ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Private Attributes
ilRbacReview Class Reference
Services/AccessControl

class ilRbacReview Contains Review functions of core Rbac. More...

+ Collaboration diagram for ilRbacReview:

Public Member Functions

 ilRbacReview ()
 Constructor public.
 searchRolesByMailboxAddressList ($a_address_list)
 Finds all role ids that match the specified user friendly role mailbox address list.
 getRoleMailboxAddress ($a_role_id, $is_localize=true)
 Returns the mailbox address of a role.
 roleExists ($a_title, $a_id=0)
 Checks if a role already exists.
 __getParentRoles ($a_path, $a_templates, $a_keep_protected)
 DEPRECTED use getParentRoles instead.
 getParentRoleIds ($a_endnode_id, $a_templates=false, $a_keep_protected=false)
 get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates public
 getRoleListByObject ($a_ref_id, $a_templates=false)
 Returns a list of roles in an container public.
 getAssignableRoles ($a_templates=false, $a_internal_roles=false)
 Returns a list of all assignable roles public.
 getAssignableRolesInSubtree ($ref_id)
 Returns a list of assignable roles in a subtree of the repository public.
 getAssignableChildRoles ($a_ref_id)
 Get all assignable roles under a specific node public.
 __setTemplateFilter ($a_templates)
 get roles and templates or only roles; returns string for where clause private
 __setRoleType ($a_role_list)
 computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates
 assignedUsers ($a_rol_id, $a_fields=NULL)
 get all assigned users to a given role public
 isAssigned ($a_usr_id, $a_role_id)
 check if a specific user is assigned to specific role public
 isAssignedToAtLeastOneGivenRole ($a_usr_id, $a_role_ids)
 
check if a specific user is assigned to at least one of the

given role ids.

 assignedRoles ($a_usr_id)
 get all assigned roles to a given user public
 isAssignable ($a_rol_id, $a_ref_id)
 Check if its possible to assign users public.
 getFoldersAssignedToRole ($a_rol_id, $a_assignable=false)
 returns an array of role folder ids assigned to a role.
 getRolesOfRoleFolder ($a_ref_id, $a_nonassignable=true)
 get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids public
 getGlobalRoles ()
 get only 'global' roles public
 getGlobalRolesArray ()
 get only 'global' roles public
 getGlobalAssignableRoles ()
 get only 'global' roles (with flag 'assign_users') public
 __getAllRoleFolderIds ()
 get all role folder ids private
 getRoleFolderOfObject ($a_ref_id)
 returns the data of a role folder assigned to an object public
 getRoleFolderIdOfObject ($a_ref_id)
 getOperations ()
 get all possible operations public
 getOperation ($ops_id)
 get one operation by operation id public
 getOperationsOfRole ($a_rol_id, $a_type, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public
 getRoleOperationsOnObject ($a_role_id, $a_ref_id)
 getOperationsOnType ($a_typ_id)
 all possible operations of a type public
 getOperationsOnTypeString ($a_type)
 all possible operations of a type public
 getObjectsWithStopedInheritance ($a_rol_id)
 get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.
 isDeleted ($a_node_id)
 checks if a rolefolder is set as deleted (negative tree_id) public
 getRolesByFilter ($a_filter=0, $a_user_id=0)
 getTypeId ($a_type)
 _getOperationIdsByName ($operations)
 get ops_id's by name.
 getLinkedRolesOfRoleFolder ($a_ref_id)
 get all linked local roles of a role folder that are created due to stopped inheritance returns an array with role ids public
 isProtected ($a_ref_id, $a_role_id)
 __setProtectedStatus ($a_parent_roles, $a_role_hierarchy, $a_ref_id)
 getObjectOfRole ($a_role_id)
 Get object id of objects a role is assigned to.
 isRoleDeleted ($a_role_id)
 return if role is only attached to deleted role folders
 getRolesForIDs ($role_ids, $use_templates)

Static Public Member Functions

static _getOperationIdByName ($a_operation)
 get operation id by name of operation public static
static _getOperationList ($a_type=null)
 get operation list by object type TODO: rename function to: getOperationByType public static
static _groupOperationsByClass ($a_ops_arr)

Data Fields

 $log = null

Protected Member Functions

 getParentRoles ($a_path, $a_templates, $a_keep_protected)
 get parent roles (NEW implementation)

Protected Attributes

 $assigned_roles = array()

Static Private Attributes

static $_opsCache = null

Detailed Description

class ilRbacReview Contains Review functions of core Rbac.

This class offers the possibility to view the contents of the user <-> role (UR) relation and the permission <-> role (PR) relation. For example, from the UA relation the administrator should have the facility to view all user assigned to a given role.

Author
Stefan Meyer smeye.nosp@m.r@da.nosp@m.tabay.nosp@m..de
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
Id:
class.ilRbacReview.php 22388 2009-11-18 17:07:34Z smeyer

Definition at line 40 of file class.ilRbacReview.php.

Member Function Documentation

ilRbacReview::__getAllRoleFolderIds ( )

get all role folder ids private

Returns
array

Definition at line 1240 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

{
$parent = array();
$q = "SELECT DISTINCT parent FROM rbac_fa";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$parent[] = $row->parent;
}
return $parent;
}
ilRbacReview::__getParentRoles (   $a_path,
  $a_templates,
  $a_keep_protected 
)

DEPRECTED use getParentRoles instead.

This version is much to slow on big installations

Get parent roles in a path. If last parameter is set 'true' it delivers also all templates in the path private

Parameters
arrayarray with path_ids
booleantrue for role templates (default: false)
Returns
array array with all parent roles (obj_ids)

Definition at line 624 of file class.ilRbacReview.php.

References $in, $log, __setProtectedStatus(), DB_FETCHMODE_OBJECT, getRoleListByObject(), and ilUtil\quoteArray().

Referenced by getParentRoleIds().

{
global $log,$ilDB;
if (!isset($a_path) or !is_array($a_path))
{
$message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$parent_roles = array();
$role_hierarchy = array();
//$child = $this->__getAllRoleFolderIds();
// Select all role folders on a path using a single SQL-statement.
// CREATE IN() STATEMENT
$in = " IN(";
$in .= implode(",",ilUtil::quoteArray($a_path));
$in .= ") ";
$q = "SELECT t.child,t.depth FROM tree AS t ".
"JOIN object_reference AS r ON r.ref_id=t.child ".
"JOIN object_data AS o ON o.obj_id=r.obj_id ".
"WHERE t.parent ".$in." ".
"AND o.type='rolf' ".
"ORDER BY t.depth ASC ";
$r = $this->ilDB->query($q);
// Sort by path (Administration -> Rolefolder is first element)
$role_rows = array();
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$depth = ($row->child == ROLE_FOLDER_ID ? 0 : $row->depth);
$role_rows[$depth]['child'] = $row->child;
}
ksort($role_rows,SORT_NUMERIC);
foreach($role_rows as $row)
{
$roles = $this->getRoleListByObject($row['child'],$a_templates);
foreach ($roles as $role)
{
$id = $role["obj_id"];
$role["parent"] = $row['child'];
$parent_roles[$id] = $role;
if (!array_key_exists($role['obj_id'],$role_hierarchy))
{
$role_hierarchy[$id] = $row['child'];
}
}
}
if (!$a_keep_protected)
{
return $this->__setProtectedStatus($parent_roles,$role_hierarchy,end($a_path));
}
return $parent_roles;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::__setProtectedStatus (   $a_parent_roles,
  $a_role_hierarchy,
  $a_ref_id 
)

Definition at line 1718 of file class.ilRbacReview.php.

References $log, and assignedRoles().

Referenced by __getParentRoles(), and getParentRoles().

{
global $rbacsystem,$ilUser,$log;
if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
{
$leveladmin = true;
}
else
{
$leveladmin = false;
}
//var_dump($a_role_hierarchy);
foreach ($a_role_hierarchy as $role_id => $rolf_id)
{
//$log->write("ilRBACreview::__setProtectedStatus(), 0");
//echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
//var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
if ($leveladmin == true)
{
$a_parent_roles[$role_id]['protected'] = false;
continue;
}
if ($a_parent_roles[$role_id]['protected'] == true)
{
$arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
foreach ($arr_lvl_roles_user as $lvl_role_id)
{
//echo "<br/>level_role: ".$lvl_role_id;
//echo "<br/>a_ref_id: ".$a_ref_id;
//$log->write("ilRBACreview::__setProtectedStatus(), 1");
// check if role grants 'edit_permission' to parent
if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
{
//$log->write("ilRBACreview::__setProtectedStatus(), 2");
// user may change permissions of that higher-ranked role
$a_parent_roles[$role_id]['protected'] = false;
// remember successful check
$leveladmin = true;
}
}
}
}
return $a_parent_roles;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::__setRoleType (   $a_role_list)

computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates

private

Parameters
arrayrole list
Returns
array role list with additional entry for role_type

Definition at line 877 of file class.ilRbacReview.php.

Referenced by getAssignableRoles(), getAssignableRolesInSubtree(), getRoleListByObject(), getRolesByFilter(), and getRolesForIDs().

{
foreach ($a_role_list as $key => $val)
{
// determine role type
if ($val["type"] == "rolt")
{
$a_role_list[$key]["role_type"] = "template";
}
else
{
if ($val["assign"] == "y")
{
if ($val["parent"] == ROLE_FOLDER_ID)
{
$a_role_list[$key]["role_type"] = "global";
}
else
{
$a_role_list[$key]["role_type"] = "local";
}
}
else
{
$a_role_list[$key]["role_type"] = "linked";
}
}
if ($val["protected"] == "y")
{
$a_role_list[$key]["protected"] = true;
}
else
{
$a_role_list[$key]["protected"] = false;
}
}
return $a_role_list;
}

+ Here is the caller graph for this function:

ilRbacReview::__setTemplateFilter (   $a_templates)

get roles and templates or only roles; returns string for where clause private

Parameters
booleantrue: with templates
Returns
string where clause

Definition at line 852 of file class.ilRbacReview.php.

Referenced by getAssignableRoles(), getAssignableRolesInSubtree(), getRoleListByObject(), and getRolesForIDs().

{
if ($a_templates === true)
{
$where = "WHERE object_data.type IN ('role','rolt') ";
}
else
{
$where = "WHERE object_data.type = 'role' ";
}
return $where;
}

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationIdByName (   $a_operation)
static

get operation id by name of operation public static

Parameters
stringoperation name
Returns
integer operation id

Definition at line 1639 of file class.ilRbacReview.php.

References $ilErr, and DB_FETCHMODE_OBJECT.

Referenced by ilRbacSystem\checkAccessOfUser().

{
global $ilDB,$ilErr;
if (!isset($a_operation))
{
$message = "perm::getOperationId(): No operation given!";
$ilErr->raiseError($message,$ilErr->WARNING);
}
// Cache operation ids
if (! is_array(self::$_opsCache)) {
self::$_opsCache = array();
$q = "SELECT ops_id, operation FROM rbac_operations";
$r = $ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
self::$_opsCache[$row->operation] = $row->ops_id;
}
}
// Get operation ID by name from cache
if (array_key_exists($a_operation, self::$_opsCache)) {
return self::$_opsCache[$a_operation];
}
return null;
}

+ Here is the caller graph for this function:

ilRbacReview::_getOperationIdsByName (   $operations)

get ops_id's by name.

Example usage: $rbacadmin->grantPermission($roles,ilRbacReview::_getOperationIdsByName(array('visible','read'),$ref_id));

public

Parameters
arraystring name of operation. see rbac_operations
Returns
array integer ops_id's

Definition at line 1611 of file class.ilRbacReview.php.

References $res, DB_FETCHMODE_OBJECT, and ilUtil\quoteArray().

Referenced by ilUtil\_getObjectsByOperations(), ilObjChat\initDefaultRoles(), and ilObjCourseGUI\updateECSExportSettings().

{
global $ilDB;
if(!count($operations))
{
return array();
}
$where = "WHERE operation IN (";
$where .= implode(",",ilUtil::quoteArray($operations));
$where .= ")";
$query = "SELECT ops_id FROM rbac_operations ".$where;
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops_ids[] = $row->ops_id;
}
return $ops_ids ? $ops_ids : array();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationList (   $a_type = null)
static

get operation list by object type TODO: rename function to: getOperationByType public static

Parameters
stringobject type you want to have the operation list
stringorder column
stringorder direction (possible values: ASC or DESC)
Returns
array returns array of operations

Definition at line 1782 of file class.ilRbacReview.php.

Referenced by ilObjTypeDefinitionGUI\editObject(), ilObjectStatusGUI\getAssignedValidRoles(), ilObjectStatusGUI\getPermissionInfo(), ilPermissionGUI\getRolesData(), and ilObjTypeDefinitionGUI\viewObject().

{
global $ilDB;
$arr = array();
if ($a_type)
{
$q = "SELECT * FROM rbac_operations ".
"LEFT JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ".
"LEFT JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ".
"WHERE object_data.title= ".$ilDB->quote($a_type)." AND object_data.type='typ' ".
"ORDER BY 'op_order' ASC";
}
else
{
$q = "SELECT * FROM rbac_operations ".
"ORDER BY 'op_order' ASC";
}
$r = $ilDB->query($q);
while ($row = $r->fetchRow())
{
$arr[] = array(
"ops_id" => $row[0],
"operation" => $row[1],
"desc" => $row[2],
"class" => $row[3],
"order" => $row[4]
);
}
return $arr;
}

+ Here is the caller graph for this function:

static ilRbacReview::_groupOperationsByClass (   $a_ops_arr)
static

Definition at line 1818 of file class.ilRbacReview.php.

Referenced by ilPermissionGUI\getRolesData().

{
$arr = array();
foreach ($a_ops_arr as $ops)
{
$arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
'name' => $ops['operation']
);
}
return $arr;
}

+ Here is the caller graph for this function:

ilRbacReview::assignedRoles (   $a_usr_id)

get all assigned roles to a given user public

Parameters
integerusr_id
Returns
array all roles (id) the user have

Definition at line 1052 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

Referenced by __setProtectedStatus(), and getRolesByFilter().

{
global $ilDB;
$role_arr = array();
$q = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id)." ";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_arr[] = $row->rol_id;
}
if (!count($role_arr))
{
$message = get_class($this)."::assignedRoles(): No assigned roles found or user does not exist!";
}
return $role_arr ? $role_arr : array();
}

+ Here is the caller graph for this function:

ilRbacReview::assignedUsers (   $a_rol_id,
  $a_fields = NULL 
)

get all assigned users to a given role public

Parameters
integerrole_id
arraycolumns to get form usr_data table (optional)
Returns
array all users (id) assigned to role OR arrays of user datas

Definition at line 925 of file class.ilRbacReview.php.

References $ilBench, and DB_FETCHMODE_ASSOC.

{
global $ilBench,$ilDB;
$ilBench->start("RBAC", "review_assignedUsers");
if (!isset($a_rol_id))
{
$message = get_class($this)."::assignedUsers(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$result_arr = array();
if ($a_fields !== NULL and is_array($a_fields))
{
if (count($a_fields) == 0)
{
$select = "*";
}
else
{
if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
unset($a_fields[$usr_id_field]);
$select = implode(",",$a_fields).",usr_data.usr_id";
$select = addslashes($select);
}
$q = "SELECT ".$select." FROM usr_data ".
"LEFT JOIN rbac_ua ON usr_data.usr_id=rbac_ua.usr_id ".
"WHERE rbac_ua.rol_id=".$ilDB->quote($a_rol_id)." ";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$result_arr[] = $row;
}
}
else
{
$q = "SELECT usr_id FROM rbac_ua WHERE rol_id=".$ilDB->quote($a_rol_id)." ";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
array_push($result_arr,$row["usr_id"]);
}
}
$ilBench->stop("RBAC", "review_assignedUsers");
return $result_arr;
}
ilRbacReview::getAssignableChildRoles (   $a_ref_id)

Get all assignable roles under a specific node public.

Parameters
ref_id
Returns
array set ids

Definition at line 824 of file class.ilRbacReview.php.

References DB_FETCHMODE_ASSOC.

{
global $tree;
//$roles_data = $this->getAssignableRoles();
$q = "SELECT fa.*, rd.* ".
"FROM object_data AS rd ".
"JOIN rbac_fa AS fa ON rd.obj_id = fa.rol_id ".
"JOIN tree AS t ON t.child = fa.parent ".
"WHERE fa.assign = 'y' ".
"AND t.parent = ".$this->ilDB->quote($a_ref_id)." "
;
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$roles_data[] = $row;
}
return $roles_data ? $roles_data : array();
}
ilRbacReview::getAssignableRoles (   $a_templates = false,
  $a_internal_roles = false 
)

Returns a list of all assignable roles public.

Parameters
booleanif true fetch template roles too
Returns
array set ids

Definition at line 759 of file class.ilRbacReview.php.

References __setRoleType(), __setTemplateFilter(), and DB_FETCHMODE_ASSOC.

Referenced by getRolesByFilter().

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$q = "SELECT DISTINCT * FROM object_data ".
"JOIN rbac_fa ".$where.
"AND object_data.obj_id = rbac_fa.rol_id ".
"AND rbac_fa.assign = 'y'";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getAssignableRolesInSubtree (   $ref_id)

Returns a list of assignable roles in a subtree of the repository public.

Parameters
ref_idRfoot node of subtree
Returns
array set ids

Definition at line 791 of file class.ilRbacReview.php.

References $ref_id, __setRoleType(), __setTemplateFilter(), and DB_FETCHMODE_ASSOC.

{
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$q = "SELECT fa.*, dat.* ".
"FROM tree AS root ".
"JOIN tree AS node ON node.tree = root.tree AND node.lft > root.lft AND node.rgt < root.rgt ".
"JOIN object_reference AS ref ON ref.ref_id = node.child ".
"JOIN rbac_fa AS fa ON fa.parent = ref.ref_id ".
"JOIN object_data AS dat ON dat.obj_id = fa.rol_id ".
"WHERE root.child = ".$this->ilDB->quote($ref_id)." AND root.tree = 1 ".
"AND fa.assign = 'y' ".
"ORDER BY dat.title";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

ilRbacReview::getFoldersAssignedToRole (   $a_rol_id,
  $a_assignable = false 
)

returns an array of role folder ids assigned to a role.

A role with stopped inheritance may be assigned to more than one rolefolder. To get only the original location of a role, set the second parameter to true

public

Parameters
integerrole id
booleanget only rolefolders where role is assignable (true)
Returns
array reference IDs of role folders

Definition at line 1121 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

Referenced by getObjectsWithStopedInheritance(), and isRoleDeleted().

{
global $ilDB;
if (!isset($a_rol_id))
{
$message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if ($a_assignable)
{
$where = " AND assign ='y'";
}
$q = "SELECT DISTINCT parent FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".$where;
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$folders[] = $row->parent;
}
return $folders ? $folders : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getGlobalAssignableRoles ( )

get only 'global' roles (with flag 'assign_users') public

Returns
array Array with rol_ids

Definition at line 1220 of file class.ilRbacReview.php.

References ilObjRole\_getAssignUsersStatus(), and getGlobalRoles().

{
include_once './Services/AccessControl/classes/class.ilObjRole.php';
foreach($this->getGlobalRoles() as $role_id)
{
if(ilObjRole::_getAssignUsersStatus($role_id))
{
$ga[] = array('obj_id' => $role_id,
'role_type' => 'global');
}
}
return $ga ? $ga : array();
}

+ Here is the call graph for this function:

ilRbacReview::getGlobalRoles ( )

get only 'global' roles public

Returns
array Array with rol_ids

Definition at line 1195 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

Referenced by getGlobalAssignableRoles(), and getRolesByFilter().

{
return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getGlobalRolesArray ( )

get only 'global' roles public

Returns
array Array with rol_ids

Definition at line 1205 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

{
foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
{
$ga[] = array('obj_id' => $role_id,
'role_type' => 'global');
}
return $ga ? $ga : array();
}

+ Here is the call graph for this function:

ilRbacReview::getLinkedRolesOfRoleFolder (   $a_ref_id)

get all linked local roles of a role folder that are created due to stopped inheritance returns an array with role ids public

Parameters
integerref_id of object
booleanif false only get true local roles
Returns
array Array with rol_ids

Definition at line 1677 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

{
global $ilDB;
if (!isset($a_ref_id))
{
$message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$and = " AND assign='n'";
$q = "SELECT rol_id FROM rbac_fa ".
"WHERE parent = ".$ilDB->quote($a_ref_id)." ".
$and;
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$rol_id[] = $row->rol_id;
}
return $rol_id ? $rol_id : array();
}
ilRbacReview::getObjectOfRole (   $a_role_id)

Get object id of objects a role is assigned to.

public

Parameters
introle id

Definition at line 1838 of file class.ilRbacReview.php.

References $res, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = "SELECT obr.obj_id FROM rbac_fa as rfa ".
"JOIN tree ON rfa.parent = tree.child ".
"JOIN object_reference AS obr ON tree.parent = obr.ref_id ".
"WHERE tree.tree = 1 ".
"AND assign = 'y' ".
"AND rol_id = ".$ilDB->quote($a_role_id)." ";
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$obj_id = $row->obj_id;
}
return $obj_id ? $obj_id : 0;
}
ilRbacReview::getObjectsWithStopedInheritance (   $a_rol_id)

get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.

public

Parameters
integerrole_id
Returns
array with ref_ids of objects

Definition at line 1452 of file class.ilRbacReview.php.

References getFoldersAssignedToRole().

{
$tree = new ilTree(ROOT_FOLDER_ID);
if (!isset($a_rol_id))
{
$message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
foreach ($all_rolf_ids as $rolf_id)
{
$parent[] = $tree->getParentId($rolf_id);
}
return $parent ? $parent : array();
}

+ Here is the call graph for this function:

ilRbacReview::getOperation (   $ops_id)

get one operation by operation id public

Returns
array data of operation_id

Definition at line 1319 of file class.ilRbacReview.php.

References $res, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = "SELECT * FROM rbac_operations WHERE ops_id = ".$ilDB->quote($ops_id)." ";
$res = $this->ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops = array('ops_id' => $row->ops_id,
'operation' => $row->operation,
'description' => $row->description);
}
return $ops ? $ops : array();
}
ilRbacReview::getOperations ( )

get all possible operations public

Returns
array array of operation_id

Definition at line 1297 of file class.ilRbacReview.php.

References $res, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = "SELECT * FROM rbac_operations ORDER BY ops_id ";
$res = $this->ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops[] = array('ops_id' => $row->ops_id,
'operation' => $row->operation,
'description' => $row->description);
}
return $ops ? $ops : array();
}
ilRbacReview::getOperationsOfRole (   $a_rol_id,
  $a_type,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public

Parameters
integerrole_id
stringobject type
integerrole folder id
Returns
array array of operation_id

Definition at line 1345 of file class.ilRbacReview.php.

References $ilLog, and DB_FETCHMODE_OBJECT.

{
global $ilDB,$ilLog;
if (!isset($a_rol_id) or !isset($a_type))
{
$message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
"role_id: ".$a_rol_id.
"type: ".$a_type.
"parent_id: ".$a_parent;
$ilLog->logStack("Missing parameter! ");
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$ops_arr = array();
// if no rolefolder id is given, assume global role folder as target
if ($a_parent == 0)
{
$a_parent = ROLE_FOLDER_ID;
}
$q = "SELECT ops_id FROM rbac_templates ".
"WHERE type =".$ilDB->quote($a_type)." ".
"AND rol_id = ".$ilDB->quote($a_rol_id)." ".
"AND parent = ".$ilDB->quote($a_parent)."";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops_arr[] = $row->ops_id;
}
return $ops_arr;
}
ilRbacReview::getOperationsOnType (   $a_typ_id)

all possible operations of a type public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs

Definition at line 1405 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

Referenced by getOperationsOnTypeString().

{
global $ilDB;
if (!isset($a_typ_id))
{
$message = get_class($this)."::getOperationsOnType(): No type_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id)." ";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops_id[] = $row->ops_id;
}
return $ops_id ? $ops_id : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getOperationsOnTypeString (   $a_type)

all possible operations of a type public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs

Definition at line 1432 of file class.ilRbacReview.php.

References $res, DB_FETCHMODE_OBJECT, and getOperationsOnType().

{
global $ilDB;
$query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type)." ";
$res = $this->ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
return $this->getOperationsOnType($row->obj_id);
}
return false;
}

+ Here is the call graph for this function:

ilRbacReview::getParentRoleIds (   $a_endnode_id,
  $a_templates = false,
  $a_keep_protected = false 
)

get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates public

Parameters
integerref_id of an object which is end node
booleantrue for role templates (default: false)
Returns
array array(role_ids => role_data)

Definition at line 691 of file class.ilRbacReview.php.

References $log, and __getParentRoles().

{
global $tree,$log,$ilDB;
if (!isset($a_endnode_id))
{
$message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
//var_dump($a_endnode_id);exit;
//$log->write("ilRBACreview::getParentRoleIds(), 0");
$pathIds = $tree->getPathId($a_endnode_id);
// add system folder since it may not in the path
$pathIds[0] = SYSTEM_FOLDER_ID;
//$log->write("ilRBACreview::getParentRoleIds(), 1");
#return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
}

+ Here is the call graph for this function:

ilRbacReview::getParentRoles (   $a_path,
  $a_templates,
  $a_keep_protected 
)
protected

get parent roles (NEW implementation)

protected

Parameters
@return

Definition at line 553 of file class.ilRbacReview.php.

References $log, $res, __setProtectedStatus(), DB_FETCHMODE_OBJECT, getRoleFolderIdOfObject(), and getRoleListByObject().

{
global $log,$ilDB,$tree;
$parent_roles = array();
$role_hierarchy = array();
$node = $tree->getNodeData($a_path);
$lft = $node['lft'];
$rgt = $node['rgt'];
// Role folder id
$relevant_rolfs[] = ROLE_FOLDER_ID;
// Role folder of current object
if($rolf = $this->getRoleFolderIdOfObject($a_path))
{
$relevant_rolfs[] = $rolf;
}
// role folder of objects in path
$query = "SELECT * FROM tree ".
"JOIN object_reference as obr ON child = ref_id ".
"JOIN object_data as obd ON obr.obj_id = obd.obj_id ".
"WHERE type = 'rolf' ".
"AND lft < ".$lft." ".
"AND rgt > ".$rgt;
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$relevant_rolfs[] = $row->child;
}
foreach($relevant_rolfs as $rolf)
{
$roles = $this->getRoleListByObject($rolf,$a_templates);
foreach ($roles as $role)
{
$id = $role["obj_id"];
$role["parent"] = $rolf;
$parent_roles[$id] = $role;
if (!array_key_exists($role['obj_id'],$role_hierarchy))
{
$role_hierarchy[$id] = $rolf;
}
}
}
if (!$a_keep_protected)
{
return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$a_path);
}
return $parent_roles;
}

+ Here is the call graph for this function:

ilRbacReview::getRoleFolderIdOfObject (   $a_ref_id)

Definition at line 1280 of file class.ilRbacReview.php.

References getRoleFolderOfObject().

Referenced by getParentRoles().

{
$rolf = $this->getRoleFolderOfObject($a_ref_id);
if (!$rolf)
{
return false;
}
return $rolf['ref_id'];
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getRoleFolderOfObject (   $a_ref_id)

returns the data of a role folder assigned to an object public

Parameters
integerref_id of object with a rolefolder object under it
Returns
array empty array if rolefolder not found

Definition at line 1261 of file class.ilRbacReview.php.

References $ilBench.

Referenced by getRoleFolderIdOfObject().

{
global $tree,$ilBench;
$ilBench->start("RBAC", "review_getRoleFolderOfObject");
if (!isset($a_ref_id))
{
$message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$childs = $tree->getChildsByType($a_ref_id,"rolf");
$ilBench->stop("RBAC", "review_getRoleFolderOfObject");
return $childs[0] ? $childs[0] : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getRoleListByObject (   $a_ref_id,
  $a_templates = false 
)

Returns a list of roles in an container public.

Parameters
integerref_id
booleanif true fetch template roles too
Returns
array set ids

Definition at line 719 of file class.ilRbacReview.php.

References __setRoleType(), __setTemplateFilter(), and DB_FETCHMODE_ASSOC.

Referenced by __getParentRoles(), and getParentRoles().

{
global $ilDB;
if (!isset($a_ref_id) or !isset($a_templates))
{
$message = get_class($this)."::getRoleListByObject(): Missing parameter!".
"ref_id: ".$a_ref_id.
"tpl_flag: ".$a_templates;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$q = "SELECT * FROM object_data ".
"JOIN rbac_fa ".$where.
"AND object_data.obj_id = rbac_fa.rol_id ".
"AND rbac_fa.parent = ".$ilDB->quote($a_ref_id)." ";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getRoleMailboxAddress (   $a_role_id,
  $is_localize = true 
)

Returns the mailbox address of a role. 

Example 1: Mailbox address for an ILIAS reserved role name
The il_crs_member_345 role of the course object "English Course 1" is returned as one of the following mailbox addresses:

a) Course Member <#member@[English Course 1]> b) Course Member <#il_crs_member_345@[English Course 1]> c) Course Member <#il_crs_member_345>

Address a) is returned, if the title of the object is unique, and if there is only one local role with the substring "member" defined for the object.

Address b) is returned, if the title of the object is unique, but there is more than one local role with the substring "member" in its title.

Address c) is returned, if the title of the course object is not unique. 

Example 2: Mailbox address for a manually defined role name
The "Admin" role of the category object "Courses" is returned as one of the following mailbox addresses:

a) Course Administrator <#Admin> b) Course Administrator <#Admin> c) Course Adminstrator <#il_role_34211> 

Address a) is returned, if the title of the object is unique, and
if there is only one local role with the substring "Admin" defined for
the course object.

Address b) is returned, if the title of the object is not unique, but

the role title is unique.

Address c) is returned, if neither the role title nor the title of the course object is unique. 

Example 3: Mailbox address for a manually defined role title that can
       contains special characters in the local-part of a 
       mailbox address
The "Author Courses" role of the category object "Courses" is returned as one of the following mailbox addresses:

a) "#Author Courses" b) Author Courses <#il_role_34234> 

Address a) is returned, if the title of the role is unique.

Address b) is returned, if neither the role title nor the title of the course object is unique, or if the role title contains a quote or a backslash.

Parameters
inta role id
booleanis_localize whether mailbox addresses should be localized
Returns
String mailbox address or null, if role does not exist.

Definition at line 329 of file class.ilRbacReview.php.

References $lng, $log, ilMail\_usePearMail(), DB_FETCHMODE_OBJECT, and if.

{
global $log, $lng;
include_once "Services/Mail/classes/class.ilMail.php";
if (ilMail::_usePearMail())
{
// Retrieve the role title and the object title.
$q = "SELECT rdat.title AS role_title,odat.title AS object_title, ".
" oref.ref_id AS object_ref ".
"FROM object_data AS rdat ".
"JOIN rbac_fa AS fa ON fa.rol_id = rdat.obj_id ".
"JOIN tree AS rtree ON rtree.child = fa.parent ".
"JOIN object_reference AS oref ON oref.ref_id = rtree.parent ".
"JOIN object_data AS odat ON odat.obj_id = oref.obj_id ".
"WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id)." ".
"AND fa.assign = 'y' ";
$r = $this->ilDB->query($q);
if (! ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)))
{
//$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
return null; // role does not exist
}
$object_title = $row->object_title;
$object_ref = $row->object_ref;
$role_title = $row->role_title;
// In a perfect world, we could use the object_title in the
// domain part of the mailbox address, and the role title
// with prefix '#' in the local part of the mailbox address.
$domain = $object_title;
$local_part = $role_title;
// Determine if the object title is unique
$q = "SELECT COUNT(DISTINCT dat.obj_id) AS count ".
"FROM object_data AS dat ".
"JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
"JOIN tree ON tree.child = ref.ref_id ".
"WHERE title = ".$this->ilDB->quote($object_title)." ".
"AND tree.tree = 1";
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
// If the object title is not unique, we get rid of the domain.
if ($row->count > 1)
{
$domain = null;
}
// If the domain contains illegal characters, we get rid of it.
if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
{
$domain = null;
}
// If the domain contains special characters, we put square
// brackets around it.
if ($domain != null &&
(preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
preg_match('/[^\x21-\x8f]/',$domain))
)
{
$domain = '['.$domain.']';
}
// If the role title is one of the ILIAS reserved role titles,
// we can use a shorthand version of it for the local part
// of the mailbox address.
if (strpos($role_title, 'il_') === 0 && $domain != null)
{
$unambiguous_role_title = $role_title;
$pos = strpos($role_title, '_', 3) + 1;
$local_part = substr(
$role_title,
$pos,
strrpos($role_title, '_') - $pos
);
}
else
{
$unambiguous_role_title = 'il_role_'.$a_role_id;
}
// Determine if the local part is unique. If we don't have a
// domain, the local part must be unique within the whole repositry.
// If we do have a domain, the local part must be unique for that
// domain.
if ($domain == null)
{
$q = "SELECT COUNT(DISTINCT dat.obj_id) AS count ".
"FROM object_data AS dat ".
"JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
"JOIN tree ON tree.child = ref.ref_id ".
"WHERE title = ".$this->ilDB->quote($local_part)." ".
"AND tree.tree = 1";
}
else
{
$q = "SELECT COUNT(rd.obj_id) AS count ".
"FROM object_data AS rd ".
"JOIN rbac_fa AS fa ON rd.obj_id = fa.rol_id ".
"JOIN tree AS t ON t.child = fa.parent ".
"WHERE fa.assign = 'y' ".
"AND t.parent = ".$this->ilDB->quote($object_ref)." ".
"AND rd.title LIKE ".$this->ilDB->quote(
'%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%')
;
}
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
// if the local_part is not unique, we use the unambiguous role title
// instead for the local part of the mailbox address
if ($row->count > 1)
{
$local_part = $unambiguous_role_title;
}
// If the local part contains illegal characters, we use
// the unambiguous role title instead.
if (preg_match('/[\\"\x00-\x1f]/',$local_part))
{
$local_part = $unambiguous_role_title;
}
// Add a "#" prefix to the local part
$local_part = '#'.$local_part;
// Put quotes around the role title, if needed
if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
{
$local_part = '"'.$local_part.'"';
}
$mailbox = ($domain == null) ?
$local_part :
$local_part.'@'.$domain;
if ($is_localize)
{
if (substr($role_title,0,3) == 'il_')
{
$phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
}
else
{
$phrase = $role_title;
}
// make phrase RFC 822 conformant:
// - strip excessive whitespace
// - strip special characters
$phrase = preg_replace('/\s\s+/', ' ', $phrase);
$phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
$mailbox = $phrase.' <'.$mailbox.'>';
}
return $mailbox;
}
else
{
$q = "SELECT title ".
"FROM object_data ".
"WHERE obj_id = ".$this->ilDB->quote($a_role_id);
$r = $this->ilDB->query($q);
if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return '#'.$row->title;
}
else
{
return null;
}
}
}

+ Here is the call graph for this function:

ilRbacReview::getRoleOperationsOnObject (   $a_role_id,
  $a_ref_id 
)

Definition at line 1382 of file class.ilRbacReview.php.

References $res, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = "SELECT * FROM rbac_pa ".
"WHERE rol_id = ".$ilDB->quote($a_role_id)." ".
"AND ref_id = ".$ilDB->quote($a_ref_id)." ";
$res = $this->ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops = unserialize(stripslashes($row->ops_id));
}
return $ops ? $ops : array();
}
ilRbacReview::getRolesByFilter (   $a_filter = 0,
  $a_user_id = 0 
)

Definition at line 1506 of file class.ilRbacReview.php.

References __setRoleType(), assignedRoles(), DB_FETCHMODE_ASSOC, getAssignableRoles(), getGlobalRoles(), and ilUtil\quoteArray().

{
global $ilDB;
$assign = "y";
switch($a_filter)
{
// all (assignable) roles
case 1:
return $this->getAssignableRoles();
break;
// all (assignable) global roles
case 2:
$where = "WHERE rbac_fa.rol_id IN ";
$where .= '(';
$where .= implode(',',ilUtil::quoteArray($this->getGlobalRoles()));
$where .= ')';
break;
// all (assignable) local roles
case 3:
case 4:
case 5:
$where = "WHERE rbac_fa.rol_id NOT IN ";
$where .= '(';
$where .= implode(',',ilUtil::quoteArray($this->getGlobalRoles()));
$where .= ')';
break;
// all role templates
case 6:
$where = "WHERE object_data.type = 'rolt'";
$assign = "n";
break;
// only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
case 0:
default:
if (!$a_user_id) return array();
$where = "WHERE rbac_fa.rol_id IN ";
$where .= '(';
$where .= implode(',',ilUtil::quoteArray($this->assignedRoles($a_user_id)));
$where .= ')';
break;
}
$roles = array();
$q = "SELECT DISTINCT * FROM object_data ".
"JOIN rbac_fa ".$where.
"AND object_data.obj_id = rbac_fa.rol_id ".
"AND rbac_fa.assign = ".$ilDB->quote($assign)." ";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$prefix = (substr($row["title"],0,3) == "il_") ? true : false;
// all (assignable) internal local roles only
if ($a_filter == 4 and !$prefix)
{
continue;
}
// all (assignable) non internal local roles only
if ($a_filter == 5 and $prefix)
{
continue;
}
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$roles[] = $row;
}
$roles = $this->__setRoleType($roles);
return $roles ? $roles : array();
}

+ Here is the call graph for this function:

ilRbacReview::getRolesForIDs (   $role_ids,
  $use_templates 
)

Definition at line 1881 of file class.ilRbacReview.php.

References __setRoleType(), __setTemplateFilter(), and DB_FETCHMODE_ASSOC.

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter($use_templates);
$q = "SELECT DISTINCT * FROM object_data ".
"JOIN rbac_fa ".$where.
"AND object_data.obj_id = rbac_fa.rol_id ".
"AND rbac_fa.assign = 'y' " .
"AND object_data.obj_id IN (".implode(",", $role_ids).")";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

ilRbacReview::getRolesOfRoleFolder (   $a_ref_id,
  $a_nonassignable = true 
)

get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids public

Parameters
integerref_id of object
booleanif false only get true local roles
Returns
array Array with rol_ids

Definition at line 1156 of file class.ilRbacReview.php.

References $ilBench, $ilLog, and DB_FETCHMODE_OBJECT.

Referenced by getGlobalRoles(), and getGlobalRolesArray().

{
global $ilBench,$ilDB,$ilLog;
$ilBench->start("RBAC", "review_getRolesOfRoleFolder");
if (!isset($a_ref_id))
{
$message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if ($a_nonassignable === false)
{
$and = " AND assign='y'";
}
$q = "SELECT rol_id FROM rbac_fa ".
"WHERE parent = ".$ilDB->quote($a_ref_id)." ".
$and;
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$rol_id[] = $row->rol_id;
}
$ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
return $rol_id ? $rol_id : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getTypeId (   $a_type)

Definition at line 1590 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

{
global $ilDB;
$q = "SELECT obj_id FROM object_data ".
"WHERE title=".$ilDB->quote($a_type)." AND type='typ'";
$r = $ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
return $row->obj_id;
}
ilRbacReview::ilRbacReview ( )

Constructor public.

Definition at line 52 of file class.ilRbacReview.php.

References $ilErr, $ilLog, and if.

{
global $ilDB,$ilErr,$ilias,$ilLog;
$this->log =& $ilLog;
// set db & error handler
(isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
if (!isset($ilErr))
{
$ilErr = new ilErrorHandling();
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
}
else
{
$this->ilErr =& $ilErr;
}
}
ilRbacReview::isAssignable (   $a_rol_id,
  $a_ref_id 
)

Check if its possible to assign users public.

Parameters
integerobject id of role
integerref_id of object in question
Returns
boolean

Definition at line 1080 of file class.ilRbacReview.php.

References $ilBench.

{
global $ilBench,$ilDB;
$ilBench->start("RBAC", "review_isAssignable");
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
$ilBench->stop("RBAC", "review_isAssignable");
return true;
}
if (!isset($a_rol_id) or !isset($a_ref_id))
{
$message = get_class($this)."::isAssignable(): Missing parameter!".
" role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "SELECT * FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
"AND parent = ".$ilDB->quote($a_ref_id)." ";
$row = $this->ilDB->getRow($q);
$ilBench->stop("RBAC", "review_isAssignable");
return $row->assign == 'y' ? true : false;
}
ilRbacReview::isAssigned (   $a_usr_id,
  $a_role_id 
)

check if a specific user is assigned to specific role public

Parameters
integerusr_id
integerrole_id
Returns
boolean

Definition at line 987 of file class.ilRbacReview.php.

References $res.

{
// Quickly determine if user is assigned to a role
global $ilDB;
$query = "SELECT usr_id FROM rbac_ua WHERE ".
"rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
"AND usr_id= ".$ilDB->quote($a_usr_id).
" LIMIT 1"
;
$res = $ilDB->query($query);
return $res->numRows() == 1;
}
ilRbacReview::isAssignedToAtLeastOneGivenRole (   $a_usr_id,
  $a_role_ids 
) 

check if a specific user is assigned to at least one of the

given role ids.

This function is used to quickly check whether a user is member of a course or a group. 

@access     public
@param      integer         usr_id
@param      array[integer]          role_ids
@return     boolean

Definition at line 1014 of file class.ilRbacReview.php.

References $res, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$inClause = '';
foreach ($a_role_ids as $v)
{
if ($inClause != '') {
$inClause .= ',';
}
$inClause .= $ilDB->quote($v);
}
$query = "SELECT COUNT(usr_id) AS num_found FROM rbac_ua WHERE ".
" rol_id IN(".$inClause.")".
" AND usr_id= ".$ilDB->quote($a_usr_id)." ";
$res = $ilDB->query($query);
while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
if((int)$row->num_found >= 1)
{
return true;
}
break;
}
return false;
}
ilRbacReview::isDeleted (   $a_node_id)

checks if a rolefolder is set as deleted (negative tree_id) public

Parameters
integerref_id of rolefolder
Returns
boolean true if rolefolder is set as deleted

Definition at line 1478 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

Referenced by isRoleDeleted().

{
global $ilDB;
$q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
if (!$row)
{
$message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
get_class($this),
$a_node_id);
$this->log->write($message,$this->log->FATAL);
return true;
}
// rolefolder is deleted
if ($row->tree < 0)
{
return true;
}
return false;
}

+ Here is the caller graph for this function:

ilRbacReview::isProtected (   $a_ref_id,
  $a_role_id 
)

Definition at line 1703 of file class.ilRbacReview.php.

References ilUtil\yn2tf().

{
global $ilDB;
$q = "SELECT protected FROM rbac_fa ".
"WHERE rol_id= ".$ilDB->quote($a_role_id)." ".
"AND parent= ".$ilDB->quote($a_ref_id)." ";
$r = $this->ilDB->query($q);
$row = $r->fetchRow();
return ilUtil::yn2tf($row[0]);
}

+ Here is the call graph for this function:

ilRbacReview::isRoleDeleted (   $a_role_id)

return if role is only attached to deleted role folders

Parameters
int$a_role_id
Returns
boolean

Definition at line 1863 of file class.ilRbacReview.php.

References getFoldersAssignedToRole(), and isDeleted().

{
$rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
$deleted = true;
if (count($rolf_list))
{
foreach ($rolf_list as $rolf) {
// only list roles that are not set to status "deleted"
if (!$this->isDeleted($rolf))
{
$deleted = false;
break;
}
}
}
return $deleted;
}

+ Here is the call graph for this function:

ilRbacReview::roleExists (   $a_title,
  $a_id = 0 
)

Checks if a role already exists.

Role title should be unique public

Parameters
stringrole title
integerobj_id of role to exclude in the check. Commonly this is the current role you want to edit
Returns
boolean true if exists

Definition at line 521 of file class.ilRbacReview.php.

References DB_FETCHMODE_OBJECT.

{
global $ilDB;
if (empty($a_title))
{
$message = get_class($this)."::roleExists(): No title given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
$q = "SELECT DISTINCT(obj_id) as obj_id FROM object_data ".
"WHERE title =".$ilDB->quote($a_title)." ".
"AND type IN('role','rolt')".
$clause;
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return $row->obj_id;
}
return false;
}
ilRbacReview::searchRolesByMailboxAddressList (   $a_address_list)

Finds all role ids that match the specified user friendly role mailbox address list.

The role mailbox name address list is an e-mail address list according to IETF RFC 822:

address list = role mailbox, {"," role mailbox } ; role mailbox = "#", local part, ["@" domain] ;

Examples: The following role mailbox names are all resolved to the role il_crs_member_123:

#Course.A #member.A #il_crs_member_123.A #il_crs_member_123 #il_crs_member_123

Examples: The following role mailbox names are all resolved to the role il_crs_member_345:

#member@[English Course] #il_crs_member_345@[English Course] #il_crs_member_345 #il_crs_member_345

If only the local part is specified, or if domain is equal to "ilias", ILIAS compares the title of role objects with local part. Only roles that are not in a trash folder are considered for the comparison.

If a domain is specified, and if the domain is not equal to "ilias", ILIAS compares the title of objects with the domain. Only objects that are not in a trash folder are considered for the comparison. Then ILIAS searches for local roles which contain the local part in their title. This allows for abbreviated role names, e.g. instead of having to specify #il_grp_member_345, it is sufficient to specify #member.

The address list may contain addresses thate are not role mailboxes. These addresses are ignored.

If a role mailbox address is ambiguous, this function returns the ID's of all role objects that are possible recipients for the role mailbox address.

If Pear Mail is not installed, then the mailbox address

public

Parameters
stringIETF RFX 822 address list containing role mailboxes.
Returns
int[] Array with role ids that were found

Definition at line 118 of file class.ilRbacReview.php.

References $title, ilMail\_usePearMail(), and DB_FETCHMODE_OBJECT.

{
$role_ids = array();
include_once "Services/Mail/classes/class.ilMail.php";
if (ilMail::_usePearMail())
{
require_once 'Mail/RFC822.php';
$parser = &new Mail_RFC822();
$parsedList = $parser->parseAddressList($a_address_list, "ilias", false, true);
//echo '<br>ilRBACReview '.var_export($parsedList,false);
foreach ($parsedList as $address)
{
$local_part = $address->mailbox;
if (strpos($local_part,'#') !== 0)
{
// A local-part which doesn't start with a '#' doesn't denote a role.
// Therefore we can skip it.
continue;
}
$local_part = substr($local_part, 1);
if (substr($local_part,0,8) == 'il_role_')
{
$role_id = substr($local_part,8);
$q = "SELECT t.tree ".
"FROM rbac_fa AS fa ".
"JOIN tree AS t ON t.child=fa.parent ".
"WHERE fa.rol_id=".$this->ilDB->quote($role_id)." ".
"AND fa.assign='y' ".
"AND t.tree=1";
$r = $this->ilDB->query($q);
if ($r->numRows() > 0)
{
$role_ids[] = $role_id;
}
continue;
}
$domain = $address->host;
if (strpos($domain,'[') == 0 && strrpos($domain,']'))
{
$domain = substr($domain,1,strlen($domain) - 2);
}
if (strlen($local_part) == 0)
{
$local_part = $domain;
$address->host = 'ilias';
$domain = 'ilias';
}
if (strtolower($address->host) == 'ilias')
{
// Search for roles = local-part in the whole repository
$q = "SELECT dat.obj_id ".
"FROM object_data AS dat ".
"JOIN rbac_fa AS fa ON fa.rol_id = dat.obj_id ".
"JOIN tree AS t ON t.child = fa.parent ".
"WHERE dat.title =".$this->ilDB->quote($local_part)." ".
"AND dat.type = 'role' ".
"AND fa.assign = 'y' ".
"AND t.tree = 1";
}
else
{
// Search for roles like local-part in objects = host
$q = "SELECT rdat.obj_id ".
"FROM object_data AS odat ".
"JOIN object_reference AS oref ON oref.obj_id = odat.obj_id ".
"JOIN tree AS otree ON otree.child = oref.ref_id ".
"JOIN tree AS rtree ON rtree.parent = otree.child ".
"JOIN rbac_fa AS rfa ON rfa.parent = rtree.child ".
"JOIN object_data AS rdat ON rdat.obj_id = rfa.rol_id ".
"WHERE odat.title = ".$this->ilDB->quote($domain)." ".
"AND otree.tree = 1 AND rtree.tree = 1 ".
"AND rfa.assign = 'y' ".
"AND rdat.title LIKE ".
$this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%');
}
$r = $this->ilDB->query($q);
$count = 0;
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
$count++;
}
// Nothing found?
// In this case, we search for roles = host.
if ($count == 0 && strtolower($address->host) == 'ilias')
{
$q = "SELECT dat.obj_id ".
"FROM object_data AS dat ".
"JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
"JOIN tree AS t ON t.child = ref.ref_id ".
"WHERE dat.title = ".$this->ilDB->quote($domain)." ".
"AND dat.type = 'role' ".
"AND t.tree = 1 ";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
}
}
//echo '<br>ids='.var_export($role_ids,true);
}
}
else
{
// the following code is executed, when Pear Mail is
// not installed
$titles = explode(',', $a_address_list);
$titleList = '';
foreach ($titles as $title)
{
if (strlen($inList) > 0)
{
$titleList .= ',';
}
$title = trim($title);
if (strpos($title,'#') == 0)
{
$titleList .= $this->ilDB->quote(substr($title, 1));
}
}
if (strlen($titleList) > 0)
{
$q = "SELECT obj_id ".
"FROM object_data ".
"WHERE title IN (".$titleList.") ".
"AND type='role'";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
}
}
}
return $role_ids;
}

+ Here is the call graph for this function:

Field Documentation

ilRbacReview::$_opsCache = null
staticprivate

Definition at line 46 of file class.ilRbacReview.php.

ilRbacReview::$assigned_roles = array()
protected

Definition at line 42 of file class.ilRbacReview.php.

ilRbacReview::$log = null

Definition at line 43 of file class.ilRbacReview.php.

Referenced by __getParentRoles(), __setProtectedStatus(), getParentRoleIds(), getParentRoles(), and getRoleMailboxAddress().

The documentation for this class was generated from the following file: