00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00038 class ilRbacAdmin
00039 {
00044 function ilRbacAdmin()
00045 {
00046 global $ilDB,$ilErr,$ilias;
00047
00048
00049 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00050
00051 if (!isset($ilErr))
00052 {
00053 $ilErr = new ilErrorHandling();
00054 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00055 }
00056 else
00057 {
00058 $this->ilErr =& $ilErr;
00059 }
00060 }
00061
00069 function removeUser($a_usr_id)
00070 {
00071 if (!isset($a_usr_id))
00072 {
00073 $message = get_class($this)."::removeUser(): No usr_id given!";
00074 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00075 }
00076
00077 $q = "DELETE FROM rbac_ua WHERE usr_id='".$a_usr_id."'";
00078 $this->ilDB->query($q);
00079
00080 return true;
00081 }
00082
00090 function deleteRole($a_rol_id,$a_ref_id)
00091 {
00092 global $lng;
00093
00094 if (!isset($a_rol_id) or !isset($a_ref_id))
00095 {
00096 $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
00097 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00098 }
00099
00100
00101 if ($a_rol_id == SYSTEM_ROLE_ID)
00102 {
00103 $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
00104 }
00105
00106
00107
00108
00109
00110 $q = "DELETE FROM rbac_ua ".
00111 "WHERE rol_id = '".$a_rol_id ."'";
00112 $this->ilDB->query($q);
00113
00114
00115 $q = "DELETE FROM rbac_pa ".
00116 "WHERE rol_id = '".$a_rol_id."'";
00117 $this->ilDB->query($q);
00118
00119
00120 $this->deleteLocalRole($a_rol_id);
00121
00122 return true;
00123 }
00124
00131 function deleteTemplate($a_obj_id)
00132 {
00133 if (!isset($a_obj_id))
00134 {
00135 $message = get_class($this)."::deleteTemplate(): No obj_id given!";
00136 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00137 }
00138
00139 $q = "DELETE FROM rbac_templates ".
00140 "WHERE rol_id = '".$a_obj_id ."'";
00141 $this->ilDB->query($q);
00142
00143 $q = "DELETE FROM rbac_fa ".
00144 "WHERE rol_id = '".$a_obj_id ."'";
00145 $this->ilDB->query($q);
00146
00147 return true;
00148 }
00149
00157 function deleteLocalRole($a_rol_id,$a_ref_id = 0)
00158 {
00159 if (!isset($a_rol_id))
00160 {
00161 $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
00162 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00163 }
00164
00165
00166 if ($a_rol_id == SYSTEM_ROLE_ID)
00167 {
00168 return true;
00169 }
00170
00171 if ($a_ref_id != 0)
00172 {
00173 $clause = "AND parent = '".$a_ref_id."'";
00174 }
00175
00176 $q = "DELETE FROM rbac_fa ".
00177 "WHERE rol_id = '".$a_rol_id."' ".
00178 $clause;
00179
00180 $this->ilDB->query($q);
00181
00182 $q = "DELETE FROM rbac_templates ".
00183 "WHERE rol_id = '".$a_rol_id."' ".
00184 $clause;
00185 $this->ilDB->query($q);
00186
00187 return true;
00188 }
00189
00190
00200 function assignUser($a_rol_id,$a_usr_id,$a_default = false)
00201 {
00202 if (!isset($a_rol_id) or !isset($a_usr_id))
00203 {
00204 $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00205 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00206 }
00207
00208 $q = "REPLACE INTO rbac_ua ".
00209 "VALUES ('".$a_usr_id."','".$a_rol_id."')";
00210 $res = $this->ilDB->query($q);
00211
00212
00213 include_once './classes/class.ilRoleDesktopItem.php';
00214
00215 $role_desk_item_obj =& new ilRoleDesktopItem($a_rol_id);
00216
00217 if(is_object($tmp_user = ilObjectFactory::getInstanceByObjId($a_usr_id,false)))
00218 {
00219 foreach($role_desk_item_obj->getAll() as $item_data)
00220 {
00221 if(!$tmp_user->isDesktopItem($item_data['item_id'],$item_data['item_type']))
00222 {
00223 $tmp_user->addDesktopItem($item_data['item_id'],$item_data['item_type']);
00224 }
00225 }
00226 }
00227 return true;
00228 }
00229
00237 function deassignUser($a_rol_id,$a_usr_id)
00238 {
00239 if (!isset($a_rol_id) or !isset($a_usr_id))
00240 {
00241 $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00242 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00243 }
00244
00245 $q = "DELETE FROM rbac_ua ".
00246 "WHERE usr_id='".$a_usr_id."' ".
00247 "AND rol_id='".$a_rol_id."'";
00248 $this->ilDB->query($q);
00249
00250 return true;
00251 }
00252
00261 function grantPermission($a_rol_id,$a_ops,$a_ref_id)
00262 {
00263 if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
00264 {
00265 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
00266 "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
00267 }
00268
00269 if (!is_array($a_ops))
00270 {
00271 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
00272 $this->ilErr->WARNING);
00273 }
00274
00275 if (count($a_ops) == 0)
00276 {
00277 return false;
00278 }
00279
00280
00281 if ($a_rol_id == SYSTEM_ROLE_ID)
00282 {
00283 return true;
00284 }
00285
00286
00287 foreach ($a_ops as $key => $operation)
00288 {
00289 $a_ops[$key] = (int) $operation;
00290 }
00291
00292
00293 $ops_ids = addslashes(serialize($a_ops));
00294
00295 $q = "REPLACE INTO rbac_pa (rol_id,ops_id,ref_id) ".
00296 "VALUES ".
00297 "('".$a_rol_id."','".$ops_ids."','".$a_ref_id."')";
00298 $this->ilDB->query($q);
00299
00300 return true;
00301 }
00302
00312 function revokePermission($a_ref_id,$a_rol_id = 0,$a_keep_protected = true)
00313 {
00314 global $rbacreview,$log;
00315
00316 if (!isset($a_ref_id))
00317 {
00318 $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
00319 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00320 }
00321 $log->write("ilRBACadmin::revokePermission(), 0");
00322
00323
00324 if ($a_keep_protected != true)
00325 {
00326
00327 if ($a_rol_id == SYSTEM_ROLE_ID)
00328 {
00329 return true;
00330 }
00331
00332 if ($a_rol_id)
00333 {
00334 $and1 = " AND rol_id = '".$a_rol_id."'";
00335 }
00336 else
00337 {
00338 $and1 = "";
00339 }
00340
00341
00342 $q = "DELETE FROM rbac_pa ".
00343 "WHERE ref_id = '".$a_ref_id."' ".
00344 $and1;
00345 $this->ilDB->query($q);
00346
00347 return true;
00348 }
00349
00350
00351
00352
00353 $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
00354
00355 if (!$a_rol_id)
00356 {
00357 $log->write("ilRBACadmin::revokePermission(), 1");
00358
00359 $role_ids = array();
00360
00361 foreach ($roles_in_scope as $role)
00362 {
00363 if ($role['protected'] == true)
00364 {
00365 continue;
00366 }
00367
00368 $role_ids[] = $role['obj_id'];
00369 }
00370
00371
00372 if (!$role_ids)
00373 {
00374 return true;
00375 }
00376
00377 $q = "DELETE FROM rbac_pa ".
00378 "WHERE rol_id IN (".implode(',',$role_ids).") ".
00379 "AND ref_id ='".$a_ref_id."'";
00380 $this->ilDB->query($q);
00381 }
00382 else
00383 {
00384 $log->write("ilRBACadmin::revokePermission(), 2");
00385
00386 if ($a_rol_id == SYSTEM_ROLE_ID)
00387 {
00388 return true;
00389 }
00390
00391
00392 if ($roles_in_scope[$a_rol_id]['protected'] == true)
00393 {
00394 return true;
00395 }
00396
00397 $q = "DELETE FROM rbac_pa ".
00398 "WHERE ref_id = '".$a_ref_id."' ".
00399 "AND rol_id = '".$a_rol_id."'";
00400 $this->ilDB->query($q);
00401 }
00402
00403 return true;
00404 }
00405
00413 function revokePermissionList($a_ref_ids,$a_rol_id)
00414 {
00415 if (!isset($a_ref_ids) or !is_array($a_ref_ids))
00416 {
00417 $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: ".var_dump($a_ref_ids);
00418 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00419 }
00420
00421 if (!isset($a_rol_id))
00422 {
00423 $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
00424 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00425 }
00426
00427
00428 if ($a_rol_id == SYSTEM_ROLE_ID)
00429 {
00430 return true;
00431 }
00432
00433 $ref_ids = implode(",",$a_ref_ids);
00434
00435
00436 $q = "DELETE FROM rbac_pa ".
00437 "WHERE ref_id IN (".$ref_ids.") ".
00438 "AND rol_id = ".$a_rol_id;
00439 $this->ilDB->query($q);
00440
00441 return true;
00442 }
00443
00454 function copyRolePermission($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
00455 {
00456 global $rbacreview;
00457
00458 if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
00459 {
00460 $message = get_class($this)."::copyRolePermission(): Missing parameter! source_id: ".$a_source_id.
00461 " source_parent_id: ".$a_source_parent.
00462 " dest_id : ".$a_dest_id.
00463 " dest_parent_id: ".$a_dest_parent;
00464 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00465 }
00466
00467
00468 if ($a_dest_id == SYSTEM_ROLE_ID)
00469 {
00470 return true;
00471 }
00472
00473 $q = "SELECT * FROM rbac_templates ".
00474 "WHERE rol_id = '".$a_source_id."' ".
00475 "AND parent = '".$a_source_parent."'";
00476 $r = $this->ilDB->query($q);
00477
00478 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00479 {
00480 $q = "INSERT INTO rbac_templates ".
00481 "VALUES ".
00482 "('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
00483 $this->ilDB->query($q);
00484 }
00485
00486
00487 if ($a_consider_protected == true)
00488 {
00489 if ($rbacreview->isProtected($a_source_parent,$a_source_id))
00490 {
00491 $this->setProtected($a_dest_parent,$a_dest_id,'y');
00492 }
00493 }
00494
00495 return true;
00496 }
00510 function copyRolePermissionIntersection($a_source1_id,$a_source1_parent,$a_source2_id,$a_source2_parent,$a_dest_parent,$a_dest_id)
00511 {
00512 global $rbacreview;
00513
00514 if (!isset($a_source1_id) or !isset($a_source1_parent)
00515 or !isset($a_source2_id) or !isset($a_source2_parent)
00516 or !isset($a_dest_id) or !isset($a_dest_parent))
00517 {
00518 $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
00519 " source1_parent: ".$a_source1_parent.
00520 " source2_id: ".$a_source2_id.
00521 " source2_parent: ".$a_source2_parent.
00522 " dest_id: ".$a_dest_id.
00523 " dest_parent_id: ".$a_dest_parent;
00524 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00525 }
00526
00527
00528 if ($a_dest_id == SYSTEM_ROLE_ID)
00529 {
00530 return true;
00531 }
00532
00533 if ($rbacreview->isProtected($a_source2_parent,$a_source2_id))
00534 {
00535 return true;
00536
00537 }
00538
00539 $q = "SELECT s1.type, s1.ops_id ".
00540 "FROM rbac_templates AS s1, rbac_templates AS s2 ".
00541 "WHERE s1.rol_id = '".$a_source1_id."' ".
00542 "AND s1.parent = '".$a_source1_parent."' ".
00543 "AND s2.rol_id = '".$a_source2_id."' ".
00544 "AND s2.parent = '".$a_source2_parent."' ".
00545 "AND s1.type = s2.type ".
00546 "AND s1.ops_id = s2.ops_id";
00547 $r = $this->ilDB->query($q);
00548
00549 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00550 {
00551 $q = "INSERT INTO rbac_templates ".
00552 "VALUES ".
00553 "('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
00554 $this->ilDB->query($q);
00555 }
00556
00557 return true;
00558 }
00559
00570 function deleteRolePermission($a_rol_id,$a_ref_id,$a_type = false)
00571 {
00572 if (!isset($a_rol_id) or !isset($a_ref_id))
00573 {
00574 $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
00575 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00576 }
00577
00578
00579 if ($a_rol_id == SYSTEM_ROLE_ID)
00580 {
00581 return true;
00582 }
00583
00584 if ($a_type !== false)
00585 {
00586 $and_type = " AND type='".$a_type."'";
00587 }
00588
00589 $q = "DELETE FROM rbac_templates ".
00590 "WHERE rol_id = '".$a_rol_id."' ".
00591 "AND parent = '".$a_ref_id."'".
00592 $and_type;
00593 $this->ilDB->query($q);
00594
00595 return true;
00596 }
00597
00608 function setRolePermission($a_rol_id,$a_type,$a_ops,$a_ref_id)
00609 {
00610 if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
00611 {
00612 $message = get_class($this)."::setRolePermission(): Missing parameter!".
00613 " role_id: ".$a_rol_id.
00614 " type: ".$a_type.
00615 " operations: ".$a_ops.
00616 " ref_id: ".$a_ref_id;
00617 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00618 }
00619
00620 if (!is_string($a_type) or empty($a_type))
00621 {
00622 $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
00623 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00624 }
00625
00626 if (!is_array($a_ops) or empty($a_ops))
00627 {
00628 $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
00629 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00630 }
00631
00632
00633 if ($a_rol_id == SYSTEM_ROLE_ID)
00634 {
00635 return true;
00636 }
00637
00638 foreach ($a_ops as $op)
00639 {
00640 $q = "INSERT INTO rbac_templates ".
00641 "VALUES ".
00642 "('".$a_rol_id."','".$a_type."','".$op."','".$a_ref_id."')";
00643 $this->ilDB->query($q);
00644 }
00645
00646 return true;
00647 }
00648
00662 function assignRoleToFolder($a_rol_id,$a_parent,$a_assign = "y")
00663 {
00664 if (!isset($a_rol_id) or !isset($a_parent))
00665 {
00666 $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
00667 " role_id: ".$a_rol_id.
00668 " parent_id: ".$a_parent.
00669 " assign: ".$a_assign;
00670 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00671 }
00672
00673
00674 if ($a_rol_id == SYSTEM_ROLE_ID)
00675 {
00676 return true;
00677 }
00678
00679
00680 if ($a_assign != "y")
00681 {
00682 $a_assign = "n";
00683 }
00684
00685 $q = "INSERT INTO rbac_fa (rol_id,parent,assign) ".
00686 "VALUES ('".$a_rol_id."','".$a_parent."','".$a_assign."')";
00687 $this->ilDB->query($q);
00688
00689 return true;
00690 }
00691
00700 function assignOperationToObject($a_type_id,$a_ops_id)
00701 {
00702 if (!isset($a_type_id) or !isset($a_ops_id))
00703 {
00704 $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
00705 "type_id: ".$a_type_id.
00706 "ops_id: ".$a_ops_id;
00707 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00708 }
00709
00710 $q = "INSERT INTO rbac_ta ".
00711 "VALUES('".$a_type_id."','".$a_ops_id."')";
00712 $this->ilDB->query($q);
00713
00714 return true;
00715 }
00716
00725 function deassignOperationFromObject($a_type_id,$a_ops_id)
00726 {
00727 if (!isset($a_type_id) or !isset($a_ops_id))
00728 {
00729 $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
00730 "type_id: ".$a_type_id.
00731 "ops_id: ".$a_ops_id;
00732 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00733 }
00734
00735 $q = "DELETE FROM rbac_ta ".
00736 "WHERE typ_id = '".$a_type_id."' ".
00737 "AND ops_id = '".$a_ops_id."'";
00738 $this->ilDB->query($q);
00739
00740 return true;
00741 }
00742
00743 function setProtected($a_ref_id,$a_role_id,$a_value)
00744 {
00745
00746 $q = "UPDATE rbac_fa ".
00747 "SET protected = '".$a_value."' ".
00748
00749 "WHERE rol_id = '".$a_role_id."'";
00750 $this->ilDB->query($q);
00751
00752 return true;
00753 }
00754 }
00755 ?>