00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00038 class ilRbacAdmin
00039 {
00044 function ilRbacAdmin()
00045 {
00046 global $ilDB,$ilErr,$ilias;
00047
00048
00049 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
00050
00051 if (!isset($ilErr))
00052 {
00053 $ilErr = new ilErrorHandling();
00054 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00055 }
00056 else
00057 {
00058 $this->ilErr =& $ilErr;
00059 }
00060 }
00061
00069 function removeUser($a_usr_id)
00070 {
00071 global $ilDB;
00072
00073 if (!isset($a_usr_id))
00074 {
00075 $message = get_class($this)."::removeUser(): No usr_id given!";
00076 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00077 }
00078
00079 $q = "DELETE FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id)." ";
00080 $this->ilDB->query($q);
00081
00082 return true;
00083 }
00084
00092 function deleteRole($a_rol_id,$a_ref_id)
00093 {
00094 global $lng,$ilDB;
00095
00096 if (!isset($a_rol_id) or !isset($a_ref_id))
00097 {
00098 $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
00099 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00100 }
00101
00102
00103 if ($a_rol_id == SYSTEM_ROLE_ID)
00104 {
00105 $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
00106 }
00107
00108 include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
00109 $mapping = ilLDAPRoleGroupMapping::_getInstance();
00110 $mapping->deleteRole($a_rol_id);
00111
00112
00113
00114
00115
00116
00117 $q = "DELETE FROM rbac_ua ".
00118 "WHERE rol_id = ".$ilDB->quote($a_rol_id) ." ";
00119 $this->ilDB->query($q);
00120
00121
00122 $q = "DELETE FROM rbac_pa ".
00123 "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ";
00124 $this->ilDB->query($q);
00125
00126
00127 $this->deleteLocalRole($a_rol_id);
00128
00129 return true;
00130 }
00131
00138 function deleteTemplate($a_obj_id)
00139 {
00140 global $ilDB;
00141
00142 if (!isset($a_obj_id))
00143 {
00144 $message = get_class($this)."::deleteTemplate(): No obj_id given!";
00145 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00146 }
00147
00148 $q = "DELETE FROM rbac_templates ".
00149 "WHERE rol_id = ".$ilDB->quote($a_obj_id) ." ";
00150 $this->ilDB->query($q);
00151
00152 $q = "DELETE FROM rbac_fa ".
00153 "WHERE rol_id = ".$ilDB->quote($a_obj_id) ." ";
00154 $this->ilDB->query($q);
00155
00156 return true;
00157 }
00158
00166 function deleteLocalRole($a_rol_id,$a_ref_id = 0)
00167 {
00168 global $ilDB;
00169
00170 if (!isset($a_rol_id))
00171 {
00172 $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
00173 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00174 }
00175
00176
00177 if ($a_rol_id == SYSTEM_ROLE_ID)
00178 {
00179 return true;
00180 }
00181
00182 if ($a_ref_id != 0)
00183 {
00184 $clause = "AND parent = ".$ilDB->quote($a_ref_id)." ";
00185 }
00186
00187 $q = "DELETE FROM rbac_fa ".
00188 "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
00189 $clause;
00190
00191 $this->ilDB->query($q);
00192
00193 $q = "DELETE FROM rbac_templates ".
00194 "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
00195 $clause;
00196 $this->ilDB->query($q);
00197
00198 return true;
00199 }
00200
00201
00211 function assignUser($a_rol_id,$a_usr_id,$a_default = false)
00212 {
00213 global $ilDB,$rbacreview;
00214
00215 if (!isset($a_rol_id) or !isset($a_usr_id))
00216 {
00217 $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00218 #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
00219 }
00220
00221
00222 $alreadyAssigned = $rbacreview->isAssigned($a_usr_id,$a_rol_id);
00223
00224
00225 if (!$alreadyAssigned)
00226 {
00227 $q = "REPLACE INTO rbac_ua ".
00228 "VALUES (".$ilDB->quote($a_usr_id).",".$ilDB->quote($a_rol_id).")";
00229
00230
00231
00232 $res = $this->ilDB->query($q);
00233
00234 include_once './classes/class.ilRoleDesktopItem.php';
00235
00236 $role_desk_item_obj =& new ilRoleDesktopItem($a_rol_id);
00237
00238 if(is_object($tmp_user = ilObjectFactory::getInstanceByObjId($a_usr_id,false)))
00239 {
00240 foreach($role_desk_item_obj->getAll() as $item_data)
00241 {
00242 if(!$tmp_user->isDesktopItem($item_data['item_id'],$item_data['item_type']))
00243 {
00244 $tmp_user->addDesktopItem($item_data['item_id'],$item_data['item_type']);
00245 }
00246 }
00247 }
00248 }
00249
00250 include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
00251 $mapping = ilLDAPRoleGroupMapping::_getInstance();
00252 $mapping->assign($a_rol_id,$a_usr_id);
00253
00254 return true;
00255 }
00256
00264 function deassignUser($a_rol_id,$a_usr_id)
00265 {
00266 global $ilDB;
00267
00268 if (!isset($a_rol_id) or !isset($a_usr_id))
00269 {
00270 $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
00271 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00272 }
00273
00274 $q = "DELETE FROM rbac_ua ".
00275 "WHERE usr_id= ".$ilDB->quote($a_usr_id)." ".
00276 "AND rol_id=".$ilDB->quote($a_rol_id)." ";
00277 $this->ilDB->query($q);
00278
00279 include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
00280 $mapping = ilLDAPRoleGroupMapping::_getInstance();
00281 $mapping->deassign($a_rol_id,$a_usr_id);
00282
00283 return true;
00284 }
00285
00294 function grantPermission($a_rol_id,$a_ops,$a_ref_id)
00295 {
00296 global $ilDB;
00297
00298 if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
00299 {
00300 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
00301 "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
00302 }
00303
00304 if (!is_array($a_ops))
00305 {
00306 $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
00307 $this->ilErr->WARNING);
00308 }
00309
00310 if (count($a_ops) == 0)
00311 {
00312 return false;
00313 }
00314
00315
00316 if ($a_rol_id == SYSTEM_ROLE_ID)
00317 {
00318 return true;
00319 }
00320
00321
00322 foreach ($a_ops as $key => $operation)
00323 {
00324 $a_ops[$key] = (int) $operation;
00325 }
00326
00327
00328 $ops_ids = addslashes(serialize($a_ops));
00329
00330 $q = "REPLACE INTO rbac_pa (rol_id,ops_id,ref_id) ".
00331 "VALUES ".
00332 "(".$ilDB->quote($a_rol_id).",".$ilDB->quote($ops_ids).",".$ilDB->quote($a_ref_id).")";
00333 $this->ilDB->query($q);
00334
00335 return true;
00336 }
00337
00347 function revokePermission($a_ref_id,$a_rol_id = 0,$a_keep_protected = true)
00348 {
00349 global $rbacreview,$log,$ilDB;
00350
00351 if (!isset($a_ref_id))
00352 {
00353 $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
00354 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00355 }
00356 $log->write("ilRBACadmin::revokePermission(), 0");
00357
00358
00359 if ($a_keep_protected != true)
00360 {
00361
00362 if ($a_rol_id == SYSTEM_ROLE_ID)
00363 {
00364 return true;
00365 }
00366
00367 if ($a_rol_id)
00368 {
00369 $and1 = " AND rol_id = ".$ilDB->quote($a_rol_id)." ";
00370 }
00371 else
00372 {
00373 $and1 = "";
00374 }
00375
00376
00377 $q = "DELETE FROM rbac_pa ".
00378 "WHERE ref_id = ".$ilDB->quote($a_ref_id)." ".
00379 $and1;
00380 $this->ilDB->query($q);
00381
00382 return true;
00383 }
00384
00385
00386
00387
00388 $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
00389
00390 if (!$a_rol_id)
00391 {
00392 $log->write("ilRBACadmin::revokePermission(), 1");
00393
00394 $role_ids = array();
00395
00396 foreach ($roles_in_scope as $role)
00397 {
00398 if ($role['protected'] == true)
00399 {
00400 continue;
00401 }
00402
00403 $role_ids[] = $role['obj_id'];
00404 }
00405
00406
00407 if (!$role_ids)
00408 {
00409 return true;
00410 }
00411
00412 $q = "DELETE FROM rbac_pa ".
00413 "WHERE rol_id IN (".implode(',',ilUtil::quoteArray($role_ids)).") ".
00414 "AND ref_id = ".$ilDB->quote($a_ref_id)." ";
00415 $this->ilDB->query($q);
00416 }
00417 else
00418 {
00419 $log->write("ilRBACadmin::revokePermission(), 2");
00420
00421 if ($a_rol_id == SYSTEM_ROLE_ID)
00422 {
00423 return true;
00424 }
00425
00426
00427 if ($roles_in_scope[$a_rol_id]['protected'] == true)
00428 {
00429 return true;
00430 }
00431
00432 $q = "DELETE FROM rbac_pa ".
00433 "WHERE ref_id = ".$ilDB->quote($a_ref_id)." ".
00434 "AND rol_id = ".$ilDB->quote($a_rol_id)." ";
00435 $this->ilDB->query($q);
00436 }
00437
00438 return true;
00439 }
00440
00448 function revokePermissionList($a_ref_ids,$a_rol_id)
00449 {
00450 global $ilDB;
00451
00452 if (!isset($a_ref_ids) or !is_array($a_ref_ids))
00453 {
00454 $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: ".var_dump($a_ref_ids);
00455 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00456 }
00457
00458 if (!isset($a_rol_id))
00459 {
00460 $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
00461 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00462 }
00463
00464
00465 if ($a_rol_id == SYSTEM_ROLE_ID)
00466 {
00467 return true;
00468 }
00469
00470 $ref_ids = implode(",",ilUtil::quoteArray($a_ref_ids));
00471
00472
00473 $q = "DELETE FROM rbac_pa ".
00474 "WHERE ref_id IN (".$ref_ids.") ".
00475 "AND rol_id = ".$ilDB->quote($a_rol_id);
00476 $this->ilDB->query($q);
00477
00478 return true;
00479 }
00480
00491 public function copyRolePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
00492 {
00493 global $tree,$rbacreview;
00494
00495
00496 $this->copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected);
00497
00498 $source_obj = $tree->getParentId($a_source_parent);
00499 $target_obj = $tree->getParentId($a_dest_parent);
00500 $ops = $rbacreview->getRoleOperationsOnObject($a_source_id,$source_obj);
00501
00502 $this->revokePermission($target_obj,$a_dest_id);
00503 $this->grantPermission($a_dest_id,$ops,$target_obj);
00504 return true;
00505 }
00506
00517 function copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
00518 {
00519 global $rbacreview,$ilDB;
00520
00521 if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
00522 {
00523 $message = __METHOD__.": Missing parameter! source_id: ".$a_source_id.
00524 " source_parent_id: ".$a_source_parent.
00525 " dest_id : ".$a_dest_id.
00526 " dest_parent_id: ".$a_dest_parent;
00527 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00528 }
00529
00530
00531 if ($a_dest_id == SYSTEM_ROLE_ID)
00532 {
00533 return true;
00534 }
00535
00536 $query = "DELETE FROM rbac_templates WHERE rol_id = ".$ilDB->quote($a_dest_id)." ".
00537 "AND parent = ".$ilDB->quote($a_dest_parent);
00538 $ilDB->query($query);
00539
00540
00541 $q = "SELECT * FROM rbac_templates ".
00542 "WHERE rol_id = ".$ilDB->quote($a_source_id)." ".
00543 "AND parent = ".$ilDB->quote($a_source_parent)." ";
00544 $r = $this->ilDB->query($q);
00545
00546 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00547 {
00548 $q = "INSERT INTO rbac_templates ".
00549 "VALUES ".
00550 "(".$ilDB->quote($a_dest_id).",".$ilDB->quote($row->type).",".$ilDB->quote($row->ops_id).",".$ilDB->quote($a_dest_parent).")";
00551 $this->ilDB->query($q);
00552 }
00553
00554
00555 if ($a_consider_protected == true)
00556 {
00557 if ($rbacreview->isProtected($a_source_parent,$a_source_id))
00558 {
00559 $this->setProtected($a_dest_parent,$a_dest_id,'y');
00560 }
00561 }
00562
00563 return true;
00564 }
00578 function copyRolePermissionIntersection($a_source1_id,$a_source1_parent,$a_source2_id,$a_source2_parent,$a_dest_parent,$a_dest_id)
00579 {
00580 global $rbacreview,$ilDB;
00581
00582 if (!isset($a_source1_id) or !isset($a_source1_parent)
00583 or !isset($a_source2_id) or !isset($a_source2_parent)
00584 or !isset($a_dest_id) or !isset($a_dest_parent))
00585 {
00586 $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
00587 " source1_parent: ".$a_source1_parent.
00588 " source2_id: ".$a_source2_id.
00589 " source2_parent: ".$a_source2_parent.
00590 " dest_id: ".$a_dest_id.
00591 " dest_parent_id: ".$a_dest_parent;
00592 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00593 }
00594
00595
00596 if ($a_dest_id == SYSTEM_ROLE_ID)
00597 {
00598 return true;
00599 }
00600
00601 if ($rbacreview->isProtected($a_source2_parent,$a_source2_id))
00602 {
00603 return true;
00604 }
00605
00606 $q = "SELECT s1.type, s1.ops_id ".
00607 "FROM rbac_templates AS s1, rbac_templates AS s2 ".
00608 "WHERE s1.rol_id = ".$ilDB->quote($a_source1_id)." ".
00609 "AND s1.parent = ".$ilDB->quote($a_source1_parent)." ".
00610 "AND s2.rol_id = ".$ilDB->quote($a_source2_id)." ".
00611 "AND s2.parent = ".$ilDB->quote($a_source2_parent)." ".
00612 "AND s1.type = s2.type ".
00613 "AND s1.ops_id = s2.ops_id";
00614 $r = $this->ilDB->query($q);
00615
00616 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
00617 {
00618 $q = "INSERT INTO rbac_templates ".
00619 "VALUES ".
00620 "(".$ilDB->quote($a_dest_id).",".$ilDB->quote($row->type).",".$ilDB->quote($row->ops_id).",".$ilDB->quote($a_dest_parent).")";
00621 $this->ilDB->query($q);
00622 }
00623
00624 return true;
00625 }
00626
00637 function deleteRolePermission($a_rol_id,$a_ref_id,$a_type = false)
00638 {
00639 global $ilDB;
00640
00641 if (!isset($a_rol_id) or !isset($a_ref_id))
00642 {
00643 $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
00644 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00645 }
00646
00647
00648 if ($a_rol_id == SYSTEM_ROLE_ID)
00649 {
00650 return true;
00651 }
00652
00653 if ($a_type !== false)
00654 {
00655 $and_type = " AND type=".$ilDB->quote($a_type)." ";
00656 }
00657
00658 $q = "DELETE FROM rbac_templates ".
00659 "WHERE rol_id = ".$ilDB->quote($a_rol_id)." ".
00660 "AND parent = ".$ilDB->quote($a_ref_id)." ".
00661 $and_type;
00662 $this->ilDB->query($q);
00663
00664 return true;
00665 }
00666
00677 function setRolePermission($a_rol_id,$a_type,$a_ops,$a_ref_id)
00678 {
00679 global $ilDB;
00680
00681 if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
00682 {
00683 $message = get_class($this)."::setRolePermission(): Missing parameter!".
00684 " role_id: ".$a_rol_id.
00685 " type: ".$a_type.
00686 " operations: ".$a_ops.
00687 " ref_id: ".$a_ref_id;
00688 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00689 }
00690
00691 if (!is_string($a_type) or empty($a_type))
00692 {
00693 $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
00694 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00695 }
00696
00697 if (!is_array($a_ops) or empty($a_ops))
00698 {
00699 $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
00700 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00701 }
00702
00703
00704 if ($a_rol_id == SYSTEM_ROLE_ID)
00705 {
00706 return true;
00707 }
00708
00709 foreach ($a_ops as $op)
00710 {
00711 $q = "INSERT INTO rbac_templates ".
00712 "VALUES ".
00713 "(".$ilDB->quote($a_rol_id).",".$ilDB->quote($a_type).",".$ilDB->quote($op).",".$ilDB->quote($a_ref_id).")";
00714 $this->ilDB->query($q);
00715 }
00716
00717 return true;
00718 }
00719
00733 function assignRoleToFolder($a_rol_id,$a_parent,$a_assign = "y")
00734 {
00735 global $ilDB;
00736
00737 if (!isset($a_rol_id) or !isset($a_parent))
00738 {
00739 $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
00740 " role_id: ".$a_rol_id.
00741 " parent_id: ".$a_parent.
00742 " assign: ".$a_assign;
00743 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00744 }
00745
00746
00747 if ($a_rol_id == SYSTEM_ROLE_ID)
00748 {
00749 return true;
00750 }
00751
00752
00753 if ($a_assign != "y")
00754 {
00755 $a_assign = "n";
00756 }
00757
00758 $q = "INSERT INTO rbac_fa (rol_id,parent,assign) ".
00759 "VALUES (".$ilDB->quote($a_rol_id).",".$ilDB->quote($a_parent).",".$ilDB->quote($a_assign).")";
00760 $this->ilDB->query($q);
00761
00762 return true;
00763 }
00764
00773 function assignOperationToObject($a_type_id,$a_ops_id)
00774 {
00775 global $ilDB;
00776
00777 if (!isset($a_type_id) or !isset($a_ops_id))
00778 {
00779 $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
00780 "type_id: ".$a_type_id.
00781 "ops_id: ".$a_ops_id;
00782 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00783 }
00784
00785 $q = "INSERT INTO rbac_ta ".
00786 "VALUES(".$ilDB->quote($a_type_id).",".$ilDB->quote($a_ops_id).")";
00787 $this->ilDB->query($q);
00788
00789 return true;
00790 }
00791
00800 function deassignOperationFromObject($a_type_id,$a_ops_id)
00801 {
00802 global $ilDB;
00803
00804 if (!isset($a_type_id) or !isset($a_ops_id))
00805 {
00806 $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
00807 "type_id: ".$a_type_id.
00808 "ops_id: ".$a_ops_id;
00809 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
00810 }
00811
00812 $q = "DELETE FROM rbac_ta ".
00813 "WHERE typ_id = ".$ilDB->quote($a_type_id)." ".
00814 "AND ops_id = ".$ilDB->quote($a_ops_id)." ";
00815 $this->ilDB->query($q);
00816
00817 return true;
00818 }
00819
00820 function setProtected($a_ref_id,$a_role_id,$a_value)
00821 {
00822 global $ilDB;
00823
00824
00825 $q = "UPDATE rbac_fa ".
00826 "SET protected = ".$ilDB->quote($a_value)." ".
00827
00828 "WHERE rol_id = ".$ilDB->quote($a_role_id)." ";
00829 $this->ilDB->query($q);
00830
00831 return true;
00832 }
00833
00844 public function copyLocalRoles($a_source_id,$a_target_id)
00845 {
00846 global $rbacreview,$ilLog,$ilObjDataCache;
00847
00848 $source_rolf = $rbacreview->getRoleFolderIdOfObject($a_source_id);
00849 $target_rolf = $rbacreview->getRoleFolderIdOfObject($a_target_id);
00850
00851 if(!$source_rolf)
00852 {
00853
00854 return true;
00855 }
00856 $real_local = array();
00857 foreach($rbacreview->getRolesOfRoleFolder($source_rolf,false) as $role_data)
00858 {
00859 $title = $ilObjDataCache->lookupTitle($role_data);
00860 if(substr($title,0,3) == 'il_')
00861 {
00862 continue;
00863 }
00864 $real_local[] = $role_data;
00865 }
00866 if(!count($real_local))
00867 {
00868 return true;
00869 }
00870
00871 if(!$target_rolf)
00872 {
00873 $tmp_obj = ilObjectFactory::getInstanceByRefId($a_target_id,false);
00874 if(!is_object($tmp_obj))
00875 {
00876 return false;
00877 }
00878 $rolf = $tmp_obj->createRoleFolder();
00879 $target_rolf = $rolf->getRefId();
00880 $ilLog->write(__METHOD__.': Created new role folder with id '.$rolf->getRefId());
00881 }
00882 foreach($real_local as $role)
00883 {
00884 include_once ("classes/class.ilObjRole.php");
00885 $orig = new ilObjRole($role);
00886 $orig->read();
00887
00888 $ilLog->write(__METHOD__.': Start copying of role '.$orig->getTitle());
00889 $roleObj = new ilObjRole();
00890 $roleObj->setTitle($orig->getTitle());
00891 $roleObj->setDescription($orig->getDescription());
00892 $roleObj->setImportId($orig->getImportId());
00893 $roleObj->create();
00894
00895 $this->assignRoleToFolder($roleObj->getId(),$target_rolf,"y");
00896 $this->copyRolePermissions($role,$source_rolf,$target_rolf,$roleObj->getId(),true);
00897 $ilLog->write(__METHOD__.': Added new local role, id '.$roleObj->getId());
00898 }
00899
00900 }
00901
00913 public function adjustMovedObjectPermissions($a_ref_id,$a_old_parent)
00914 {
00915 global $rbacreview,$tree,$ilLog;
00916
00917 $new_parent = $tree->getParentId($a_ref_id);
00918 $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent,false);
00919 $new_context_roles = $rbacreview->getParentRoleIds($new_parent,false);
00920
00921 $for_addition = $for_deletion = array();
00922 foreach($new_context_roles as $new_role_id => $new_role)
00923 {
00924 if(!isset($old_context_roles[$new_role_id]))
00925 {
00926 $for_addition[$new_role_id] = $new_role;
00927 }
00928 elseif($new_role['parent'] != $old_context_roles[$new_role_id]['parent'])
00929 {
00930
00931 $for_deletion[$new_role_id] = $new_role;
00932 $for_addition[$new_role_id] = $new_role;
00933 }
00934 }
00935 foreach($old_context_roles as $old_role_id => $old_role)
00936 {
00937 if(!isset($new_context_roles[$old_role_id]))
00938 {
00939 $for_deletion[$old_role_id] = $old_role;
00940 }
00941 }
00942
00943 if(!count($for_deletion) and !count($for_addition))
00944 {
00945 return true;
00946 }
00947 foreach($nodes = $tree->getSubTree($node_data = $tree->getNodeData($a_ref_id),true) as $node_data)
00948 {
00949 $node_id = $node_data['child'];
00950
00951
00952
00953
00954 if(!$node_data['type'])
00955 {
00956 $ilLog->write(__METHOD__.': No type give. Choosing next tree entry.');
00957 continue;
00958 }
00959
00960 if(!$node_id)
00961 {
00962 $ilLog->write(__METHOD__.': Missing subtree node_id');
00963 continue;
00964 }
00965
00966 foreach($for_deletion as $role_id => $role_data)
00967 {
00968 if($rolf_id = $rbacreview->getRoleFolderIdOfObject($node_id))
00969 {
00970 $this->deleteLocalRole($role_id,$rolf_id);
00971 }
00972 $this->revokePermission($node_id,$role_id,false);
00973
00974 }
00975 foreach($for_addition as $role_id => $role_data)
00976 {
00977 $this->grantPermission(
00978 $role_id,
00979 $ops = $rbacreview->getOperationsOfRole($role_id,$node_data['type'],$role_data['parent']),
00980 $node_id);
00981
00982
00983 }
00984 }
00985
00986 }
00987 }
00988 ?>
