00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00038 class ilRbacReview
00039 {
00040 var $log = null;
00041
00046 function ilRbacReview()
00047 {
00048 global $ilDB,$ilErr,$ilias,$ilLog;
00049
00050 $this->log =& $ilLog;
00051
00052
00053 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00054
00055 if (!isset($ilErr))
00056 {
00057 $ilErr = new ilErrorHandling();
00058 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00059 }
00060 else
00061 {
00062 $this->ilErr =& $ilErr;
00063 }
00064 }
00065
00073 function roleExists($a_title,$a_id = 0)
00074 {
00075 if (empty($a_title))
00076 {
00077 $message = get_class($this)."::roleExists(): No title given!";
00078 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00079 }
00080
00081 $clause = ($a_id) ? " AND obj_id != '".$a_id."'" : "";
00082
00083 $q = "SELECT DISTINCT(obj_id) as obj_id FROM object_data ".
00084 "WHERE title ='".addslashes($a_title)."' ".
00085 "AND type IN('role','rolt')".
00086 $clause;
00087 $r = $this->ilDB->query($q);
00088
00089 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00090 {
00091 return $row->obj_id;
00092 }
00093 return false;
00094 }
00095
00104 function __getParentRoles($a_path,$a_templates,$a_keep_protected)
00105 {
00106 global $log;
00107
00108 if (!isset($a_path) or !is_array($a_path))
00109 {
00110 $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
00111 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00112 }
00113
00114 $parent_roles = array();
00115 $role_hierarchy = array();
00116
00117 $child = $this->__getAllRoleFolderIds();
00118
00119
00120 $in = " IN('";
00121 $in .= implode("','",$child);
00122 $in .= "') ";
00123
00124 foreach ($a_path as $path)
00125 {
00126 $q = "SELECT * FROM tree ".
00127 "WHERE child ".$in.
00128 "AND parent = '".$path."'";
00129 $r = $this->ilDB->query($q);
00130
00131 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00132 {
00133 $roles = $this->getRoleListByObject($row->child,$a_templates);
00134
00135 foreach ($roles as $role)
00136 {
00137 $id = $role["obj_id"];
00138 $role["parent"] = $row->child;
00139 $parent_roles[$id] = $role;
00140
00141 if (!array_key_exists($role['obj_id'],$role_hierarchy))
00142 {
00143 $role_hierarchy[$id] = $row->child;
00144 }
00145 }
00146 }
00147 }
00148
00149 if (!$a_keep_protected)
00150 {
00151 return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$path);
00152 }
00153
00154 return $parent_roles;
00155 }
00156
00165 function getParentRoleIds($a_endnode_id,$a_templates = false,$a_keep_protected = false)
00166 {
00167 global $tree,$log;
00168
00169 if (!isset($a_endnode_id))
00170 {
00171 $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
00172 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00173 }
00174
00175
00176 $log->write("ilRBACreview::getParentRoleIds(), 0");
00177 $pathIds = $tree->getPathId($a_endnode_id);
00178
00179
00180 $pathIds[0] = SYSTEM_FOLDER_ID;
00181 $log->write("ilRBACreview::getParentRoleIds(), 1");
00182 return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
00183 }
00184
00192 function getRoleListByObject($a_ref_id,$a_templates = false)
00193 {
00194 if (!isset($a_ref_id) or !isset($a_templates))
00195 {
00196 $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
00197 "ref_id: ".$a_ref_id.
00198 "tpl_flag: ".$a_templates;
00199 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00200 }
00201
00202 $role_list = array();
00203
00204 $where = $this->__setTemplateFilter($a_templates);
00205
00206 $q = "SELECT * FROM object_data ".
00207 "JOIN rbac_fa ".$where.
00208 "AND object_data.obj_id = rbac_fa.rol_id ".
00209 "AND rbac_fa.parent = '".$a_ref_id."'";
00210 $r = $this->ilDB->query($q);
00211
00212 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00213 {
00214 $role_list[] = fetchObjectData($row);
00215 }
00216
00217 $role_list = $this->__setRoleType($role_list);
00218
00219 return $role_list;
00220 }
00221
00228 function getAssignableRoles($a_templates = false,$a_internal_roles = false)
00229 {
00230 $role_list = array();
00231
00232 $where = $this->__setTemplateFilter($a_templates);
00233
00234 $q = "SELECT DISTINCT * FROM object_data ".
00235 "JOIN rbac_fa ".$where.
00236 "AND object_data.obj_id = rbac_fa.rol_id ".
00237 "AND rbac_fa.assign = 'y'";
00238 $r = $this->ilDB->query($q);
00239
00240 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00241 {
00242
00243 $role_list[] = fetchObjectData($row);
00244 }
00245
00246 $role_list = $this->__setRoleType($role_list);
00247
00248 return $role_list;
00249 }
00250
00257 function getAssignableChildRoles($a_ref_id)
00258 {
00259 global $tree;
00260
00261 $roles_data = $this->getAssignableRoles();
00262
00263
00264 foreach($roles_data as $role)
00265 {
00266 if($tree->isGrandChild($a_ref_id,$role['parent']))
00267 {
00268 $filtered[] = $role;
00269 }
00270 }
00271 return $filtered ? $filtered : array();
00272 }
00273
00280 function __setTemplateFilter($a_templates)
00281 {
00282 if ($a_templates === true)
00283 {
00284 $where = "WHERE object_data.type IN ('role','rolt') ";
00285 }
00286 else
00287 {
00288 $where = "WHERE object_data.type = 'role' ";
00289 }
00290
00291 return $where;
00292 }
00293
00305 function __setRoleType($a_role_list)
00306 {
00307 foreach ($a_role_list as $key => $val)
00308 {
00309
00310 if ($val["type"] == "rolt")
00311 {
00312 $a_role_list[$key]["role_type"] = "template";
00313 }
00314 else
00315 {
00316 if ($val["assign"] == "y")
00317 {
00318 if ($val["parent"] == ROLE_FOLDER_ID)
00319 {
00320 $a_role_list[$key]["role_type"] = "global";
00321 }
00322 else
00323 {
00324 $a_role_list[$key]["role_type"] = "local";
00325 }
00326 }
00327 else
00328 {
00329 $a_role_list[$key]["role_type"] = "linked";
00330 }
00331 }
00332
00333 if ($val["protected"] == "y")
00334 {
00335 $a_role_list[$key]["protected"] = true;
00336 }
00337 else
00338 {
00339 $a_role_list[$key]["protected"] = false;
00340 }
00341 }
00342
00343 return $a_role_list;
00344 }
00345
00353 function assignedUsers($a_rol_id, $a_fields = NULL)
00354 {
00355 global $ilBench;
00356
00357 $ilBench->start("RBAC", "review_assignedUsers");
00358
00359 if (!isset($a_rol_id))
00360 {
00361 $message = get_class($this)."::assignedUsers(): No role_id given!";
00362 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00363 }
00364
00365 $result_arr = array();
00366
00367 if ($a_fields !== NULL and is_array($a_fields))
00368 {
00369 if (count($a_fields) == 0)
00370 {
00371 $select = "*";
00372 }
00373 else
00374 {
00375 if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
00376 unset($a_fields[$usr_id_field]);
00377
00378 $select = implode(",",$a_fields).",usr_data.usr_id";
00379 }
00380
00381 $q = "SELECT ".$select." FROM usr_data ".
00382 "LEFT JOIN rbac_ua ON usr_data.usr_id=rbac_ua.usr_id ".
00383 "WHERE rbac_ua.rol_id='".$a_rol_id."'";
00384 $r = $this->ilDB->query($q);
00385
00386 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00387 {
00388 $result_arr[] = $row;
00389 }
00390 }
00391 else
00392 {
00393 $q = "SELECT usr_id FROM rbac_ua WHERE rol_id='".$a_rol_id."'";
00394 $r = $this->ilDB->query($q);
00395
00396 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00397 {
00398 array_push($result_arr,$row["usr_id"]);
00399 }
00400 }
00401
00402 $ilBench->stop("RBAC", "review_assignedUsers");
00403
00404 return $result_arr;
00405 }
00406
00414 function isAssigned($a_usr_id,$a_role_id)
00415 {
00416 return in_array($a_usr_id,$this->assignedUsers($a_role_id));
00417 }
00418
00425 function assignedRoles($a_usr_id)
00426 {
00427 if (!isset($a_usr_id))
00428 {
00429 $message = get_class($this)."::assignedRoles(): No user_id given!";
00430 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00431 }
00432
00433 $role_arr = array();
00434
00435 $q = "SELECT rol_id FROM rbac_ua WHERE usr_id = '".$a_usr_id."'";
00436 $r = $this->ilDB->query($q);
00437
00438 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00439 {
00440 $role_arr[] = $row->rol_id;
00441 }
00442
00443 if (!count($role_arr))
00444 {
00445 $message = get_class($this)."::assignedRoles(): No assigned roles found or user does not exist!";
00446 #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
00447 }
00448
00449 return $role_arr;
00450 }
00451
00459 function isAssignable($a_rol_id, $a_ref_id)
00460 {
00461 global $ilBench;
00462
00463 $ilBench->start("RBAC", "review_isAssignable");
00464
00465
00466 if ($a_rol_id == SYSTEM_ROLE_ID)
00467 {
00468 $ilBench->stop("RBAC", "review_isAssignable");
00469
00470 return true;
00471 }
00472
00473 if (!isset($a_rol_id) or !isset($a_ref_id))
00474 {
00475 $message = get_class($this)."::isAssignable(): Missing parameter!".
00476 " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
00477 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00478 }
00479
00480 $q = "SELECT * FROM rbac_fa ".
00481 "WHERE rol_id = '".$a_rol_id."' ".
00482 "AND parent = '".$a_ref_id."'";
00483 $row = $this->ilDB->getRow($q);
00484
00485 $ilBench->stop("RBAC", "review_isAssignable");
00486
00487 return $row->assign == 'y' ? true : false;
00488 }
00489
00500 function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
00501 {
00502 if (!isset($a_rol_id))
00503 {
00504 $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
00505 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00506 }
00507
00508 if ($a_assignable)
00509 {
00510 $where = " AND assign ='y'";
00511 }
00512
00513 $q = "SELECT DISTINCT parent FROM rbac_fa ".
00514 "WHERE rol_id = '".$a_rol_id."'".$where;
00515 $r = $this->ilDB->query($q);
00516
00517 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00518 {
00519 $folders[] = $row->parent;
00520 }
00521
00522 return $folders ? $folders : array();
00523 }
00524
00533 function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
00534 {
00535 global $ilBench;
00536
00537 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
00538
00539 if (!isset($a_ref_id))
00540 {
00541 $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
00542 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00543 }
00544
00545 if ($a_nonassignable === false)
00546 {
00547 $and = " AND assign='y'";
00548 }
00549
00550 $q = "SELECT rol_id FROM rbac_fa ".
00551 "WHERE parent = '".$a_ref_id."'".
00552 $and;
00553 $r = $this->ilDB->query($q);
00554
00555 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00556 {
00557 $rol_id[] = $row->rol_id;
00558 }
00559
00560 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
00561
00562 return $rol_id ? $rol_id : array();
00563 }
00564
00570 function getGlobalRoles()
00571 {
00572 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
00573 }
00574
00580 function getGlobalRolesArray()
00581 {
00582 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
00583 {
00584 $ga[] = array('obj_id' => $role_id,
00585 'role_type' => 'global');
00586 }
00587 return $ga ? $ga : array();
00588 }
00589
00595 function getGlobalAssignableRoles()
00596 {
00597 include_once './classes/class.ilObjRole.php';
00598
00599 foreach($this->getGlobalRoles() as $role_id)
00600 {
00601 if(ilObjRole::_getAssignUsersStatus($role_id))
00602 {
00603 $ga[] = array('obj_id' => $role_id,
00604 'role_type' => 'global');
00605 }
00606 }
00607 return $ga ? $ga : array();
00608 }
00609
00615 function __getAllRoleFolderIds()
00616 {
00617 $parent = array();
00618
00619 $q = "SELECT DISTINCT parent FROM rbac_fa";
00620 $r = $this->ilDB->query($q);
00621
00622 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00623 {
00624 $parent[] = $row->parent;
00625 }
00626
00627 return $parent;
00628 }
00629
00636 function getRoleFolderOfObject($a_ref_id)
00637 {
00638 global $tree,$ilBench;
00639
00640 $ilBench->start("RBAC", "review_getRoleFolderOfObject");
00641
00642 if (!isset($a_ref_id))
00643 {
00644 $message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
00645 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00646 }
00647
00648 $childs = $tree->getChildsByType($a_ref_id,"rolf");
00649
00650 $ilBench->stop("RBAC", "review_getRoleFolderOfObject");
00651
00652 return $childs[0] ? $childs[0] : array();
00653 }
00654
00655 function getRoleFolderIdOfObject($a_ref_id)
00656 {
00657 $rolf = $this->getRoleFolderOfObject($a_ref_id);
00658
00659 if (!$rolf)
00660 {
00661 return false;
00662 }
00663
00664 return $rolf['ref_id'];
00665 }
00666
00672 function getOperations()
00673 {
00674
00675 $query = "SELECT * FROM rbac_operations ORDER BY ops_id ";
00676
00677 $res = $this->ilDB->query($query);
00678 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00679 {
00680 $ops[] = array('ops_id' => $row->ops_id,
00681 'operation' => $row->operation,
00682 'description' => $row->description);
00683 }
00684
00685 return $ops ? $ops : array();
00686 }
00687
00693 function getOperation($ops_id)
00694 {
00695 $query = "SELECT * FROM rbac_operations WHERE ops_id = '".ilUtil::prepareDBString($ops_id)."'";
00696
00697 $res = $this->ilDB->query($query);
00698 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00699 {
00700 $ops = array('ops_id' => $row->ops_id,
00701 'operation' => $row->operation,
00702 'description' => $row->description);
00703 }
00704
00705 return $ops ? $ops : array();
00706 }
00707
00717 function getOperationsOfRole($a_rol_id,$a_type,$a_parent = 0)
00718 {
00719 if (!isset($a_rol_id) or !isset($a_type))
00720 {
00721 $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
00722 "role_id: ".$a_rol_id.
00723 "type: ".$a_type.
00724 "parent_id: ".$a_parent;
00725 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00726 }
00727
00728 $ops_arr = array();
00729
00730
00731 if ($a_parent == 0)
00732 {
00733 $a_parent = ROLE_FOLDER_ID;
00734 }
00735
00736 $q = "SELECT ops_id FROM rbac_templates ".
00737 "WHERE type ='".$a_type."' ".
00738 "AND rol_id = '".$a_rol_id."' ".
00739 "AND parent = '".$a_parent."'";
00740 $r = $this->ilDB->query($q);
00741
00742 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00743 {
00744 $ops_arr[] = $row->ops_id;
00745 }
00746
00747 return $ops_arr;
00748 }
00749
00750 function getRoleOperationsOnObject($a_role_id,$a_ref_id)
00751 {
00752 $query = "SELECT * FROM rbac_pa ".
00753 "WHERE rol_id = '".$a_role_id."' ".
00754 "AND ref_id = '".$a_ref_id."'";
00755
00756 $res = $this->ilDB->query($query);
00757 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00758 {
00759 $ops = unserialize(stripslashes($row->ops_id));
00760 }
00761
00762 return $ops ? $ops : array();
00763 }
00764
00771 function getOperationsOnType($a_typ_id)
00772 {
00773 if (!isset($a_typ_id))
00774 {
00775 $message = get_class($this)."::getOperationsOnType(): No type_id given!";
00776 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00777 }
00778
00779 $q = "SELECT * FROM rbac_ta WHERE typ_id = '".$a_typ_id."'";
00780 $r = $this->ilDB->query($q);
00781
00782 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00783 {
00784 $ops_id[] = $row->ops_id;
00785 }
00786
00787 return $ops_id ? $ops_id : array();
00788 }
00789
00796 function getOperationsOnTypeString($a_type)
00797 {
00798 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = '".ilUtil::prepareDBString($a_type)."'";
00799
00800 $res = $this->ilDB->query($query);
00801 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00802 {
00803 return $this->getOperationsOnType($row->obj_id);
00804 }
00805 return false;
00806 }
00814 function getObjectsWithStopedInheritance($a_rol_id)
00815 {
00816 $tree = new ilTree(ROOT_FOLDER_ID);
00817
00818 if (!isset($a_rol_id))
00819 {
00820 $message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
00821 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00822 }
00823
00824 $all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
00825
00826 foreach ($all_rolf_ids as $rolf_id)
00827 {
00828 $parent[] = $tree->getParentId($rolf_id);
00829 }
00830
00831 return $parent ? $parent : array();
00832 }
00833
00840 function isDeleted($a_node_id)
00841 {
00842 $q = "SELECT tree FROM tree WHERE child ='".$a_node_id."'";
00843 $r = $this->ilDB->query($q);
00844
00845 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00846
00847 if (!$row)
00848 {
00849 $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
00850 get_class($this),
00851 $a_node_id);
00852 $this->log->write($message,$this->log->FATAL);
00853
00854 return true;
00855 }
00856
00857
00858 if ($row->tree < 0)
00859 {
00860 return true;
00861 }
00862
00863 return false;
00864 }
00865
00866 function getRolesByFilter($a_filter = 0,$a_user_id = 0)
00867 {
00868 $assign = "y";
00869
00870 switch($a_filter)
00871 {
00872
00873 case 1:
00874 return $this->getAssignableRoles();
00875 break;
00876
00877
00878 case 2:
00879 $where = "WHERE rbac_fa.rol_id IN ";
00880 $where .= '(';
00881 $where .= implode(',',$this->getGlobalRoles());
00882 $where .= ')';
00883 break;
00884
00885
00886 case 3:
00887 case 4:
00888 case 5:
00889 $where = "WHERE rbac_fa.rol_id NOT IN ";
00890 $where .= '(';
00891 $where .= implode(',',$this->getGlobalRoles());
00892 $where .= ')';
00893 break;
00894
00895
00896 case 6:
00897 $where = "WHERE object_data.type = 'rolt'";
00898 $assign = "n";
00899 break;
00900
00901
00902 case 0:
00903 default:
00904 if (!$a_user_id) return array();
00905
00906 $where = "WHERE rbac_fa.rol_id IN ";
00907 $where .= '(';
00908 $where .= implode(',',$this->assignedRoles($a_user_id));
00909 $where .= ')';
00910 break;
00911 }
00912
00913 $roles = array();
00914
00915 $q = "SELECT DISTINCT * FROM object_data ".
00916 "JOIN rbac_fa ".$where.
00917 "AND object_data.obj_id = rbac_fa.rol_id ".
00918 "AND rbac_fa.assign = '".$assign."'";
00919 $r = $this->ilDB->query($q);
00920
00921 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00922 {
00923 $prefix = (substr($row->title,0,3) == "il_") ? true : false;
00924
00925
00926 if ($a_filter == 4 and !$prefix)
00927 {
00928 continue;
00929 }
00930
00931
00932 if ($a_filter == 5 and $prefix)
00933 {
00934 continue;
00935 }
00936
00937 $roles[] = fetchObjectData($row);
00938 }
00939
00940 $roles = $this->__setRoleType($roles);
00941
00942 return $roles ? $roles : array();
00943 }
00944
00945
00946 function getTypeId($a_type)
00947 {
00948 global $ilDB;
00949
00950 $q = "SELECT obj_id FROM object_data ".
00951 "WHERE title=".$ilDB->quote($a_type)." AND type='typ'";
00952 $r = $ilDB->query($q);
00953
00954 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00955 return $row->obj_id;
00956 }
00957
00967 function _getOperationIdsByName($operations)
00968 {
00969 global $ilDB;
00970
00971 if(!count($operations))
00972 {
00973 return array();
00974 }
00975 $where = "WHERE operation IN ('";
00976 $where .= implode("','",$operations);
00977 $where .= "')";
00978
00979 $query = "SELECT ops_id FROM rbac_operations ".$where;
00980 $res = $ilDB->query($query);
00981 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00982 {
00983 $ops_ids[] = $row->ops_id;
00984 }
00985 return $ops_ids ? $ops_ids : array();
00986 }
00987
00996 function getLinkedRolesOfRoleFolder($a_ref_id)
00997 {
00998 if (!isset($a_ref_id))
00999 {
01000 $message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
01001 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01002 }
01003
01004 $and = " AND assign='n'";
01005
01006 $q = "SELECT rol_id FROM rbac_fa ".
01007 "WHERE parent = '".$a_ref_id."'".
01008 $and;
01009 $r = $this->ilDB->query($q);
01010
01011 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01012 {
01013 $rol_id[] = $row->rol_id;
01014 }
01015
01016 return $rol_id ? $rol_id : array();
01017 }
01018
01019
01020 function isProtected($a_ref_id,$a_role_id)
01021 {
01022 $q = "SELECT protected FROM rbac_fa ".
01023 "WHERE rol_id='".$a_role_id."' ".
01024 "AND parent='".$a_ref_id."'";
01025 $r = $this->ilDB->query($q);
01026 $row = $r->fetchRow();
01027
01028 return ilUtil::yn2tf($row[0]);
01029 }
01030
01031
01032
01033 function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
01034 {
01035 global $rbacsystem,$ilUser,$log;
01036
01037 if (in_array(SYSTEM_ROLE_ID,$_SESSION['RoleId']))
01038 {
01039 $leveladmin = true;
01040 }
01041 else
01042 {
01043 $leveladmin = false;
01044 }
01045
01046
01047
01048 foreach ($a_role_hierarchy as $role_id => $rolf_id)
01049 {
01050 $log->write("ilRBACreview::__setProtectedStatus(), 0");
01051
01052
01053
01054 if ($leveladmin == true)
01055 {
01056 $a_parent_roles[$role_id]['protected'] = false;
01057 continue;
01058 }
01059
01060 if ($a_parent_roles[$role_id]['protected'] == true)
01061 {
01062 $arr_lvl_roles_user = array_intersect($_SESSION['RoleId'],array_keys($a_role_hierarchy,$rolf_id));
01063
01064 foreach ($arr_lvl_roles_user as $lvl_role_id)
01065 {
01066
01067
01068
01069 $log->write("ilRBACreview::__setProtectedStatus(), 1");
01070
01071 if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
01072 {
01073 $log->write("ilRBACreview::__setProtectedStatus(), 2");
01074
01075 $a_parent_roles[$role_id]['protected'] = false;
01076
01077
01078 $leveladmin = true;
01079 }
01080 }
01081 }
01082 }
01083
01084 return $a_parent_roles;
01085 }
01086
01087 }
01088 ?>
