00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00038 class ilRbacAdmin
00039 {
00044 function ilRbacAdmin()
00045 {
00046 global $ilDB,$ilErr,$ilias;
00047
00048
00049 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00050
00051 if (!isset($ilErr))
00052 {
00053 $ilErr = new ilErrorHandling();
00054 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00055 }
00056 else
00057 {
00058 $this->ilErr =& $ilErr;
00059 }
00060 }
00061
00069 function removeUser($a_usr_id)
00070 {
00071 if (!isset($a_usr_id))
00072 {
00073 $message = get_class($this)."::removeUser(): No usr_id given!";
00074 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00075 }
00076
00077 $q = "DELETE FROM rbac_ua WHERE usr_id='".$a_usr_id."'";
00078 $this->ilDB->query($q);
00079
00080 return true;
00081 }
00082
00090 function deleteRole($a_rol_id,$a_ref_id)
00091 {
00092 global $lng;
00093
00094 if (!isset($a_rol_id) or !isset($a_ref_id))
00095 {
00096 $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
00097 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00098 }
00099
00100
00101 if ($a_rol_id == SYSTEM_ROLE_ID)
00102 {
00103 $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
00104 }
00105
00106
00107
00108
00109
00110 $q = "DELETE FROM rbac_ua ".
00111 "WHERE rol_id = '".$a_rol_id ."'";
00112 $this->ilDB->query($q);
00113
00114
00115 $q = "DELETE FROM rbac_pa ".
00116 "WHERE rol_id = '".$a_rol_id."'";
00117 $this->ilDB->query($q);
00118
00119
00120 $this->deleteLocalRole($a_rol_id);
00121
00122 return true;
00123 }
00124
00131 function deleteTemplate($a_obj_id)
00132 {
00133 if (!isset($a_obj_id))
00134 {
00135 $message = get_class($this)."::deleteTemplate(): No obj_id given!";
00136 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00137 }
00138
00139 $q = "DELETE FROM rbac_templates ".
00140 "WHERE rol_id = '".$a_obj_id ."'";
00141 $this->ilDB->query($q);
00142
00143 $q = "DELETE FROM rbac_fa ".
00144 "WHERE rol_id = '".$a_obj_id ."'";
00145 $this->ilDB->query($q);
00146
00147 return true;
00148 }
00149
00157 function deleteLocalRole($a_rol_id,$a_ref_id = 0)
00158 {
00159 if (!isset($a_rol_id))
00160 {
00161 $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
00162 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00163 }
00164
00165
00166 if ($a_rol_id == SYSTEM_ROLE_ID)
00167 {
00168 return true;
00169 }
00170
00171 if ($a_ref_id != 0)
00172 {
00173 $clause = "AND parent = '".$a_ref_id."'";
00174 }
00175
00176 $q = "DELETE FROM rbac_fa ".
00177 "WHERE rol_id = '".$a_rol_id."' ".
00178 $clause;
00179
00180 $this->ilDB->query($q);
00181
00182 $q = "DELETE FROM rbac_templates ".
00183 "WHERE rol_id = '".$a_rol_id."' ".
00184 $clause;
00185 $this->ilDB->query($q);
00186
00187 return true;
00188 }
00189
00190
00200 function assignUser($a_rol_id,$a_usr_id,$a_default = false)
00201 {
00202 if (!isset($a_rol_id) or !isset($a_usr_id))
00203 {
00204 $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00205 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00206 }
00207
00208 $q = "REPLACE INTO rbac_ua ".
00209 "VALUES ('".$a_usr_id."','".$a_rol_id."')";
00210 $res = $this->ilDB->query($q);
00211
00212
00213 include_once './classes/class.ilRoleDesktopItem.php';
00214
00215 $role_desk_item_obj =& new ilRoleDesktopItem($a_rol_id);
00216
00217 if(is_object($tmp_user = ilObjectFactory::getInstanceByObjId($a_usr_id,false)))
00218 {
00219 foreach($role_desk_item_obj->getAll() as $item_data)
00220 {
00221 if(!$tmp_user->isDesktopItem($item_data['item_id'],$item_data['item_type']))
00222 {
00223 $tmp_user->addDesktopItem($item_data['item_id'],$item_data['item_type']);
00224 }
00225 }
00226 }
00227 return true;
00228 }
00229
00237 function deassignUser($a_rol_id,$a_usr_id)
00238 {
00239 if (!isset($a_rol_id) or !isset($a_usr_id))
00240 {
00241 $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00242 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00243 }
00244
00245 $q = "DELETE FROM rbac_ua ".
00246 "WHERE usr_id='".$a_usr_id."' ".
00247 "AND rol_id='".$a_rol_id."'";
00248 $this->ilDB->query($q);
00249
00250 return true;
00251 }
00252
00261 function grantPermission($a_rol_id,$a_ops,$a_ref_id)
00262 {
00263 if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
00264 {
00265 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
00266 "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
00267 }
00268
00269 if (!is_array($a_ops))
00270 {
00271 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
00272 $this->ilErr->WARNING);
00273 }
00274
00275 if (count($a_ops) == 0)
00276 {
00277 return false;
00278 }
00279
00280
00281 if ($a_rol_id == SYSTEM_ROLE_ID)
00282 {
00283 return true;
00284 }
00285
00286
00287 foreach ($a_ops as $key => $operation)
00288 {
00289 $a_ops[$key] = (int) $operation;
00290 }
00291
00292
00293 $ops_ids = addslashes(serialize($a_ops));
00294
00295 $q = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) ".
00296 "VALUES ".
00297 "('".$a_rol_id."','".$ops_ids."','".$a_ref_id."')";
00298 $this->ilDB->query($q);
00299
00300 return true;
00301 }
00302
00312 function revokePermission($a_ref_id,$a_rol_id = 0)
00313 {
00314 if (!isset($a_ref_id))
00315 {
00316 $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
00317 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00318 }
00319
00320
00321 if ($a_rol_id == SYSTEM_ROLE_ID)
00322 {
00323 return true;
00324 }
00325
00326 if ($a_rol_id)
00327 {
00328 $and1 = " AND rol_id = '".$a_rol_id."'";
00329 }
00330 else
00331 {
00332 $and1 = "";
00333 }
00334
00335
00336 $q = "DELETE FROM rbac_pa ".
00337 "WHERE ref_id = '".$a_ref_id."' ".
00338 $and1;
00339 $this->ilDB->query($q);
00340
00341 return true;
00342 }
00343
00351 function revokePermissionList($a_ref_ids,$a_rol_id)
00352 {
00353 if (!isset($a_ref_ids) or !is_array($a_ref_ids))
00354 {
00355 $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! object_list: ".$a_obj_ids;
00356 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00357 }
00358
00359 if (!isset($a_rol_id))
00360 {
00361 $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
00362 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00363 }
00364
00365
00366 if ($a_rol_id == SYSTEM_ROLE_ID)
00367 {
00368 return true;
00369 }
00370
00371 $ref_ids = implode(",",$a_ref_ids);
00372
00373
00374 $q = "DELETE FROM rbac_pa ".
00375 "WHERE ref_id IN (".$ref_ids.") ".
00376 "AND rol_id = ".$a_rol_id;
00377 $this->ilDB->query($q);
00378
00379 return true;
00380 }
00381
00392 function copyRolePermission($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id)
00393 {
00394 if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
00395 {
00396 $message = get_class($this)."::copyRolePermission(): Missing parameter! source_id: ".$a_source_id.
00397 " source_parent_id: ".$a_source_parent.
00398 " dest_id : ".$a_dest_id.
00399 " dest_parent_id: ".$a_dest_parent;
00400 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00401 }
00402
00403
00404 if ($a_dest_id == SYSTEM_ROLE_ID)
00405 {
00406 return true;
00407 }
00408
00409 $q = "SELECT * FROM rbac_templates ".
00410 "WHERE rol_id = '".$a_source_id."' ".
00411 "AND parent = '".$a_source_parent."'";
00412 $r = $this->ilDB->query($q);
00413
00414 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00415 {
00416 $q = "INSERT INTO rbac_templates ".
00417 "VALUES ".
00418 "('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
00419 $this->ilDB->query($q);
00420 }
00421
00422 return true;
00423 }
00437 function copyRolePermissionIntersection($a_source1_id,$a_source1_parent,$a_source2_id,$a_source2_parent,$a_dest_parent,$a_dest_id)
00438 {
00439 if (!isset($a_source1_id) or !isset($a_source1_parent)
00440 or !isset($a_source2_id) or !isset($a_source2_parent)
00441 or !isset($a_dest_id) or !isset($a_dest_parent))
00442 {
00443 $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
00444 " source1_parent: ".$a_source1_parent.
00445 " source2_id: ".$a_source2_id.
00446 " source2_parent: ".$a_source2_parent.
00447 " dest_id: ".$a_dest_id.
00448 " dest_parent_id: ".$a_dest_parent;
00449 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00450 }
00451
00452
00453 if ($a_dest_id == SYSTEM_ROLE_ID)
00454 {
00455 return true;
00456 }
00457
00458 $q = "SELECT s1.type, s1.ops_id ".
00459 "FROM rbac_templates AS s1, rbac_templates AS s2 ".
00460 "WHERE s1.rol_id = '".$a_source1_id."' ".
00461 "AND s1.parent = '".$a_source1_parent."' ".
00462 "AND s2.rol_id = '".$a_source2_id."' ".
00463 "AND s2.parent = '".$a_source2_parent."' ".
00464 "AND s1.type = s2.type ".
00465 "AND s1.ops_id = s2.ops_id";
00466 $r = $this->ilDB->query($q);
00467
00468 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00469 {
00470 $q = "INSERT INTO rbac_templates ".
00471 "VALUES ".
00472 "('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
00473 $this->ilDB->query($q);
00474 }
00475
00476 return true;
00477 }
00478
00489 function deleteRolePermission($a_rol_id,$a_ref_id,$a_type = false)
00490 {
00491 if (!isset($a_rol_id) or !isset($a_ref_id))
00492 {
00493 $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
00494 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00495 }
00496
00497
00498 if ($a_rol_id == SYSTEM_ROLE_ID)
00499 {
00500 return true;
00501 }
00502
00503 if ($a_type !== false)
00504 {
00505 $and_type = " AND type='".$a_type."'";
00506 }
00507
00508 $q = "DELETE FROM rbac_templates ".
00509 "WHERE rol_id = '".$a_rol_id."' ".
00510 "AND parent = '".$a_ref_id."'".
00511 $and_type;
00512 $this->ilDB->query($q);
00513
00514 return true;
00515 }
00516
00527 function setRolePermission($a_rol_id,$a_type,$a_ops,$a_ref_id)
00528 {
00529 if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
00530 {
00531 $message = get_class($this)."::setRolePermission(): Missing parameter!".
00532 " role_id: ".$a_rol_id.
00533 " type: ".$a_type.
00534 " operations: ".$a_ops.
00535 " ref_id: ".$a_ref_id;
00536 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00537 }
00538
00539 if (!is_string($a_type) or empty($a_type))
00540 {
00541 $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
00542 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00543 }
00544
00545 if (!is_array($a_ops) or empty($a_ops))
00546 {
00547 $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
00548 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00549 }
00550
00551
00552 if ($a_rol_id == SYSTEM_ROLE_ID)
00553 {
00554 return true;
00555 }
00556
00557 foreach ($a_ops as $op)
00558 {
00559 $q = "INSERT INTO rbac_templates ".
00560 "VALUES ".
00561 "('".$a_rol_id."','".$a_type."','".$op."','".$a_ref_id."')";
00562 $this->ilDB->query($q);
00563 }
00564
00565 return true;
00566 }
00567
00581 function assignRoleToFolder($a_rol_id,$a_parent,$a_assign = "y")
00582 {
00583 if (!isset($a_rol_id) or !isset($a_parent) or func_num_args() != 3)
00584 {
00585 $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
00586 " role_id: ".$a_rol_id.
00587 " parent_id: ".$a_parent.
00588 " assign: ".$a_assign;
00589 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00590 }
00591
00592
00593 if ($a_rol_id == SYSTEM_ROLE_ID)
00594 {
00595 return true;
00596 }
00597
00598
00599 if ($a_assign != "y")
00600 {
00601 $a_assign = "n";
00602 }
00603
00604 $q = "INSERT INTO rbac_fa (rol_id,parent,assign) ".
00605 "VALUES ('".$a_rol_id."','".$a_parent."','".$a_assign."')";
00606 $this->ilDB->query($q);
00607
00608 return true;
00609 }
00610
00619 function assignOperationToObject($a_type_id,$a_ops_id)
00620 {
00621 if (!isset($a_type_id) or !isset($a_ops_id))
00622 {
00623 $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
00624 "type_id: ".$a_type_id.
00625 "ops_id: ".$a_ops_id;
00626 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00627 }
00628
00629 $q = "INSERT INTO rbac_ta ".
00630 "VALUES('".$a_type_id."','".$a_ops_id."')";
00631 $this->ilDB->query($q);
00632
00633 return true;
00634 }
00635
00644 function deassignOperationFromObject($a_type_id,$a_ops_id)
00645 {
00646 if (!isset($a_type_id) or !isset($a_ops_id))
00647 {
00648 $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
00649 "type_id: ".$a_type_id.
00650 "ops_id: ".$a_ops_id;
00651 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00652 }
00653
00654 $q = "DELETE FROM rbac_ta ".
00655 "WHERE typ_id = '".$a_type_id."' ".
00656 "AND ops_id = '".$a_ops_id."'";
00657 $this->ilDB->query($q);
00658
00659 return true;
00660 }
00661 }
00662 ?>
