00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00038 class ilRbacAdmin
00039 {
00044 function ilRbacAdmin()
00045 {
00046 global $ilDB,$ilErr,$ilias;
00047
00048
00049 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00050
00051 if (!isset($ilErr))
00052 {
00053 $ilErr = new ilErrorHandling();
00054 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00055 }
00056 else
00057 {
00058 $this->ilErr =& $ilErr;
00059 }
00060 }
00061
00069 function removeUser($a_usr_id)
00070 {
00071 if (!isset($a_usr_id))
00072 {
00073 $message = get_class($this)."::removeUser(): No usr_id given!";
00074 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00075 }
00076
00077 $q = "DELETE FROM rbac_ua WHERE usr_id='".$a_usr_id."'";
00078 $this->ilDB->query($q);
00079
00080 return true;
00081 }
00082
00090 function deleteRole($a_rol_id,$a_ref_id)
00091 {
00092 global $lng;
00093
00094 if (!isset($a_rol_id) or !isset($a_ref_id))
00095 {
00096 $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
00097 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00098 }
00099
00100
00101 if ($a_rol_id == SYSTEM_ROLE_ID)
00102 {
00103 $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
00104 }
00105
00106
00107
00108
00109
00110 $q = "DELETE FROM rbac_ua ".
00111 "WHERE rol_id = '".$a_rol_id ."'";
00112 $this->ilDB->query($q);
00113
00114
00115 $q = "DELETE FROM rbac_pa ".
00116 "WHERE rol_id = '".$a_rol_id."'";
00117 $this->ilDB->query($q);
00118
00119
00120 $this->deleteLocalRole($a_rol_id);
00121
00122 return true;
00123 }
00124
00131 function deleteTemplate($a_obj_id)
00132 {
00133 if (!isset($a_obj_id))
00134 {
00135 $message = get_class($this)."::deleteTemplate(): No obj_id given!";
00136 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00137 }
00138
00139 $q = "DELETE FROM rbac_templates ".
00140 "WHERE rol_id = '".$a_obj_id ."'";
00141 $this->ilDB->query($q);
00142
00143 $q = "DELETE FROM rbac_fa ".
00144 "WHERE rol_id = '".$a_obj_id ."'";
00145 $this->ilDB->query($q);
00146
00147 return true;
00148 }
00149
00157 function deleteLocalRole($a_rol_id,$a_ref_id = 0)
00158 {
00159 if (!isset($a_rol_id))
00160 {
00161 $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
00162 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00163 }
00164
00165
00166 if ($a_rol_id == SYSTEM_ROLE_ID)
00167 {
00168 return true;
00169 }
00170
00171 if ($a_ref_id != 0)
00172 {
00173 $clause = "AND parent = '".$a_ref_id."'";
00174 }
00175
00176 $q = "DELETE FROM rbac_fa ".
00177 "WHERE rol_id = '".$a_rol_id."' ".
00178 $clause;
00179
00180 $this->ilDB->query($q);
00181
00182 $q = "DELETE FROM rbac_templates ".
00183 "WHERE rol_id = '".$a_rol_id."' ".
00184 $clause;
00185 $this->ilDB->query($q);
00186
00187 return true;
00188 }
00189
00190
00200 function assignUser($a_rol_id,$a_usr_id,$a_default = false)
00201 {
00202 if (!isset($a_rol_id) or !isset($a_usr_id))
00203 {
00204 $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00205 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00206 }
00207
00208 $q = "REPLACE INTO rbac_ua ".
00209 "VALUES ('".$a_usr_id."','".$a_rol_id."')";
00210 $res = $this->ilDB->query($q);
00211
00212 return true;
00213 }
00214
00222 function deassignUser($a_rol_id,$a_usr_id)
00223 {
00224 if (!isset($a_rol_id) or !isset($a_usr_id))
00225 {
00226 $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00227 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00228 }
00229
00230 $q = "DELETE FROM rbac_ua ".
00231 "WHERE usr_id='".$a_usr_id."' ".
00232 "AND rol_id='".$a_rol_id."'";
00233 $this->ilDB->query($q);
00234
00235 return true;
00236 }
00237
00246 function grantPermission($a_rol_id,$a_ops,$a_ref_id)
00247 {
00248 if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
00249 {
00250 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
00251 "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
00252 }
00253
00254 if (!is_array($a_ops))
00255 {
00256 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
00257 $this->ilErr->WARNING);
00258 }
00259
00260 if (count($a_ops) == 0)
00261 {
00262 return false;
00263 }
00264
00265
00266 if ($a_rol_id == SYSTEM_ROLE_ID)
00267 {
00268 return true;
00269 }
00270
00271
00272 foreach ($a_ops as $key => $operation)
00273 {
00274 $a_ops[$key] = (int) $operation;
00275 }
00276
00277
00278 $ops_ids = addslashes(serialize($a_ops));
00279
00280 $q = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) ".
00281 "VALUES ".
00282 "('".$a_rol_id."','".$ops_ids."','".$a_ref_id."')";
00283 $this->ilDB->query($q);
00284
00285 return true;
00286 }
00287
00297 function revokePermission($a_ref_id,$a_rol_id = 0)
00298 {
00299 if (!isset($a_ref_id))
00300 {
00301 $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
00302 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00303 }
00304
00305
00306 if ($a_rol_id == SYSTEM_ROLE_ID)
00307 {
00308 return true;
00309 }
00310
00311 if ($a_rol_id)
00312 {
00313 $and1 = " AND rol_id = '".$a_rol_id."'";
00314 }
00315 else
00316 {
00317 $and1 = "";
00318 }
00319
00320
00321 $q = "DELETE FROM rbac_pa ".
00322 "WHERE ref_id = '".$a_ref_id."' ".
00323 $and1;
00324 $this->ilDB->query($q);
00325
00326 return true;
00327 }
00328
00336 function revokePermissionList($a_ref_ids,$a_rol_id)
00337 {
00338 if (!isset($a_ref_ids) or !is_array($a_ref_ids))
00339 {
00340 $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! object_list: ".$a_obj_ids;
00341 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00342 }
00343
00344 if (!isset($a_rol_id))
00345 {
00346 $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
00347 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00348 }
00349
00350
00351 if ($a_rol_id == SYSTEM_ROLE_ID)
00352 {
00353 return true;
00354 }
00355
00356 $ref_ids = implode(",",$a_ref_ids);
00357
00358
00359 $q = "DELETE FROM rbac_pa ".
00360 "WHERE ref_id IN (".$ref_ids.") ".
00361 "AND rol_id = ".$a_rol_id;
00362 $this->ilDB->query($q);
00363
00364 return true;
00365 }
00366
00377 function copyRolePermission($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id)
00378 {
00379 if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
00380 {
00381 $message = get_class($this)."::copyRolePermission(): Missing parameter! source_id: ".$a_source_id.
00382 " source_parent_id: ".$a_source_parent.
00383 " dest_id : ".$a_dest_id.
00384 " dest_parent_id: ".$a_dest_parent;
00385 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00386 }
00387
00388
00389 if ($a_dest_id == SYSTEM_ROLE_ID)
00390 {
00391 return true;
00392 }
00393
00394 $q = "SELECT * FROM rbac_templates ".
00395 "WHERE rol_id = '".$a_source_id."' ".
00396 "AND parent = '".$a_source_parent."'";
00397 $r = $this->ilDB->query($q);
00398
00399 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00400 {
00401 $q = "INSERT INTO rbac_templates ".
00402 "VALUES ".
00403 "('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
00404 $this->ilDB->query($q);
00405 }
00406
00407 return true;
00408 }
00422 function copyRolePermissionIntersection($a_source1_id,$a_source1_parent,$a_source2_id,$a_source2_parent,$a_dest_parent,$a_dest_id)
00423 {
00424 if (!isset($a_source1_id) or !isset($a_source1_parent)
00425 or !isset($a_source2_id) or !isset($a_source2_parent)
00426 or !isset($a_dest_id) or !isset($a_dest_parent))
00427 {
00428 $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
00429 " source1_parent: ".$a_source1_parent.
00430 " source2_id: ".$a_source2_id.
00431 " source2_parent: ".$a_source2_parent.
00432 " dest_id: ".$a_dest_id.
00433 " dest_parent_id: ".$a_dest_parent;
00434 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00435 }
00436
00437
00438 if ($a_dest_id == SYSTEM_ROLE_ID)
00439 {
00440 return true;
00441 }
00442
00443 $q = "SELECT s1.type, s1.ops_id ".
00444 "FROM rbac_templates AS s1, rbac_templates AS s2 ".
00445 "WHERE s1.rol_id = '".$a_source1_id."' ".
00446 "AND s1.parent = '".$a_source1_parent."' ".
00447 "AND s2.rol_id = '".$a_source2_id."' ".
00448 "AND s2.parent = '".$a_source2_parent."' ".
00449 "AND s1.type = s2.type ".
00450 "AND s1.ops_id = s2.ops_id";
00451 $r = $this->ilDB->query($q);
00452
00453 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00454 {
00455 $q = "INSERT INTO rbac_templates ".
00456 "VALUES ".
00457 "('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
00458 $this->ilDB->query($q);
00459 }
00460
00461 return true;
00462 }
00463
00474 function deleteRolePermission($a_rol_id,$a_ref_id,$a_type = false)
00475 {
00476 if (!isset($a_rol_id) or !isset($a_ref_id))
00477 {
00478 $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
00479 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00480 }
00481
00482
00483 if ($a_rol_id == SYSTEM_ROLE_ID)
00484 {
00485 return true;
00486 }
00487
00488 if ($a_type !== false)
00489 {
00490 $and_type = " AND type='".$a_type."'";
00491 }
00492
00493 $q = "DELETE FROM rbac_templates ".
00494 "WHERE rol_id = '".$a_rol_id."' ".
00495 "AND parent = '".$a_ref_id."'".
00496 $and_type;
00497 $this->ilDB->query($q);
00498
00499 return true;
00500 }
00501
00512 function setRolePermission($a_rol_id,$a_type,$a_ops,$a_ref_id)
00513 {
00514 if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
00515 {
00516 $message = get_class($this)."::setRolePermission(): Missing parameter!".
00517 " role_id: ".$a_rol_id.
00518 " type: ".$a_type.
00519 " operations: ".$a_ops.
00520 " ref_id: ".$a_ref_id;
00521 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00522 }
00523
00524 if (!is_string($a_type) or empty($a_type))
00525 {
00526 $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
00527 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00528 }
00529
00530 if (!is_array($a_ops) or empty($a_ops))
00531 {
00532 $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
00533 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00534 }
00535
00536
00537 if ($a_rol_id == SYSTEM_ROLE_ID)
00538 {
00539 return true;
00540 }
00541
00542 foreach ($a_ops as $op)
00543 {
00544 $q = "INSERT INTO rbac_templates ".
00545 "VALUES ".
00546 "('".$a_rol_id."','".$a_type."','".$op."','".$a_ref_id."')";
00547 $this->ilDB->query($q);
00548 }
00549
00550 return true;
00551 }
00552
00566 function assignRoleToFolder($a_rol_id,$a_parent,$a_assign = "y")
00567 {
00568 if (!isset($a_rol_id) or !isset($a_parent) or func_num_args() != 3)
00569 {
00570 $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
00571 " role_id: ".$a_rol_id.
00572 " parent_id: ".$a_parent.
00573 " assign: ".$a_assign;
00574 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00575 }
00576
00577
00578 if ($a_rol_id == SYSTEM_ROLE_ID)
00579 {
00580 return true;
00581 }
00582
00583
00584 if ($a_assign != "y")
00585 {
00586 $a_assign = "n";
00587 }
00588
00589 $q = "INSERT INTO rbac_fa (rol_id,parent,assign) ".
00590 "VALUES ('".$a_rol_id."','".$a_parent."','".$a_assign."')";
00591 $this->ilDB->query($q);
00592
00593 return true;
00594 }
00595
00604 function assignOperationToObject($a_type_id,$a_ops_id)
00605 {
00606 if (!isset($a_type_id) or !isset($a_ops_id))
00607 {
00608 $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
00609 "type_id: ".$a_type_id.
00610 "ops_id: ".$a_ops_id;
00611 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00612 }
00613
00614 $q = "INSERT INTO rbac_ta ".
00615 "VALUES('".$a_type_id."','".$a_ops_id."')";
00616 $this->ilDB->query($q);
00617
00618 return true;
00619 }
00620
00629 function deassignOperationFromObject($a_type_id,$a_ops_id)
00630 {
00631 if (!isset($a_type_id) or !isset($a_ops_id))
00632 {
00633 $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
00634 "type_id: ".$a_type_id.
00635 "ops_id: ".$a_ops_id;
00636 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00637 }
00638
00639 $q = "DELETE FROM rbac_ta ".
00640 "WHERE typ_id = '".$a_type_id."' ".
00641 "AND ops_id = '".$a_ops_id."'";
00642 $this->ilDB->query($q);
00643
00644 return true;
00645 }
00646 }
00647 ?>
