ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
40 class ilRbacReview
41 {
42  protected $assigned_roles = array();
43  var $log = null;
44 
45  // Cache operation ids
46  private static $_opsCache = null;
47 
52  function ilRbacReview()
53  {
54  global $ilDB,$ilErr,$ilias,$ilLog;
55 
56  $this->log =& $ilLog;
57 
58  // set db & error handler
59  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
60 
61  if (!isset($ilErr))
62  {
63  $ilErr = new ilErrorHandling();
64  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
65  }
66  else
67  {
68  $this->ilErr =& $ilErr;
69  }
70  }
71 
118  function searchRolesByMailboxAddressList($a_address_list)
119  {
120  $role_ids = array();
121 
122  include_once "Services/Mail/classes/class.ilMail.php";
123  if (ilMail::_usePearMail())
124  {
125  require_once 'Mail/RFC822.php';
126  $parser = &new Mail_RFC822();
127  $parsedList = $parser->parseAddressList($a_address_list, "ilias", false, true);
128  //echo '<br>ilRBACReview '.var_export($parsedList,false);
129  foreach ($parsedList as $address)
130  {
131  $local_part = $address->mailbox;
132  if (strpos($local_part,'#') !== 0)
133  {
134  // A local-part which doesn't start with a '#' doesn't denote a role.
135  // Therefore we can skip it.
136  continue;
137  }
138 
139  $local_part = substr($local_part, 1);
140 
141  if (substr($local_part,0,8) == 'il_role_')
142  {
143  $role_id = substr($local_part,8);
144  $q = "SELECT t.tree ".
145  "FROM rbac_fa AS fa ".
146  "JOIN tree AS t ON t.child=fa.parent ".
147  "WHERE fa.rol_id=".$this->ilDB->quote($role_id)." ".
148  "AND fa.assign='y' ".
149  "AND t.tree=1";
150  $r = $this->ilDB->query($q);
151  if ($r->numRows() > 0)
152  {
153  $role_ids[] = $role_id;
154  }
155  continue;
156  }
157 
158 
159  $domain = $address->host;
160  if (strpos($domain,'[') == 0 && strrpos($domain,']'))
161  {
162  $domain = substr($domain,1,strlen($domain) - 2);
163  }
164  if (strlen($local_part) == 0)
165  {
166  $local_part = $domain;
167  $address->host = 'ilias';
168  $domain = 'ilias';
169  }
170 
171  if (strtolower($address->host) == 'ilias')
172  {
173  // Search for roles = local-part in the whole repository
174  $q = "SELECT dat.obj_id ".
175  "FROM object_data AS dat ".
176  "JOIN rbac_fa AS fa ON fa.rol_id = dat.obj_id ".
177  "JOIN tree AS t ON t.child = fa.parent ".
178  "WHERE dat.title =".$this->ilDB->quote($local_part)." ".
179  "AND dat.type = 'role' ".
180  "AND fa.assign = 'y' ".
181  "AND t.tree = 1";
182  }
183  else
184  {
185  // Search for roles like local-part in objects = host
186  $q = "SELECT rdat.obj_id ".
187  "FROM object_data AS odat ".
188  "JOIN object_reference AS oref ON oref.obj_id = odat.obj_id ".
189  "JOIN tree AS otree ON otree.child = oref.ref_id ".
190  "JOIN tree AS rtree ON rtree.parent = otree.child ".
191  "JOIN rbac_fa AS rfa ON rfa.parent = rtree.child ".
192  "JOIN object_data AS rdat ON rdat.obj_id = rfa.rol_id ".
193  "WHERE odat.title = ".$this->ilDB->quote($domain)." ".
194  "AND otree.tree = 1 AND rtree.tree = 1 ".
195  "AND rfa.assign = 'y' ".
196  "AND rdat.title LIKE ".
197  $this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%');
198  }
199  $r = $this->ilDB->query($q);
200 
201  $count = 0;
202  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
203  {
204  $role_ids[] = $row->obj_id;
205  $count++;
206  }
207 
208  // Nothing found?
209  // In this case, we search for roles = host.
210  if ($count == 0 && strtolower($address->host) == 'ilias')
211  {
212  $q = "SELECT dat.obj_id ".
213  "FROM object_data AS dat ".
214  "JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
215  "JOIN tree AS t ON t.child = ref.ref_id ".
216  "WHERE dat.title = ".$this->ilDB->quote($domain)." ".
217  "AND dat.type = 'role' ".
218  "AND t.tree = 1 ";
219  $r = $this->ilDB->query($q);
220 
221  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
222  {
223  $role_ids[] = $row->obj_id;
224  }
225  }
226  //echo '<br>ids='.var_export($role_ids,true);
227  }
228  }
229  else
230  {
231  // the following code is executed, when Pear Mail is
232  // not installed
233 
234  $titles = explode(',', $a_address_list);
235 
236  $titleList = '';
237  foreach ($titles as $title)
238  {
239  if (strlen($inList) > 0)
240  {
241  $titleList .= ',';
242  }
243  $title = trim($title);
244  if (strpos($title,'#') == 0)
245  {
246  $titleList .= $this->ilDB->quote(substr($title, 1));
247  }
248  }
249  if (strlen($titleList) > 0)
250  {
251  $q = "SELECT obj_id ".
252  "FROM object_data ".
253  "WHERE title IN (".$titleList.") ".
254  "AND type='role'";
255  $r = $this->ilDB->query($q);
256  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
257  {
258  $role_ids[] = $row->obj_id;
259  }
260  }
261  }
262 
263  return $role_ids;
264  }
265 
329  function getRoleMailboxAddress($a_role_id, $is_localize = true)
330  {
331  global $log, $lng;
332 
333  include_once "Services/Mail/classes/class.ilMail.php";
334  if (ilMail::_usePearMail())
335  {
336  // Retrieve the role title and the object title.
337  $q = "SELECT rdat.title AS role_title,odat.title AS object_title, ".
338  " oref.ref_id AS object_ref ".
339  "FROM object_data AS rdat ".
340  "JOIN rbac_fa AS fa ON fa.rol_id = rdat.obj_id ".
341  "JOIN tree AS rtree ON rtree.child = fa.parent ".
342  "JOIN object_reference AS oref ON oref.ref_id = rtree.parent ".
343  "JOIN object_data AS odat ON odat.obj_id = oref.obj_id ".
344  "WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id)." ".
345  "AND fa.assign = 'y' ";
346  $r = $this->ilDB->query($q);
347  if (! ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)))
348  {
349  //$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
350  return null; // role does not exist
351  }
352  $object_title = $row->object_title;
353  $object_ref = $row->object_ref;
354  $role_title = $row->role_title;
355 
356 
357  // In a perfect world, we could use the object_title in the
358  // domain part of the mailbox address, and the role title
359  // with prefix '#' in the local part of the mailbox address.
360  $domain = $object_title;
361  $local_part = $role_title;
362 
363 
364  // Determine if the object title is unique
365  $q = "SELECT COUNT(DISTINCT dat.obj_id) AS count ".
366  "FROM object_data AS dat ".
367  "JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
368  "JOIN tree ON tree.child = ref.ref_id ".
369  "WHERE title = ".$this->ilDB->quote($object_title)." ".
370  "AND tree.tree = 1";
371  $r = $this->ilDB->query($q);
372  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
373 
374  // If the object title is not unique, we get rid of the domain.
375  if ($row->count > 1)
376  {
377  $domain = null;
378  }
379 
380  // If the domain contains illegal characters, we get rid of it.
381  if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
382  {
383  $domain = null;
384  }
385 
386  // If the domain contains special characters, we put square
387  // brackets around it.
388  if ($domain != null &&
389  (preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
390  preg_match('/[^\x21-\x8f]/',$domain))
391  )
392  {
393  $domain = '['.$domain.']';
394  }
395 
396  // If the role title is one of the ILIAS reserved role titles,
397  // we can use a shorthand version of it for the local part
398  // of the mailbox address.
399  if (strpos($role_title, 'il_') === 0 && $domain != null)
400  {
401  $unambiguous_role_title = $role_title;
402 
403  $pos = strpos($role_title, '_', 3) + 1;
404  $local_part = substr(
405  $role_title,
406  $pos,
407  strrpos($role_title, '_') - $pos
408  );
409  }
410  else
411  {
412  $unambiguous_role_title = 'il_role_'.$a_role_id;
413  }
414 
415  // Determine if the local part is unique. If we don't have a
416  // domain, the local part must be unique within the whole repositry.
417  // If we do have a domain, the local part must be unique for that
418  // domain.
419  if ($domain == null)
420  {
421  $q = "SELECT COUNT(DISTINCT dat.obj_id) AS count ".
422  "FROM object_data AS dat ".
423  "JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
424  "JOIN tree ON tree.child = ref.ref_id ".
425  "WHERE title = ".$this->ilDB->quote($local_part)." ".
426  "AND tree.tree = 1";
427  }
428  else
429  {
430  $q = "SELECT COUNT(rd.obj_id) AS count ".
431  "FROM object_data AS rd ".
432  "JOIN rbac_fa AS fa ON rd.obj_id = fa.rol_id ".
433  "JOIN tree AS t ON t.child = fa.parent ".
434  "WHERE fa.assign = 'y' ".
435  "AND t.parent = ".$this->ilDB->quote($object_ref)." ".
436  "AND rd.title LIKE ".$this->ilDB->quote(
437  '%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%')
438  ;
439  }
440 
441  $r = $this->ilDB->query($q);
442  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
443 
444  // if the local_part is not unique, we use the unambiguous role title
445  // instead for the local part of the mailbox address
446  if ($row->count > 1)
447  {
448  $local_part = $unambiguous_role_title;
449  }
450 
451 
452  // If the local part contains illegal characters, we use
453  // the unambiguous role title instead.
454  if (preg_match('/[\\"\x00-\x1f]/',$local_part))
455  {
456  $local_part = $unambiguous_role_title;
457  }
458 
459 
460  // Add a "#" prefix to the local part
461  $local_part = '#'.$local_part;
462 
463  // Put quotes around the role title, if needed
464  if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
465  {
466  $local_part = '"'.$local_part.'"';
467  }
468 
469  $mailbox = ($domain == null) ?
470  $local_part :
471  $local_part.'@'.$domain;
472 
473  if ($is_localize)
474  {
475  if (substr($role_title,0,3) == 'il_')
476  {
477  $phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
478  }
479  else
480  {
481  $phrase = $role_title;
482  }
483 
484  // make phrase RFC 822 conformant:
485  // - strip excessive whitespace
486  // - strip special characters
487  $phrase = preg_replace('/\s\s+/', ' ', $phrase);
488  $phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
489 
490  $mailbox = $phrase.' <'.$mailbox.'>';
491  }
492 
493  return $mailbox;
494  }
495  else
496  {
497  $q = "SELECT title ".
498  "FROM object_data ".
499  "WHERE obj_id = ".$this->ilDB->quote($a_role_id);
500  $r = $this->ilDB->query($q);
501 
502  if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
503  {
504  return '#'.$row->title;
505  }
506  else
507  {
508  return null;
509  }
510  }
511  }
512 
513 
521  function roleExists($a_title,$a_id = 0)
522  {
523  global $ilDB;
524 
525  if (empty($a_title))
526  {
527  $message = get_class($this)."::roleExists(): No title given!";
528  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
529  }
530 
531  $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
532 
533  $q = "SELECT DISTINCT(obj_id) as obj_id FROM object_data ".
534  "WHERE title =".$ilDB->quote($a_title)." ".
535  "AND type IN('role','rolt')".
536  $clause;
537  $r = $this->ilDB->query($q);
538 
539  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
540  {
541  return $row->obj_id;
542  }
543  return false;
544  }
545 
553  protected function getParentRoles($a_path,$a_templates,$a_keep_protected)
554  {
555  global $log,$ilDB,$tree;
556 
557  $parent_roles = array();
558  $role_hierarchy = array();
559 
560  $node = $tree->getNodeData($a_path);
561  $lft = $node['lft'];
562  $rgt = $node['rgt'];
563 
564 
565  // Role folder id
566  $relevant_rolfs[] = ROLE_FOLDER_ID;
567 
568  // Role folder of current object
569  if($rolf = $this->getRoleFolderIdOfObject($a_path))
570  {
571  $relevant_rolfs[] = $rolf;
572  }
573 
574  // role folder of objects in path
575  $query = "SELECT * FROM tree ".
576  "JOIN object_reference as obr ON child = ref_id ".
577  "JOIN object_data as obd ON obr.obj_id = obd.obj_id ".
578  "WHERE type = 'rolf' ".
579  "AND lft < ".$lft." ".
580  "AND rgt > ".$rgt;
581 
582 
583  $res = $ilDB->query($query);
584  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
585  {
586  $relevant_rolfs[] = $row->child;
587  }
588  foreach($relevant_rolfs as $rolf)
589  {
590  $roles = $this->getRoleListByObject($rolf,$a_templates);
591 
592  foreach ($roles as $role)
593  {
594  $id = $role["obj_id"];
595  $role["parent"] = $rolf;
596  $parent_roles[$id] = $role;
597 
598  if (!array_key_exists($role['obj_id'],$role_hierarchy))
599  {
600  $role_hierarchy[$id] = $rolf;
601  }
602  }
603  }
604 
605  if (!$a_keep_protected)
606  {
607  return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$a_path);
608  }
609  return $parent_roles;
610  }
611 
612 
624  function __getParentRoles($a_path,$a_templates,$a_keep_protected)
625  {
626  global $log,$ilDB;
627 
628  if (!isset($a_path) or !is_array($a_path))
629  {
630  $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
631  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
632  }
633 
634  $parent_roles = array();
635  $role_hierarchy = array();
636 
637  //$child = $this->__getAllRoleFolderIds();
638 
639  // Select all role folders on a path using a single SQL-statement.
640  // CREATE IN() STATEMENT
641  $in = " IN(";
642  $in .= implode(",",ilUtil::quoteArray($a_path));
643  $in .= ") ";
644  $q = "SELECT t.child,t.depth FROM tree AS t ".
645  "JOIN object_reference AS r ON r.ref_id=t.child ".
646  "JOIN object_data AS o ON o.obj_id=r.obj_id ".
647  "WHERE t.parent ".$in." ".
648  "AND o.type='rolf' ".
649  "ORDER BY t.depth ASC ";
650  $r = $this->ilDB->query($q);
651 
652  // Sort by path (Administration -> Rolefolder is first element)
653  $role_rows = array();
654  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
655  {
656 
657  $depth = ($row->child == ROLE_FOLDER_ID ? 0 : $row->depth);
658  $role_rows[$depth]['child'] = $row->child;
659  }
660  ksort($role_rows,SORT_NUMERIC);
661  foreach($role_rows as $row)
662  {
663  $roles = $this->getRoleListByObject($row['child'],$a_templates);
664  foreach ($roles as $role)
665  {
666  $id = $role["obj_id"];
667  $role["parent"] = $row['child'];
668  $parent_roles[$id] = $role;
669 
670  if (!array_key_exists($role['obj_id'],$role_hierarchy))
671  {
672  $role_hierarchy[$id] = $row['child'];
673  }
674  }
675  }
676  if (!$a_keep_protected)
677  {
678  return $this->__setProtectedStatus($parent_roles,$role_hierarchy,end($a_path));
679  }
680  return $parent_roles;
681  }
682 
691  function getParentRoleIds($a_endnode_id,$a_templates = false,$a_keep_protected = false)
692  {
693  global $tree,$log,$ilDB;
694 
695  if (!isset($a_endnode_id))
696  {
697  $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
698  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
699  }
700 
701  //var_dump($a_endnode_id);exit;
702  //$log->write("ilRBACreview::getParentRoleIds(), 0");
703  $pathIds = $tree->getPathId($a_endnode_id);
704 
705  // add system folder since it may not in the path
706  $pathIds[0] = SYSTEM_FOLDER_ID;
707  //$log->write("ilRBACreview::getParentRoleIds(), 1");
708  #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
709  return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
710  }
711 
719  function getRoleListByObject($a_ref_id,$a_templates = false)
720  {
721  global $ilDB;
722 
723  if (!isset($a_ref_id) or !isset($a_templates))
724  {
725  $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
726  "ref_id: ".$a_ref_id.
727  "tpl_flag: ".$a_templates;
728  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
729  }
730 
731  $role_list = array();
732 
733  $where = $this->__setTemplateFilter($a_templates);
734 
735  $q = "SELECT * FROM object_data ".
736  "JOIN rbac_fa ".$where.
737  "AND object_data.obj_id = rbac_fa.rol_id ".
738  "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id)." ";
739  $r = $this->ilDB->query($q);
740 
741  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
742  {
743  $row["desc"] = $row["description"];
744  $row["user_id"] = $row["owner"];
745  $role_list[] = $row;
746  }
747 
748  $role_list = $this->__setRoleType($role_list);
749 
750  return $role_list;
751  }
752 
759  function getAssignableRoles($a_templates = false,$a_internal_roles = false)
760  {
761  global $ilDB;
762 
763  $role_list = array();
764 
765  $where = $this->__setTemplateFilter($a_templates);
766 
767  $q = "SELECT DISTINCT * FROM object_data ".
768  "JOIN rbac_fa ".$where.
769  "AND object_data.obj_id = rbac_fa.rol_id ".
770  "AND rbac_fa.assign = 'y'";
771  $r = $this->ilDB->query($q);
772 
773  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
774  {
775  $row["desc"] = $row["description"];
776  $row["user_id"] = $row["owner"];
777  $role_list[] = $row;
778  }
779 
780  $role_list = $this->__setRoleType($role_list);
781 
782  return $role_list;
783  }
784 
791  function getAssignableRolesInSubtree($ref_id)
792  {
793  $role_list = array();
794 
795  $where = $this->__setTemplateFilter($a_templates);
796 
797  $q = "SELECT fa.*, dat.* ".
798  "FROM tree AS root ".
799  "JOIN tree AS node ON node.tree = root.tree AND node.lft > root.lft AND node.rgt < root.rgt ".
800  "JOIN object_reference AS ref ON ref.ref_id = node.child ".
801  "JOIN rbac_fa AS fa ON fa.parent = ref.ref_id ".
802  "JOIN object_data AS dat ON dat.obj_id = fa.rol_id ".
803  "WHERE root.child = ".$this->ilDB->quote($ref_id)." AND root.tree = 1 ".
804  "AND fa.assign = 'y' ".
805  "ORDER BY dat.title";
806  $r = $this->ilDB->query($q);
807 
808  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
809  {
810  $role_list[] = $row;
811  }
812 
813  $role_list = $this->__setRoleType($role_list);
814 
815  return $role_list;
816  }
817 
824  function getAssignableChildRoles($a_ref_id)
825  {
826  global $tree;
827 
828  //$roles_data = $this->getAssignableRoles();
829  $q = "SELECT fa.*, rd.* ".
830  "FROM object_data AS rd ".
831  "JOIN rbac_fa AS fa ON rd.obj_id = fa.rol_id ".
832  "JOIN tree AS t ON t.child = fa.parent ".
833  "WHERE fa.assign = 'y' ".
834  "AND t.parent = ".$this->ilDB->quote($a_ref_id)." "
835  ;
836  $r = $this->ilDB->query($q);
837 
838  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
839  {
840  $roles_data[] = $row;
841  }
842 
843  return $roles_data ? $roles_data : array();
844  }
845 
852  function __setTemplateFilter($a_templates)
853  {
854  if ($a_templates === true)
855  {
856  $where = "WHERE object_data.type IN ('role','rolt') ";
857  }
858  else
859  {
860  $where = "WHERE object_data.type = 'role' ";
861  }
862 
863  return $where;
864  }
865 
877  function __setRoleType($a_role_list)
878  {
879  foreach ($a_role_list as $key => $val)
880  {
881  // determine role type
882  if ($val["type"] == "rolt")
883  {
884  $a_role_list[$key]["role_type"] = "template";
885  }
886  else
887  {
888  if ($val["assign"] == "y")
889  {
890  if ($val["parent"] == ROLE_FOLDER_ID)
891  {
892  $a_role_list[$key]["role_type"] = "global";
893  }
894  else
895  {
896  $a_role_list[$key]["role_type"] = "local";
897  }
898  }
899  else
900  {
901  $a_role_list[$key]["role_type"] = "linked";
902  }
903  }
904 
905  if ($val["protected"] == "y")
906  {
907  $a_role_list[$key]["protected"] = true;
908  }
909  else
910  {
911  $a_role_list[$key]["protected"] = false;
912  }
913  }
914 
915  return $a_role_list;
916  }
917 
925  function assignedUsers($a_rol_id, $a_fields = NULL)
926  {
927  global $ilBench,$ilDB;
928 
929  $ilBench->start("RBAC", "review_assignedUsers");
930 
931  if (!isset($a_rol_id))
932  {
933  $message = get_class($this)."::assignedUsers(): No role_id given!";
934  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
935  }
936 
937  $result_arr = array();
938 
939  if ($a_fields !== NULL and is_array($a_fields))
940  {
941  if (count($a_fields) == 0)
942  {
943  $select = "*";
944  }
945  else
946  {
947  if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
948  unset($a_fields[$usr_id_field]);
949 
950  $select = implode(",",$a_fields).",usr_data.usr_id";
951  $select = addslashes($select);
952  }
953 
954  $q = "SELECT ".$select." FROM usr_data ".
955  "LEFT JOIN rbac_ua ON usr_data.usr_id=rbac_ua.usr_id ".
956  "WHERE rbac_ua.rol_id=".$ilDB->quote($a_rol_id)." ";
957  $r = $this->ilDB->query($q);
958 
959  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
960  {
961  $result_arr[] = $row;
962  }
963  }
964  else
965  {
966  $q = "SELECT usr_id FROM rbac_ua WHERE rol_id=".$ilDB->quote($a_rol_id)." ";
967  $r = $this->ilDB->query($q);
968 
969  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
970  {
971  array_push($result_arr,$row["usr_id"]);
972  }
973  }
974 
975  $ilBench->stop("RBAC", "review_assignedUsers");
976 
977  return $result_arr;
978  }
979 
987  function isAssigned($a_usr_id,$a_role_id)
988  {
989  // Quickly determine if user is assigned to a role
990  global $ilDB;
991 
992  $query = "SELECT usr_id FROM rbac_ua WHERE ".
993  "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
994  "AND usr_id= ".$ilDB->quote($a_usr_id).
995  " LIMIT 1"
996  ;
997 
998  $res = $ilDB->query($query);
999 
1000  return $res->numRows() == 1;
1001  }
1002 
1014  function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
1015  {
1016  global $ilDB;
1017 
1018  $inClause = '';
1019  foreach ($a_role_ids as $v)
1020  {
1021  if ($inClause != '') {
1022  $inClause .= ',';
1023  }
1024  $inClause .= $ilDB->quote($v);
1025  }
1026 
1027 
1028  $query = "SELECT COUNT(usr_id) AS num_found FROM rbac_ua WHERE ".
1029  " rol_id IN(".$inClause.")".
1030  " AND usr_id= ".$ilDB->quote($a_usr_id)." ";
1031 
1032  $res = $ilDB->query($query);
1033  while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1034  {
1035  if((int)$row->num_found >= 1)
1036  {
1037  return true;
1038  }
1039 
1040  break;
1041  }
1042 
1043  return false;
1044  }
1045 
1052  function assignedRoles($a_usr_id)
1053  {
1054  global $ilDB;
1055 
1056  $role_arr = array();
1057 
1058  $q = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id)." ";
1059  $r = $this->ilDB->query($q);
1060 
1061  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1062  {
1063  $role_arr[] = $row->rol_id;
1064  }
1065 
1066  if (!count($role_arr))
1067  {
1068  $message = get_class($this)."::assignedRoles(): No assigned roles found or user does not exist!";
1069  }
1070  return $role_arr ? $role_arr : array();
1071  }
1072 
1080  function isAssignable($a_rol_id, $a_ref_id)
1081  {
1082  global $ilBench,$ilDB;
1083 
1084  $ilBench->start("RBAC", "review_isAssignable");
1085 
1086  // exclude system role from rbac
1087  if ($a_rol_id == SYSTEM_ROLE_ID)
1088  {
1089  $ilBench->stop("RBAC", "review_isAssignable");
1090 
1091  return true;
1092  }
1093 
1094  if (!isset($a_rol_id) or !isset($a_ref_id))
1095  {
1096  $message = get_class($this)."::isAssignable(): Missing parameter!".
1097  " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
1098  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1099  }
1100 
1101  $q = "SELECT * FROM rbac_fa ".
1102  "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
1103  "AND parent = ".$ilDB->quote($a_ref_id)." ";
1104  $row = $this->ilDB->getRow($q);
1105 
1106  $ilBench->stop("RBAC", "review_isAssignable");
1107 
1108  return $row->assign == 'y' ? true : false;
1109  }
1110 
1121  function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
1122  {
1123  global $ilDB;
1124 
1125  if (!isset($a_rol_id))
1126  {
1127  $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
1128  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1129  }
1130 
1131  if ($a_assignable)
1132  {
1133  $where = " AND assign ='y'";
1134  }
1135 
1136  $q = "SELECT DISTINCT parent FROM rbac_fa ".
1137  "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".$where;
1138  $r = $this->ilDB->query($q);
1139 
1140  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1141  {
1142  $folders[] = $row->parent;
1143  }
1144 
1145  return $folders ? $folders : array();
1146  }
1147 
1156  function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
1157  {
1158  global $ilBench,$ilDB,$ilLog;
1159 
1160  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
1161 
1162  if (!isset($a_ref_id))
1163  {
1164  $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
1165  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1166 
1167  }
1168 
1169  if ($a_nonassignable === false)
1170  {
1171  $and = " AND assign='y'";
1172  }
1173 
1174  $q = "SELECT rol_id FROM rbac_fa ".
1175  "WHERE parent = ".$ilDB->quote($a_ref_id)." ".
1176  $and;
1177 
1178  $r = $this->ilDB->query($q);
1179 
1180  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1181  {
1182  $rol_id[] = $row->rol_id;
1183  }
1184 
1185  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
1186 
1187  return $rol_id ? $rol_id : array();
1188  }
1189 
1195  function getGlobalRoles()
1196  {
1197  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
1198  }
1199 
1205  function getGlobalRolesArray()
1206  {
1207  foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
1208  {
1209  $ga[] = array('obj_id' => $role_id,
1210  'role_type' => 'global');
1211  }
1212  return $ga ? $ga : array();
1213  }
1214 
1220  function getGlobalAssignableRoles()
1221  {
1222  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1223 
1224  foreach($this->getGlobalRoles() as $role_id)
1225  {
1226  if(ilObjRole::_getAssignUsersStatus($role_id))
1227  {
1228  $ga[] = array('obj_id' => $role_id,
1229  'role_type' => 'global');
1230  }
1231  }
1232  return $ga ? $ga : array();
1233  }
1234 
1240  function __getAllRoleFolderIds()
1241  {
1242  $parent = array();
1243 
1244  $q = "SELECT DISTINCT parent FROM rbac_fa";
1245  $r = $this->ilDB->query($q);
1246 
1247  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1248  {
1249  $parent[] = $row->parent;
1250  }
1251 
1252  return $parent;
1253  }
1254 
1261  function getRoleFolderOfObject($a_ref_id)
1262  {
1263  global $tree,$ilBench;
1264 
1265  $ilBench->start("RBAC", "review_getRoleFolderOfObject");
1266 
1267  if (!isset($a_ref_id))
1268  {
1269  $message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
1270  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1271  }
1272 
1273  $childs = $tree->getChildsByType($a_ref_id,"rolf");
1274 
1275  $ilBench->stop("RBAC", "review_getRoleFolderOfObject");
1276 
1277  return $childs[0] ? $childs[0] : array();
1278  }
1279 
1280  function getRoleFolderIdOfObject($a_ref_id)
1281  {
1282  $rolf = $this->getRoleFolderOfObject($a_ref_id);
1283 
1284  if (!$rolf)
1285  {
1286  return false;
1287  }
1288 
1289  return $rolf['ref_id'];
1290  }
1291 
1297  function getOperations()
1298  {
1299  global $ilDB;
1300 
1301  $query = "SELECT * FROM rbac_operations ORDER BY ops_id ";
1302 
1303  $res = $this->ilDB->query($query);
1304  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1305  {
1306  $ops[] = array('ops_id' => $row->ops_id,
1307  'operation' => $row->operation,
1308  'description' => $row->description);
1309  }
1310 
1311  return $ops ? $ops : array();
1312  }
1313 
1319  function getOperation($ops_id)
1320  {
1321  global $ilDB;
1322 
1323  $query = "SELECT * FROM rbac_operations WHERE ops_id = ".$ilDB->quote($ops_id)." ";
1324 
1325  $res = $this->ilDB->query($query);
1326  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1327  {
1328  $ops = array('ops_id' => $row->ops_id,
1329  'operation' => $row->operation,
1330  'description' => $row->description);
1331  }
1332 
1333  return $ops ? $ops : array();
1334  }
1335 
1345  function getOperationsOfRole($a_rol_id,$a_type,$a_parent = 0)
1346  {
1347  global $ilDB,$ilLog;
1348 
1349  if (!isset($a_rol_id) or !isset($a_type))
1350  {
1351  $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
1352  "role_id: ".$a_rol_id.
1353  "type: ".$a_type.
1354  "parent_id: ".$a_parent;
1355  $ilLog->logStack("Missing parameter! ");
1356  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1357  }
1358 
1359  $ops_arr = array();
1360 
1361  // if no rolefolder id is given, assume global role folder as target
1362  if ($a_parent == 0)
1363  {
1364  $a_parent = ROLE_FOLDER_ID;
1365  }
1366 
1367  $q = "SELECT ops_id FROM rbac_templates ".
1368  "WHERE type =".$ilDB->quote($a_type)." ".
1369  "AND rol_id = ".$ilDB->quote($a_rol_id)." ".
1370  "AND parent = ".$ilDB->quote($a_parent)."";
1371  $r = $this->ilDB->query($q);
1372 
1373 
1374  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1375  {
1376  $ops_arr[] = $row->ops_id;
1377  }
1378 
1379  return $ops_arr;
1380  }
1381 
1382  function getRoleOperationsOnObject($a_role_id,$a_ref_id)
1383  {
1384  global $ilDB;
1385 
1386  $query = "SELECT * FROM rbac_pa ".
1387  "WHERE rol_id = ".$ilDB->quote($a_role_id)." ".
1388  "AND ref_id = ".$ilDB->quote($a_ref_id)." ";
1389 
1390  $res = $this->ilDB->query($query);
1391  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1392  {
1393  $ops = unserialize(stripslashes($row->ops_id));
1394  }
1395 
1396  return $ops ? $ops : array();
1397  }
1398 
1405  function getOperationsOnType($a_typ_id)
1406  {
1407  global $ilDB;
1408 
1409  if (!isset($a_typ_id))
1410  {
1411  $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1412  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1413  }
1414 
1415  $q = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id)." ";
1416  $r = $this->ilDB->query($q);
1417 
1418  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1419  {
1420  $ops_id[] = $row->ops_id;
1421  }
1422 
1423  return $ops_id ? $ops_id : array();
1424  }
1425 
1432  function getOperationsOnTypeString($a_type)
1433  {
1434  global $ilDB;
1435 
1436  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type)." ";
1437 
1438  $res = $this->ilDB->query($query);
1439  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1440  {
1441  return $this->getOperationsOnType($row->obj_id);
1442  }
1443  return false;
1444  }
1452  function getObjectsWithStopedInheritance($a_rol_id)
1453  {
1454  $tree = new ilTree(ROOT_FOLDER_ID);
1455 
1456  if (!isset($a_rol_id))
1457  {
1458  $message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
1459  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1460  }
1461 
1462  $all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
1463 
1464  foreach ($all_rolf_ids as $rolf_id)
1465  {
1466  $parent[] = $tree->getParentId($rolf_id);
1467  }
1468 
1469  return $parent ? $parent : array();
1470  }
1471 
1478  function isDeleted($a_node_id)
1479  {
1480  global $ilDB;
1481 
1482  $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1483  $r = $this->ilDB->query($q);
1484 
1485  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1486 
1487  if (!$row)
1488  {
1489  $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1490  get_class($this),
1491  $a_node_id);
1492  $this->log->write($message,$this->log->FATAL);
1493 
1494  return true;
1495  }
1496 
1497  // rolefolder is deleted
1498  if ($row->tree < 0)
1499  {
1500  return true;
1501  }
1502 
1503  return false;
1504  }
1505 
1506  function getRolesByFilter($a_filter = 0,$a_user_id = 0)
1507  {
1508  global $ilDB;
1509 
1510  $assign = "y";
1511 
1512  switch($a_filter)
1513  {
1514  // all (assignable) roles
1515  case 1:
1516  return $this->getAssignableRoles();
1517  break;
1518 
1519  // all (assignable) global roles
1520  case 2:
1521  $where = "WHERE rbac_fa.rol_id IN ";
1522  $where .= '(';
1523  $where .= implode(',',ilUtil::quoteArray($this->getGlobalRoles()));
1524  $where .= ')';
1525  break;
1526 
1527  // all (assignable) local roles
1528  case 3:
1529  case 4:
1530  case 5:
1531  $where = "WHERE rbac_fa.rol_id NOT IN ";
1532  $where .= '(';
1533  $where .= implode(',',ilUtil::quoteArray($this->getGlobalRoles()));
1534  $where .= ')';
1535  break;
1536 
1537  // all role templates
1538  case 6:
1539  $where = "WHERE object_data.type = 'rolt'";
1540  $assign = "n";
1541  break;
1542 
1543  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1544  case 0:
1545  default:
1546  if (!$a_user_id) return array();
1547 
1548  $where = "WHERE rbac_fa.rol_id IN ";
1549  $where .= '(';
1550  $where .= implode(',',ilUtil::quoteArray($this->assignedRoles($a_user_id)));
1551  $where .= ')';
1552  break;
1553  }
1554 
1555  $roles = array();
1556 
1557  $q = "SELECT DISTINCT * FROM object_data ".
1558  "JOIN rbac_fa ".$where.
1559  "AND object_data.obj_id = rbac_fa.rol_id ".
1560  "AND rbac_fa.assign = ".$ilDB->quote($assign)." ";
1561  $r = $this->ilDB->query($q);
1562 
1563  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
1564  {
1565  $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1566 
1567  // all (assignable) internal local roles only
1568  if ($a_filter == 4 and !$prefix)
1569  {
1570  continue;
1571  }
1572 
1573  // all (assignable) non internal local roles only
1574  if ($a_filter == 5 and $prefix)
1575  {
1576  continue;
1577  }
1578 
1579  $row["desc"] = $row["description"];
1580  $row["user_id"] = $row["owner"];
1581  $roles[] = $row;
1582  }
1583 
1584  $roles = $this->__setRoleType($roles);
1585 
1586  return $roles ? $roles : array();
1587  }
1588 
1589  // get id of a given object type (string)
1590  function getTypeId($a_type)
1591  {
1592  global $ilDB;
1593 
1594  $q = "SELECT obj_id FROM object_data ".
1595  "WHERE title=".$ilDB->quote($a_type)." AND type='typ'";
1596  $r = $ilDB->query($q);
1597 
1598  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1599  return $row->obj_id;
1600  }
1601 
1611  function _getOperationIdsByName($operations)
1612  {
1613  global $ilDB;
1614 
1615  if(!count($operations))
1616  {
1617  return array();
1618  }
1619  $where = "WHERE operation IN (";
1620  $where .= implode(",",ilUtil::quoteArray($operations));
1621  $where .= ")";
1622 
1623  $query = "SELECT ops_id FROM rbac_operations ".$where;
1624  $res = $ilDB->query($query);
1625  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1626  {
1627  $ops_ids[] = $row->ops_id;
1628  }
1629  return $ops_ids ? $ops_ids : array();
1630  }
1631 
1639  public static function _getOperationIdByName($a_operation)
1640  {
1641  global $ilDB,$ilErr;
1642 
1643  if (!isset($a_operation))
1644  {
1645  $message = "perm::getOperationId(): No operation given!";
1646  $ilErr->raiseError($message,$ilErr->WARNING);
1647  }
1648 
1649  // Cache operation ids
1650  if (! is_array(self::$_opsCache)) {
1651  self::$_opsCache = array();
1652 
1653  $q = "SELECT ops_id, operation FROM rbac_operations";
1654  $r = $ilDB->query($q);
1655  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1656  {
1657  self::$_opsCache[$row->operation] = $row->ops_id;
1658  }
1659  }
1660 
1661  // Get operation ID by name from cache
1662  if (array_key_exists($a_operation, self::$_opsCache)) {
1663  return self::$_opsCache[$a_operation];
1664  }
1665  return null;
1666  }
1667 
1668 
1677  function getLinkedRolesOfRoleFolder($a_ref_id)
1678  {
1679  global $ilDB;
1680 
1681  if (!isset($a_ref_id))
1682  {
1683  $message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
1684  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1685  }
1686 
1687  $and = " AND assign='n'";
1688 
1689  $q = "SELECT rol_id FROM rbac_fa ".
1690  "WHERE parent = ".$ilDB->quote($a_ref_id)." ".
1691  $and;
1692  $r = $this->ilDB->query($q);
1693 
1694  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1695  {
1696  $rol_id[] = $row->rol_id;
1697  }
1698 
1699  return $rol_id ? $rol_id : array();
1700  }
1701 
1702  // checks if default permission settings of role under current parent (rolefolder) are protected from changes
1703  function isProtected($a_ref_id,$a_role_id)
1704  {
1705  global $ilDB;
1706 
1707  $q = "SELECT protected FROM rbac_fa ".
1708  "WHERE rol_id= ".$ilDB->quote($a_role_id)." ".
1709  "AND parent= ".$ilDB->quote($a_ref_id)." ";
1710  $r = $this->ilDB->query($q);
1711  $row = $r->fetchRow();
1712 
1713  return ilUtil::yn2tf($row[0]);
1714  }
1715 
1716  // this method alters the protected status of role regarding the current user's role assignment
1717  // and current postion in the hierarchy.
1718  function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1719  {
1720  global $rbacsystem,$ilUser,$log;
1721 
1722  if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
1723  {
1724  $leveladmin = true;
1725  }
1726  else
1727  {
1728  $leveladmin = false;
1729  }
1730 
1731  //var_dump($a_role_hierarchy);
1732 
1733  foreach ($a_role_hierarchy as $role_id => $rolf_id)
1734  {
1735  //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1736  //echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1737  //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1738 
1739  if ($leveladmin == true)
1740  {
1741  $a_parent_roles[$role_id]['protected'] = false;
1742  continue;
1743  }
1744 
1745  if ($a_parent_roles[$role_id]['protected'] == true)
1746  {
1747  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
1748 
1749  foreach ($arr_lvl_roles_user as $lvl_role_id)
1750  {
1751  //echo "<br/>level_role: ".$lvl_role_id;
1752  //echo "<br/>a_ref_id: ".$a_ref_id;
1753 
1754  //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1755  // check if role grants 'edit_permission' to parent
1756  if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
1757  {
1758  //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1759  // user may change permissions of that higher-ranked role
1760  $a_parent_roles[$role_id]['protected'] = false;
1761 
1762  // remember successful check
1763  $leveladmin = true;
1764  }
1765  }
1766  }
1767  }
1768 
1769  return $a_parent_roles;
1770  }
1771 
1782  public static function _getOperationList($a_type = null)
1783  {
1784  global $ilDB;
1785 
1786  $arr = array();
1787 
1788  if ($a_type)
1789  {
1790  $q = "SELECT * FROM rbac_operations ".
1791  "LEFT JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ".
1792  "LEFT JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ".
1793  "WHERE object_data.title= ".$ilDB->quote($a_type)." AND object_data.type='typ' ".
1794  "ORDER BY 'op_order' ASC";
1795  }
1796  else
1797  {
1798  $q = "SELECT * FROM rbac_operations ".
1799  "ORDER BY 'op_order' ASC";
1800  }
1801 
1802  $r = $ilDB->query($q);
1803 
1804  while ($row = $r->fetchRow())
1805  {
1806  $arr[] = array(
1807  "ops_id" => $row[0],
1808  "operation" => $row[1],
1809  "desc" => $row[2],
1810  "class" => $row[3],
1811  "order" => $row[4]
1812  );
1813  }
1814 
1815  return $arr;
1816  }
1817 
1818  public static function _groupOperationsByClass($a_ops_arr)
1819  {
1820  $arr = array();
1821 
1822  foreach ($a_ops_arr as $ops)
1823  {
1824  $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
1825  'name' => $ops['operation']
1826  );
1827  }
1828  return $arr;
1829  }
1830 
1838  public function getObjectOfRole($a_role_id)
1839  {
1840  global $ilDB;
1841 
1842  $query = "SELECT obr.obj_id FROM rbac_fa as rfa ".
1843  "JOIN tree ON rfa.parent = tree.child ".
1844  "JOIN object_reference AS obr ON tree.parent = obr.ref_id ".
1845  "WHERE tree.tree = 1 ".
1846  "AND assign = 'y' ".
1847  "AND rol_id = ".$ilDB->quote($a_role_id)." ";
1848  $res = $ilDB->query($query);
1849  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1850  {
1851  $obj_id = $row->obj_id;
1852  }
1853 
1854  return $obj_id ? $obj_id : 0;
1855  }
1856 
1863  public function isRoleDeleted ($a_role_id){
1864  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1865  $deleted = true;
1866  if (count($rolf_list))
1867  {
1868  foreach ($rolf_list as $rolf) {
1869  // only list roles that are not set to status "deleted"
1870  if (!$this->isDeleted($rolf))
1871  {
1872  $deleted = false;
1873  break;
1874  }
1875  }
1876  }
1877  return $deleted;
1878  }
1879 
1880 
1881  function getRolesForIDs($role_ids, $use_templates)
1882  {
1883  global $ilDB;
1884 
1885  $role_list = array();
1886 
1887  $where = $this->__setTemplateFilter($use_templates);
1888 
1889  $q = "SELECT DISTINCT * FROM object_data ".
1890  "JOIN rbac_fa ".$where.
1891  "AND object_data.obj_id = rbac_fa.rol_id ".
1892  "AND rbac_fa.assign = 'y' " .
1893  "AND object_data.obj_id IN (".implode(",", $role_ids).")";
1894 
1895  $r = $this->ilDB->query($q);
1896 
1897  while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
1898  {
1899  $row["desc"] = $row["description"];
1900  $row["user_id"] = $row["owner"];
1901  $role_list[] = $row;
1902  }
1903 
1904  $role_list = $this->__setRoleType($role_list);
1905 
1906  return $role_list;
1907  }
1908 } // END class.ilRbacReview
1909 ?>