00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00038 class ilRbacReview
00039 {
00040 var $log = null;
00041
00046 function ilRbacReview()
00047 {
00048 global $ilDB,$ilErr,$ilias,$ilLog;
00049
00050 $this->log =& $ilLog;
00051
00052
00053 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00054
00055 if (!isset($ilErr))
00056 {
00057 $ilErr = new ilErrorHandling();
00058 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00059 }
00060 else
00061 {
00062 $this->ilErr =& $ilErr;
00063 }
00064 }
00065
00073 function roleExists($a_title,$a_id = 0)
00074 {
00075 if (empty($a_title))
00076 {
00077 $message = get_class($this)."::roleExists(): No title given!";
00078 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00079 }
00080
00081 $clause = ($a_id) ? " AND obj_id != '".$a_id."'" : "";
00082
00083 $q = "SELECT DISTINCT obj_id FROM object_data ".
00084 "WHERE title ='".addslashes($a_title)."' ".
00085 "AND type IN('role','rolt')".
00086 $clause;
00087 $r = $this->ilDB->query($q);
00088
00089 if ($r->numRows() == 1)
00090 {
00091 return true;
00092 }
00093 else
00094 {
00095 return false;
00096 }
00097 }
00098
00107 function getParentRoles($a_path,$a_templates = false)
00108 {
00109 if (!isset($a_path) or !is_array($a_path))
00110 {
00111 $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
00112 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00113 }
00114
00115 $parentRoles = array();
00116
00117 $child = $this->getAllRoleFolderIds();
00118
00119
00120 $in = " IN('";
00121 $in .= implode("','",$child);
00122 $in .= "') ";
00123
00124 foreach ($a_path as $path)
00125 {
00126
00127 $q = "SELECT * FROM tree ".
00128 "WHERE child ".$in.
00129 "AND parent = '".$path."'";
00130 $r = $this->ilDB->query($q);
00131
00132 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00133 {
00134 $roles = $this->getRoleListByObject($row->child,$a_templates);
00135
00136 foreach ($roles as $role)
00137 {
00138 $id = $role["obj_id"];
00139
00140 $role["parent"] = $row->child;
00141 $parentRoles[$id] = $role;
00142 }
00143 }
00144 }
00145
00146 return $parentRoles;
00147 }
00148
00157 function getParentRoleIds($a_endnode_id,$a_templates = false)
00158 {
00159 global $tree;
00160
00161 if (!isset($a_endnode_id))
00162 {
00163 $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
00164 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00165 }
00166
00167 $pathIds = $tree->getPathId($a_endnode_id);
00168
00169
00170 $pathIds[0] = SYSTEM_FOLDER_ID;
00171
00172 return $this->getParentRoles($pathIds,$a_templates);
00173 }
00174
00182 function getRoleListByObject($a_ref_id,$a_templates = false)
00183 {
00184 if (!isset($a_ref_id) or !isset($a_templates))
00185 {
00186 $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
00187 "ref_id: ".$a_ref_id.
00188 "tpl_flag: ".$a_templates;
00189 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00190 }
00191
00192 $role_list = array();
00193
00194 $where = $this->setTemplateFilter($a_templates);
00195
00196 $q = "SELECT * FROM object_data ".
00197 "JOIN rbac_fa ".$where.
00198 "AND object_data.obj_id = rbac_fa.rol_id ".
00199 "AND rbac_fa.parent = '".$a_ref_id."'";
00200 $r = $this->ilDB->query($q);
00201
00202 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00203 {
00204 $role_list[] = fetchObjectData($row);
00205 }
00206
00207 $role_list = $this->setRoleType($role_list);
00208
00209 return $role_list;
00210 }
00211
00218 function getAssignableRoles($a_templates = false,$a_internal_roles = false)
00219 {
00220 $role_list = array();
00221
00222 $where = $this->setTemplateFilter($a_templates);
00223
00224 $q = "SELECT DISTINCT * FROM object_data ".
00225 "JOIN rbac_fa ".$where.
00226 "AND object_data.obj_id = rbac_fa.rol_id ".
00227 "AND rbac_fa.assign = 'y'";
00228 $r = $this->ilDB->query($q);
00229
00230 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00231 {
00232
00233 $role_list[] = fetchObjectData($row);
00234 }
00235
00236 $role_list = $this->setRoleType($role_list);
00237
00238 return $role_list;
00239 }
00240
00247 function getAssignableChildRoles($a_ref_id)
00248 {
00249 global $tree;
00250
00251 $roles_data = $this->getAssignableRoles();
00252
00253
00254 foreach($roles_data as $role)
00255 {
00256 if($tree->isGrandChild($a_ref_id,$role['parent']))
00257 {
00258 $filtered[] = $role;
00259 }
00260 }
00261 return $filtered ? $filtered : array();
00262 }
00263
00270 function setTemplateFilter($a_templates)
00271 {
00272 if ($a_templates === true)
00273 {
00274 $where = "WHERE object_data.type IN ('role','rolt') ";
00275 }
00276 else
00277 {
00278 $where = "WHERE object_data.type = 'role' ";
00279 }
00280
00281 return $where;
00282 }
00283
00295 function setRoleType($a_role_list)
00296 {
00297 foreach ($a_role_list as $key => $val)
00298 {
00299
00300 if ($val["type"] == "rolt")
00301 {
00302 $a_role_list[$key]["role_type"] = "template";
00303 }
00304 else
00305 {
00306 if ($val["assign"] == "y")
00307 {
00308 if ($val["parent"] == ROLE_FOLDER_ID)
00309 {
00310 $a_role_list[$key]["role_type"] = "global";
00311 }
00312 else
00313 {
00314 $a_role_list[$key]["role_type"] = "local";
00315 }
00316 }
00317 else
00318 {
00319 $a_role_list[$key]["role_type"] = "linked";
00320 }
00321 }
00322 }
00323
00324 return $a_role_list;
00325 }
00326
00334 function assignedUsers($a_rol_id, $a_fields = NULL)
00335 {
00336 global $ilBench;
00337
00338 $ilBench->start("RBAC", "review_assignedUsers");
00339
00340 if (!isset($a_rol_id))
00341 {
00342 $message = get_class($this)."::assignedUsers(): No role_id given!";
00343 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00344 }
00345
00346 $result_arr = array();
00347
00348 if ($a_fields !== NULL and is_array($a_fields))
00349 {
00350 if (count($a_fields) == 0)
00351 {
00352 $select = "*";
00353 }
00354 else
00355 {
00356 if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
00357 unset($a_fields[$usr_id_field]);
00358
00359 $select = implode(",",$a_fields).",usr_data.usr_id";
00360 }
00361
00362 $q = "SELECT ".$select." FROM usr_data ".
00363 "LEFT JOIN rbac_ua ON usr_data.usr_id=rbac_ua.usr_id ".
00364 "WHERE rbac_ua.rol_id='".$a_rol_id."'";
00365 $r = $this->ilDB->query($q);
00366
00367 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00368 {
00369 $result_arr[] = $row;
00370 }
00371 }
00372 else
00373 {
00374 $q = "SELECT usr_id FROM rbac_ua WHERE rol_id='".$a_rol_id."'";
00375 $r = $this->ilDB->query($q);
00376
00377 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00378 {
00379 array_push($result_arr,$row["usr_id"]);
00380 }
00381 }
00382
00383 $ilBench->stop("RBAC", "review_assignedUsers");
00384
00385 return $result_arr;
00386 }
00387
00395 function isAssigned($a_usr_id,$a_role_id)
00396 {
00397 return in_array($a_usr_id,$this->assignedUsers($a_role_id));
00398 }
00399
00406 function assignedRoles($a_usr_id)
00407 {
00408 if (!isset($a_usr_id))
00409 {
00410 $message = get_class($this)."::assignedRoles(): No user_id given!";
00411 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00412 }
00413
00414 $role_arr = array();
00415
00416 $q = "SELECT rol_id FROM rbac_ua WHERE usr_id = '".$a_usr_id."'";
00417 $r = $this->ilDB->query($q);
00418
00419 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00420 {
00421 $role_arr[] = $row->rol_id;
00422 }
00423
00424 if (!count($role_arr))
00425 {
00426 $message = get_class($this)."::assignedRoles(): No assigned roles found or user does not exist!";
00427 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00428 }
00429
00430 return $role_arr;
00431 }
00432
00440 function isAssignable($a_rol_id, $a_ref_id)
00441 {
00442 global $ilBench;
00443
00444 $ilBench->start("RBAC", "review_isAssignable");
00445
00446
00447 if ($a_rol_id == SYSTEM_ROLE_ID)
00448 {
00449 $ilBench->stop("RBAC", "review_isAssignable");
00450
00451 return true;
00452 }
00453
00454 if (!isset($a_rol_id) or !isset($a_ref_id))
00455 {
00456 $message = get_class($this)."::isAssignable(): Missing parameter!".
00457 " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
00458 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00459 }
00460
00461 $q = "SELECT * FROM rbac_fa ".
00462 "WHERE rol_id = '".$a_rol_id."' ".
00463 "AND parent = '".$a_ref_id."'";
00464 $row = $this->ilDB->getRow($q);
00465
00466 $ilBench->stop("RBAC", "review_isAssignable");
00467
00468 return $row->assign == 'y' ? true : false;
00469 }
00470
00481 function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
00482 {
00483 if (!isset($a_rol_id))
00484 {
00485 $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
00486 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00487 }
00488
00489 if ($a_assignable)
00490 {
00491 $where = " AND assign ='y'";
00492 }
00493
00494 $q = "SELECT DISTINCT parent FROM rbac_fa ".
00495 "WHERE rol_id = '".$a_rol_id."'".$where;
00496 $r = $this->ilDB->query($q);
00497
00498 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00499 {
00500 $folders[] = $row->parent;
00501 }
00502
00503 return $folders ? $folders : array();
00504 }
00505
00514 function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
00515 {
00516 global $ilBench;
00517
00518 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
00519
00520 if (!isset($a_ref_id))
00521 {
00522 $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
00523 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00524 }
00525
00526 if ($a_nonassignable === false)
00527 {
00528 $and = " AND assign='y'";
00529 }
00530
00531 $q = "SELECT rol_id FROM rbac_fa ".
00532 "WHERE parent = '".$a_ref_id."'".
00533 $and;
00534 $r = $this->ilDB->query($q);
00535
00536 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00537 {
00538 $rol_id[] = $row->rol_id;
00539 }
00540
00541 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
00542
00543 return $rol_id ? $rol_id : array();
00544 }
00545
00551 function getGlobalRoles()
00552 {
00553 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
00554 }
00555
00561 function getGlobalRolesArray()
00562 {
00563 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
00564 {
00565 $ga[] = array('obj_id' => $role_id,
00566 'role_type' => 'global');
00567 }
00568 return $ga ? $ga : array();
00569 }
00570
00576 function getGlobalAssignableRoles()
00577 {
00578 include_once './classes/class.ilObjRole.php';
00579
00580 foreach($this->getGlobalRoles() as $role_id)
00581 {
00582 if(ilObjRole::_getAssignUsersStatus($role_id))
00583 {
00584 $ga[] = array('obj_id' => $role_id,
00585 'role_type' => 'global');
00586 }
00587 }
00588 return $ga ? $ga : array();
00589 }
00590
00596 function getAllRoleFolderIds()
00597 {
00598 $parent = array();
00599
00600 $q = "SELECT DISTINCT parent FROM rbac_fa";
00601 $r = $this->ilDB->query($q);
00602
00603 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00604 {
00605 $parent[] = $row->parent;
00606 }
00607
00608 return $parent;
00609 }
00610
00617 function getRoleFolderOfObject($a_ref_id)
00618 {
00619 global $tree,$ilBench;
00620
00621 $ilBench->start("RBAC", "review_getRoleFolderOfObject");
00622
00623 if (!isset($a_ref_id))
00624 {
00625 $message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
00626 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00627 }
00628
00629 $childs = $tree->getChildsByType($a_ref_id,"rolf");
00630
00631 $ilBench->stop("RBAC", "review_getRoleFolderOfObject");
00632
00633 return $childs[0] ? $childs[0] : array();
00634 }
00635
00645 function getOperationsOfRole($a_rol_id,$a_type,$a_parent = 0)
00646 {
00647 if (!isset($a_rol_id) or !isset($a_type))
00648 {
00649 $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
00650 "role_id: ".$a_rol_id.
00651 "type: ".$a_type.
00652 "parent_id: ".$a_parent;
00653 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00654 }
00655
00656 $ops_arr = array();
00657
00658
00659 if ($a_parent == 0)
00660 {
00661 $a_parent = ROLE_FOLDER_ID;
00662 }
00663
00664 $q = "SELECT ops_id FROM rbac_templates ".
00665 "WHERE type ='".$a_type."' ".
00666 "AND rol_id = '".$a_rol_id."' ".
00667 "AND parent = '".$a_parent."'";
00668 $r = $this->ilDB->query($q);
00669
00670 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00671 {
00672 $ops_arr[] = $row->ops_id;
00673 }
00674
00675 return $ops_arr;
00676 }
00677
00678 function getRoleOperationsOnObject($a_role_id,$a_ref_id)
00679 {
00680 $query = "SELECT * FROM rbac_pa ".
00681 "WHERE rol_id = '".$a_role_id."' ".
00682 "AND ref_id = '".$a_ref_id."'";
00683
00684 $res = $this->ilDB->query($query);
00685 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00686 {
00687 $ops = unserialize(stripslashes($row->ops_id));
00688 }
00689
00690 return $ops ? $ops : array();
00691 }
00692
00699 function getOperationsOnType($a_typ_id)
00700 {
00701 if (!isset($a_typ_id))
00702 {
00703 $message = get_class($this)."::getOperationsOnType(): No type_id given!";
00704 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00705 }
00706
00707 $q = "SELECT * FROM rbac_ta WHERE typ_id = '".$a_typ_id."'";
00708 $r = $this->ilDB->query($q);
00709
00710 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00711 {
00712 $ops_id[] = $row->ops_id;
00713 }
00714
00715 return $ops_id ? $ops_id : array();
00716 }
00717
00725 function getObjectsWithStopedInheritance($a_rol_id)
00726 {
00727 $tree = new ilTree(ROOT_FOLDER_ID);
00728
00729 if (!isset($a_rol_id))
00730 {
00731 $message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
00732 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00733 }
00734
00735 $all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
00736
00737 foreach ($all_rolf_ids as $rolf_id)
00738 {
00739 $parent[] = $tree->getParentId($rolf_id);
00740 }
00741
00742 return $parent ? $parent : array();
00743 }
00744
00751 function isDeleted($a_node_id)
00752 {
00753 $q = "SELECT tree FROM tree WHERE child ='".$a_node_id."'";
00754 $r = $this->ilDB->query($q);
00755
00756 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00757
00758 if (!$row)
00759 {
00760 $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
00761 get_class($this),
00762 $a_node_id);
00763 $this->log->write($message,$this->log->FATAL);
00764
00765 return true;
00766 }
00767
00768
00769 if ($row->tree < 0)
00770 {
00771 return true;
00772 }
00773
00774 return false;
00775 }
00776
00777 function getRolesByFilter($a_filter = 0,$a_user_id = 0)
00778 {
00779 $assign = "y";
00780
00781 switch($a_filter)
00782 {
00783
00784 case 1:
00785 return $this->getAssignableRoles();
00786 break;
00787
00788
00789 case 2:
00790 $where = "WHERE rbac_fa.rol_id IN ";
00791 $where .= '(';
00792 $where .= implode(',',$this->getGlobalRoles());
00793 $where .= ')';
00794 break;
00795
00796
00797 case 3:
00798 case 4:
00799 case 5:
00800 $where = "WHERE rbac_fa.rol_id NOT IN ";
00801 $where .= '(';
00802 $where .= implode(',',$this->getGlobalRoles());
00803 $where .= ')';
00804 break;
00805
00806
00807 case 6:
00808 $where = "WHERE object_data.type = 'rolt'";
00809 $assign = "n";
00810 break;
00811
00812
00813 case 0:
00814 default:
00815 if (!$a_user_id) return array();
00816
00817 $where = "WHERE rbac_fa.rol_id IN ";
00818 $where .= '(';
00819 $where .= implode(',',$this->assignedRoles($a_user_id));
00820 $where .= ')';
00821 break;
00822 }
00823
00824 $roles = array();
00825
00826 $q = "SELECT DISTINCT * FROM object_data ".
00827 "JOIN rbac_fa ".$where.
00828 "AND object_data.obj_id = rbac_fa.rol_id ".
00829 "AND rbac_fa.assign = '".$assign."'";
00830 $r = $this->ilDB->query($q);
00831
00832 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00833 {
00834 $prefix = (substr($row->title,0,3) == "il_") ? true : false;
00835
00836
00837 if ($a_filter == 4 and !$prefix)
00838 {
00839 continue;
00840 }
00841
00842
00843 if ($a_filter == 5 and $prefix)
00844 {
00845 continue;
00846 }
00847
00848 $roles[] = fetchObjectData($row);
00849 }
00850
00851 $roles = $this->setRoleType($roles);
00852
00853 return $roles ? $roles : array();
00854 }
00855 }
00856 ?>
