ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Private Attributes
ilRbacReview Class Reference
Services/AccessControl

class ilRbacReview Contains Review functions of core Rbac. More...

+ Collaboration diagram for ilRbacReview:

Public Member Functions

 ilRbacReview ()
 Constructor public.
 searchRolesByMailboxAddressList ($a_address_list)
 Finds all role ids that match the specified user friendly role mailbox address list.
 getRoleMailboxAddress ($a_role_id, $is_localize=true)
 Returns the mailbox address of a role.
 roleExists ($a_title, $a_id=0)
 Checks if a role already exists.
 __getParentRoles ($a_path, $a_templates, $a_keep_protected)
 Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan.
 getParentRoleIds ($a_endnode_id, $a_templates=false, $a_keep_protected=false)
 get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates public
 getRoleListByObject ($a_ref_id, $a_templates=false)
 Returns a list of roles in an container public.
 getAssignableRoles ($a_templates=false, $a_internal_roles=false)
 Returns a list of all assignable roles public.
 getAssignableRolesInSubtree ($ref_id)
 Returns a list of assignable roles in a subtree of the repository public.
 getAssignableChildRoles ($a_ref_id)
 Get all assignable roles under a specific node public.
 __setTemplateFilter ($a_templates)
 get roles and templates or only roles; returns string for where clause private
 __setRoleType ($a_role_list)
 computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates
 assignedUsers ($a_rol_id, $a_fields=NULL)
 get all assigned users to a given role public
 isAssigned ($a_usr_id, $a_role_id)
 check if a specific user is assigned to specific role public
 isAssignedToAtLeastOneGivenRole ($a_usr_id, $a_role_ids)
 
check if a specific user is assigned to at least one of the

given role ids.

 assignedRoles ($a_usr_id)
 get all assigned roles to a given user public
 assignedGlobalRoles ($a_usr_id)
 Get assigned global roles for an user.
 isAssignable ($a_rol_id, $a_ref_id)
 Check if its possible to assign users public.
 getFoldersAssignedToRole ($a_rol_id, $a_assignable=false)
 returns an array of role folder ids assigned to a role.
 getRolesOfRoleFolder ($a_ref_id, $a_nonassignable=true)
 get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids public
 getGlobalRoles ()
 get only 'global' roles public
 getGlobalRolesArray ()
 get only 'global' roles public
 getGlobalAssignableRoles ()
 get only 'global' roles (with flag 'assign_users') public
 __getAllRoleFolderIds ()
 get all role folder ids private
 getRoleFolderOfObject ($a_ref_id)
 returns the data of a role folder assigned to an object public
 getRoleFolderIdOfObject ($a_ref_id)
 getOperations ()
 get all possible operations public
 getOperation ($ops_id)
 get one operation by operation id public
 getAllOperationsOfRole ($a_rol_id, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public
 getOperationsOfRole ($a_rol_id, $a_type, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public
 getRoleOperationsOnObject ($a_role_id, $a_ref_id)
 getOperationsOnType ($a_typ_id)
 all possible operations of a type public
 getOperationsOnTypeString ($a_type)
 all possible operations of a type public
 getObjectsWithStopedInheritance ($a_rol_id)
 get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.
 isDeleted ($a_node_id)
 checks if a rolefolder is set as deleted (negative tree_id) public
 isGlobalRole ($a_role_id)
 getRolesByFilter ($a_filter=0, $a_user_id=0)
 getTypeId ($a_type)
 _getOperationIdsByName ($operations)
 get ops_id's by name.
 getLinkedRolesOfRoleFolder ($a_ref_id)
 get all linked local roles of a role folder that are created due to stopped inheritance returns an array with role ids public
 isProtected ($a_ref_id, $a_role_id)
 __setProtectedStatus ($a_parent_roles, $a_role_hierarchy, $a_ref_id)
 getObjectOfRole ($a_role_id)
 Get object id of objects a role is assigned to.
 getObjectReferenceOfRole ($a_role_id)
 Get reference of role.
 isRoleDeleted ($a_role_id)
 return if role is only attached to deleted role folders
 getRolesForIDs ($role_ids, $use_templates)
 getOperationAssignment ()
 get operation assignments
 filterEmptyRoleFolders ($a_rolf_candidates)
 Filter empty role folder.

Static Public Member Functions

static _getOperationIdByName ($a_operation)
 get operation id by name of operation public static
static _getOperationList ($a_type=null)
 get operation list by object type TODO: rename function to: getOperationByType public static
static _groupOperationsByClass ($a_ops_arr)

Data Fields

 $log = null

Protected Member Functions

 getParentRoles ($a_path, $a_templates, $a_keep_protected)
 get parent roles (NEW implementation)

Protected Attributes

 $assigned_roles = array()

Static Private Attributes

static $_opsCache = null

Detailed Description

class ilRbacReview Contains Review functions of core Rbac.

This class offers the possibility to view the contents of the user <-> role (UR) relation and the permission <-> role (PR) relation. For example, from the UA relation the administrator should have the facility to view all user assigned to a given role.

Author
Stefan Meyer smeye.nosp@m.r@da.nosp@m.tabay.nosp@m..de
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
Id:
class.ilRbacReview.php 27942 2011-03-03 10:51:08Z akordosz

Definition at line 40 of file class.ilRbacReview.php.

Member Function Documentation

ilRbacReview::__getAllRoleFolderIds ( )

get all role folder ids private

Returns
array

Definition at line 1243 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT DISTINCT parent FROM rbac_fa";
$res = $ilDB->query($query);
$parent = array();
while($row = $ilDB->fetchObject($res))
{
$parent[] = $row->parent;
}
return $parent;
}
ilRbacReview::__getParentRoles (   $a_path,
  $a_templates,
  $a_keep_protected 
)

Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan.

Get parent roles in a path. If last parameter is set 'true' it delivers also all templates in the path private

Parameters
arrayarray with path_ids
booleantrue for role templates (default: false)
Returns
array array with all parent roles (obj_ids)

Definition at line 635 of file class.ilRbacReview.php.

References $ilDB, $in, $log, $q, $row, __setProtectedStatus(), DB_FETCHMODE_OBJECT, getRoleListByObject(), and ilDB\query().

Referenced by getParentRoleIds().

{
global $log,$ilDB;
if (!isset($a_path) or !is_array($a_path))
{
$message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$parent_roles = array();
$role_hierarchy = array();
// Select all role folders on a path using a single SQL-statement.
// CREATE IN() STATEMENT
$in = $ilDB->in('t.parent',$a_path,false,'integer');
$q = "SELECT t.child,t.depth FROM tree t ".
"JOIN object_reference r ON r.ref_id = t.child ".
"JOIN object_data o ON o.obj_id = r.obj_id ".
"WHERE ".$in." ".
"AND o.type= ".$ilDB->quote('rolf','text')." ".
"ORDER BY t.depth ASC";
$r = $this->ilDB->query($q);
// Sort by path (Administration -> Rolefolder is first element)
$role_rows = array();
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$depth = ($row->child == ROLE_FOLDER_ID ? 0 : $row->depth);
$role_rows[$depth]['child'] = $row->child;
}
ksort($role_rows,SORT_NUMERIC);
foreach($role_rows as $row)
{
$roles = $this->getRoleListByObject($row['child'],$a_templates);
foreach ($roles as $role)
{
$id = $role["obj_id"];
$role["parent"] = $row['child'];
$parent_roles[$id] = $role;
if (!array_key_exists($role['obj_id'],$role_hierarchy))
{
$role_hierarchy[$id] = $row['child'];
}
}
}
if (!$a_keep_protected)
{
return $this->__setProtectedStatus($parent_roles,$role_hierarchy,end($a_path));
}
return $parent_roles;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::__setProtectedStatus (   $a_parent_roles,
  $a_role_hierarchy,
  $a_ref_id 
)

Definition at line 1741 of file class.ilRbacReview.php.

References $log, and assignedRoles().

Referenced by __getParentRoles(), and getParentRoles().

{
global $rbacsystem,$ilUser,$log;
if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
{
$leveladmin = true;
}
else
{
$leveladmin = false;
}
//var_dump($a_role_hierarchy);
foreach ($a_role_hierarchy as $role_id => $rolf_id)
{
//$log->write("ilRBACreview::__setProtectedStatus(), 0");
//echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
//var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
if ($leveladmin == true)
{
$a_parent_roles[$role_id]['protected'] = false;
continue;
}
if ($a_parent_roles[$role_id]['protected'] == true)
{
$arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
foreach ($arr_lvl_roles_user as $lvl_role_id)
{
//echo "<br/>level_role: ".$lvl_role_id;
//echo "<br/>a_ref_id: ".$a_ref_id;
//$log->write("ilRBACreview::__setProtectedStatus(), 1");
// check if role grants 'edit_permission' to parent
if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
{
//$log->write("ilRBACreview::__setProtectedStatus(), 2");
// user may change permissions of that higher-ranked role
$a_parent_roles[$role_id]['protected'] = false;
// remember successful check
$leveladmin = true;
}
}
}
}
return $a_parent_roles;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::__setRoleType (   $a_role_list)

computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates

private

Parameters
arrayrole list
Returns
array role list with additional entry for role_type

Definition at line 889 of file class.ilRbacReview.php.

References $key.

Referenced by getAssignableRoles(), getAssignableRolesInSubtree(), getRoleListByObject(), getRolesByFilter(), and getRolesForIDs().

{
foreach ($a_role_list as $key => $val)
{
// determine role type
if ($val["type"] == "rolt")
{
$a_role_list[$key]["role_type"] = "template";
}
else
{
if ($val["assign"] == "y")
{
if ($val["parent"] == ROLE_FOLDER_ID)
{
$a_role_list[$key]["role_type"] = "global";
}
else
{
$a_role_list[$key]["role_type"] = "local";
}
}
else
{
$a_role_list[$key]["role_type"] = "linked";
}
}
if ($val["protected"] == "y")
{
$a_role_list[$key]["protected"] = true;
}
else
{
$a_role_list[$key]["protected"] = false;
}
}
return $a_role_list;
}

+ Here is the caller graph for this function:

ilRbacReview::__setTemplateFilter (   $a_templates)

get roles and templates or only roles; returns string for where clause private

Parameters
booleantrue: with templates
Returns
string where clause

Definition at line 862 of file class.ilRbacReview.php.

References $ilDB.

Referenced by getAssignableRoles(), getAssignableRolesInSubtree(), getRoleListByObject(), and getRolesForIDs().

{
global $ilDB;
if ($a_templates === true)
{
$where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
}
else
{
$where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
}
return $where;
}

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationIdByName (   $a_operation)
static

get operation id by name of operation public static

Parameters
stringoperation name
Returns
integer operation id

Definition at line 1663 of file class.ilRbacReview.php.

References $ilDB, $ilErr, $q, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilRbacSystem\checkAccessOfUser().

{
global $ilDB,$ilErr;
if (!isset($a_operation))
{
$message = "perm::getOperationId(): No operation given!";
$ilErr->raiseError($message,$ilErr->WARNING);
}
// Cache operation ids
if (! is_array(self::$_opsCache)) {
self::$_opsCache = array();
$q = "SELECT ops_id, operation FROM rbac_operations";
$r = $ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
self::$_opsCache[$row->operation] = $row->ops_id;
}
}
// Get operation ID by name from cache
if (array_key_exists($a_operation, self::$_opsCache)) {
return self::$_opsCache[$a_operation];
}
return null;
}

+ Here is the caller graph for this function:

ilRbacReview::_getOperationIdsByName (   $operations)

get ops_id's by name.

Example usage: $rbacadmin->grantPermission($roles,ilRbacReview::_getOperationIdsByName(array('visible','read'),$ref_id));

public

Parameters
arraystring name of operation. see rbac_operations
Returns
array integer ops_id's

Definition at line 1636 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilUtil\_getObjectsByOperations(), ilLicense\getPotentialAccesses(), ilObjChat\initDefaultRoles(), and ilObjCourseGUI\updateECSExportSettings().

{
global $ilDB;
if(!count($operations))
{
return array();
}
$query = 'SELECT ops_id FROM rbac_operations '.
'WHERE '.$ilDB->in('operation',$operations,false,'text');
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops_ids[] = $row->ops_id;
}
return $ops_ids ? $ops_ids : array();
}

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationList (   $a_type = null)
static

get operation list by object type TODO: rename function to: getOperationByType public static

Parameters
stringobject type you want to have the operation list
stringorder column
stringorder direction (possible values: ASC or DESC)
Returns
array returns array of operations

Definition at line 1805 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilObjTypeDefinitionGUI\editObject(), ilObjectStatusGUI\getAssignedValidRoles(), ilObjectStatusGUI\getPermissionInfo(), ilPermissionGUI\getRolesData(), and ilObjTypeDefinitionGUI\viewObject().

{
global $ilDB;
$arr = array();
if ($a_type)
{
$query = sprintf('SELECT * FROM rbac_operations '.
'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
'WHERE object_data.title = %s '.
'AND object_data.type = %s '.
'ORDER BY %s ASC',
$ilDB->quote($a_type,'text'),
$ilDB->quote('typ','text'),
$ilDB->quote('op_order','text'));
}
else
{
$query = 'SELECT * FROM rbac_operations '.
"ORDER BY 'op_order' ASC";
}
$res = $ilDB->query($query);
while ($row = $ilDB->fetchAssoc($res))
{
$arr[] = array(
"ops_id" => $row['ops_id'],
"operation" => $row['operation'],
"desc" => $row['description'],
"class" => $row['class'],
"order" => $row['op_order']
);
}
return $arr;
}

+ Here is the caller graph for this function:

static ilRbacReview::_groupOperationsByClass (   $a_ops_arr)
static

Definition at line 1842 of file class.ilRbacReview.php.

Referenced by ilPermissionGUI\getRolesData().

{
$arr = array();
foreach ($a_ops_arr as $ops)
{
$arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
'name' => $ops['operation']
);
}
return $arr;
}

+ Here is the caller graph for this function:

ilRbacReview::assignedGlobalRoles (   $a_usr_id)

Get assigned global roles for an user.

Parameters
int$a_usr_idId of user account

Definition at line 1062 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT ua.rol_id FROM rbac_ua ua ".
"JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
"WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
"AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
"AND assign = 'y' ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$role_arr[] = $row->rol_id;
}
return $role_arr ? $role_arr : array();
}
ilRbacReview::assignedRoles (   $a_usr_id)

get all assigned roles to a given user public

Parameters
integerusr_id
Returns
array all roles (id) the user have

Definition at line 1042 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by __setProtectedStatus(), and getRolesByFilter().

{
global $ilDB;
$role_arr = array();
$query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$role_arr[] = $row->rol_id;
}
return $role_arr ? $role_arr : array();
}

+ Here is the caller graph for this function:

ilRbacReview::assignedUsers (   $a_rol_id,
  $a_fields = NULL 
)

get all assigned users to a given role public

Parameters
integerrole_id
arraycolumns to get form usr_data table (optional)
Returns
array all users (id) assigned to role OR arrays of user datas

Definition at line 937 of file class.ilRbacReview.php.

References $ilBench, $ilDB, $query, $res, and $row.

{
global $ilBench,$ilDB;
$ilBench->start("RBAC", "review_assignedUsers");
if (!isset($a_rol_id))
{
$message = get_class($this)."::assignedUsers(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$result_arr = array();
if ($a_fields !== NULL and is_array($a_fields))
{
if (count($a_fields) == 0)
{
$select = "*";
}
else
{
if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
unset($a_fields[$usr_id_field]);
$select = implode(",",$a_fields).",usr_data.usr_id";
$select = addslashes($select);
}
$query = "SELECT ".$select." FROM usr_data ".
"LEFT JOIN rbac_ua ON usr_data.usr_id = rbac_ua.usr_id ".
"WHERE rbac_ua.rol_id =".$ilDB->quote($a_rol_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$result_arr[] = $row;
}
}
else
{
$query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
array_push($result_arr,$row["usr_id"]);
}
}
$ilBench->stop("RBAC", "review_assignedUsers");
return $result_arr;
}
ilRbacReview::filterEmptyRoleFolders (   $a_rolf_candidates)

Filter empty role folder.

This method is used after deleting roles, to check which empty role folders have to deleted.

Parameters
array$a_rolf_candidates
Returns
array

Definition at line 1988 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = 'SELECT DISTINCT(parent) parent FROM rbac_fa '.
'WHERE '.$ilDB->in('parent',$a_rolf_candidates,false,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$non_empty[] = $row->parent;
}
return $non_empty ? $non_empty : array();
}
ilRbacReview::getAllOperationsOfRole (   $a_rol_id,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public

Parameters
integerrole_id
integerrole folder id
Returns
array array of operation_id and types

Definition at line 1345 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
if(!$a_parent)
{
$a_parent = ROLE_FOLDER_ID;
}
$query = "SELECT ops_id,type FROM rbac_templates ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_parent,'integer');
$res = $ilDB->query($query);
while ($row = $ilDB->fetchObject($res))
{
$ops_arr[$row->type][] = $row->ops_id;
}
return (array) $ops_arr;
}
ilRbacReview::getAssignableChildRoles (   $a_ref_id)

Get all assignable roles under a specific node public.

Parameters
ref_id
Returns
array set ids

Definition at line 836 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
global $tree;
$query = "SELECT fa.*, rd.* ".
"FROM object_data rd ".
"JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE fa.assign = 'y' ".
"AND t.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
;
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$roles_data[] = $row;
}
return $roles_data ? $roles_data : array();
}
ilRbacReview::getAssignableRoles (   $a_templates = false,
  $a_internal_roles = false 
)

Returns a list of all assignable roles public.

Parameters
booleanif true fetch template roles too
Returns
array set ids

Definition at line 769 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), and __setTemplateFilter().

Referenced by getRolesByFilter().

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON obj_id = rol_id ".
$where.
"AND rbac_fa.assign = 'y' ";
$res = $ilDB->query($query);
while ($row = $ilDB->fetchAssoc($res))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getAssignableRolesInSubtree (   $ref_id)

Returns a list of assignable roles in a subtree of the repository public.

Parameters
ref_idRfoot node of subtree
Returns
array set ids

Definition at line 801 of file class.ilRbacReview.php.

References $ilDB, $query, $ref_id, $res, $row, __setRoleType(), and __setTemplateFilter().

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter(false);
$query = "SELECT fa.*, dat.* ".
"FROM tree root ".
"JOIN tree node ON node.tree = root.tree ".
"AND node.lft > root.lft AND node.rgt < root.rgt ".
"JOIN object_reference ref ON ref.ref_id = node.child ".
"JOIN rbac_fa fa ON fa.parent = ref.ref_id ".
"JOIN object_data dat ON dat.obj_id = fa.rol_id ".
"WHERE root.child = ".$this->ilDB->quote($ref_id,'integer')." ".
"AND root.tree = 1 ".
"AND fa.assign = 'y' ".
"ORDER BY dat.title";
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

ilRbacReview::getFoldersAssignedToRole (   $a_rol_id,
  $a_assignable = false 
)

returns an array of role folder ids assigned to a role.

A role with stopped inheritance may be assigned to more than one rolefolder. To get only the original location of a role, set the second parameter to true

public

Parameters
integerrole id
booleanget only rolefolders where role is assignable (true)
Returns
array reference IDs of role folders

Definition at line 1126 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by getObjectsWithStopedInheritance(), and isRoleDeleted().

{
global $ilDB;
if (!isset($a_rol_id))
{
$message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if ($a_assignable)
{
$where = " AND assign ='y'";
}
$query = "SELECT DISTINCT parent FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$folders[] = $row->parent;
}
return $folders ? $folders : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getGlobalAssignableRoles ( )

get only 'global' roles (with flag 'assign_users') public

Returns
array Array with rol_ids

Definition at line 1223 of file class.ilRbacReview.php.

References ilObjRole\_getAssignUsersStatus(), and getGlobalRoles().

{
include_once './Services/AccessControl/classes/class.ilObjRole.php';
foreach($this->getGlobalRoles() as $role_id)
{
if(ilObjRole::_getAssignUsersStatus($role_id))
{
$ga[] = array('obj_id' => $role_id,
'role_type' => 'global');
}
}
return $ga ? $ga : array();
}

+ Here is the call graph for this function:

ilRbacReview::getGlobalRoles ( )

get only 'global' roles public

Returns
array Array with rol_ids

Definition at line 1198 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

Referenced by getGlobalAssignableRoles(), getRolesByFilter(), and isGlobalRole().

{
return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getGlobalRolesArray ( )

get only 'global' roles public

Returns
array Array with rol_ids

Definition at line 1208 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

{
foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
{
$ga[] = array('obj_id' => $role_id,
'role_type' => 'global');
}
return $ga ? $ga : array();
}

+ Here is the call graph for this function:

ilRbacReview::getLinkedRolesOfRoleFolder (   $a_ref_id)

get all linked local roles of a role folder that are created due to stopped inheritance returns an array with role ids public

Parameters
integerref_id of object
booleanif false only get true local roles
Returns
array Array with rol_ids

Definition at line 1701 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilDB\query().

{
global $ilDB;
if (!isset($a_ref_id))
{
$message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$and = " AND assign='n'";
$query = "SELECT rol_id FROM rbac_fa ".
"WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
$and;
$res = $this->ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$rol_id[] = $row->rol_id;
}
return $rol_id ? $rol_id : array();
}

+ Here is the call graph for this function:

ilRbacReview::getObjectOfRole (   $a_role_id)

Get object id of objects a role is assigned to.

public

Parameters
introle id

Definition at line 1862 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilObjUserGUI\roleassignmentObject().

{
global $ilDB;
$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
"JOIN tree ON rfa.parent = tree.child ".
"JOIN object_reference obr ON tree.parent = obr.ref_id ".
"WHERE tree.tree = 1 ".
"AND assign = 'y' ".
"AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$obj_id = $row->obj_id;
}
return $obj_id ? $obj_id : 0;
}

+ Here is the caller graph for this function:

ilRbacReview::getObjectReferenceOfRole (   $a_role_id)

Get reference of role.

Parameters
object$a_role_id
Returns

Definition at line 1886 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = "SELECT tree.parent ref FROM rbac_fa fa ".
"JOIN tree ON fa.parent = tree.child ".
"WHERE tree.tree = 1 ".
"AND assign = ".$ilDB->quote('y','text').' '.
"AND rol_id = ".$ilDB->quote($a_role_id,'integer');
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
return $row->ref;
}
return 0;
}
ilRbacReview::getObjectsWithStopedInheritance (   $a_rol_id)

get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.

public

Parameters
integerrole_id
Returns
array with ref_ids of objects

Definition at line 1480 of file class.ilRbacReview.php.

References getFoldersAssignedToRole().

{
$tree = new ilTree(ROOT_FOLDER_ID);
if (!isset($a_rol_id))
{
$message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
foreach ($all_rolf_ids as $rolf_id)
{
$parent[] = $tree->getParentId($rolf_id);
}
return $parent ? $parent : array();
}

+ Here is the call graph for this function:

ilRbacReview::getOperation (   $ops_id)

get one operation by operation id public

Returns
array data of operation_id

Definition at line 1321 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilDB\query().

{
global $ilDB;
$query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
$res = $this->ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops = array('ops_id' => $row->ops_id,
'operation' => $row->operation,
'description' => $row->description);
}
return $ops ? $ops : array();
}

+ Here is the call graph for this function:

ilRbacReview::getOperationAssignment ( )

get operation assignments

Returns
array array(array('typ_id' => $typ_id,'title' => $title,'ops_id => '$ops_is,'operation' => $operation),...

Definition at line 1958 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
$res = $ilDB->query($query);
$counter = 0;
while($row = $ilDB->fetchObject($res))
{
$info[$counter]['typ_id'] = $row->typ_id;
$info[$counter]['type'] = $row->title;
$info[$counter]['ops_id'] = $row->ops_id;
$info[$counter]['operation'] = $row->operation;
$counter++;
}
return $info ? $info : array();
}
ilRbacReview::getOperations ( )

get all possible operations public

Returns
array array of operation_id

Definition at line 1300 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilDB\query().

{
global $ilDB;
$query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
$res = $this->ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops[] = array('ops_id' => $row->ops_id,
'operation' => $row->operation,
'description' => $row->description);
}
return $ops ? $ops : array();
}

+ Here is the call graph for this function:

ilRbacReview::getOperationsOfRole (   $a_rol_id,
  $a_type,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public

Parameters
integerrole_id
stringobject type
integerrole folder id
Returns
array array of operation_id

Definition at line 1375 of file class.ilRbacReview.php.

References $ilDB, $ilLog, $query, $res, and $row.

{
global $ilDB,$ilLog;
if (!isset($a_rol_id) or !isset($a_type))
{
$message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
"role_id: ".$a_rol_id.
"type: ".$a_type.
"parent_id: ".$a_parent;
$ilLog->logStack("Missing parameter! ");
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$ops_arr = array();
// if no rolefolder id is given, assume global role folder as target
if ($a_parent == 0)
{
$a_parent = ROLE_FOLDER_ID;
}
$query = "SELECT ops_id FROM rbac_templates ".
"WHERE type =".$ilDB->quote($a_type,'text')." ".
"AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_parent,'integer');
$res = $ilDB->query($query);
while ($row = $ilDB->fetchObject($res))
{
$ops_arr[] = $row->ops_id;
}
return $ops_arr;
}
ilRbacReview::getOperationsOnType (   $a_typ_id)

all possible operations of a type public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs

Definition at line 1433 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by getOperationsOnTypeString().

{
global $ilDB;
if (!isset($a_typ_id))
{
$message = get_class($this)."::getOperationsOnType(): No type_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops_id[] = $row->ops_id;
}
return $ops_id ? $ops_id : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getOperationsOnTypeString (   $a_type)

all possible operations of a type public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs

Definition at line 1460 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, DB_FETCHMODE_OBJECT, getOperationsOnType(), and ilDB\query().

{
global $ilDB;
$query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
$res = $this->ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
return $this->getOperationsOnType($row->obj_id);
}
return false;
}

+ Here is the call graph for this function:

ilRbacReview::getParentRoleIds (   $a_endnode_id,
  $a_templates = false,
  $a_keep_protected = false 
)

get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates public

Parameters
integerref_id of an object which is end node
booleantrue for role templates (default: false)
Returns
array array(role_ids => role_data)

Definition at line 700 of file class.ilRbacReview.php.

References $ilDB, $log, and __getParentRoles().

{
global $tree,$log,$ilDB;
if (!isset($a_endnode_id))
{
$message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
//var_dump($a_endnode_id);exit;
//$log->write("ilRBACreview::getParentRoleIds(), 0");
$pathIds = $tree->getPathId($a_endnode_id);
// add system folder since it may not in the path
$pathIds[0] = SYSTEM_FOLDER_ID;
//$log->write("ilRBACreview::getParentRoleIds(), 1");
#return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
}

+ Here is the call graph for this function:

ilRbacReview::getParentRoles (   $a_path,
  $a_templates,
  $a_keep_protected 
)
protected

get parent roles (NEW implementation)

protected

Parameters
@return

Definition at line 563 of file class.ilRbacReview.php.

References $ilDB, $log, $query, $res, $row, __setProtectedStatus(), DB_FETCHMODE_OBJECT, getRoleFolderIdOfObject(), and getRoleListByObject().

{
global $log,$ilDB,$tree;
$parent_roles = array();
$role_hierarchy = array();
$node = $tree->getNodeData($a_path);
$lft = $node['lft'];
$rgt = $node['rgt'];
// Role folder id
$relevant_rolfs[] = ROLE_FOLDER_ID;
// Role folder of current object
if($rolf = $this->getRoleFolderIdOfObject($a_path))
{
$relevant_rolfs[] = $rolf;
}
// role folder of objects in path
$query = "SELECT * FROM tree ".
"JOIN object_reference obr ON child = ref_id ".
"JOIN object_data obd ON obr.obj_id = obd.obj_id ".
"WHERE type = 'rolf' ".
"AND lft < ".$ilDB->quote($lft,'integer')." ".
"AND rgt > ".$ilDB->quote($rgt,'integer');
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$relevant_rolfs[] = $row->child;
}
foreach($relevant_rolfs as $rolf)
{
$roles = $this->getRoleListByObject($rolf,$a_templates);
foreach ($roles as $role)
{
$id = $role["obj_id"];
$role["parent"] = $rolf;
$parent_roles[$id] = $role;
if (!array_key_exists($role['obj_id'],$role_hierarchy))
{
$role_hierarchy[$id] = $rolf;
}
}
}
if (!$a_keep_protected)
{
return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$a_path);
}
return $parent_roles;
}

+ Here is the call graph for this function:

ilRbacReview::getRoleFolderIdOfObject (   $a_ref_id)

Definition at line 1283 of file class.ilRbacReview.php.

References getRoleFolderOfObject().

Referenced by getParentRoles().

{
$rolf = $this->getRoleFolderOfObject($a_ref_id);
if (!$rolf)
{
return false;
}
return $rolf['ref_id'];
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getRoleFolderOfObject (   $a_ref_id)

returns the data of a role folder assigned to an object public

Parameters
integerref_id of object with a rolefolder object under it
Returns
array empty array if rolefolder not found

Definition at line 1264 of file class.ilRbacReview.php.

References $GLOBALS, and $ilBench.

Referenced by getRoleFolderIdOfObject().

{
global $tree,$ilBench;
$ilBench->start("RBAC", "review_getRoleFolderOfObject");
if (!isset($a_ref_id))
{
$GLOBALS['ilLog']->logStack();
$message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$childs = $tree->getChildsByType($a_ref_id,"rolf");
$ilBench->stop("RBAC", "review_getRoleFolderOfObject");
return $childs[0] ? $childs[0] : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getRoleListByObject (   $a_ref_id,
  $a_templates = false 
)

Returns a list of roles in an container public.

Parameters
integerref_id
booleanif true fetch template roles too
Returns
array set ids

Definition at line 728 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), and __setTemplateFilter().

Referenced by __getParentRoles(), and getParentRoles().

{
global $ilDB;
if (!isset($a_ref_id) or !isset($a_templates))
{
$message = get_class($this)."::getRoleListByObject(): Missing parameter!".
"ref_id: ".$a_ref_id.
"tpl_flag: ".$a_templates;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON obj_id = rol_id ".
$where.
"AND object_data.obj_id = rbac_fa.rol_id ".
"AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
while ($row = $ilDB->fetchAssoc($res))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getRoleMailboxAddress (   $a_role_id,
  $is_localize = true 
)

Returns the mailbox address of a role. 

Example 1: Mailbox address for an ILIAS reserved role name
The il_crs_member_345 role of the course object "English Course 1" is returned as one of the following mailbox addresses:

a) Course Member <#member@[English Course 1]> b) Course Member <#il_crs_member_345@[English Course 1]> c) Course Member <#il_crs_member_345>

Address a) is returned, if the title of the object is unique, and if there is only one local role with the substring "member" defined for the object.

Address b) is returned, if the title of the object is unique, but there is more than one local role with the substring "member" in its title.

Address c) is returned, if the title of the course object is not unique. 

Example 2: Mailbox address for a manually defined role name
The "Admin" role of the category object "Courses" is returned as one of the following mailbox addresses:

a) Course Administrator <#Admin> b) Course Administrator <#Admin> c) Course Adminstrator <#il_role_34211> 

Address a) is returned, if the title of the object is unique, and
if there is only one local role with the substring "Admin" defined for
the course object.

Address b) is returned, if the title of the object is not unique, but

the role title is unique.

Address c) is returned, if neither the role title nor the title of the course object is unique. 

Example 3: Mailbox address for a manually defined role title that can
       contains special characters in the local-part of a 
       mailbox address
The "Author Courses" role of the category object "Courses" is returned as one of the following mailbox addresses:

a) "#Author Courses" b) Author Courses <#il_role_34234> 

Address a) is returned, if the title of the role is unique.

Address b) is returned, if neither the role title nor the title of the course object is unique, or if the role title contains a quote or a backslash.

Parameters
inta role id
booleanis_localize whether mailbox addresses should be localized
Returns
String mailbox address or null, if role does not exist.

Definition at line 340 of file class.ilRbacReview.php.

References $ilDB, $lng, $log, $q, $query, $row, ilMail\_usePearMail(), DB_FETCHMODE_OBJECT, and ilDB\query().

{
global $log, $lng,$ilDB;
include_once "Services/Mail/classes/class.ilMail.php";
if (ilMail::_usePearMail())
{
// Retrieve the role title and the object title.
$query = "SELECT rdat.title role_title,odat.title object_title, ".
" oref.ref_id object_ref ".
"FROM object_data rdat ".
"JOIN rbac_fa fa ON fa.rol_id = rdat.obj_id ".
"JOIN tree rtree ON rtree.child = fa.parent ".
"JOIN object_reference oref ON oref.ref_id = rtree.parent ".
"JOIN object_data odat ON odat.obj_id = oref.obj_id ".
"WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id,'integer')." ".
"AND fa.assign = 'y' ";
$r = $ilDB->query($query);
if (!$row = $ilDB->fetchObject($r))
{
//$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
return null; // role does not exist
}
$object_title = $row->object_title;
$object_ref = $row->object_ref;
$role_title = $row->role_title;
// In a perfect world, we could use the object_title in the
// domain part of the mailbox address, and the role title
// with prefix '#' in the local part of the mailbox address.
$domain = $object_title;
$local_part = $role_title;
// Determine if the object title is unique
$q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
"FROM object_data dat ".
"JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
"JOIN tree ON tree.child = ref.ref_id ".
"WHERE title = ".$this->ilDB->quote($object_title,'text')." ".
"AND tree.tree = 1 ";
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
// If the object title is not unique, we get rid of the domain.
if ($row->count > 1)
{
$domain = null;
}
// If the domain contains illegal characters, we get rid of it.
if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
{
$domain = null;
}
// If the domain contains special characters, we put square
// brackets around it.
if ($domain != null &&
(preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
preg_match('/[^\x21-\x8f]/',$domain))
)
{
$domain = '['.$domain.']';
}
// If the role title is one of the ILIAS reserved role titles,
// we can use a shorthand version of it for the local part
// of the mailbox address.
if (strpos($role_title, 'il_') === 0 && $domain != null)
{
$unambiguous_role_title = $role_title;
$pos = strpos($role_title, '_', 3) + 1;
$local_part = substr(
$role_title,
$pos,
strrpos($role_title, '_') - $pos
);
}
else
{
$unambiguous_role_title = 'il_role_'.$a_role_id;
}
// Determine if the local part is unique. If we don't have a
// domain, the local part must be unique within the whole repositry.
// If we do have a domain, the local part must be unique for that
// domain.
if ($domain == null)
{
$q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
"FROM object_data dat ".
"JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
"JOIN tree ON tree.child = ref.ref_id ".
"WHERE title = ".$this->ilDB->quote($local_part,'text')." ".
"AND tree.tree = 1 ";
}
else
{
$q = "SELECT COUNT(rd.obj_id) count ".
"FROM object_data rd ".
"JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE fa.assign = 'y' ".
"AND t.parent = ".$this->ilDB->quote($object_ref,'integer')." ".
"AND rd.title LIKE ".$this->ilDB->quote(
'%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%','text')." ";
}
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
// if the local_part is not unique, we use the unambiguous role title
// instead for the local part of the mailbox address
if ($row->count > 1)
{
$local_part = $unambiguous_role_title;
}
// If the local part contains illegal characters, we use
// the unambiguous role title instead.
if (preg_match('/[\\"\x00-\x1f]/',$local_part))
{
$local_part = $unambiguous_role_title;
}
// Add a "#" prefix to the local part
$local_part = '#'.$local_part;
// Put quotes around the role title, if needed
if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
{
$local_part = '"'.$local_part.'"';
}
$mailbox = ($domain == null) ?
$local_part :
$local_part.'@'.$domain;
if ($is_localize)
{
if (substr($role_title,0,3) == 'il_')
{
$phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
}
else
{
$phrase = $role_title;
}
// make phrase RFC 822 conformant:
// - strip excessive whitespace
// - strip special characters
$phrase = preg_replace('/\s\s+/', ' ', $phrase);
$phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
$mailbox = $phrase.' <'.$mailbox.'>';
}
return $mailbox;
}
else
{
$q = "SELECT title ".
"FROM object_data ".
"WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
$r = $this->ilDB->query($q);
if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return '#'.$row->title;
}
else
{
return null;
}
}
}

+ Here is the call graph for this function:

ilRbacReview::getRoleOperationsOnObject (   $a_role_id,
  $a_ref_id 
)

Definition at line 1410 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT * FROM rbac_pa ".
"WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
"AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops = unserialize($row->ops_id);
}
return $ops ? $ops : array();
}
ilRbacReview::getRolesByFilter (   $a_filter = 0,
  $a_user_id = 0 
)

Definition at line 1539 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), assignedRoles(), getAssignableRoles(), and getGlobalRoles().

{
global $ilDB;
$assign = "y";
switch($a_filter)
{
// all (assignable) roles
case 1:
return $this->getAssignableRoles();
break;
// all (assignable) global roles
case 2:
$where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
break;
// all (assignable) local roles
case 3:
case 4:
case 5:
$where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
break;
// all role templates
case 6:
$where = "WHERE object_data.type = 'rolt'";
$assign = "n";
break;
// only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
case 0:
default:
if(!$a_user_id)
return array();
$where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
break;
}
$roles = array();
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON obj_id = rol_id ".
$where.
"AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$prefix = (substr($row["title"],0,3) == "il_") ? true : false;
// all (assignable) internal local roles only
if ($a_filter == 4 and !$prefix)
{
continue;
}
// all (assignable) non internal local roles only
if ($a_filter == 5 and $prefix)
{
continue;
}
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$roles[] = $row;
}
$roles = $this->__setRoleType($roles);
return $roles ? $roles : array();
}

+ Here is the call graph for this function:

ilRbacReview::getRolesForIDs (   $role_ids,
  $use_templates 
)

Definition at line 1928 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), and __setTemplateFilter().

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter($use_templates);
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
$where.
"AND rbac_fa.assign = 'y' " .
'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

ilRbacReview::getRolesOfRoleFolder (   $a_ref_id,
  $a_nonassignable = true 
)

get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids public

Parameters
integerref_id of object
booleanif false only get true local roles
Returns
array Array with rol_ids

Definition at line 1160 of file class.ilRbacReview.php.

References $ilBench, $ilDB, $ilLog, $query, $res, and $row.

Referenced by getGlobalRoles(), and getGlobalRolesArray().

{
global $ilBench,$ilDB,$ilLog;
$ilBench->start("RBAC", "review_getRolesOfRoleFolder");
if (!isset($a_ref_id))
{
$message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if ($a_nonassignable === false)
{
$and = " AND assign='y'";
}
$query = "SELECT rol_id FROM rbac_fa ".
"WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
$and;
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$rol_id[] = $row->rol_id;
}
$ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
return $rol_id ? $rol_id : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getTypeId (   $a_type)

Definition at line 1615 of file class.ilRbacReview.php.

References $ilDB, $q, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$q = "SELECT obj_id FROM object_data ".
"WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
$r = $ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
return $row->obj_id;
}
ilRbacReview::ilRbacReview ( )

Constructor public.

Definition at line 52 of file class.ilRbacReview.php.

References $ilDB, $ilErr, $ilLog, and PEAR_ERROR_CALLBACK.

{
global $ilDB,$ilErr,$ilias,$ilLog;
$this->log =& $ilLog;
// set db & error handler
(isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
if (!isset($ilErr))
{
$ilErr = new ilErrorHandling();
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
}
else
{
$this->ilErr =& $ilErr;
}
}
ilRbacReview::isAssignable (   $a_rol_id,
  $a_ref_id 
)

Check if its possible to assign users public.

Parameters
integerobject id of role
integerref_id of object in question
Returns
boolean

Definition at line 1087 of file class.ilRbacReview.php.

References $ilBench, $ilDB, $query, $res, and $row.

{
global $ilBench,$ilDB;
$ilBench->start("RBAC", "review_isAssignable");
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
$ilBench->stop("RBAC", "review_isAssignable");
return true;
}
if (!isset($a_rol_id) or !isset($a_ref_id))
{
$message = get_class($this)."::isAssignable(): Missing parameter!".
" role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$query = "SELECT * FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
$row = $ilDB->fetchObject($res);
$ilBench->stop("RBAC", "review_isAssignable");
return $row->assign == 'y' ? true : false;
}
ilRbacReview::isAssigned (   $a_usr_id,
  $a_role_id 
)

check if a specific user is assigned to specific role public

Parameters
integerusr_id
integerrole_id
Returns
boolean

Definition at line 998 of file class.ilRbacReview.php.

References $ilDB, $query, and $res.

{
// Quickly determine if user is assigned to a role
global $ilDB;
$ilDB->setLimit(1,0);
$query = "SELECT usr_id FROM rbac_ua WHERE ".
"rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
"AND usr_id= ".$ilDB->quote($a_usr_id);
$res = $ilDB->query($query);
return $res->numRows() == 1;
}
ilRbacReview::isAssignedToAtLeastOneGivenRole (   $a_usr_id,
  $a_role_ids 
) 

check if a specific user is assigned to at least one of the

given role ids.

This function is used to quickly check whether a user is member of a course or a group. 

@access     public
@param      integer         usr_id
@param      array[integer]          role_ids
@return     boolean

Definition at line 1023 of file class.ilRbacReview.php.

References $ilDB, $query, and $res.

{
global $ilDB;
$ilDB->setLimit(1,0);
$query = "SELECT usr_id FROM rbac_ua WHERE ".
$ilDB->in('rol_id',$a_role_ids,false,'integer').
" AND usr_id= ".$ilDB->quote($a_usr_id);
$res = $ilDB->query($query);
return $ilDB->numRows($res) == 1;
}
ilRbacReview::isDeleted (   $a_node_id)

checks if a rolefolder is set as deleted (negative tree_id) public

Parameters
integerref_id of rolefolder
Returns
boolean true if rolefolder is set as deleted

Definition at line 1506 of file class.ilRbacReview.php.

References $ilDB, $q, $row, DB_FETCHMODE_OBJECT, and ilDB\query().

Referenced by isRoleDeleted().

{
global $ilDB;
$q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
if (!$row)
{
$message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
get_class($this),
$a_node_id);
$this->log->write($message,$this->log->FATAL);
return true;
}
// rolefolder is deleted
if ($row->tree < 0)
{
return true;
}
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::isGlobalRole (   $a_role_id)

Definition at line 1534 of file class.ilRbacReview.php.

References getGlobalRoles().

{
return in_array($a_role_id,$this->getGlobalRoles());
}

+ Here is the call graph for this function:

ilRbacReview::isProtected (   $a_ref_id,
  $a_role_id 
)

Definition at line 1726 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilUtil\yn2tf().

{
global $ilDB;
$query = "SELECT protected FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
$row = $ilDB->fetchAssoc($res);
return ilUtil::yn2tf($row['protected']);
}

+ Here is the call graph for this function:

ilRbacReview::isRoleDeleted (   $a_role_id)

return if role is only attached to deleted role folders

Parameters
int$a_role_id
Returns
boolean

Definition at line 1910 of file class.ilRbacReview.php.

References getFoldersAssignedToRole(), and isDeleted().

{
$rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
$deleted = true;
if (count($rolf_list))
{
foreach ($rolf_list as $rolf) {
// only list roles that are not set to status "deleted"
if (!$this->isDeleted($rolf))
{
$deleted = false;
break;
}
}
}
return $deleted;
}

+ Here is the call graph for this function:

ilRbacReview::roleExists (   $a_title,
  $a_id = 0 
)

Checks if a role already exists.

Role title should be unique public

Parameters
stringrole title
integerobj_id of role to exclude in the check. Commonly this is the current role you want to edit
Returns
boolean true if exists

Definition at line 531 of file class.ilRbacReview.php.

References $ilDB, $q, $row, DB_FETCHMODE_OBJECT, and ilDB\query().

{
global $ilDB;
if (empty($a_title))
{
$message = get_class($this)."::roleExists(): No title given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
$q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
"WHERE title =".$ilDB->quote($a_title)." ".
"AND type IN('role','rolt')".
$clause." ";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return $row->obj_id;
}
return false;
}

+ Here is the call graph for this function:

ilRbacReview::searchRolesByMailboxAddressList (   $a_address_list)

Finds all role ids that match the specified user friendly role mailbox address list.

The role mailbox name address list is an e-mail address list according to IETF RFC 822:

address list = role mailbox, {"," role mailbox } ; role mailbox = "#", local part, ["@" domain] ;

Examples: The following role mailbox names are all resolved to the role il_crs_member_123:

#Course.A #member.A #il_crs_member_123.A #il_crs_member_123 #il_crs_member_123

Examples: The following role mailbox names are all resolved to the role il_crs_member_345:

#member@[English Course] #il_crs_member_345@[English Course] #il_crs_member_345 #il_crs_member_345

If only the local part is specified, or if domain is equal to "ilias", ILIAS compares the title of role objects with local part. Only roles that are not in a trash folder are considered for the comparison.

If a domain is specified, and if the domain is not equal to "ilias", ILIAS compares the title of objects with the domain. Only objects that are not in a trash folder are considered for the comparison. Then ILIAS searches for local roles which contain the local part in their title. This allows for abbreviated role names, e.g. instead of having to specify #il_grp_member_345, it is sufficient to specify #member.

The address list may contain addresses thate are not role mailboxes. These addresses are ignored.

If a role mailbox address is ambiguous, this function returns the ID's of all role objects that are possible recipients for the role mailbox address.

If Pear Mail is not installed, then the mailbox address

public

Parameters
stringIETF RFX 822 address list containing role mailboxes.
Returns
int[] Array with role ids that were found

Definition at line 118 of file class.ilRbacReview.php.

References $address, $ilDB, $q, $query, $row, $title, ilMail\_usePearMail(), DB_FETCHMODE_OBJECT, ilDB\query(), and ilDB\quote().

{
global $ilDB;
$role_ids = array();
include_once "Services/Mail/classes/class.ilMail.php";
if (ilMail::_usePearMail())
{
require_once 'Mail/RFC822.php';
$parser = &new Mail_RFC822();
$parsedList = $parser->parseAddressList($a_address_list, "ilias", false, true);
//echo '<br>ilRBACReview '.var_export($parsedList,false);
foreach ($parsedList as $address)
{
$local_part = $address->mailbox;
if (strpos($local_part,'#') !== 0 &&
!($local_part{0} == '"' && $local_part{1} == "#"))
{
// A local-part which doesn't start with a '#' doesn't denote a role.
// Therefore we can skip it.
continue;
}
$local_part = substr($local_part, 1);
/* If role contains spaces, eg. 'foo role', double quotes are added which have to be
removed here.*/
if( $local_part{0} == '#' && $local_part{strlen($local_part) - 1} == '"' )
{
$local_part = substr($local_part, 1);
$local_part = substr($local_part, 0, strlen($local_part) - 1);
}
if (substr($local_part,0,8) == 'il_role_')
{
$role_id = substr($local_part,8);
$query = "SELECT t.tree ".
"FROM rbac_fa fa ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE fa.rol_id = ".$this->ilDB->quote($role_id,'integer')." ".
"AND fa.assign = 'y' ".
"AND t.tree = 1";
$r = $ilDB->query($query);
if ($r->numRows() > 0)
{
$role_ids[] = $role_id;
}
continue;
}
$domain = $address->host;
if (strpos($domain,'[') == 0 && strrpos($domain,']'))
{
$domain = substr($domain,1,strlen($domain) - 2);
}
if (strlen($local_part) == 0)
{
$local_part = $domain;
$address->host = 'ilias';
$domain = 'ilias';
}
if (strtolower($address->host) == 'ilias')
{
// Search for roles = local-part in the whole repository
$query = "SELECT dat.obj_id ".
"FROM object_data dat ".
"JOIN rbac_fa fa ON fa.rol_id = dat.obj_id ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE dat.title =".$this->ilDB->quote($local_part,'text')." ".
"AND dat.type = 'role' ".
"AND fa.assign = 'y' ".
"AND t.tree = 1";
}
else
{
// Search for roles like local-part in objects = host
$query = "SELECT rdat.obj_id ".
"FROM object_data odat ".
"JOIN object_reference oref ON oref.obj_id = odat.obj_id ".
"JOIN tree otree ON otree.child = oref.ref_id ".
"JOIN tree rtree ON rtree.parent = otree.child ".
"JOIN rbac_fa rfa ON rfa.parent = rtree.child ".
"JOIN object_data rdat ON rdat.obj_id = rfa.rol_id ".
"WHERE odat.title = ".$this->ilDB->quote($domain,'text')." ".
"AND otree.tree = 1 AND rtree.tree = 1 ".
"AND rfa.assign = 'y' ".
"AND rdat.title LIKE ".
$this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%','text');
}
$r = $ilDB->query($query);
$count = 0;
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
$count++;
}
// Nothing found?
// In this case, we search for roles = host.
if ($count == 0 && strtolower($address->host) == 'ilias')
{
$q = "SELECT dat.obj_id ".
"FROM object_data dat ".
"JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
"JOIN tree t ON t.child = ref.ref_id ".
"WHERE dat.title = ".$this->ilDB->quote($domain ,'text')." ".
"AND dat.type = 'role' ".
"AND t.tree = 1 ";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
}
}
//echo '<br>ids='.var_export($role_ids,true);
}
}
else
{
// the following code is executed, when Pear Mail is
// not installed
$titles = explode(',', $a_address_list);
$titleList = '';
foreach ($titles as $title)
{
if (strlen($inList) > 0)
{
$titleList .= ',';
}
$title = trim($title);
if (strpos($title,'#') == 0)
{
$titleList .= $this->ilDB->quote(substr($title, 1));
}
}
if (strlen($titleList) > 0)
{
$q = "SELECT obj_id ".
"FROM object_data ".
"WHERE title IN (".$titleList.") ".
"AND type='role'";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
}
}
}
return $role_ids;
}

+ Here is the call graph for this function:

Field Documentation

ilRbacReview::$_opsCache = null
staticprivate

Definition at line 46 of file class.ilRbacReview.php.

ilRbacReview::$assigned_roles = array()
protected

Definition at line 42 of file class.ilRbacReview.php.

ilRbacReview::$log = null

Definition at line 43 of file class.ilRbacReview.php.

Referenced by __getParentRoles(), __setProtectedStatus(), getParentRoleIds(), getParentRoles(), and getRoleMailboxAddress().

The documentation for this class was generated from the following file: