Public Member Functions | |
| ilRbacAdmin () | |
| Constructor public. | |
| removeUser ($a_usr_id) | |
| deletes a user from rbac_ua all user <-> role relations are deleted public | |
| deleteRole ($a_rol_id, $a_ref_id) | |
| Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. | |
| deleteTemplate ($a_obj_id) | |
| Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public. | |
| deleteLocalRole ($a_rol_id, $a_ref_id=0) | |
| Deletes a local role and entries in rbac_fa and rbac_templates public. | |
| assignUser ($a_rol_id, $a_usr_id, $a_default=false) | |
| Assigns an user to a role. | |
| deassignUser ($a_rol_id, $a_usr_id) | |
| Deassigns a user from a role. | |
| grantPermission ($a_rol_id, $a_ops, $a_ref_id) | |
| Grants a permission to an object and a specific role. | |
| revokePermission ($a_ref_id, $a_rol_id=0) | |
| Revokes permissions of an object of one role. | |
| revokePermissionList ($a_ref_ids, $a_rol_id) | |
| Revokes permissions of a LIST of objects of ONE role. | |
| copyRolePermission ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id) | |
| Copies template permissions of one role to another. | |
| copyRolePermissionIntersection ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id) | |
| Copies the intersection of the template permissions of two roles to a third role. | |
| deleteRolePermission ($a_rol_id, $a_ref_id, $a_type=false) | |
| Deletes all entries of a template. | |
| setRolePermission ($a_rol_id, $a_type, $a_ops, $a_ref_id) | |
| Inserts template permissions in rbac_templates for an specific object type. | |
| assignRoleToFolder ($a_rol_id, $a_parent, $a_assign="y") | |
| Assigns a role to an role folder A role folder is an object to store roles. | |
| assignOperationToObject ($a_type_id, $a_ops_id) | |
| Assign an existing operation to an object Update of rbac_ta. | |
| deassignOperationFromObject ($a_type_id, $a_ops_id) | |
| Deassign an existing operation from an object Update of rbac_ta public. | |
Detailed Description
Definition at line 38 of file class.ilRbacAdmin.php.
Member Function Documentation
| ilRbacAdmin::assignOperationToObject | ( | $ | a_type_id, | |
| $ | a_ops_id | |||
| ) |
Assign an existing operation to an object Update of rbac_ta.
public
- Parameters:
-
integer object type integer operation_id
- Returns:
- boolean
Definition at line 619 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_type_id) or !isset($a_ops_id))
{
$message = get_class($this)."::assignOperationToObject(): Missing parameter!".
"type_id: ".$a_type_id.
"ops_id: ".$a_ops_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "INSERT INTO rbac_ta ".
"VALUES('".$a_type_id."','".$a_ops_id."')";
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::assignRoleToFolder | ( | $ | a_rol_id, | |
| $ | a_parent, | |||
| $ | a_assign = "y" | |||
| ) |
Assigns a role to an role folder A role folder is an object to store roles.
Every role is assigned to minimum one role folder If the inheritance of a role is stopped, a new role template will created, and the role is assigned to minimum two role folders. All roles with stopped inheritance need the flag '$a_assign = false'
public
- Parameters:
-
integer object id of role integer ref_id of role folder string assignable('y','n'); default: 'y'
- Returns:
- boolean
Definition at line 581 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_rol_id) or !isset($a_parent))
{
$message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
" role_id: ".$a_rol_id.
" parent_id: ".$a_parent.
" assign: ".$a_assign;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
// if a wrong value is passed, always set assign to "n"
if ($a_assign != "y")
{
$a_assign = "n";
}
$q = "INSERT INTO rbac_fa (rol_id,parent,assign) ".
"VALUES ('".$a_rol_id."','".$a_parent."','".$a_assign."')";
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::assignUser | ( | $ | a_rol_id, | |
| $ | a_usr_id, | |||
| $ | a_default = false | |||
| ) |
Assigns an user to a role.
Update of table rbac_ua TODO: remove deprecated 3rd parameter sometime public
- Parameters:
-
integer object_id of role integer object_id of user boolean true means default role (optional
- Returns:
- boolean
Definition at line 200 of file class.ilRbacAdmin.php.
References $q, $res, $tmp_user, and ilObjectFactory::getInstanceByObjId().
{
if (!isset($a_rol_id) or !isset($a_usr_id))
{
$message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "REPLACE INTO rbac_ua ".
"VALUES ('".$a_usr_id."','".$a_rol_id."')";
$res = $this->ilDB->query($q);
// Finally assign desktop items assigned to this role
include_once './classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj =& new ilRoleDesktopItem($a_rol_id);
if(is_object($tmp_user = ilObjectFactory::getInstanceByObjId($a_usr_id,false)))
{
foreach($role_desk_item_obj->getAll() as $item_data)
{
if(!$tmp_user->isDesktopItem($item_data['item_id'],$item_data['item_type']))
{
$tmp_user->addDesktopItem($item_data['item_id'],$item_data['item_type']);
}
}
}
return true;
}
Here is the call graph for this function:
| ilRbacAdmin::copyRolePermission | ( | $ | a_source_id, | |
| $ | a_source_parent, | |||
| $ | a_dest_parent, | |||
| $ | a_dest_id | |||
| ) |
Copies template permissions of one role to another.
It's also possible to copy template permissions from/to RoleTemplateObject public
- Parameters:
-
integer $a_source_id role_id source integer $a_source_parent parent_id source integer $a_dest_parent parent_id destination integer $a_dest_id role_id destination
- Returns:
- boolean
Definition at line 392 of file class.ilRbacAdmin.php.
{
if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
{
$message = get_class($this)."::copyRolePermission(): Missing parameter! source_id: ".$a_source_id.
" source_parent_id: ".$a_source_parent.
" dest_id : ".$a_dest_id.
" dest_parent_id: ".$a_dest_parent;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_dest_id == SYSTEM_ROLE_ID)
{
return true;
}
$q = "SELECT * FROM rbac_templates ".
"WHERE rol_id = '".$a_source_id."' ".
"AND parent = '".$a_source_parent."'";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$q = "INSERT INTO rbac_templates ".
"VALUES ".
"('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
$this->ilDB->query($q);
}
return true;
}
| ilRbacAdmin::copyRolePermissionIntersection | ( | $ | a_source1_id, | |
| $ | a_source1_parent, | |||
| $ | a_source2_id, | |||
| $ | a_source2_parent, | |||
| $ | a_dest_parent, | |||
| $ | a_dest_id | |||
| ) |
Copies the intersection of the template permissions of two roles to a third role.
public
- Parameters:
-
integer $a_source1_id role_id source integer $a_source1_parent parent_id source integer $a_source2_id role_id source integer $a_source2_parent parent_id source integer $a_dest_id role_id destination integer $a_dest_parent parent_id destination
- Returns:
- boolean
Definition at line 437 of file class.ilRbacAdmin.php.
{
if (!isset($a_source1_id) or !isset($a_source1_parent)
or !isset($a_source2_id) or !isset($a_source2_parent)
or !isset($a_dest_id) or !isset($a_dest_parent))
{
$message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
" source1_parent: ".$a_source1_parent.
" source2_id: ".$a_source2_id.
" source2_parent: ".$a_source2_parent.
" dest_id: ".$a_dest_id.
" dest_parent_id: ".$a_dest_parent;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_dest_id == SYSTEM_ROLE_ID)
{
return true;
}
$q = "SELECT s1.type, s1.ops_id ".
"FROM rbac_templates AS s1, rbac_templates AS s2 ".
"WHERE s1.rol_id = '".$a_source1_id."' ".
"AND s1.parent = '".$a_source1_parent."' ".
"AND s2.rol_id = '".$a_source2_id."' ".
"AND s2.parent = '".$a_source2_parent."' ".
"AND s1.type = s2.type ".
"AND s1.ops_id = s2.ops_id";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$q = "INSERT INTO rbac_templates ".
"VALUES ".
"('".$a_dest_id."','".$row->type."','".$row->ops_id."','".$a_dest_parent."')";
$this->ilDB->query($q);
}
return true;
}
| ilRbacAdmin::deassignOperationFromObject | ( | $ | a_type_id, | |
| $ | a_ops_id | |||
| ) |
Deassign an existing operation from an object Update of rbac_ta public.
- Parameters:
-
integer object type integer operation_id
- Returns:
- boolean
Definition at line 644 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_type_id) or !isset($a_ops_id))
{
$message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
"type_id: ".$a_type_id.
"ops_id: ".$a_ops_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "DELETE FROM rbac_ta ".
"WHERE typ_id = '".$a_type_id."' ".
"AND ops_id = '".$a_ops_id."'";
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::deassignUser | ( | $ | a_rol_id, | |
| $ | a_usr_id | |||
| ) |
Deassigns a user from a role.
Update of table rbac_ua public
- Parameters:
-
integer object id of role integer object id of user
- Returns:
- boolean true on success
Definition at line 237 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_rol_id) or !isset($a_usr_id))
{
$message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "DELETE FROM rbac_ua ".
"WHERE usr_id='".$a_usr_id."' ".
"AND rol_id='".$a_rol_id."'";
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::deleteLocalRole | ( | $ | a_rol_id, | |
| $ | a_ref_id = 0 | |||
| ) |
Deletes a local role and entries in rbac_fa and rbac_templates public.
- Parameters:
-
integer object_id of role integer ref_id of role folder (optional)
- Returns:
- boolean true on success
Definition at line 157 of file class.ilRbacAdmin.php.
References $q.
Referenced by deleteRole().
{
if (!isset($a_rol_id))
{
$message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
if ($a_ref_id != 0)
{
$clause = "AND parent = '".$a_ref_id."'";
}
$q = "DELETE FROM rbac_fa ".
"WHERE rol_id = '".$a_rol_id."' ".
$clause;
$this->ilDB->query($q);
$q = "DELETE FROM rbac_templates ".
"WHERE rol_id = '".$a_rol_id."' ".
$clause;
$this->ilDB->query($q);
return true;
}
Here is the caller graph for this function:
| ilRbacAdmin::deleteRole | ( | $ | a_rol_id, | |
| $ | a_ref_id | |||
| ) |
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
- Parameters:
-
integer obj_id of role (role_id) integer ref_id of role folder (ref_id)
- Returns:
- boolean true on success
Definition at line 90 of file class.ilRbacAdmin.php.
References $lng, $q, and deleteLocalRole().
{
global $lng;
if (!isset($a_rol_id) or !isset($a_ref_id))
{
$message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
$this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
}
// TODO: check assigned users before deletion
// This is done in ilObjRole. Should be better moved to this place?
// delete user assignements
$q = "DELETE FROM rbac_ua ".
"WHERE rol_id = '".$a_rol_id ."'";
$this->ilDB->query($q);
// delete permission assignments
$q = "DELETE FROM rbac_pa ".
"WHERE rol_id = '".$a_rol_id."'";
$this->ilDB->query($q);
//delete rbac_templates and rbac_fa
$this->deleteLocalRole($a_rol_id);
return true;
}
Here is the call graph for this function:
| ilRbacAdmin::deleteRolePermission | ( | $ | a_rol_id, | |
| $ | a_ref_id, | |||
| $ | a_type = false | |||
| ) |
Deletes all entries of a template.
If an object type is given for third parameter only the entries for that object type are deleted Update of table rbac_templates. public
- Parameters:
-
integer object id of role integer ref_id of role folder string object type (optional)
- Returns:
- boolean
Definition at line 489 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_rol_id) or !isset($a_ref_id))
{
$message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
if ($a_type !== false)
{
$and_type = " AND type='".$a_type."'";
}
$q = "DELETE FROM rbac_templates ".
"WHERE rol_id = '".$a_rol_id."' ".
"AND parent = '".$a_ref_id."'".
$and_type;
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::deleteTemplate | ( | $ | a_obj_id | ) |
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public.
- Parameters:
-
integer object_id of role template
- Returns:
- boolean
Definition at line 131 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_obj_id))
{
$message = get_class($this)."::deleteTemplate(): No obj_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$q = "DELETE FROM rbac_templates ".
"WHERE rol_id = '".$a_obj_id ."'";
$this->ilDB->query($q);
$q = "DELETE FROM rbac_fa ".
"WHERE rol_id = '".$a_obj_id ."'";
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::grantPermission | ( | $ | a_rol_id, | |
| $ | a_ops, | |||
| $ | a_ref_id | |||
| ) |
Grants a permission to an object and a specific role.
Update of table rbac_pa public
- Parameters:
-
integer object id of role array array of operation ids integer reference id of that object which is granted the permissions
- Returns:
- boolean
Definition at line 261 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
{
$this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
"role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
}
if (!is_array($a_ops))
{
$this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
$this->ilErr->WARNING);
}
if (count($a_ops) == 0)
{
return false;
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
// convert all values to integer
foreach ($a_ops as $key => $operation)
{
$a_ops[$key] = (int) $operation;
}
// Serialization des ops_id Arrays
$ops_ids = addslashes(serialize($a_ops));
$q = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) ".
"VALUES ".
"('".$a_rol_id."','".$ops_ids."','".$a_ref_id."')";
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::ilRbacAdmin | ( | ) |
Constructor public.
Definition at line 44 of file class.ilRbacAdmin.php.
References $ilErr, $ilias, and if.
{
global $ilDB,$ilErr,$ilias;
// set db & error handler
(isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
if (!isset($ilErr))
{
$ilErr = new ilErrorHandling();
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
}
else
{
$this->ilErr =& $ilErr;
}
}
| ilRbacAdmin::removeUser | ( | $ | a_usr_id | ) |
deletes a user from rbac_ua all user <-> role relations are deleted public
- Parameters:
-
integer user_id
- Returns:
- boolean true on success
Definition at line 69 of file class.ilRbacAdmin.php.
References $q.
| ilRbacAdmin::revokePermission | ( | $ | a_ref_id, | |
| $ | a_rol_id = 0 | |||
| ) |
Revokes permissions of an object of one role.
Update of table rbac_pa. Revokes all permission for all roles for that object (with this reference). When a role_id is given this applies only to that role public
- Parameters:
-
integer reference id of object where permissions should be revoked integer role_id (optional: if you want to revoke permissions of object only for a specific role)
- Returns:
- boolean
Definition at line 312 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_ref_id))
{
$message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
if ($a_rol_id)
{
$and1 = " AND rol_id = '".$a_rol_id."'";
}
else
{
$and1 = "";
}
// TODO: rename db_field from obj_id to ref_id and remove db-field set_id
$q = "DELETE FROM rbac_pa ".
"WHERE ref_id = '".$a_ref_id."' ".
$and1;
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::revokePermissionList | ( | $ | a_ref_ids, | |
| $ | a_rol_id | |||
| ) |
Revokes permissions of a LIST of objects of ONE role.
Update of table rbac_pa. public
- Parameters:
-
array list of reference_ids to revoke permissions integer role_id
- Returns:
- boolean
Definition at line 351 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_ref_ids) or !is_array($a_ref_ids))
{
$message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! object_list: ".$a_obj_ids;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if (!isset($a_rol_id))
{
$message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
$ref_ids = implode(",",$a_ref_ids);
// TODO: rename db_field from obj_id to ref_id and remove db-field set_id
$q = "DELETE FROM rbac_pa ".
"WHERE ref_id IN (".$ref_ids.") ".
"AND rol_id = ".$a_rol_id;
$this->ilDB->query($q);
return true;
}
| ilRbacAdmin::setRolePermission | ( | $ | a_rol_id, | |
| $ | a_type, | |||
| $ | a_ops, | |||
| $ | a_ref_id | |||
| ) |
Inserts template permissions in rbac_templates for an specific object type.
Update of table rbac_templates public
- Parameters:
-
integer role_id string object type array operation_ids integer ref_id of role folder object
- Returns:
- boolean
Definition at line 527 of file class.ilRbacAdmin.php.
References $q.
{
if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
{
$message = get_class($this)."::setRolePermission(): Missing parameter!".
" role_id: ".$a_rol_id.
" type: ".$a_type.
" operations: ".$a_ops.
" ref_id: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if (!is_string($a_type) or empty($a_type))
{
$message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if (!is_array($a_ops) or empty($a_ops))
{
$message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
return true;
}
foreach ($a_ops as $op)
{
$q = "INSERT INTO rbac_templates ".
"VALUES ".
"('".$a_rol_id."','".$a_type."','".$op."','".$a_ref_id."')";
$this->ilDB->query($q);
}
return true;
}
The documentation for this class was generated from the following file:
- classes/class.ilRbacAdmin.php
