ILIAS Release_3_9_x_branch .rev 46835: Services/AccessControl/classes/class.ilRbacReview.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2001 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00024 
00040 class ilRbacReview
00041 {
00042         protected $assigned_roles = array();
00043         var $log = null;
00044 
00049         function ilRbacReview()
00050         {
00051                 global $ilDB,$ilErr,$ilias,$ilLog;
00052 
00053                 $this->log =& $ilLog;
00054 
00055                 // set db & error handler
00056                 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00057                 
00058                 if (!isset($ilErr))
00059                 {
00060                         $ilErr = new ilErrorHandling();
00061                         $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00062                 }
00063                 else
00064                 {
00065                         $this->ilErr =& $ilErr;
00066                 }
00067         }
00068 
00115         function searchRolesByMailboxAddressList($a_address_list)
00116         {
00117                 $role_ids = array();
00118                 
00119                 include_once "Services/Mail/classes/class.ilMail.php";
00120                 if (ilMail::_usePearMail())
00121                 {
00122                         require_once 'Mail/RFC822.php';
00123                         $parser = &new Mail_RFC822();
00124                         $parsedList = $parser->parseAddressList($a_address_list, "ilias", false, true);
00125                         //echo '<br>ilRBACReview '.var_export($parsedList,false);
00126                         foreach ($parsedList as $address)
00127                         {
00128                                 $local_part = $address->mailbox;
00129                                 if (strpos($local_part,'#') !== 0) 
00130                                 {
00131                                         // A local-part which doesn't start with a '#' doesn't denote a role.
00132                                         // Therefore we can skip it.
00133                                         continue;
00134                                 }
00135 
00136                                 $local_part = substr($local_part, 1);
00137 
00138                                 if (substr($local_part,0,8) == 'il_role_')
00139                                 {
00140                                         $role_id = substr($local_part,8);
00141                                         $q = "SELECT t.tree ".
00142                                                 "FROM rbac_fa AS fa ".
00143                                                 "JOIN tree AS t ON t.child=fa.parent ".
00144                                                 "WHERE fa.rol_id=".$this->ilDB->quote($role_id)." ".
00145                                                 "AND fa.assign='y' ".
00146                                                 "AND t.tree=1";
00147                                         $r = $this->ilDB->query($q);
00148                                         if ($r->numRows() > 0)
00149                                         {
00150                                                 $role_ids[] = $role_id;
00151                                         }
00152                                         continue;
00153                                 }
00154 
00155 
00156                                 $domain = $address->host;
00157                                 if (strpos($domain,'[') == 0 && strrpos($domain,']'))
00158                                 {
00159                                         $domain = substr($domain,1,strlen($domain) - 2);
00160                                 }
00161                                 if (strlen($local_part) == 0)
00162                                 {
00163                                         $local_part = $domain;
00164                                         $address->host = 'ilias';
00165                                         $domain = 'ilias';
00166                                 }
00167 
00168                                 if (strtolower($address->host) == 'ilias')
00169                                 {
00170                                         // Search for roles = local-part in the whole repository
00171                                         $q = "SELECT dat.obj_id ".
00172                                                 "FROM object_data AS dat ".
00173                                                 "JOIN rbac_fa AS fa ON fa.rol_id = dat.obj_id ".
00174                                                 "JOIN tree AS t ON t.child = fa.parent ".
00175                                                 "WHERE dat.title =".$this->ilDB->quote($local_part)." ".
00176                                                 "AND dat.type = 'role' ".
00177                                                 "AND fa.assign = 'y' ".
00178                                                 "AND t.tree = 1";
00179                                 }
00180                                 else
00181                                 {
00182                                         // Search for roles like local-part in objects = host
00183                                         $q = "SELECT rdat.obj_id ".
00184                                                 "FROM object_data AS odat ".
00185                                                 "JOIN object_reference AS oref ON oref.obj_id = odat.obj_id ".
00186                                                 "JOIN tree AS otree ON otree.child = oref.ref_id ".
00187                                                 "JOIN tree AS rtree ON rtree.parent = otree.child ".
00188                                                 "JOIN rbac_fa AS rfa ON rfa.parent = rtree.child ".
00189                                                 "JOIN object_data AS rdat ON rdat.obj_id = rfa.rol_id ".
00190                                                 "WHERE odat.title = ".$this->ilDB->quote($domain)." ".
00191                                                 "AND otree.tree = 1 AND rtree.tree = 1 ".
00192                                                 "AND rfa.assign = 'y' ".
00193                                                 "AND rdat.title LIKE ".
00194                                                         $this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%');
00195                                 }
00196                                 $r = $this->ilDB->query($q);
00197 
00198                                 $count = 0;
00199                                 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00200                                 {
00201                                         $role_ids[] = $row->obj_id;
00202                                         $count++;
00203                                 }
00204 
00205                                 // Nothing found?
00206                                 // In this case, we search for roles = host.
00207                                 if ($count == 0 && strtolower($address->host) == 'ilias')
00208                                 {
00209                                         $q = "SELECT dat.obj_id ".
00210                                                 "FROM object_data AS dat ".
00211                                                 "JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
00212                                                 "JOIN tree AS t ON t.child = ref.ref_id ".
00213                                                 "WHERE dat.title = ".$this->ilDB->quote($domain)." ".
00214                                                 "AND dat.type = 'role' ".
00215                                                 "AND t.tree = 1 ";
00216                                         $r = $this->ilDB->query($q);
00217 
00218                                         while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00219                                         {
00220                                                 $role_ids[] = $row->obj_id;
00221                                         }
00222                                 }
00223                                 //echo '<br>ids='.var_export($role_ids,true);
00224                         }
00225                 } 
00226                 else 
00227                 {
00228                         // the following code is executed, when Pear Mail is
00229                         // not installed
00230 
00231                         $titles = explode(',', $a_address_list);
00232                         
00233                         $titleList = '';
00234                         foreach ($titles as $title)
00235                         {
00236                                 if (strlen($inList) > 0)
00237                                 {
00238                                         $titleList .= ',';
00239                                 }
00240                                 $title = trim($title);
00241                                 if (strpos($title,'#') == 0) 
00242                                 {
00243                                         $titleList .= $this->ilDB->quote(substr($title, 1));
00244                                 }
00245                         }       
00246                         if (strlen($titleList) > 0)
00247                         {
00248                                 $q = "SELECT obj_id ".
00249                                         "FROM object_data ".
00250                                         "WHERE title IN (".$titleList.") ".
00251                                         "AND type='role'";
00252                                 $r = $this->ilDB->query($q);
00253                                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00254                                 {
00255                                         $role_ids[] = $row->obj_id;
00256                                 }
00257                         }
00258                 }
00259 
00260                 return $role_ids;
00261         }
00262         
00325         function getRoleMailboxAddress($a_role_id)
00326         {
00327                 global $log;
00328 
00329                 include_once "Services/Mail/classes/class.ilMail.php";
00330                 if (ilMail::_usePearMail())
00331                 {
00332                         // Retrieve the role title and the object title.
00333                         $q = "SELECT rdat.title AS role_title,odat.title AS object_title, ".
00334                                         " oref.ref_id AS object_ref ".
00335                                 "FROM object_data AS rdat ".
00336                                 "JOIN rbac_fa AS fa ON fa.rol_id = rdat.obj_id ".
00337                                 "JOIN tree AS rtree ON rtree.child = fa.parent ".
00338                                 "JOIN object_reference AS oref ON oref.ref_id = rtree.parent ".
00339                                 "JOIN object_data AS odat ON odat.obj_id = oref.obj_id ".
00340                                 "WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id)." ".
00341                                 "AND fa.assign = 'y' ";
00342                         $r = $this->ilDB->query($q);
00343                         if (! ($row = $r->fetchRow(DB_FETCHMODE_OBJECT)))
00344                         {
00345                                 //$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
00346                                 return null; // role does not exist
00347                         }
00348                         $object_title = $row->object_title;
00349                         $object_ref = $row->object_ref;
00350                         $role_title = $row->role_title;
00351 
00352 
00353                         // In a perfect world, we could use the object_title in the 
00354                         // domain part of the mailbox address, and the role title
00355                         // with prefix '#' in the local part of the mailbox address.
00356                         $domain = $object_title;
00357                         $local_part = $role_title;
00358 
00359 
00360                         // Determine if the object title is unique
00361                         $q = "SELECT COUNT(DISTINCT dat.obj_id) AS count ".
00362                                 "FROM object_data AS dat ".
00363                                 "JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
00364                                 "JOIN tree ON tree.child = ref.ref_id ".
00365                                 "WHERE title = ".$this->ilDB->quote($object_title)." ".
00366                                 "AND tree.tree = 1";
00367                         $r = $this->ilDB->query($q);
00368                         $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00369 
00370                         // If the object title is not unique, we get rid of the domain.
00371                         if ($row->count > 1)
00372                         {
00373                                 $domain = null;
00374                         }
00375 
00376                         // If the domain contains illegal characters, we get rid of it.
00377                         if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
00378                         {
00379                                 $domain = null;
00380                         }
00381 
00382                         // If the domain contains special characters, we put square
00383                         //   brackets around it.
00384                         if ($domain != null && 
00385                                         (preg_match('/[()<>@,;:\\".\[\]]/',$domain) || 
00386                                         preg_match('/[^\x21-\x8f]/',$domain))
00387                                         )
00388                         {
00389                                 $domain = '['.$domain.']';
00390                         }
00391 
00392                         // If the role title is one of the ILIAS reserved role titles,
00393                         //     we can use a shorthand version of it for the local part
00394                         //     of the mailbox address.
00395                         if (strpos($role_title, 'il_') === 0 && $domain != null)
00396                         {
00397                                 $unambiguous_role_title = $role_title;
00398 
00399                                 $pos = strpos($role_title, '_', 3) + 1;
00400                                 $local_part = substr(
00401                                         $role_title, 
00402                                         $pos,  
00403                                         strrpos($role_title, '_') - $pos
00404                                 );
00405                         }
00406                         else
00407                         {
00408                                 $unambiguous_role_title = 'il_role_'.$a_role_id;
00409                         }
00410 
00411                         // Determine if the local part is unique. If we don't have a
00412                         // domain, the local part must be unique within the whole repositry.
00413                         // If we do have a domain, the local part must be unique for that
00414                         // domain.
00415                         if ($domain == null)
00416                         {
00417                                 $q = "SELECT COUNT(DISTINCT dat.obj_id) AS count ".
00418                                         "FROM object_data AS dat ".
00419                                         "JOIN object_reference AS ref ON ref.obj_id = dat.obj_id ".
00420                                         "JOIN tree ON tree.child = ref.ref_id ".
00421                                         "WHERE title = ".$this->ilDB->quote($local_part)." ".
00422                                         "AND tree.tree = 1";
00423                         }
00424                         else
00425                         {
00426                                 $q = "SELECT COUNT(rd.obj_id) AS count ".
00427                                          "FROM object_data AS rd ".
00428                                          "JOIN rbac_fa AS fa ON rd.obj_id = fa.rol_id ".
00429                                          "JOIN tree AS t ON t.child = fa.parent ". 
00430                                          "WHERE fa.assign = 'y' ".
00431                                          "AND t.parent = ".$this->ilDB->quote($object_ref)." ".
00432                                          "AND rd.title LIKE ".$this->ilDB->quote(
00433                                                 '%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%')
00434                                         ;
00435                         }
00436 
00437                         $r = $this->ilDB->query($q);
00438                         $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
00439 
00440                         // if the local_part is not unique, we use the unambiguous role title 
00441                         //   instead for the local part of the mailbox address
00442                         if ($row->count > 1)
00443                         {
00444                                 $local_part = $unambiguous_role_title;
00445                         }
00446 
00447 
00448                         // If the local part contains illegal characters, we use
00449                         //     the unambiguous role title instead.
00450                         if (preg_match('/[\\"\x00-\x1f]/',$local_part)) 
00451                         {
00452                                 $local_part = $unambiguous_role_title;
00453                         }
00454 
00455 
00456                         // Add a "#" prefix to the local part
00457                         $local_part = '#'.$local_part;
00458 
00459                         // Put quotes around the role title, if needed
00460                         if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
00461                         {
00462                                 $local_part = '"'.$local_part.'"';
00463                         }
00464                         return ($domain == null) ?
00465                                 $local_part :
00466                                 $local_part.'@'.$domain;
00467                 }
00468                 else 
00469                 {
00470                         $q = "SELECT title ".
00471                                 "FROM object_data ".
00472                                 "WHERE obj_id = ".$this->ilDB->quote($a_role_id);
00473                         $r = $this->ilDB->query($q);
00474 
00475                         if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00476                         {
00477                                 return '#'.$row->title;
00478                         }
00479                         else
00480                         {
00481                                 return null;
00482                         }
00483                 }
00484         }
00485 
00486         
00494         function roleExists($a_title,$a_id = 0)
00495         {
00496                 global $ilDB;
00497                 
00498                 if (empty($a_title))
00499                 {
00500                         $message = get_class($this)."::roleExists(): No title given!";
00501                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00502                 }
00503                 
00504                 $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
00505                 
00506                 $q = "SELECT DISTINCT(obj_id) as obj_id FROM object_data ".
00507                          "WHERE title =".$ilDB->quote($a_title)." ".
00508                          "AND type IN('role','rolt')".
00509                          $clause;
00510                 $r = $this->ilDB->query($q);
00511 
00512                 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00513                 {
00514                         return $row->obj_id;
00515                 }
00516                 return false;
00517         }
00518 
00527         function __getParentRoles($a_path,$a_templates,$a_keep_protected)
00528         {
00529                 global $log,$ilDB;
00530                 
00531                 if (!isset($a_path) or !is_array($a_path))
00532                 {
00533                         $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
00534                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00535                 }
00536 
00537                 $parent_roles = array();
00538                 $role_hierarchy = array();
00539                 
00540                 $child = $this->__getAllRoleFolderIds();
00541                 
00542                 // CREATE IN() STATEMENT
00543                 $in = " IN(";
00544                 $in .= implode(",",ilUtil::quoteArray($child));
00545                 $in .= ") ";
00546                 
00547                 foreach ($a_path as $path)
00548                 {
00549                         // Note the use of the HAVING clause: For large trees with many
00550                         // local roles, this query performs much faster when the IN
00551             // condition is inside of the HAVING clause.
00552                         $q = "SELECT * FROM tree ".
00553                                  "WHERE parent = ".$ilDB->quote($path)." ".
00554                                  "HAVING child ".$in;
00555                         $r = $this->ilDB->query($q);
00556 
00557                         while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00558                         {
00559                                 $roles = $this->getRoleListByObject($row->child,$a_templates);
00560 
00561                                 foreach ($roles as $role)
00562                                 {
00563                                         $id = $role["obj_id"];
00564                                         $role["parent"] = $row->child;
00565                                         $parent_roles[$id] = $role;
00566                                         
00567                                         if (!array_key_exists($role['obj_id'],$role_hierarchy))
00568                                         {
00569                                                 $role_hierarchy[$id] = $row->child;
00570                                         }
00571                                 }
00572                         }
00573                 }
00574                 
00575                 if (!$a_keep_protected)
00576                 {
00577                         return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$path);
00578                 }
00579                 
00580                 return $parent_roles;
00581         }
00582 
00591         function getParentRoleIds($a_endnode_id,$a_templates = false,$a_keep_protected = false)
00592         {
00593                 global $tree,$log,$ilDB;
00594 
00595                 if (!isset($a_endnode_id))
00596                 {
00597                         $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
00598                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00599                 }
00600                 
00601                 //var_dump($a_endnode_id);exit;
00602                 //$log->write("ilRBACreview::getParentRoleIds(), 0");   
00603                 $pathIds  = $tree->getPathId($a_endnode_id);
00604 
00605                 // add system folder since it may not in the path
00606                 $pathIds[0] = SYSTEM_FOLDER_ID;
00607                 //$log->write("ilRBACreview::getParentRoleIds(), 1");   
00608                 return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
00609         }
00610 
00618         function getRoleListByObject($a_ref_id,$a_templates = false)
00619         {
00620                 global $ilDB;
00621                 
00622                 if (!isset($a_ref_id) or !isset($a_templates))
00623                 {
00624                         $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
00625                                            "ref_id: ".$a_ref_id.
00626                                            "tpl_flag: ".$a_templates;
00627                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00628                 }
00629 
00630                 $role_list = array();
00631 
00632                 $where = $this->__setTemplateFilter($a_templates);
00633         
00634                 $q = "SELECT * FROM object_data ".
00635                          "JOIN rbac_fa ".$where.
00636                          "AND object_data.obj_id = rbac_fa.rol_id ".
00637                          "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id)." ";
00638                 $r = $this->ilDB->query($q);
00639 
00640                 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00641                 {
00642                         $row["desc"] = $row["description"];
00643                         $row["user_id"] = $row["owner"];
00644                         $role_list[] = $row;
00645                 }
00646 
00647                 $role_list = $this->__setRoleType($role_list);
00648                 
00649                 return $role_list;
00650         }
00651         
00658         function getAssignableRoles($a_templates = false,$a_internal_roles = false)
00659         {
00660                 global $ilDB;
00661                 
00662                 $role_list = array();
00663 
00664                 $where = $this->__setTemplateFilter($a_templates);
00665 
00666                 $q = "SELECT DISTINCT * FROM object_data ".
00667                          "JOIN rbac_fa ".$where.
00668                          "AND object_data.obj_id = rbac_fa.rol_id ".
00669                          "AND rbac_fa.assign = 'y'";
00670                 $r = $this->ilDB->query($q);
00671 
00672                 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00673                 {
00674                         $row["desc"] = $row["description"];
00675                         $row["user_id"] = $row["owner"];
00676                         $role_list[] = $row;
00677                 }
00678                 
00679                 $role_list = $this->__setRoleType($role_list);
00680 
00681                 return $role_list;
00682         }
00683 
00690         function getAssignableRolesInSubtree($ref_id)
00691         {
00692                 $role_list = array();
00693 
00694                 $where = $this->__setTemplateFilter($a_templates);
00695 
00696                 $q = "SELECT fa.*, dat.* ".
00697                         "FROM tree AS root ".
00698                         "JOIN tree AS node ON node.tree = root.tree AND node.lft > root.lft AND node.rgt < root.rgt ".
00699                         "JOIN object_reference AS ref ON ref.ref_id = node.child ".
00700                         "JOIN rbac_fa AS fa ON fa.parent = ref.ref_id ".
00701                         "JOIN object_data AS dat ON dat.obj_id = fa.rol_id ".
00702                         "WHERE root.child = ".$this->ilDB->quote($ref_id)." AND root.tree = 1 ".
00703                         "AND fa.assign = 'y' ".
00704                         "ORDER BY dat.title";
00705                 $r = $this->ilDB->query($q);
00706 
00707                 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00708                 {
00709                         $role_list[] = $row;
00710                 }
00711                 
00712                 $role_list = $this->__setRoleType($role_list);
00713                 
00714                 return $role_list;
00715         }
00716 
00723         function getAssignableChildRoles($a_ref_id)
00724         {
00725                 global $tree;
00726 
00727                 //$roles_data = $this->getAssignableRoles();
00728                 $q = "SELECT fa.*, rd.* ".
00729                          "FROM object_data AS rd ".
00730                          "JOIN rbac_fa AS fa ON rd.obj_id = fa.rol_id ".
00731                          "JOIN tree AS t ON t.child = fa.parent ". 
00732                          "WHERE fa.assign = 'y' ".
00733                          "AND t.parent = ".$this->ilDB->quote($a_ref_id)." "
00734                         ;
00735                 $r = $this->ilDB->query($q);
00736 
00737                 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00738                 {
00739                         $roles_data[] = $row;
00740                 }
00741                 
00742                 return $roles_data ? $roles_data : array();
00743         }
00744         
00751         function __setTemplateFilter($a_templates)
00752         {
00753                 if ($a_templates === true)
00754                 {
00755                          $where = "WHERE object_data.type IN ('role','rolt') ";         
00756                 }
00757                 else
00758                 {
00759                         $where = "WHERE object_data.type = 'role' ";
00760                 }
00761                 
00762                 return $where;
00763         }
00764 
00776         function __setRoleType($a_role_list)
00777         {
00778                 foreach ($a_role_list as $key => $val)
00779                 {
00780                         // determine role type
00781                         if ($val["type"] == "rolt")
00782                         {
00783                                 $a_role_list[$key]["role_type"] = "template";
00784                         }
00785                         else
00786                         {
00787                                 if ($val["assign"] == "y")
00788                                 {
00789                                         if ($val["parent"] == ROLE_FOLDER_ID)
00790                                         {
00791                                                 $a_role_list[$key]["role_type"] = "global";
00792                                         }
00793                                         else
00794                                         {
00795                                                 $a_role_list[$key]["role_type"] = "local";
00796                                         }
00797                                 }
00798                                 else
00799                                 {
00800                                         $a_role_list[$key]["role_type"] = "linked";
00801                                 }
00802                         }
00803                         
00804                         if ($val["protected"] == "y")
00805                         {
00806                                 $a_role_list[$key]["protected"] = true;
00807                         }
00808                         else
00809                         {
00810                                 $a_role_list[$key]["protected"] = false;
00811                         }
00812                 }
00813                 
00814                 return $a_role_list;
00815         }
00816         
00824         function assignedUsers($a_rol_id, $a_fields = NULL)
00825         {
00826                 global $ilBench,$ilDB;
00827                 
00828                 $ilBench->start("RBAC", "review_assignedUsers");
00829                 
00830                 if (!isset($a_rol_id))
00831                 {
00832                         $message = get_class($this)."::assignedUsers(): No role_id given!";
00833                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00834                 }
00835                 
00836         $result_arr = array();
00837 
00838         if ($a_fields !== NULL and is_array($a_fields))
00839         {
00840             if (count($a_fields) == 0)
00841             {
00842                 $select = "*";
00843             }
00844             else
00845             {
00846                 if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
00847                     unset($a_fields[$usr_id_field]);
00848 
00849                 $select = implode(",",$a_fields).",usr_data.usr_id";
00850                 $select = addslashes($select);
00851             }
00852 
00853                 $q = "SELECT ".$select." FROM usr_data ".
00854                  "LEFT JOIN rbac_ua ON usr_data.usr_id=rbac_ua.usr_id ".
00855                  "WHERE rbac_ua.rol_id=".$ilDB->quote($a_rol_id)." ";
00856             $r = $this->ilDB->query($q);
00857 
00858             while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00859             {
00860                 $result_arr[] = $row;
00861             }
00862         }
00863         else
00864         {
00865                     $q = "SELECT usr_id FROM rbac_ua WHERE rol_id=".$ilDB->quote($a_rol_id)." ";
00866             $r = $this->ilDB->query($q);
00867 
00868             while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
00869             {
00870                 array_push($result_arr,$row["usr_id"]);
00871             }
00872         }
00873                 
00874                 $ilBench->stop("RBAC", "review_assignedUsers");
00875 
00876                 return $result_arr;
00877         }
00878 
00886         function isAssigned($a_usr_id,$a_role_id)
00887         {
00888                 return in_array($a_usr_id,$this->assignedUsers($a_role_id));
00889         }
00890         
00897         function assignedRoles($a_usr_id)
00898         {
00899                 global $ilDB;
00900                 
00901                 $role_arr = array();
00902                 
00903                 $q = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id)." ";
00904                 $r = $this->ilDB->query($q);
00905 
00906                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00907                 {
00908                         $role_arr[] = $row->rol_id;
00909                 }
00910 
00911                 if (!count($role_arr))
00912                 {
00913                         $message = get_class($this)."::assignedRoles(): No assigned roles found or user does not exist!";
00914                 }
00915                 return $role_arr ? $role_arr : array();
00916         }
00917 
00925         function isAssignable($a_rol_id, $a_ref_id)
00926         {
00927                 global $ilBench,$ilDB;
00928 
00929                 $ilBench->start("RBAC", "review_isAssignable");
00930 
00931                 // exclude system role from rbac
00932                 if ($a_rol_id == SYSTEM_ROLE_ID)
00933                 {
00934                         $ilBench->stop("RBAC", "review_isAssignable");
00935 
00936                         return true;
00937                 }
00938 
00939                 if (!isset($a_rol_id) or !isset($a_ref_id))
00940                 {
00941                         $message = get_class($this)."::isAssignable(): Missing parameter!".
00942                                            " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
00943                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00944                 }
00945                 
00946                 $q = "SELECT * FROM rbac_fa ".
00947                          "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
00948                          "AND parent = ".$ilDB->quote($a_ref_id)." ";
00949                 $row = $this->ilDB->getRow($q);
00950 
00951                 $ilBench->stop("RBAC", "review_isAssignable");
00952 
00953                 return $row->assign == 'y' ? true : false;
00954         }
00955 
00966         function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
00967         {
00968                 global $ilDB;
00969                 
00970                 if (!isset($a_rol_id))
00971                 {
00972                         $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
00973                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00974                 }
00975                 
00976                 if ($a_assignable)
00977                 {
00978                         $where = " AND assign ='y'";
00979                 }
00980 
00981                 $q = "SELECT DISTINCT parent FROM rbac_fa ".
00982                          "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".$where;
00983                 $r = $this->ilDB->query($q);
00984 
00985                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00986                 {
00987                         $folders[] = $row->parent;
00988                 }
00989 
00990                 return $folders ? $folders : array();
00991         }
00992 
01001         function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
01002         {
01003                 global $ilBench,$ilDB,$ilLog;
01004                 
01005                 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
01006 
01007                 if (!isset($a_ref_id))
01008                 {
01009                         $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
01010                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01011                         
01012                 }
01013                 
01014                 if ($a_nonassignable === false)
01015                 {
01016                         $and = " AND assign='y'";
01017                 }
01018 
01019                 $q = "SELECT rol_id FROM rbac_fa ".
01020                          "WHERE parent = ".$ilDB->quote($a_ref_id)." ".
01021                          $and;
01022 
01023                 $r = $this->ilDB->query($q);
01024 
01025                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01026                 {
01027                         $rol_id[] = $row->rol_id;
01028                 }
01029 
01030                 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
01031 
01032                 return $rol_id ? $rol_id : array();
01033         }
01034         
01040         function getGlobalRoles()
01041         {
01042                 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
01043         }
01044 
01050         function getGlobalRolesArray()
01051         {
01052                 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
01053                 {
01054                         $ga[] = array('obj_id'          => $role_id,
01055                                                   'role_type'   => 'global');
01056                 }
01057                 return $ga ? $ga : array();
01058         }
01059 
01065         function getGlobalAssignableRoles()
01066         {
01067                 include_once './classes/class.ilObjRole.php';
01068 
01069                 foreach($this->getGlobalRoles() as $role_id)
01070                 {
01071                         if(ilObjRole::_getAssignUsersStatus($role_id))
01072                         {
01073                                 $ga[] = array('obj_id' => $role_id,
01074                                                           'role_type' => 'global');
01075                         }
01076                 }
01077                 return $ga ? $ga : array();
01078         }
01079 
01085         function __getAllRoleFolderIds()
01086         {
01087                 $parent = array();
01088                 
01089                 $q = "SELECT DISTINCT parent FROM rbac_fa";
01090                 $r = $this->ilDB->query($q);
01091 
01092                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01093                 {
01094                         $parent[] = $row->parent;
01095                 }
01096 
01097                 return $parent;
01098         }
01099 
01106         function getRoleFolderOfObject($a_ref_id)
01107         {
01108                 global $tree,$ilBench;
01109                 
01110                 $ilBench->start("RBAC", "review_getRoleFolderOfObject");
01111                 
01112                 if (!isset($a_ref_id))
01113                 {
01114                         $message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
01115                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01116                 }
01117 
01118                 $childs = $tree->getChildsByType($a_ref_id,"rolf");
01119 
01120                 $ilBench->stop("RBAC", "review_getRoleFolderOfObject");
01121 
01122                 return $childs[0] ? $childs[0] : array();
01123         }
01124         
01125         function getRoleFolderIdOfObject($a_ref_id)
01126         {
01127                 $rolf = $this->getRoleFolderOfObject($a_ref_id);
01128                 
01129                 if (!$rolf)
01130                 {
01131                         return false;
01132                 }
01133                 
01134                 return $rolf['ref_id'];
01135         }
01136 
01142         function getOperations()
01143         {
01144                 global $ilDB;
01145 
01146                 $query = "SELECT * FROM rbac_operations ORDER BY ops_id ";
01147 
01148                 $res = $this->ilDB->query($query);
01149                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
01150                 {
01151                         $ops[] = array('ops_id' => $row->ops_id,
01152                                                    'operation' => $row->operation,
01153                                                    'description' => $row->description);
01154                 }
01155 
01156                 return $ops ? $ops : array();
01157         }
01158 
01164         function getOperation($ops_id)
01165         {
01166                 global $ilDB;
01167                 
01168                 $query = "SELECT * FROM rbac_operations WHERE ops_id = ".$ilDB->quote($ops_id)." ";
01169 
01170                 $res = $this->ilDB->query($query);
01171                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
01172                 {
01173                         $ops = array('ops_id' => $row->ops_id,
01174                                                  'operation' => $row->operation,
01175                                                  'description' => $row->description);
01176                 }
01177 
01178                 return $ops ? $ops : array();
01179         }
01180 
01190         function getOperationsOfRole($a_rol_id,$a_type,$a_parent = 0)
01191         {
01192                 global $ilDB,$ilLog;
01193                 
01194                 if (!isset($a_rol_id) or !isset($a_type))
01195                 {
01196                         $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
01197                                            "role_id: ".$a_rol_id.
01198                                            "type: ".$a_type.
01199                                            "parent_id: ".$a_parent;
01200                         $ilLog->logStack("Missing parameter! ");
01201                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01202                 }
01203 
01204                 $ops_arr = array();
01205 
01206                 // if no rolefolder id is given, assume global role folder as target
01207                 if ($a_parent == 0)
01208                 {
01209                         $a_parent = ROLE_FOLDER_ID;
01210                 }
01211                 
01212                 $q = "SELECT ops_id FROM rbac_templates ".
01213                          "WHERE type =".$ilDB->quote($a_type)." ".
01214                          "AND rol_id = ".$ilDB->quote($a_rol_id)." ".
01215                          "AND parent = ".$ilDB->quote($a_parent)."";
01216                 $r  = $this->ilDB->query($q);
01217 
01218                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01219                 {
01220                         $ops_arr[] = $row->ops_id;
01221                 }
01222 
01223                 return $ops_arr;
01224         }
01225         
01226         function getRoleOperationsOnObject($a_role_id,$a_ref_id)
01227         {
01228                 global $ilDB;
01229                 
01230                 $query = "SELECT * FROM rbac_pa ".
01231                         "WHERE rol_id = ".$ilDB->quote($a_role_id)." ".
01232                         "AND ref_id = ".$ilDB->quote($a_ref_id)." ";
01233 
01234                 $res = $this->ilDB->query($query);
01235                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
01236                 {
01237                         $ops = unserialize(stripslashes($row->ops_id));
01238                 }
01239 
01240                 return $ops ? $ops : array();
01241         }
01242 
01249         function getOperationsOnType($a_typ_id)
01250         {
01251                 global $ilDB;
01252                 
01253                 if (!isset($a_typ_id))
01254                 {
01255                         $message = get_class($this)."::getOperationsOnType(): No type_id given!";
01256                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01257                 }
01258 
01259                 $q = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id)." ";
01260                 $r = $this->ilDB->query($q);
01261 
01262                 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01263                 {
01264                         $ops_id[] = $row->ops_id;
01265                 }
01266 
01267                 return $ops_id ? $ops_id : array();
01268         }
01269 
01276         function getOperationsOnTypeString($a_type)
01277         {
01278                 global $ilDB;
01279                 
01280                 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type)." ";
01281 
01282                 $res = $this->ilDB->query($query);
01283                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
01284                 {
01285                         return $this->getOperationsOnType($row->obj_id);
01286                 }
01287                 return false;
01288         }
01296         function getObjectsWithStopedInheritance($a_rol_id)
01297         {
01298                 $tree = new ilTree(ROOT_FOLDER_ID);
01299 
01300                 if (!isset($a_rol_id))
01301                 {
01302                         $message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
01303                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01304                 }
01305                         
01306                 $all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
01307 
01308                 foreach ($all_rolf_ids as $rolf_id)
01309                 {
01310                         $parent[] = $tree->getParentId($rolf_id);
01311                 }
01312 
01313                 return $parent ? $parent : array();
01314         }
01315 
01322         function isDeleted($a_node_id)
01323         {
01324                 global $ilDB;
01325                 
01326                 $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
01327                 $r = $this->ilDB->query($q);
01328                 
01329                 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
01330                 
01331                 if (!$row)
01332                 {
01333                         $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
01334                                                            get_class($this),
01335                                                            $a_node_id);
01336                         $this->log->write($message,$this->log->FATAL);
01337 
01338                         return true;
01339                 }
01340 
01341                 // rolefolder is deleted
01342                 if ($row->tree < 0)
01343                 {
01344                         return true;
01345                 }
01346                 
01347                 return false;
01348         }
01349 
01350         function getRolesByFilter($a_filter = 0,$a_user_id = 0)
01351         {
01352                 global $ilDB;
01353                 
01354         $assign = "y";
01355 
01356                 switch($a_filter)
01357                 {
01358             // all (assignable) roles
01359             case 1:
01360                                 return $this->getAssignableRoles();
01361                                 break;
01362 
01363             // all (assignable) global roles
01364             case 2:
01365                                 $where = "WHERE rbac_fa.rol_id IN ";
01366                                 $where .= '(';
01367                                 $where .= implode(',',ilUtil::quoteArray($this->getGlobalRoles()));
01368                                 $where .= ')';
01369                                 break;
01370 
01371             // all (assignable) local roles
01372             case 3:
01373             case 4:
01374             case 5:
01375                                 $where = "WHERE rbac_fa.rol_id NOT IN ";
01376                                 $where .= '(';
01377                                 $where .= implode(',',ilUtil::quoteArray($this->getGlobalRoles()));
01378                                 $where .= ')';
01379                                 break;
01380                                 
01381             // all role templates
01382             case 6:
01383                                 $where = "WHERE object_data.type = 'rolt'";
01384                                 $assign = "n";
01385                                 break;
01386 
01387             // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
01388             case 0:
01389                         default:
01390                 if (!$a_user_id) return array();
01391                 
01392                                 $where = "WHERE rbac_fa.rol_id IN ";
01393                                 $where .= '(';
01394                                 $where .= implode(',',ilUtil::quoteArray($this->assignedRoles($a_user_id)));
01395                                 $where .= ')';
01396                 break;
01397                 }
01398                 
01399                 $roles = array();
01400 
01401                 $q = "SELECT DISTINCT * FROM object_data ".
01402                          "JOIN rbac_fa ".$where.
01403                          "AND object_data.obj_id = rbac_fa.rol_id ".
01404                          "AND rbac_fa.assign = ".$ilDB->quote($assign)." ";
01405                 $r = $this->ilDB->query($q);
01406 
01407                 while ($row = $r->fetchRow(DB_FETCHMODE_ASSOC))
01408                 {
01409             $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
01410 
01411             // all (assignable) internal local roles only
01412             if ($a_filter == 4 and !$prefix)
01413                         {
01414                 continue;
01415             }
01416 
01417             // all (assignable) non internal local roles only
01418                         if ($a_filter == 5 and $prefix)
01419                         {
01420                 continue;
01421             }
01422             
01423                         $row["desc"] = $row["description"];
01424                         $row["user_id"] = $row["owner"];
01425                         $roles[] = $row;
01426                 }
01427 
01428                 $roles = $this->__setRoleType($roles);
01429 
01430                 return $roles ? $roles : array();
01431         }
01432         
01433         // get id of a given object type (string)
01434         function getTypeId($a_type)
01435         {
01436                 global $ilDB;
01437 
01438                 $q = "SELECT obj_id FROM object_data ".
01439                          "WHERE title=".$ilDB->quote($a_type)." AND type='typ'";
01440                 $r = $ilDB->query($q);
01441                 
01442                 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
01443                 return $row->obj_id;
01444         }
01445 
01455         function _getOperationIdsByName($operations)
01456         {
01457                 global $ilDB;
01458 
01459                 if(!count($operations))
01460                 {
01461                         return array();
01462                 }
01463                 $where = "WHERE operation IN (";
01464                 $where .= implode(",",ilUtil::quoteArray($operations));
01465                 $where .= ")";
01466 
01467                 $query = "SELECT ops_id FROM rbac_operations ".$where;
01468                 $res = $ilDB->query($query);
01469                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
01470                 {
01471                         $ops_ids[] = $row->ops_id;
01472                 }
01473                 return $ops_ids ? $ops_ids : array();
01474         }
01475         
01483         public static function _getOperationIdByName($a_operation)
01484         {
01485                 global $ilDB,$ilErr;
01486         
01487                 if (!isset($a_operation))
01488                 {
01489                         $message = "perm::getOperationId(): No operation given!";
01490                         $ilErr->raiseError($message,$ilErr->WARNING);   
01491                 }
01492         
01493                 $q = "SELECT DISTINCT ops_id FROM rbac_operations ".
01494                          "WHERE operation = ".$ilDB->quote($a_operation)." ";               
01495                 $row = $ilDB->getRow($q);
01496         
01497                 return $row->ops_id;
01498         }
01499 
01500 
01509         function getLinkedRolesOfRoleFolder($a_ref_id)
01510         {
01511                 global $ilDB;
01512                 
01513                 if (!isset($a_ref_id))
01514                 {
01515                         $message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
01516                         $this->ilErr->raiseError($message,$this->ilErr->WARNING);
01517                 }
01518                 
01519                 $and = " AND assign='n'";
01520 
01521                 $q = "SELECT rol_id FROM rbac_fa ".
01522                          "WHERE parent = ".$ilDB->quote($a_ref_id)." ".
01523                          $and;
01524                 $r = $this->ilDB->query($q);
01525 
01526                 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
01527                 {
01528                         $rol_id[] = $row->rol_id;
01529                 }
01530 
01531                 return $rol_id ? $rol_id : array();
01532         }
01533         
01534         // checks if default permission settings of role under current parent (rolefolder) are protected from changes
01535         function isProtected($a_ref_id,$a_role_id)
01536         {
01537                 global $ilDB;
01538                 
01539                 $q = "SELECT protected FROM rbac_fa ".
01540                          "WHERE rol_id= ".$ilDB->quote($a_role_id)." ".
01541                          "AND parent= ".$ilDB->quote($a_ref_id)." ";
01542                 $r = $this->ilDB->query($q);
01543                 $row = $r->fetchRow();
01544                 
01545                 return ilUtil::yn2tf($row[0]);
01546         }
01547         
01548         // this method alters the protected status of role regarding the current user's role assignment
01549         // and current postion in the hierarchy.
01550         function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
01551         {
01552                 global $rbacsystem,$ilUser,$log;
01553                 
01554                 if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
01555                 {
01556                         $leveladmin = true;
01557                 }
01558                 else
01559                 {
01560                         $leveladmin = false;
01561                 }
01562                 
01563                 //var_dump($a_role_hierarchy);
01564                 
01565                 foreach ($a_role_hierarchy as $role_id => $rolf_id)
01566                 {
01567                         //$log->write("ilRBACreview::__setProtectedStatus(), 0");       
01568                         //echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
01569                         //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
01570 
01571                         if ($leveladmin == true)
01572                         {
01573                                 $a_parent_roles[$role_id]['protected'] = false;
01574                                 continue;
01575                         }
01576                                 
01577                         if ($a_parent_roles[$role_id]['protected'] == true)
01578                         {
01579                                 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
01580                                 
01581                                 foreach ($arr_lvl_roles_user as $lvl_role_id)
01582                                 {
01583                                         //echo "<br/>level_role: ".$lvl_role_id;
01584                                         //echo "<br/>a_ref_id: ".$a_ref_id;
01585                                         
01586                                         //$log->write("ilRBACreview::__setProtectedStatus(), 1");
01587                                         // check if role grants 'edit_permission' to parent
01588                                         if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
01589                                         {
01590                                                 //$log->write("ilRBACreview::__setProtectedStatus(), 2");
01591                                                 // user may change permissions of that higher-ranked role
01592                                                 $a_parent_roles[$role_id]['protected'] = false;
01593                                                 
01594                                                 // remember successful check
01595                                                 $leveladmin = true;
01596                                         }
01597                                 }
01598                         }
01599                 }
01600                 
01601                 return $a_parent_roles;
01602         }
01603         
01614         public static function _getOperationList($a_type = null)
01615          {
01616                 global $ilDB;
01617         
01618                 $arr = array();
01619         
01620                 if ($a_type)
01621                 {
01622                         $q = "SELECT * FROM rbac_operations ".
01623                                  "LEFT JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ".
01624                                  "LEFT JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ".
01625                                  "WHERE object_data.title= ".$ilDB->quote($a_type)." AND object_data.type='typ' ".
01626                                  "ORDER BY 'op_order' ASC"; 
01627                 }
01628                 else
01629                 {
01630                         $q = "SELECT * FROM rbac_operations ".
01631                                  "ORDER BY 'op_order' ASC";
01632                 }
01633                 
01634                 $r = $ilDB->query($q);
01635         
01636                 while ($row = $r->fetchRow())
01637                 {
01638                         $arr[] = array(
01639                                                 "ops_id"        => $row[0],
01640                                                 "operation"     => $row[1],
01641                                                 "desc"          => $row[2],
01642                                                 "class"         => $row[3],
01643                                                 "order"         => $row[4]
01644                                                 );
01645                 }
01646         
01647                 return $arr;
01648         }
01649         
01650         public static function _groupOperationsByClass($a_ops_arr)
01651         {
01652                 $arr = array();
01653         
01654                 foreach ($a_ops_arr as $ops)
01655                 {
01656                         $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
01657                                                                                    'name'       => $ops['operation']
01658                                                                                  );
01659                 }
01660                 return $arr; 
01661         }
01662 
01670         public function getObjectOfRole($a_role_id)
01671         {
01672                 global $ilDB;
01673                 
01674                 $query = "SELECT obr.obj_id FROM rbac_fa as rfa ".
01675                         "JOIN tree ON rfa.parent = tree.child ".
01676                         "JOIN object_reference AS obr ON tree.parent = obr.ref_id ".
01677                         "WHERE tree.tree = 1 ".
01678                         "AND assign = 'y' ".
01679                         "AND rol_id = ".$ilDB->quote($a_role_id)." ";
01680                 $res = $ilDB->query($query);
01681                 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
01682                 {
01683                         $obj_id = $row->obj_id;
01684                 }
01685                 
01686                 return $obj_id ? $obj_id : 0;
01687         }
01688         
01695         public function isRoleDeleted ($a_role_id){
01696                 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
01697                 $deleted = true;
01698                 if (count($rolf_list))
01699                 {
01700                         foreach ($rolf_list as $rolf) {                 
01701                         // only list roles that are not set to status "deleted"
01702                         if (!$this->isDeleted($rolf))
01703                                 {
01704                                         $deleted = false;
01705                                         break;
01706                                 }
01707                         }
01708                 }
01709                 return $deleted;        
01710         }
01711 } // END class.ilRbacReview
01712 ?>