = '".$path."'";
00131 $r = $this->ilDB->query($q);
00132
00133 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00134 {
00135 $roles = $this->getRoleListByObject($row->child,$a_templates);
00136
00137 foreach ($roles as $role)
00138 {
00139 $id = $role["obj_id"];
00140 $role["parent"] = $row->child;
00141 $parent_roles[$id] = $role;
00142
00143 if (!array_key_exists($role['obj_id'],$role_hierarchy))
00144 {
00145 $role_hierarchy[$id] = $row->child;
00146 }
00147 }
00148 }
00149 }
00150
00151 if (!$a_keep_protected)
00152 {
00153 return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$path);
00154 }
00155
00156 return $parent_roles;
00157 }
00158
00167 function getParentRoleIds($a_endnode_id,$a_templates = false,$a_keep_protected = false)
00168 {
00169 global $tree,$log;
00170
00171 if (!isset($a_endnode_id))
00172 {
00173 $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
00174 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00175 }
00176
00177
00178 $log->write("ilRBACreview::getParentRoleIds(), 0");
00179 $pathIds = $tree->getPathId($a_endnode_id);
00180
00181
00182 $pathIds[0] = SYSTEM_FOLDER_ID;
00183 $log->write("ilRBACreview::getParentRoleIds(), 1");
00184 return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
00185 }
00186
00194 function getRoleListByObject($a_ref_id,$a_templates = false)
00195 {
00196 if (!isset($a_ref_id) or !isset($a_templates))
00197 {
00198 $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
00199 "ref_id: ".$a_ref_id.
00200 "tpl_flag: ".$a_templates;
00201 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00202 }
00203
00204 $role_list = array();
00205
00206 $where = $this->__setTemplateFilter($a_templates);
00207
00208 $q = "SELECT * FROM object_data ".
00209 "JOIN rbac_fa ".$where.
00210 "AND object_data.obj_id = rbac_fa.rol_id ".
00211 "AND rbac_fa.parent = '".$a_ref_id."'";
00212 $r = $this->ilDB->query($q);
00213
00214 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00215 {
00216 $role_list[] = fetchObjectData($row);
00217 }
00218
00219 $role_list = $this->__setRoleType($role_list);
00220
00221 return $role_list;
00222 }
00223
00230 function getAssignableRoles($a_templates = false,$a_internal_roles = false)
00231 {
00232 $role_list = array();
00233
00234 $where = $this->__setTemplateFilter($a_templates);
00235
00236 $q = "SELECT DISTINCT * FROM object_data ".
00237 "JOIN rbac_fa ".$where.
00238 "AND object_data.obj_id = rbac_fa.rol_id ".
00239 "AND rbac_fa.assign = 'y'";
00240 $r = $this->ilDB->query($q);
00241
00242 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00243 {
00244
00245 $role_list[] = fetchObjectData($row);
00246 }
00247
00248 $role_list = $this->__setRoleType($role_list);
00249
00250 return $role_list;
00251 }
00252
00259 function getAssignableChildRoles($a_ref_id)
00260 {
00261 global $tree;
00262
00263 $roles_data = $this->getAssignableRoles();
00264
00265
00266 foreach($roles_data as $role)
00267 {
00268 if($tree->isGrandChild($a_ref_id,$role['parent']))
00269 {
00270 $filtered[] = $role;
00271 }
00272 }
00273 return $filtered ? $filtered : array();
00274 }
00275
00282 function __setTemplateFilter($a_templates)
00283 {
00284 if ($a_templates === true)
00285 {
00286 $where = "WHERE object_data.type IN ('role','rolt') ";
00287 }
00288 else
00289 {
00290 $where = "WHERE object_data.type = 'role' ";
00291 }
00292
00293 return $where;
00294 }
00295
00307 function __setRoleType($a_role_list)
00308 {
00309 foreach ($a_role_list as $key => $val)
00310 {
00311
00312 if ($val["type"] == "rolt")
00313 {
00314 $a_role_list[$key]["role_type"] = "template";
00315 }
00316 else
00317 {
00318 if ($val["assign"] == "y")
00319 {
00320 if ($val["parent"] == ROLE_FOLDER_ID)
00321 {
00322 $a_role_list[$key]["role_type"] = "global";
00323 }
00324 else
00325 {
00326 $a_role_list[$key]["role_type"] = "local";
00327 }
00328 }
00329 else
00330 {
00331 $a_role_list[$key]["role_type"] = "linked";
00332 }
00333 }
00334
00335 if ($val["protected"] == "y")
00336 {
00337 $a_role_list[$key]["protected"] = true;
00338 }
00339 else
00340 {
00341 $a_role_list[$key]["protected"] = false;
00342 }
00343 }
00344
00345 return $a_role_list;
00346 }
00347
00355 function assignedUsers($a_rol_id, $a_fields = NULL)
00356 {
00357 global $ilBench;
00358
00359 $ilBench->start("RBAC", "review_assignedUsers");
00360
00361 if (!isset($a_rol_id))
00362 {
00363 $message = get_class($this)."::assignedUsers(): No role_id given!";
00364 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00365 }
00366
00367 $result_arr = array();
00368
00369 if ($a_fields !== NULL and is_array($a_fields))
00370 {
00371 if (count($a_fields) == 0)
00372 {
00373 $select = "*";
00374 }
00375 else
00376 {
00377 if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
00378 unset($a_fields[$usr_id_field]);
00379
00380 $select = implode(",",$a_fields).",usr_data.usr_id";
00381 }
00382
00383 $q = "SELECT ".$select." FROM usr_data ".
00384 "LEFT JOIN rbac_ua ON usr_data.usr_id=rbac_ua.usr_id ".
00385 "WHERE rbac_ua.rol_id='".$a_rol_id."'";
00386 $r = $this->ilDB->query($q);
00387
00388 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00389 {
00390 $result_arr[] = $row;
00391 }
00392 }
00393 else
00394 {
00395 $q = "SELECT usr_id FROM rbac_ua WHERE rol_id='".$a_rol_id."'";
00396 $r = $this->ilDB->query($q);
00397
00398 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00399 {
00400 array_push($result_arr,$row["usr_id"]);
00401 }
00402 }
00403
00404 $ilBench->stop("RBAC", "review_assignedUsers");
00405
00406 return $result_arr;
00407 }
00408
00416 function isAssigned($a_usr_id,$a_role_id)
00417 {
00418 return in_array($a_usr_id,$this->assignedUsers($a_role_id));
00419 }
00420
00427 function assignedRoles($a_usr_id)
00428 {
00429 if (!isset($a_usr_id))
00430 {
00431 $message = get_class($this)."::assignedRoles(): No user_id given!";
00432 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00433 }
00434
00435 $role_arr = array();
00436
00437 $q = "SELECT rol_id FROM rbac_ua WHERE usr_id = '".$a_usr_id."'";
00438 $r = $this->ilDB->query($q);
00439
00440 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00441 {
00442 $role_arr[] = $row->rol_id;
00443 }
00444
00445 if (!count($role_arr))
00446 {
00447 $message = get_class($this)."::assignedRoles(): No assigned roles found or user does not exist!";
00448 #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
00449 }
00450
00451 return $role_arr;
00452 }
00453
00461 function isAssignable($a_rol_id, $a_ref_id)
00462 {
00463 global $ilBench;
00464
00465 $ilBench->start("RBAC", "review_isAssignable");
00466
00467
00468 if ($a_rol_id == SYSTEM_ROLE_ID)
00469 {
00470 $ilBench->stop("RBAC", "review_isAssignable");
00471
00472 return true;
00473 }
00474
00475 if (!isset($a_rol_id) or !isset($a_ref_id))
00476 {
00477 $message = get_class($this)."::isAssignable(): Missing parameter!".
00478 " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
00479 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00480 }
00481
00482 $q = "SELECT * FROM rbac_fa ".
00483 "WHERE rol_id = '".$a_rol_id."' ".
00484 "AND parent = '".$a_ref_id."'";
00485 $row = $this->ilDB->getRow($q);
00486
00487 $ilBench->stop("RBAC", "review_isAssignable");
00488
00489 return $row->assign == 'y' ? true : false;
00490 }
00491
00502 function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
00503 {
00504 if (!isset($a_rol_id))
00505 {
00506 $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
00507 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00508 }
00509
00510 if ($a_assignable)
00511 {
00512 $where = " AND assign ='y'";
00513 }
00514
00515 $q = "SELECT DISTINCT parent FROM rbac_fa ".
00516 "WHERE rol_id = '".$a_rol_id."'".$where;
00517 $r = $this->ilDB->query($q);
00518
00519 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00520 {
00521 $folders[] = $row->parent;
00522 }
00523
00524 return $folders ? $folders : array();
00525 }
00526
00535 function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
00536 {
00537 global $ilBench;
00538
00539 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
00540
00541 if (!isset($a_ref_id))
00542 {
00543 $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
00544 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00545 }
00546
00547 if ($a_nonassignable === false)
00548 {
00549 $and = " AND assign='y'";
00550 }
00551
00552 $q = "SELECT rol_id FROM rbac_fa ".
00553 "WHERE parent = '".$a_ref_id."'".
00554 $and;
00555
00556 $r = $this->ilDB->query($q);
00557
00558 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00559 {
00560 $rol_id[] = $row->rol_id;
00561 }
00562
00563 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
00564
00565 return $rol_id ? $rol_id : array();
00566 }
00567
00573 function getGlobalRoles()
00574 {
00575 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
00576 }
00577
00583 function getGlobalRolesArray()
00584 {
00585 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
00586 {
00587 $ga[] = array('obj_id' => $role_id,
00588 'role_type' => 'global');
00589 }
00590 return $ga ? $ga : array();
00591 }
00592
00598 function getGlobalAssignableRoles()
00599 {
00600 include_once './classes/class.ilObjRole.php';
00601
00602 foreach($this->getGlobalRoles() as $role_id)
00603 {
00604 if(ilObjRole::_getAssignUsersStatus($role_id))
00605 {
00606 $ga[] = array('obj_id' => $role_id,
00607 'role_type' => 'global');
00608 }
00609 }
00610 return $ga ? $ga : array();
00611 }
00612
00618 function __getAllRoleFolderIds()
00619 {
00620 $parent = array();
00621
00622 $q = "SELECT DISTINCT parent FROM rbac_fa";
00623 $r = $this->ilDB->query($q);
00624
00625 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00626 {
00627 $parent[] = $row->parent;
00628 }
00629
00630 return $parent;
00631 }
00632
00639 function getRoleFolderOfObject($a_ref_id)
00640 {
00641 global $tree,$ilBench;
00642
00643 $ilBench->start("RBAC", "review_getRoleFolderOfObject");
00644
00645 if (!isset($a_ref_id))
00646 {
00647 $message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
00648 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00649 }
00650
00651 $childs = $tree->getChildsByType($a_ref_id,"rolf");
00652
00653 $ilBench->stop("RBAC", "review_getRoleFolderOfObject");
00654
00655 return $childs[0] ? $childs[0] : array();
00656 }
00657
00658 function getRoleFolderIdOfObject($a_ref_id)
00659 {
00660 $rolf = $this->getRoleFolderOfObject($a_ref_id);
00661
00662 if (!$rolf)
00663 {
00664 return false;
00665 }
00666
00667 return $rolf['ref_id'];
00668 }
00669
00675 function getOperations()
00676 {
00677
00678 $query = "SELECT * FROM rbac_operations ORDER BY ops_id ";
00679
00680 $res = $this->ilDB->query($query);
00681 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00682 {
00683 $ops[] = array('ops_id' => $row->ops_id,
00684 'operation' => $row->operation,
00685 'description' => $row->description);
00686 }
00687
00688 return $ops ? $ops : array();
00689 }
00690
00696 function getOperation($ops_id)
00697 {
00698 $query = "SELECT * FROM rbac_operations WHERE ops_id = '".ilUtil::prepareDBString($ops_id)."'";
00699
00700 $res = $this->ilDB->query($query);
00701 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00702 {
00703 $ops = array('ops_id' => $row->ops_id,
00704 'operation' => $row->operation,
00705 'description' => $row->description);
00706 }
00707
00708 return $ops ? $ops : array();
00709 }
00710
00720 function getOperationsOfRole($a_rol_id,$a_type,$a_parent = 0)
00721 {
00722 if (!isset($a_rol_id) or !isset($a_type))
00723 {
00724 $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
00725 "role_id: ".$a_rol_id.
00726 "type: ".$a_type.
00727 "parent_id: ".$a_parent;
00728 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00729 }
00730
00731 $ops_arr = array();
00732
00733
00734 if ($a_parent == 0)
00735 {
00736 $a_parent = ROLE_FOLDER_ID;
00737 }
00738
00739 $q = "SELECT ops_id FROM rbac_templates ".
00740 "WHERE type ='".$a_type."' ".
00741 "AND rol_id = '".$a_rol_id."' ".
00742 "AND parent = '".$a_parent."'";
00743 $r = $this->ilDB->query($q);
00744
00745 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00746 {
00747 $ops_arr[] = $row->ops_id;
00748 }
00749
00750 return $ops_arr;
00751 }
00752
00753 function getRoleOperationsOnObject($a_role_id,$a_ref_id)
00754 {
00755 $query = "SELECT * FROM rbac_pa ".
00756 "WHERE rol_id = '".$a_role_id."' ".
00757 "AND ref_id = '".$a_ref_id."'";
00758
00759 $res = $this->ilDB->query($query);
00760 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00761 {
00762 $ops = unserialize(stripslashes($row->ops_id));
00763 }
00764
00765 return $ops ? $ops : array();
00766 }
00767
00774 function getOperationsOnType($a_typ_id)
00775 {
00776 if (!isset($a_typ_id))
00777 {
00778 $message = get_class($this)."::getOperationsOnType(): No type_id given!";
00779 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00780 }
00781
00782 $q = "SELECT * FROM rbac_ta WHERE typ_id = '".$a_typ_id."'";
00783 $r = $this->ilDB->query($q);
00784
00785 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00786 {
00787 $ops_id[] = $row->ops_id;
00788 }
00789
00790 return $ops_id ? $ops_id : array();
00791 }
00792
00799 function getOperationsOnTypeString($a_type)
00800 {
00801 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = '".ilUtil::prepareDBString($a_type)."'";
00802
00803 $res = $this->ilDB->query($query);
00804 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00805 {
00806 return $this->getOperationsOnType($row->obj_id);
00807 }
00808 return false;
00809 }
00817 function getObjectsWithStopedInheritance($a_rol_id)
00818 {
00819 $tree = new ilTree(ROOT_FOLDER_ID);
00820
00821 if (!isset($a_rol_id))
00822 {
00823 $message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
00824 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00825 }
00826
00827 $all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
00828
00829 foreach ($all_rolf_ids as $rolf_id)
00830 {
00831 $parent[] = $tree->getParentId($rolf_id);
00832 }
00833
00834 return $parent ? $parent : array();
00835 }
00836
00843 function isDeleted($a_node_id)
00844 {
00845 $q = "SELECT tree FROM tree WHERE child ='".$a_node_id."'";
00846 $r = $this->ilDB->query($q);
00847
00848 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00849
00850 if (!$row)
00851 {
00852 $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
00853 get_class($this),
00854 $a_node_id);
00855 $this->log->write($message,$this->log->FATAL);
00856
00857 return true;
00858 }
00859
00860
00861 if ($row->tree < 0)
00862 {
00863 return true;
00864 }
00865
00866 return false;
00867 }
00868
00869 function getRolesByFilter($a_filter = 0,$a_user_id = 0)
00870 {
00871 $assign = "y";
00872
00873 switch($a_filter)
00874 {
00875
00876 case 1:
00877 return $this->getAssignableRoles();
00878 break;
00879
00880
00881 case 2:
00882 $where = "WHERE rbac_fa.rol_id IN ";
00883 $where .= '(';
00884 $where .= implode(',',$this->getGlobalRoles());
00885 $where .= ')';
00886 break;
00887
00888
00889 case 3:
00890 case 4:
00891 case 5:
00892 $where = "WHERE rbac_fa.rol_id NOT IN ";
00893 $where .= '(';
00894 $where .= implode(',',$this->getGlobalRoles());
00895 $where .= ')';
00896 break;
00897
00898
00899 case 6:
00900 $where = "WHERE object_data.type = 'rolt'";
00901 $assign = "n";
00902 break;
00903
00904
00905 case 0:
00906 default:
00907 if (!$a_user_id) return array();
00908
00909 $where = "WHERE rbac_fa.rol_id IN ";
00910 $where .= '(';
00911 $where .= implode(',',$this->assignedRoles($a_user_id));
00912 $where .= ')';
00913 break;
00914 }
00915
00916 $roles = array();
00917
00918 $q = "SELECT DISTINCT * FROM object_data ".
00919 "JOIN rbac_fa ".$where.
00920 "AND object_data.obj_id = rbac_fa.rol_id ".
00921 "AND rbac_fa.assign = '".$assign."'";
00922 $r = $this->ilDB->query($q);
00923
00924 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00925 {
00926 $prefix = (substr($row->title,0,3) == "il_") ? true : false;
00927
00928
00929 if ($a_filter == 4 and !$prefix)
00930 {
00931 continue;
00932 }
00933
00934
00935 if ($a_filter == 5 and $prefix)
00936 {
00937 continue;
00938 }
00939
00940 $roles[] = fetchObjectData($row);
00941 }
00942
00943 $roles = $this->__setRoleType($roles);
00944
00945 return $roles ? $roles : array();
00946 }
00947
00948
00949 function getTypeId($a_type)
00950 {
00951 global $ilDB;
00952
00953 $q = "SELECT obj_id FROM object_data ".
00954 "WHERE title=".$ilDB->quote($a_type)." AND type='typ'";
00955 $r = $ilDB->query($q);
00956
00957 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00958 return $row->obj_id;
00959 }
00960
00970 function _getOperationIdsByName($operations)
00971 {
00972 global $ilDB;
00973
00974 if(!count($operations))
00975 {
00976 return array();
00977 }
00978 $where = "WHERE operation IN ('";
00979 $where .= implode("','",$operations);
00980 $where .= "')";
00981
00982 $query = "SELECT ops_id FROM rbac_operations ".$where;
00983 $res = $ilDB->query($query);
00984 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00985 {
00986 $ops_ids[] = $row->ops_id;
00987 }
00988 return $ops_ids ? $ops_ids : array();
00989 }
00990
00999 function getLinkedRolesOfRoleFolder($a_ref_id)
01000 {
01001 if (!isset($a_ref_id))
01002 {
01003 $message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
01004 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01005 }
01006
01007 $and = " AND assign='n'";
01008
01009 $q = "SELECT rol_id FROM rbac_fa ".
01010 "WHERE parent = '".$a_ref_id."'".
01011 $and;
01012 $r = $this->ilDB->query($q);
01013
01014 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01015 {
01016 $rol_id[] = $row->rol_id;
01017 }
01018
01019 return $rol_id ? $rol_id : array();
01020 }
01021
01022
01023 function isProtected($a_ref_id,$a_role_id)
01024 {
01025 $q = "SELECT protected FROM rbac_fa ".
01026 "WHERE rol_id='".$a_role_id."' ".
01027 "AND parent='".$a_ref_id."'";
01028 $r = $this->ilDB->query($q);
01029 $row = $r->fetchRow();
01030
01031 return ilUtil::yn2tf($row[0]);
01032 }
01033
01034
01035
01036 function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
01037 {
01038 global $rbacsystem,$ilUser,$log;
01039
01040 if (in_array(SYSTEM_ROLE_ID,$_SESSION['RoleId']))
01041 {
01042 $leveladmin = true;
01043 }
01044 else
01045 {
01046 $leveladmin = false;
01047 }
01048
01049
01050
01051 foreach ($a_role_hierarchy as $role_id => $rolf_id)
01052 {
01053 $log->write("ilRBACreview::__setProtectedStatus(), 0");
01054
01055
01056
01057 if ($leveladmin == true)
01058 {
01059 $a_parent_roles[$role_id]['protected'] = false;
01060 continue;
01061 }
01062
01063 if ($a_parent_roles[$role_id]['protected'] == true)
01064 {
01065 $arr_lvl_roles_user = array_intersect($_SESSION['RoleId'],array_keys($a_role_hierarchy,$rolf_id));
01066
01067 foreach ($arr_lvl_roles_user as $lvl_role_id)
01068 {
01069
01070
01071
01072 $log->write("ilRBACreview::__setProtectedStatus(), 1");
01073
01074 if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
01075 {
01076 $log->write("ilRBACreview::__setProtectedStatus(), 2");
01077
01078 $a_parent_roles[$role_id]['protected'] = false;
01079
01080
01081 $leveladmin = true;
01082 }
01083 }
01084 }
01085 }
01086
01087 return $a_parent_roles;
01088 }
01089
01090 }
01091 ?>
