ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
40 class ilRbacReview
41 {
42  protected $assigned_roles = array();
43  var $log = null;
44 
45  // Cache operation ids
46  private static $_opsCache = null;
47 
52  function ilRbacReview()
53  {
54  global $ilDB,$ilErr,$ilias,$ilLog;
55 
56  $this->log =& $ilLog;
57 
58  // set db & error handler
59  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
60 
61  if (!isset($ilErr))
62  {
63  $ilErr = new ilErrorHandling();
64  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
65  }
66  else
67  {
68  $this->ilErr =& $ilErr;
69  }
70  }
71 
118  function searchRolesByMailboxAddressList($a_address_list)
119  {
120  global $ilDB;
121 
122  $role_ids = array();
123 
124  include_once "Services/Mail/classes/class.ilMail.php";
125  if (ilMail::_usePearMail())
126  {
127  require_once 'Mail/RFC822.php';
128  $parser = &new Mail_RFC822();
129  $parsedList = $parser->parseAddressList($a_address_list, "ilias", false, true);
130  //echo '<br>ilRBACReview '.var_export($parsedList,false);
131  foreach ($parsedList as $address)
132  {
133  $local_part = $address->mailbox;
134  if (strpos($local_part,'#') !== 0 &&
135  !($local_part{0} == '"' && $local_part{1} == "#"))
136  {
137  // A local-part which doesn't start with a '#' doesn't denote a role.
138  // Therefore we can skip it.
139  continue;
140  }
141 
142  $local_part = substr($local_part, 1);
143 
144  /* If role contains spaces, eg. 'foo role', double quotes are added which have to be
145  removed here.*/
146  if( $local_part{0} == '#' && $local_part{strlen($local_part) - 1} == '"' )
147  {
148  $local_part = substr($local_part, 1);
149  $local_part = substr($local_part, 0, strlen($local_part) - 1);
150  }
151 
152  if (substr($local_part,0,8) == 'il_role_')
153  {
154  $role_id = substr($local_part,8);
155  $query = "SELECT t.tree ".
156  "FROM rbac_fa fa ".
157  "JOIN tree t ON t.child = fa.parent ".
158  "WHERE fa.rol_id = ".$this->ilDB->quote($role_id,'integer')." ".
159  "AND fa.assign = 'y' ".
160  "AND t.tree = 1";
161  $r = $ilDB->query($query);
162  if ($r->numRows() > 0)
163  {
164  $role_ids[] = $role_id;
165  }
166  continue;
167  }
168 
169 
170  $domain = $address->host;
171  if (strpos($domain,'[') == 0 && strrpos($domain,']'))
172  {
173  $domain = substr($domain,1,strlen($domain) - 2);
174  }
175  if (strlen($local_part) == 0)
176  {
177  $local_part = $domain;
178  $address->host = 'ilias';
179  $domain = 'ilias';
180  }
181 
182  if (strtolower($address->host) == 'ilias')
183  {
184  // Search for roles = local-part in the whole repository
185  $query = "SELECT dat.obj_id ".
186  "FROM object_data dat ".
187  "JOIN rbac_fa fa ON fa.rol_id = dat.obj_id ".
188  "JOIN tree t ON t.child = fa.parent ".
189  "WHERE dat.title =".$this->ilDB->quote($local_part,'text')." ".
190  "AND dat.type = 'role' ".
191  "AND fa.assign = 'y' ".
192  "AND t.tree = 1";
193  }
194  else
195  {
196  // Search for roles like local-part in objects = host
197  $query = "SELECT rdat.obj_id ".
198  "FROM object_data odat ".
199  "JOIN object_reference oref ON oref.obj_id = odat.obj_id ".
200  "JOIN tree otree ON otree.child = oref.ref_id ".
201  "JOIN tree rtree ON rtree.parent = otree.child ".
202  "JOIN rbac_fa rfa ON rfa.parent = rtree.child ".
203  "JOIN object_data rdat ON rdat.obj_id = rfa.rol_id ".
204  "WHERE odat.title = ".$this->ilDB->quote($domain,'text')." ".
205  "AND otree.tree = 1 AND rtree.tree = 1 ".
206  "AND rfa.assign = 'y' ".
207  "AND rdat.title LIKE ".
208  $this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%','text');
209  }
210  $r = $ilDB->query($query);
211 
212  $count = 0;
213  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
214  {
215  $role_ids[] = $row->obj_id;
216  $count++;
217  }
218 
219  // Nothing found?
220  // In this case, we search for roles = host.
221  if ($count == 0 && strtolower($address->host) == 'ilias')
222  {
223  $q = "SELECT dat.obj_id ".
224  "FROM object_data dat ".
225  "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
226  "JOIN tree t ON t.child = ref.ref_id ".
227  "WHERE dat.title = ".$this->ilDB->quote($domain ,'text')." ".
228  "AND dat.type = 'role' ".
229  "AND t.tree = 1 ";
230  $r = $this->ilDB->query($q);
231 
232  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
233  {
234  $role_ids[] = $row->obj_id;
235  }
236  }
237  //echo '<br>ids='.var_export($role_ids,true);
238  }
239  }
240  else
241  {
242  // the following code is executed, when Pear Mail is
243  // not installed
244 
245  $titles = explode(',', $a_address_list);
246 
247  $titleList = '';
248  foreach ($titles as $title)
249  {
250  if (strlen($inList) > 0)
251  {
252  $titleList .= ',';
253  }
254  $title = trim($title);
255  if (strpos($title,'#') == 0)
256  {
257  $titleList .= $this->ilDB->quote(substr($title, 1));
258  }
259  }
260  if (strlen($titleList) > 0)
261  {
262  $q = "SELECT obj_id ".
263  "FROM object_data ".
264  "WHERE title IN (".$titleList.") ".
265  "AND type='role'";
266  $r = $this->ilDB->query($q);
267  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
268  {
269  $role_ids[] = $row->obj_id;
270  }
271  }
272  }
273 
274  return $role_ids;
275  }
276 
340  function getRoleMailboxAddress($a_role_id, $is_localize = true)
341  {
342  global $log, $lng,$ilDB;
343 
344  include_once "Services/Mail/classes/class.ilMail.php";
345  if (ilMail::_usePearMail())
346  {
347  // Retrieve the role title and the object title.
348  $query = "SELECT rdat.title role_title,odat.title object_title, ".
349  " oref.ref_id object_ref ".
350  "FROM object_data rdat ".
351  "JOIN rbac_fa fa ON fa.rol_id = rdat.obj_id ".
352  "JOIN tree rtree ON rtree.child = fa.parent ".
353  "JOIN object_reference oref ON oref.ref_id = rtree.parent ".
354  "JOIN object_data odat ON odat.obj_id = oref.obj_id ".
355  "WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id,'integer')." ".
356  "AND fa.assign = 'y' ";
357  $r = $ilDB->query($query);
358  if (!$row = $ilDB->fetchObject($r))
359  {
360  //$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
361  return null; // role does not exist
362  }
363  $object_title = $row->object_title;
364  $object_ref = $row->object_ref;
365  $role_title = $row->role_title;
366 
367 
368  // In a perfect world, we could use the object_title in the
369  // domain part of the mailbox address, and the role title
370  // with prefix '#' in the local part of the mailbox address.
371  $domain = $object_title;
372  $local_part = $role_title;
373 
374 
375  // Determine if the object title is unique
376  $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
377  "FROM object_data dat ".
378  "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
379  "JOIN tree ON tree.child = ref.ref_id ".
380  "WHERE title = ".$this->ilDB->quote($object_title,'text')." ".
381  "AND tree.tree = 1 ";
382  $r = $this->ilDB->query($q);
383  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
384 
385  // If the object title is not unique, we get rid of the domain.
386  if ($row->count > 1)
387  {
388  $domain = null;
389  }
390 
391  // If the domain contains illegal characters, we get rid of it.
392  if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
393  {
394  $domain = null;
395  }
396 
397  // If the domain contains special characters, we put square
398  // brackets around it.
399  if ($domain != null &&
400  (preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
401  preg_match('/[^\x21-\x8f]/',$domain))
402  )
403  {
404  $domain = '['.$domain.']';
405  }
406 
407  // If the role title is one of the ILIAS reserved role titles,
408  // we can use a shorthand version of it for the local part
409  // of the mailbox address.
410  if (strpos($role_title, 'il_') === 0 && $domain != null)
411  {
412  $unambiguous_role_title = $role_title;
413 
414  $pos = strpos($role_title, '_', 3) + 1;
415  $local_part = substr(
416  $role_title,
417  $pos,
418  strrpos($role_title, '_') - $pos
419  );
420  }
421  else
422  {
423  $unambiguous_role_title = 'il_role_'.$a_role_id;
424  }
425 
426  // Determine if the local part is unique. If we don't have a
427  // domain, the local part must be unique within the whole repositry.
428  // If we do have a domain, the local part must be unique for that
429  // domain.
430  if ($domain == null)
431  {
432  $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
433  "FROM object_data dat ".
434  "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
435  "JOIN tree ON tree.child = ref.ref_id ".
436  "WHERE title = ".$this->ilDB->quote($local_part,'text')." ".
437  "AND tree.tree = 1 ";
438  }
439  else
440  {
441  $q = "SELECT COUNT(rd.obj_id) count ".
442  "FROM object_data rd ".
443  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
444  "JOIN tree t ON t.child = fa.parent ".
445  "WHERE fa.assign = 'y' ".
446  "AND t.parent = ".$this->ilDB->quote($object_ref,'integer')." ".
447  "AND rd.title LIKE ".$this->ilDB->quote(
448  '%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%','text')." ";
449  }
450 
451  $r = $this->ilDB->query($q);
452  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
453 
454  // if the local_part is not unique, we use the unambiguous role title
455  // instead for the local part of the mailbox address
456  if ($row->count > 1)
457  {
458  $local_part = $unambiguous_role_title;
459  }
460 
461 
462  // If the local part contains illegal characters, we use
463  // the unambiguous role title instead.
464  if (preg_match('/[\\"\x00-\x1f]/',$local_part))
465  {
466  $local_part = $unambiguous_role_title;
467  }
468 
469 
470  // Add a "#" prefix to the local part
471  $local_part = '#'.$local_part;
472 
473  // Put quotes around the role title, if needed
474  if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
475  {
476  $local_part = '"'.$local_part.'"';
477  }
478 
479  $mailbox = ($domain == null) ?
480  $local_part :
481  $local_part.'@'.$domain;
482 
483  if ($is_localize)
484  {
485  if (substr($role_title,0,3) == 'il_')
486  {
487  $phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
488  }
489  else
490  {
491  $phrase = $role_title;
492  }
493 
494  // make phrase RFC 822 conformant:
495  // - strip excessive whitespace
496  // - strip special characters
497  $phrase = preg_replace('/\s\s+/', ' ', $phrase);
498  $phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
499 
500  $mailbox = $phrase.' <'.$mailbox.'>';
501  }
502 
503  return $mailbox;
504  }
505  else
506  {
507  $q = "SELECT title ".
508  "FROM object_data ".
509  "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
510  $r = $this->ilDB->query($q);
511 
512  if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
513  {
514  return '#'.$row->title;
515  }
516  else
517  {
518  return null;
519  }
520  }
521  }
522 
523 
531  function roleExists($a_title,$a_id = 0)
532  {
533  global $ilDB;
534 
535  if (empty($a_title))
536  {
537  $message = get_class($this)."::roleExists(): No title given!";
538  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
539  }
540 
541  $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
542 
543  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
544  "WHERE title =".$ilDB->quote($a_title)." ".
545  "AND type IN('role','rolt')".
546  $clause." ";
547  $r = $this->ilDB->query($q);
548 
549  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
550  {
551  return $row->obj_id;
552  }
553  return false;
554  }
555 
563  protected function getParentRoles($a_path,$a_templates,$a_keep_protected)
564  {
565  global $log,$ilDB,$tree;
566 
567  $parent_roles = array();
568  $role_hierarchy = array();
569 
570  $node = $tree->getNodeData($a_path);
571  $lft = $node['lft'];
572  $rgt = $node['rgt'];
573 
574 
575  // Role folder id
576  $relevant_rolfs[] = ROLE_FOLDER_ID;
577 
578  // Role folder of current object
579  if($rolf = $this->getRoleFolderIdOfObject($a_path))
580  {
581  $relevant_rolfs[] = $rolf;
582  }
583 
584  // role folder of objects in path
585  $query = "SELECT * FROM tree ".
586  "JOIN object_reference obr ON child = ref_id ".
587  "JOIN object_data obd ON obr.obj_id = obd.obj_id ".
588  "WHERE type = 'rolf' ".
589  "AND lft < ".$ilDB->quote($lft,'integer')." ".
590  "AND rgt > ".$ilDB->quote($rgt,'integer');
591 
592 
593  $res = $ilDB->query($query);
594  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
595  {
596  $relevant_rolfs[] = $row->child;
597  }
598  foreach($relevant_rolfs as $rolf)
599  {
600  $roles = $this->getRoleListByObject($rolf,$a_templates);
601 
602  foreach ($roles as $role)
603  {
604  $id = $role["obj_id"];
605  $role["parent"] = $rolf;
606  $parent_roles[$id] = $role;
607 
608  if (!array_key_exists($role['obj_id'],$role_hierarchy))
609  {
610  $role_hierarchy[$id] = $rolf;
611  }
612  }
613  }
614 
615  if (!$a_keep_protected)
616  {
617  return $this->__setProtectedStatus($parent_roles,$role_hierarchy,$a_path);
618  }
619  return $parent_roles;
620  }
621 
622 
635  function __getParentRoles($a_path,$a_templates,$a_keep_protected)
636  {
637  global $log,$ilDB;
638 
639  if (!isset($a_path) or !is_array($a_path))
640  {
641  $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
642  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
643  }
644 
645  $parent_roles = array();
646  $role_hierarchy = array();
647 
648  // Select all role folders on a path using a single SQL-statement.
649  // CREATE IN() STATEMENT
650  $in = $ilDB->in('t.parent',$a_path,false,'integer');
651 
652  $q = "SELECT t.child,t.depth FROM tree t ".
653  "JOIN object_reference r ON r.ref_id = t.child ".
654  "JOIN object_data o ON o.obj_id = r.obj_id ".
655  "WHERE ".$in." ".
656  "AND o.type= ".$ilDB->quote('rolf','text')." ".
657  "ORDER BY t.depth ASC";
658 
659  $r = $this->ilDB->query($q);
660 
661  // Sort by path (Administration -> Rolefolder is first element)
662  $role_rows = array();
663  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
664  {
665 
666  $depth = ($row->child == ROLE_FOLDER_ID ? 0 : $row->depth);
667  $role_rows[$depth]['child'] = $row->child;
668  }
669  ksort($role_rows,SORT_NUMERIC);
670  foreach($role_rows as $row)
671  {
672  $roles = $this->getRoleListByObject($row['child'],$a_templates);
673  foreach ($roles as $role)
674  {
675  $id = $role["obj_id"];
676  $role["parent"] = $row['child'];
677  $parent_roles[$id] = $role;
678 
679  if (!array_key_exists($role['obj_id'],$role_hierarchy))
680  {
681  $role_hierarchy[$id] = $row['child'];
682  }
683  }
684  }
685  if (!$a_keep_protected)
686  {
687  return $this->__setProtectedStatus($parent_roles,$role_hierarchy,end($a_path));
688  }
689  return $parent_roles;
690  }
691 
700  function getParentRoleIds($a_endnode_id,$a_templates = false,$a_keep_protected = false)
701  {
702  global $tree,$log,$ilDB;
703 
704  if (!isset($a_endnode_id))
705  {
706  $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
707  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
708  }
709 
710  //var_dump($a_endnode_id);exit;
711  //$log->write("ilRBACreview::getParentRoleIds(), 0");
712  $pathIds = $tree->getPathId($a_endnode_id);
713 
714  // add system folder since it may not in the path
715  $pathIds[0] = SYSTEM_FOLDER_ID;
716  //$log->write("ilRBACreview::getParentRoleIds(), 1");
717  #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
718  return $this->__getParentRoles($pathIds,$a_templates,$a_keep_protected);
719  }
720 
728  function getRoleListByObject($a_ref_id,$a_templates = false)
729  {
730  global $ilDB;
731 
732  if (!isset($a_ref_id) or !isset($a_templates))
733  {
734  $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
735  "ref_id: ".$a_ref_id.
736  "tpl_flag: ".$a_templates;
737  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
738  }
739 
740  $role_list = array();
741 
742  $where = $this->__setTemplateFilter($a_templates);
743 
744  $query = "SELECT * FROM object_data ".
745  "JOIN rbac_fa ON obj_id = rol_id ".
746  $where.
747  "AND object_data.obj_id = rbac_fa.rol_id ".
748  "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
749 
750  $res = $ilDB->query($query);
751  while ($row = $ilDB->fetchAssoc($res))
752  {
753  $row["desc"] = $row["description"];
754  $row["user_id"] = $row["owner"];
755  $role_list[] = $row;
756  }
757 
758  $role_list = $this->__setRoleType($role_list);
759 
760  return $role_list;
761  }
762 
769  function getAssignableRoles($a_templates = false,$a_internal_roles = false)
770  {
771  global $ilDB;
772 
773  $role_list = array();
774 
775  $where = $this->__setTemplateFilter($a_templates);
776 
777  $query = "SELECT * FROM object_data ".
778  "JOIN rbac_fa ON obj_id = rol_id ".
779  $where.
780  "AND rbac_fa.assign = 'y' ";
781  $res = $ilDB->query($query);
782 
783  while ($row = $ilDB->fetchAssoc($res))
784  {
785  $row["desc"] = $row["description"];
786  $row["user_id"] = $row["owner"];
787  $role_list[] = $row;
788  }
789 
790  $role_list = $this->__setRoleType($role_list);
791 
792  return $role_list;
793  }
794 
801  function getAssignableRolesInSubtree($ref_id)
802  {
803  global $ilDB;
804 
805  $role_list = array();
806  $where = $this->__setTemplateFilter(false);
807 
808  $query = "SELECT fa.*, dat.* ".
809  "FROM tree root ".
810  "JOIN tree node ON node.tree = root.tree ".
811  "AND node.lft > root.lft AND node.rgt < root.rgt ".
812  "JOIN object_reference ref ON ref.ref_id = node.child ".
813  "JOIN rbac_fa fa ON fa.parent = ref.ref_id ".
814  "JOIN object_data dat ON dat.obj_id = fa.rol_id ".
815  "WHERE root.child = ".$this->ilDB->quote($ref_id,'integer')." ".
816  "AND root.tree = 1 ".
817  "AND fa.assign = 'y' ".
818  "ORDER BY dat.title";
819  $res = $ilDB->query($query);
820 
821  while($row = $ilDB->fetchAssoc($res))
822  {
823  $role_list[] = $row;
824  }
825 
826  $role_list = $this->__setRoleType($role_list);
827  return $role_list;
828  }
829 
836  function getAssignableChildRoles($a_ref_id)
837  {
838  global $ilDB;
839  global $tree;
840 
841  $query = "SELECT fa.*, rd.* ".
842  "FROM object_data rd ".
843  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
844  "JOIN tree t ON t.child = fa.parent ".
845  "WHERE fa.assign = 'y' ".
846  "AND t.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
847  ;
848  $res = $ilDB->query($query);
849  while($row = $ilDB->fetchAssoc($res))
850  {
851  $roles_data[] = $row;
852  }
853  return $roles_data ? $roles_data : array();
854  }
855 
862  function __setTemplateFilter($a_templates)
863  {
864  global $ilDB;
865 
866  if ($a_templates === true)
867  {
868  $where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
869  }
870  else
871  {
872  $where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
873  }
874 
875  return $where;
876  }
877 
889  function __setRoleType($a_role_list)
890  {
891  foreach ($a_role_list as $key => $val)
892  {
893  // determine role type
894  if ($val["type"] == "rolt")
895  {
896  $a_role_list[$key]["role_type"] = "template";
897  }
898  else
899  {
900  if ($val["assign"] == "y")
901  {
902  if ($val["parent"] == ROLE_FOLDER_ID)
903  {
904  $a_role_list[$key]["role_type"] = "global";
905  }
906  else
907  {
908  $a_role_list[$key]["role_type"] = "local";
909  }
910  }
911  else
912  {
913  $a_role_list[$key]["role_type"] = "linked";
914  }
915  }
916 
917  if ($val["protected"] == "y")
918  {
919  $a_role_list[$key]["protected"] = true;
920  }
921  else
922  {
923  $a_role_list[$key]["protected"] = false;
924  }
925  }
926 
927  return $a_role_list;
928  }
929 
937  function assignedUsers($a_rol_id, $a_fields = NULL)
938  {
939  global $ilBench,$ilDB;
940 
941  $ilBench->start("RBAC", "review_assignedUsers");
942 
943  if (!isset($a_rol_id))
944  {
945  $message = get_class($this)."::assignedUsers(): No role_id given!";
946  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
947  }
948 
949  $result_arr = array();
950 
951  if ($a_fields !== NULL and is_array($a_fields))
952  {
953  if (count($a_fields) == 0)
954  {
955  $select = "*";
956  }
957  else
958  {
959  if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
960  unset($a_fields[$usr_id_field]);
961 
962  $select = implode(",",$a_fields).",usr_data.usr_id";
963  $select = addslashes($select);
964  }
965 
966  $query = "SELECT ".$select." FROM usr_data ".
967  "LEFT JOIN rbac_ua ON usr_data.usr_id = rbac_ua.usr_id ".
968  "WHERE rbac_ua.rol_id =".$ilDB->quote($a_rol_id,'integer');
969  $res = $ilDB->query($query);
970  while($row = $ilDB->fetchAssoc($res))
971  {
972  $result_arr[] = $row;
973  }
974  }
975  else
976  {
977  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
978 
979  $res = $ilDB->query($query);
980  while($row = $ilDB->fetchAssoc($res))
981  {
982  array_push($result_arr,$row["usr_id"]);
983  }
984  }
985 
986  $ilBench->stop("RBAC", "review_assignedUsers");
987 
988  return $result_arr;
989  }
990 
998  function isAssigned($a_usr_id,$a_role_id)
999  {
1000  // Quickly determine if user is assigned to a role
1001  global $ilDB;
1002 
1003  $ilDB->setLimit(1,0);
1004  $query = "SELECT usr_id FROM rbac_ua WHERE ".
1005  "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
1006  "AND usr_id= ".$ilDB->quote($a_usr_id);
1007  $res = $ilDB->query($query);
1008 
1009  return $res->numRows() == 1;
1010  }
1011 
1023  function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
1024  {
1025  global $ilDB;
1026 
1027  $ilDB->setLimit(1,0);
1028  $query = "SELECT usr_id FROM rbac_ua WHERE ".
1029  $ilDB->in('rol_id',$a_role_ids,false,'integer').
1030  " AND usr_id= ".$ilDB->quote($a_usr_id);
1031  $res = $ilDB->query($query);
1032 
1033  return $ilDB->numRows($res) == 1;
1034  }
1035 
1042  function assignedRoles($a_usr_id)
1043  {
1044  global $ilDB;
1045 
1046  $role_arr = array();
1047 
1048  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
1049 
1050  $res = $ilDB->query($query);
1051  while($row = $ilDB->fetchObject($res))
1052  {
1053  $role_arr[] = $row->rol_id;
1054  }
1055  return $role_arr ? $role_arr : array();
1056  }
1057 
1062  public function assignedGlobalRoles($a_usr_id)
1063  {
1064  global $ilDB;
1065 
1066  $query = "SELECT ua.rol_id FROM rbac_ua ua ".
1067  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
1068  "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
1069  "AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
1070  "AND assign = 'y' ";
1071 
1072  $res = $ilDB->query($query);
1073  while($row = $ilDB->fetchObject($res))
1074  {
1075  $role_arr[] = $row->rol_id;
1076  }
1077  return $role_arr ? $role_arr : array();
1078  }
1079 
1087  function isAssignable($a_rol_id, $a_ref_id)
1088  {
1089  global $ilBench,$ilDB;
1090 
1091  $ilBench->start("RBAC", "review_isAssignable");
1092 
1093  // exclude system role from rbac
1094  if ($a_rol_id == SYSTEM_ROLE_ID)
1095  {
1096  $ilBench->stop("RBAC", "review_isAssignable");
1097  return true;
1098  }
1099 
1100  if (!isset($a_rol_id) or !isset($a_ref_id))
1101  {
1102  $message = get_class($this)."::isAssignable(): Missing parameter!".
1103  " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
1104  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1105  }
1106  $query = "SELECT * FROM rbac_fa ".
1107  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1108  "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
1109  $res = $ilDB->query($query);
1110  $row = $ilDB->fetchObject($res);
1111 
1112  $ilBench->stop("RBAC", "review_isAssignable");
1113  return $row->assign == 'y' ? true : false;
1114  }
1115 
1126  function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
1127  {
1128  global $ilDB;
1129 
1130  if (!isset($a_rol_id))
1131  {
1132  $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
1133  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1134  }
1135 
1136  if ($a_assignable)
1137  {
1138  $where = " AND assign ='y'";
1139  }
1140 
1141  $query = "SELECT DISTINCT parent FROM rbac_fa ".
1142  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
1143 
1144  $res = $ilDB->query($query);
1145  while($row = $ilDB->fetchObject($res))
1146  {
1147  $folders[] = $row->parent;
1148  }
1149  return $folders ? $folders : array();
1150  }
1151 
1160  function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
1161  {
1162  global $ilBench,$ilDB,$ilLog;
1163 
1164  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
1165 
1166  if (!isset($a_ref_id))
1167  {
1168  $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
1169  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1170 
1171  }
1172 
1173  if ($a_nonassignable === false)
1174  {
1175  $and = " AND assign='y'";
1176  }
1177 
1178  $query = "SELECT rol_id FROM rbac_fa ".
1179  "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1180  $and;
1181 
1182  $res = $ilDB->query($query);
1183  while($row = $ilDB->fetchObject($res))
1184  {
1185  $rol_id[] = $row->rol_id;
1186  }
1187 
1188  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
1189 
1190  return $rol_id ? $rol_id : array();
1191  }
1192 
1198  function getGlobalRoles()
1199  {
1200  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
1201  }
1202 
1208  function getGlobalRolesArray()
1209  {
1210  foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
1211  {
1212  $ga[] = array('obj_id' => $role_id,
1213  'role_type' => 'global');
1214  }
1215  return $ga ? $ga : array();
1216  }
1217 
1223  function getGlobalAssignableRoles()
1224  {
1225  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1226 
1227  foreach($this->getGlobalRoles() as $role_id)
1228  {
1229  if(ilObjRole::_getAssignUsersStatus($role_id))
1230  {
1231  $ga[] = array('obj_id' => $role_id,
1232  'role_type' => 'global');
1233  }
1234  }
1235  return $ga ? $ga : array();
1236  }
1237 
1243  function __getAllRoleFolderIds()
1244  {
1245  global $ilDB;
1246 
1247  $query = "SELECT DISTINCT parent FROM rbac_fa";
1248  $res = $ilDB->query($query);
1249 
1250  $parent = array();
1251  while($row = $ilDB->fetchObject($res))
1252  {
1253  $parent[] = $row->parent;
1254  }
1255  return $parent;
1256  }
1257 
1264  function getRoleFolderOfObject($a_ref_id)
1265  {
1266  global $tree,$ilBench;
1267 
1268  $ilBench->start("RBAC", "review_getRoleFolderOfObject");
1269 
1270  if (!isset($a_ref_id))
1271  {
1272  $GLOBALS['ilLog']->logStack();
1273  $message = get_class($this)."::getRoleFolderOfObject(): No ref_id given!";
1274  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1275  }
1276  $childs = $tree->getChildsByType($a_ref_id,"rolf");
1277 
1278  $ilBench->stop("RBAC", "review_getRoleFolderOfObject");
1279 
1280  return $childs[0] ? $childs[0] : array();
1281  }
1282 
1283  function getRoleFolderIdOfObject($a_ref_id)
1284  {
1285  $rolf = $this->getRoleFolderOfObject($a_ref_id);
1286 
1287  if (!$rolf)
1288  {
1289  return false;
1290  }
1291 
1292  return $rolf['ref_id'];
1293  }
1294 
1300  function getOperations()
1301  {
1302  global $ilDB;
1303 
1304  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
1305  $res = $this->ilDB->query($query);
1306  while($row = $ilDB->fetchObject($res))
1307  {
1308  $ops[] = array('ops_id' => $row->ops_id,
1309  'operation' => $row->operation,
1310  'description' => $row->description);
1311  }
1312 
1313  return $ops ? $ops : array();
1314  }
1315 
1321  function getOperation($ops_id)
1322  {
1323  global $ilDB;
1324 
1325  $query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
1326  $res = $this->ilDB->query($query);
1327  while($row = $ilDB->fetchObject($res))
1328  {
1329  $ops = array('ops_id' => $row->ops_id,
1330  'operation' => $row->operation,
1331  'description' => $row->description);
1332  }
1333 
1334  return $ops ? $ops : array();
1335  }
1336 
1345  public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
1346  {
1347  global $ilDB;
1348 
1349  if(!$a_parent)
1350  {
1351  $a_parent = ROLE_FOLDER_ID;
1352  }
1353 
1354  $query = "SELECT ops_id,type FROM rbac_templates ".
1355  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1356  "AND parent = ".$ilDB->quote($a_parent,'integer');
1357  $res = $ilDB->query($query);
1358  while ($row = $ilDB->fetchObject($res))
1359  {
1360  $ops_arr[$row->type][] = $row->ops_id;
1361  }
1362  return (array) $ops_arr;
1363  }
1364 
1365 
1375  function getOperationsOfRole($a_rol_id,$a_type,$a_parent = 0)
1376  {
1377  global $ilDB,$ilLog;
1378 
1379  if (!isset($a_rol_id) or !isset($a_type))
1380  {
1381  $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
1382  "role_id: ".$a_rol_id.
1383  "type: ".$a_type.
1384  "parent_id: ".$a_parent;
1385  $ilLog->logStack("Missing parameter! ");
1386  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1387  }
1388 
1389  $ops_arr = array();
1390 
1391  // if no rolefolder id is given, assume global role folder as target
1392  if ($a_parent == 0)
1393  {
1394  $a_parent = ROLE_FOLDER_ID;
1395  }
1396 
1397  $query = "SELECT ops_id FROM rbac_templates ".
1398  "WHERE type =".$ilDB->quote($a_type,'text')." ".
1399  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1400  "AND parent = ".$ilDB->quote($a_parent,'integer');
1401  $res = $ilDB->query($query);
1402  while ($row = $ilDB->fetchObject($res))
1403  {
1404  $ops_arr[] = $row->ops_id;
1405  }
1406 
1407  return $ops_arr;
1408  }
1409 
1410  function getRoleOperationsOnObject($a_role_id,$a_ref_id)
1411  {
1412  global $ilDB;
1413 
1414  $query = "SELECT * FROM rbac_pa ".
1415  "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
1416  "AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
1417 
1418  $res = $ilDB->query($query);
1419  while($row = $ilDB->fetchObject($res))
1420  {
1421  $ops = unserialize($row->ops_id);
1422  }
1423 
1424  return $ops ? $ops : array();
1425  }
1426 
1433  function getOperationsOnType($a_typ_id)
1434  {
1435  global $ilDB;
1436 
1437  if (!isset($a_typ_id))
1438  {
1439  $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1440  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1441  }
1442 
1443  $query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1444  $res = $ilDB->query($query);
1445 
1446  while($row = $ilDB->fetchObject($res))
1447  {
1448  $ops_id[] = $row->ops_id;
1449  }
1450 
1451  return $ops_id ? $ops_id : array();
1452  }
1453 
1460  function getOperationsOnTypeString($a_type)
1461  {
1462  global $ilDB;
1463 
1464  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
1465 
1466  $res = $this->ilDB->query($query);
1467  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1468  {
1469  return $this->getOperationsOnType($row->obj_id);
1470  }
1471  return false;
1472  }
1480  function getObjectsWithStopedInheritance($a_rol_id)
1481  {
1482  $tree = new ilTree(ROOT_FOLDER_ID);
1483 
1484  if (!isset($a_rol_id))
1485  {
1486  $message = get_class($this)."::getObjectsWithStopedInheritance(): No role_id given!";
1487  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1488  }
1489 
1490  $all_rolf_ids = $this->getFoldersAssignedToRole($a_rol_id,false);
1491 
1492  foreach ($all_rolf_ids as $rolf_id)
1493  {
1494  $parent[] = $tree->getParentId($rolf_id);
1495  }
1496 
1497  return $parent ? $parent : array();
1498  }
1499 
1506  function isDeleted($a_node_id)
1507  {
1508  global $ilDB;
1509 
1510  $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1511  $r = $this->ilDB->query($q);
1512 
1513  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1514 
1515  if (!$row)
1516  {
1517  $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1518  get_class($this),
1519  $a_node_id);
1520  $this->log->write($message,$this->log->FATAL);
1521 
1522  return true;
1523  }
1524 
1525  // rolefolder is deleted
1526  if ($row->tree < 0)
1527  {
1528  return true;
1529  }
1530 
1531  return false;
1532  }
1533 
1534  public function isGlobalRole($a_role_id)
1535  {
1536  return in_array($a_role_id,$this->getGlobalRoles());
1537  }
1538 
1539  function getRolesByFilter($a_filter = 0,$a_user_id = 0)
1540  {
1541  global $ilDB;
1542 
1543  $assign = "y";
1544 
1545  switch($a_filter)
1546  {
1547  // all (assignable) roles
1548  case 1:
1549  return $this->getAssignableRoles();
1550  break;
1551 
1552  // all (assignable) global roles
1553  case 2:
1554  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
1555  break;
1556 
1557  // all (assignable) local roles
1558  case 3:
1559  case 4:
1560  case 5:
1561  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
1562  break;
1563 
1564  // all role templates
1565  case 6:
1566  $where = "WHERE object_data.type = 'rolt'";
1567  $assign = "n";
1568  break;
1569 
1570  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1571  case 0:
1572  default:
1573  if(!$a_user_id)
1574  return array();
1575 
1576  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
1577  break;
1578  }
1579 
1580  $roles = array();
1581 
1582  $query = "SELECT * FROM object_data ".
1583  "JOIN rbac_fa ON obj_id = rol_id ".
1584  $where.
1585  "AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
1586 
1587  $res = $ilDB->query($query);
1588  while($row = $ilDB->fetchAssoc($res))
1589  {
1590  $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1591 
1592  // all (assignable) internal local roles only
1593  if ($a_filter == 4 and !$prefix)
1594  {
1595  continue;
1596  }
1597 
1598  // all (assignable) non internal local roles only
1599  if ($a_filter == 5 and $prefix)
1600  {
1601  continue;
1602  }
1603 
1604  $row["desc"] = $row["description"];
1605  $row["user_id"] = $row["owner"];
1606  $roles[] = $row;
1607  }
1608 
1609  $roles = $this->__setRoleType($roles);
1610 
1611  return $roles ? $roles : array();
1612  }
1613 
1614  // get id of a given object type (string)
1615  function getTypeId($a_type)
1616  {
1617  global $ilDB;
1618 
1619  $q = "SELECT obj_id FROM object_data ".
1620  "WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
1621  $r = $ilDB->query($q);
1622 
1623  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1624  return $row->obj_id;
1625  }
1626 
1636  function _getOperationIdsByName($operations)
1637  {
1638  global $ilDB;
1639 
1640  if(!count($operations))
1641  {
1642  return array();
1643  }
1644 
1645  $query = 'SELECT ops_id FROM rbac_operations '.
1646  'WHERE '.$ilDB->in('operation',$operations,false,'text');
1647 
1648  $res = $ilDB->query($query);
1649  while($row = $ilDB->fetchObject($res))
1650  {
1651  $ops_ids[] = $row->ops_id;
1652  }
1653  return $ops_ids ? $ops_ids : array();
1654  }
1655 
1663  public static function _getOperationIdByName($a_operation)
1664  {
1665  global $ilDB,$ilErr;
1666 
1667  if (!isset($a_operation))
1668  {
1669  $message = "perm::getOperationId(): No operation given!";
1670  $ilErr->raiseError($message,$ilErr->WARNING);
1671  }
1672 
1673  // Cache operation ids
1674  if (! is_array(self::$_opsCache)) {
1675  self::$_opsCache = array();
1676 
1677  $q = "SELECT ops_id, operation FROM rbac_operations";
1678  $r = $ilDB->query($q);
1679  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1680  {
1681  self::$_opsCache[$row->operation] = $row->ops_id;
1682  }
1683  }
1684 
1685  // Get operation ID by name from cache
1686  if (array_key_exists($a_operation, self::$_opsCache)) {
1687  return self::$_opsCache[$a_operation];
1688  }
1689  return null;
1690  }
1691 
1692 
1701  function getLinkedRolesOfRoleFolder($a_ref_id)
1702  {
1703  global $ilDB;
1704 
1705  if (!isset($a_ref_id))
1706  {
1707  $message = get_class($this)."::getLinkedRolesOfRoleFolder(): No ref_id given!";
1708  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1709  }
1710 
1711  $and = " AND assign='n'";
1712 
1713  $query = "SELECT rol_id FROM rbac_fa ".
1714  "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1715  $and;
1716  $res = $this->ilDB->query($query);
1717  while($row = $ilDB->fetchObject($res))
1718  {
1719  $rol_id[] = $row->rol_id;
1720  }
1721 
1722  return $rol_id ? $rol_id : array();
1723  }
1724 
1725  // checks if default permission settings of role under current parent (rolefolder) are protected from changes
1726  function isProtected($a_ref_id,$a_role_id)
1727  {
1728  global $ilDB;
1729 
1730  $query = "SELECT protected FROM rbac_fa ".
1731  "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
1732  "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
1733  $res = $ilDB->query($query);
1734  $row = $ilDB->fetchAssoc($res);
1735 
1736  return ilUtil::yn2tf($row['protected']);
1737  }
1738 
1739  // this method alters the protected status of role regarding the current user's role assignment
1740  // and current postion in the hierarchy.
1741  function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1742  {
1743  global $rbacsystem,$ilUser,$log;
1744 
1745  if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
1746  {
1747  $leveladmin = true;
1748  }
1749  else
1750  {
1751  $leveladmin = false;
1752  }
1753 
1754  //var_dump($a_role_hierarchy);
1755 
1756  foreach ($a_role_hierarchy as $role_id => $rolf_id)
1757  {
1758  //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1759  //echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1760  //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1761 
1762  if ($leveladmin == true)
1763  {
1764  $a_parent_roles[$role_id]['protected'] = false;
1765  continue;
1766  }
1767 
1768  if ($a_parent_roles[$role_id]['protected'] == true)
1769  {
1770  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
1771 
1772  foreach ($arr_lvl_roles_user as $lvl_role_id)
1773  {
1774  //echo "<br/>level_role: ".$lvl_role_id;
1775  //echo "<br/>a_ref_id: ".$a_ref_id;
1776 
1777  //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1778  // check if role grants 'edit_permission' to parent
1779  if ($rbacsystem->checkPermission($a_ref_id,$lvl_role_id,'edit_permission'))
1780  {
1781  //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1782  // user may change permissions of that higher-ranked role
1783  $a_parent_roles[$role_id]['protected'] = false;
1784 
1785  // remember successful check
1786  $leveladmin = true;
1787  }
1788  }
1789  }
1790  }
1791 
1792  return $a_parent_roles;
1793  }
1794 
1805  public static function _getOperationList($a_type = null)
1806  {
1807  global $ilDB;
1808 
1809  $arr = array();
1810 
1811  if ($a_type)
1812  {
1813  $query = sprintf('SELECT * FROM rbac_operations '.
1814  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
1815  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
1816  'WHERE object_data.title = %s '.
1817  'AND object_data.type = %s '.
1818  'ORDER BY %s ASC',
1819  $ilDB->quote($a_type,'text'),
1820  $ilDB->quote('typ','text'),
1821  $ilDB->quote('op_order','text'));
1822  }
1823  else
1824  {
1825  $query = 'SELECT * FROM rbac_operations '.
1826  "ORDER BY 'op_order' ASC";
1827  }
1828  $res = $ilDB->query($query);
1829  while ($row = $ilDB->fetchAssoc($res))
1830  {
1831  $arr[] = array(
1832  "ops_id" => $row['ops_id'],
1833  "operation" => $row['operation'],
1834  "desc" => $row['description'],
1835  "class" => $row['class'],
1836  "order" => $row['op_order']
1837  );
1838  }
1839  return $arr;
1840  }
1841 
1842  public static function _groupOperationsByClass($a_ops_arr)
1843  {
1844  $arr = array();
1845 
1846  foreach ($a_ops_arr as $ops)
1847  {
1848  $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
1849  'name' => $ops['operation']
1850  );
1851  }
1852  return $arr;
1853  }
1854 
1862  public function getObjectOfRole($a_role_id)
1863  {
1864  global $ilDB;
1865 
1866  $query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1867  "JOIN tree ON rfa.parent = tree.child ".
1868  "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1869  "WHERE tree.tree = 1 ".
1870  "AND assign = 'y' ".
1871  "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1872  $res = $ilDB->query($query);
1873  while($row = $ilDB->fetchObject($res))
1874  {
1875  $obj_id = $row->obj_id;
1876  }
1877 
1878  return $obj_id ? $obj_id : 0;
1879  }
1880 
1886  public function getObjectReferenceOfRole($a_role_id)
1887  {
1888  global $ilDB;
1889 
1890  $query = "SELECT tree.parent ref FROM rbac_fa fa ".
1891  "JOIN tree ON fa.parent = tree.child ".
1892  "WHERE tree.tree = 1 ".
1893  "AND assign = ".$ilDB->quote('y','text').' '.
1894  "AND rol_id = ".$ilDB->quote($a_role_id,'integer');
1895 
1896  $res = $ilDB->query($query);
1897  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1898  {
1899  return $row->ref;
1900  }
1901  return 0;
1902  }
1903 
1910  public function isRoleDeleted ($a_role_id){
1911  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1912  $deleted = true;
1913  if (count($rolf_list))
1914  {
1915  foreach ($rolf_list as $rolf) {
1916  // only list roles that are not set to status "deleted"
1917  if (!$this->isDeleted($rolf))
1918  {
1919  $deleted = false;
1920  break;
1921  }
1922  }
1923  }
1924  return $deleted;
1925  }
1926 
1927 
1928  function getRolesForIDs($role_ids, $use_templates)
1929  {
1930  global $ilDB;
1931 
1932  $role_list = array();
1933 
1934  $where = $this->__setTemplateFilter($use_templates);
1935 
1936  $query = "SELECT * FROM object_data ".
1937  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
1938  $where.
1939  "AND rbac_fa.assign = 'y' " .
1940  'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
1941 
1942  $res = $ilDB->query($query);
1943  while($row = $ilDB->fetchAssoc($res))
1944  {
1945  $row["desc"] = $row["description"];
1946  $row["user_id"] = $row["owner"];
1947  $role_list[] = $row;
1948  }
1949 
1950  $role_list = $this->__setRoleType($role_list);
1951  return $role_list;
1952  }
1953 
1958  public function getOperationAssignment()
1959  {
1960  global $ilDB;
1961 
1962  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
1963  'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
1964  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1965  $res = $ilDB->query($query);
1966 
1967  $counter = 0;
1968  while($row = $ilDB->fetchObject($res))
1969  {
1970  $info[$counter]['typ_id'] = $row->typ_id;
1971  $info[$counter]['type'] = $row->title;
1972  $info[$counter]['ops_id'] = $row->ops_id;
1973  $info[$counter]['operation'] = $row->operation;
1974  $counter++;
1975  }
1976  return $info ? $info : array();
1977 
1978  }
1979 
1988  public function filterEmptyRoleFolders($a_rolf_candidates)
1989  {
1990  global $ilDB;
1991 
1992  $query = 'SELECT DISTINCT(parent) parent FROM rbac_fa '.
1993  'WHERE '.$ilDB->in('parent',$a_rolf_candidates,false,'integer');
1994  $res = $ilDB->query($query);
1995  while($row = $ilDB->fetchObject($res))
1996  {
1997  $non_empty[] = $row->parent;
1998  }
1999  return $non_empty ? $non_empty : array();
2000  }
2001 } // END class.ilRbacReview
2002 ?>