ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilRbacAdmin.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
38 class ilRbacAdmin
39 {
44  function ilRbacAdmin()
45  {
46  global $ilDB,$ilErr,$ilias;
47 
48  // set db & error handler
49  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
50 
51  if (!isset($ilErr))
52  {
53  $ilErr = new ilErrorHandling();
54  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
55  }
56  else
57  {
58  $this->ilErr =& $ilErr;
59  }
60  }
61 
69  function removeUser($a_usr_id)
70  {
71  global $ilDB;
72 
73  if (!isset($a_usr_id))
74  {
75  $message = get_class($this)."::removeUser(): No usr_id given!";
76  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
77  }
78 
79  $query = "DELETE FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
80  $res = $ilDB->manipulate($query);
81 
82  return true;
83  }
84 
92  function deleteRole($a_rol_id,$a_ref_id)
93  {
94  global $lng,$ilDB;
95 
96  if (!isset($a_rol_id) or !isset($a_ref_id))
97  {
98  $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
99  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
100  }
101 
102  // exclude system role from rbac
103  if ($a_rol_id == SYSTEM_ROLE_ID)
104  {
105  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
106  }
107 
108  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
109  $mapping = ilLDAPRoleGroupMapping::_getInstance();
110  $mapping->deleteRole($a_rol_id);
111 
112 
113  // TODO: check assigned users before deletion
114  // This is done in ilObjRole. Should be better moved to this place?
115 
116  // delete user assignements
117  $query = "DELETE FROM rbac_ua ".
118  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer');
119  $res = $ilDB->manipulate($query);
120 
121  // delete permission assignments
122  $query = "DELETE FROM rbac_pa ".
123  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
124  $res = $ilDB->manipulate($query);
125 
126  //delete rbac_templates and rbac_fa
127  $this->deleteLocalRole($a_rol_id);
128 
129  return true;
130  }
131 
138  function deleteTemplate($a_obj_id)
139  {
140  global $ilDB;
141 
142  if (!isset($a_obj_id))
143  {
144  $message = get_class($this)."::deleteTemplate(): No obj_id given!";
145  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
146  }
147 
148  $query = 'DELETE FROM rbac_templates '.
149  'WHERE rol_id = '.$ilDB->quote($a_obj_id,'integer');
150  $res = $ilDB->manipulate($query);
151 
152  $query = 'DELETE FROM rbac_fa '.
153  'WHERE rol_id = '.$ilDB->quote($a_obj_id,'integer');
154  $res = $ilDB->manipulate($query);
155 
156  return true;
157  }
158 
166  function deleteLocalRole($a_rol_id,$a_ref_id = 0)
167  {
168  global $ilDB;
169 
170  if (!isset($a_rol_id))
171  {
172  $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
173  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
174  }
175 
176  // exclude system role from rbac
177  if ($a_rol_id == SYSTEM_ROLE_ID)
178  {
179  return true;
180  }
181 
182  if ($a_ref_id != 0)
183  {
184  $clause = 'AND parent = '.$ilDB->quote($a_ref_id,'integer').' ';
185  }
186 
187  $query = 'DELETE FROM rbac_fa '.
188  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
189  $clause;
190  $res = $ilDB->manipulate($query);
191 
192  $query = 'DELETE FROM rbac_templates '.
193  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
194  $clause;
195  $res = $ilDB->manipulate($query);
196  return true;
197  }
198 
199 
209  function assignUser($a_rol_id,$a_usr_id,$a_default = false)
210  {
211  global $ilDB,$rbacreview;
212 
213  if (!isset($a_rol_id) or !isset($a_usr_id))
214  {
215  $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
216  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
217  }
218 
219  // check if already assigned user id and role_id
220  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id,$a_rol_id);
221 
222  // enhanced: only if we haven't had this role for this user
223  if (!$alreadyAssigned)
224  {
225  $query = "INSERT INTO rbac_ua (usr_id, rol_id) ".
226  "VALUES (".$ilDB->quote($a_usr_id,'integer').",".$ilDB->quote($a_rol_id,'integer').")";
227  $res = $ilDB->manipulate($query);
228 
229  include_once './classes/class.ilRoleDesktopItem.php';
230 
231  $role_desk_item_obj =& new ilRoleDesktopItem($a_rol_id);
232 
233  if(is_object($tmp_user = ilObjectFactory::getInstanceByObjId($a_usr_id,false)))
234  {
235  foreach($role_desk_item_obj->getAll() as $item_data)
236  {
237  if(!$tmp_user->isDesktopItem($item_data['item_id'],$item_data['item_type']))
238  {
239  $tmp_user->addDesktopItem($item_data['item_id'],$item_data['item_type']);
240  }
241  }
242  }
243  }
244 
245  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
246  $mapping = ilLDAPRoleGroupMapping::_getInstance();
247  $mapping->assign($a_rol_id,$a_usr_id);
248 
249  return true;
250  }
251 
259  function deassignUser($a_rol_id,$a_usr_id)
260  {
261  global $ilDB;
262 
263  if (!isset($a_rol_id) or !isset($a_usr_id))
264  {
265  $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
266  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
267  }
268 
269  $query = "DELETE FROM rbac_ua ".
270  "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer')." ".
271  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
272  $res = $ilDB->manipulate($query);
273 
274  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
275  $mapping = ilLDAPRoleGroupMapping::_getInstance();
276  $mapping->deassign($a_rol_id,$a_usr_id);
277 
278  return true;
279  }
280 
289  function grantPermission($a_rol_id,$a_ops,$a_ref_id)
290  {
291  global $ilDB;
292 
293  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
294  {
295  $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
296  "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
297  }
298 
299  if (!is_array($a_ops))
300  {
301  $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
302  $this->ilErr->WARNING);
303  }
304 
305  /*
306  if (count($a_ops) == 0)
307  {
308  return false;
309  }
310  */
311  // exclude system role from rbac
312  if ($a_rol_id == SYSTEM_ROLE_ID)
313  {
314  return true;
315  }
316 
317  // convert all values to integer
318  foreach ($a_ops as $key => $operation)
319  {
320  $a_ops[$key] = (int) $operation;
321  }
322 
323  // Serialization des ops_id Arrays
324  $ops_ids = serialize($a_ops);
325 
326  $query = 'DELETE FROM rbac_pa '.
327  'WHERE rol_id = %s '.
328  'AND ref_id = %s';
329  $res = $ilDB->queryF($query,array('integer','integer'),
330  array($a_rol_id,$a_ref_id));
331 
332  if(!count($a_ops))
333  {
334  return false;
335  }
336 
337  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) ".
338  "VALUES ".
339  "(".$ilDB->quote($a_rol_id,'integer').",".$ilDB->quote($ops_ids,'text').",".$ilDB->quote($a_ref_id,'integer').")";
340  $res = $ilDB->manipulate($query);
341 
342  return true;
343  }
344 
354  function revokePermission($a_ref_id,$a_rol_id = 0,$a_keep_protected = true)
355  {
356  global $rbacreview,$log,$ilDB;
357 
358  if (!isset($a_ref_id))
359  {
360  $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
361  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
362  }
363 #$log->write("ilRBACadmin::revokePermission(), 0");
364 
365  // bypass protected status of roles
366  if ($a_keep_protected != true)
367  {
368  // exclude system role from rbac
369  if ($a_rol_id == SYSTEM_ROLE_ID)
370  {
371  return true;
372  }
373 
374  if ($a_rol_id)
375  {
376  $and1 = " AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
377  }
378  else
379  {
380  $and1 = "";
381  }
382 
383  $query = "DELETE FROM rbac_pa ".
384  "WHERE ref_id = ".$ilDB->quote($a_ref_id,'integer').
385  $and1;
386 
387  $res = $ilDB->manipulate($query);
388 
389  return true;
390  }
391 
392  // consider protected status of roles
393 
394  // in any case, get all roles in scope first
395  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
396 
397  if (!$a_rol_id)
398  {
399 #$log->write("ilRBACadmin::revokePermission(), 1");
400 
401  $role_ids = array();
402 
403  foreach ($roles_in_scope as $role)
404  {
405  if ($role['protected'] == true)
406  {
407  continue;
408  }
409 
410  $role_ids[] = $role['obj_id'];
411  }
412 
413  // return if no role in array
414  if (!$role_ids)
415  {
416  return true;
417  }
418 
419  $query = 'DELETE FROM rbac_pa '.
420  'WHERE '.$ilDB->in('rol_id',$role_ids,false,'integer').' '.
421  'AND ref_id = '.$ilDB->quote($a_ref_id,'integer');
422  $res = $ilDB->manipulate($query);
423  }
424  else
425  {
426 #$log->write("ilRBACadmin::revokePermission(), 2");
427  // exclude system role from rbac
428  if ($a_rol_id == SYSTEM_ROLE_ID)
429  {
430  return true;
431  }
432 
433  // exclude protected permission settings from revoking
434  if ($roles_in_scope[$a_rol_id]['protected'] == true)
435  {
436  return true;
437  }
438 
439  $query = "DELETE FROM rbac_pa ".
440  "WHERE ref_id = ".$ilDB->quote($a_ref_id,'integer')." ".
441  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
442  $res = $ilDB->manipulate($query);
443  }
444 
445  return true;
446  }
447 
455  function revokePermissionList($a_ref_ids,$a_rol_id)
456  {
457  global $ilDB;
458 
459  if (!isset($a_ref_ids) or !is_array($a_ref_ids))
460  {
461  $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: ".var_dump($a_ref_ids);
462  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
463  }
464 
465  if (!isset($a_rol_id))
466  {
467  $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
468  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
469  }
470 
471  // exclude system role from rbac
472  if ($a_rol_id == SYSTEM_ROLE_ID)
473  {
474  return true;
475  }
476 
477  $query = "DELETE FROM rbac_pa ".
478  "WHERE ".$ilDB->in('ref_id',$a_ref_ids,false,'integer').' '.
479  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer');
480  $res = $ilDB->manipulate($query);
481 
482  return true;
483  }
484 
495  public function copyRolePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
496  {
497  global $tree,$rbacreview;
498 
499  // Copy template permissions
500  $this->copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected);
501 
502  $source_obj = $tree->getParentId($a_source_parent);
503  $target_obj = $tree->getParentId($a_dest_parent);
504  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id,$source_obj);
505 
506  $this->revokePermission($target_obj,$a_dest_id);
507  $this->grantPermission($a_dest_id,$ops,$target_obj);
508  return true;
509  }
510 
521  function copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
522  {
523  global $rbacreview,$ilDB;
524 
525  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
526  {
527  $message = __METHOD__.": Missing parameter! source_id: ".$a_source_id.
528  " source_parent_id: ".$a_source_parent.
529  " dest_id : ".$a_dest_id.
530  " dest_parent_id: ".$a_dest_parent;
531  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
532  }
533 
534  // exclude system role from rbac
535  if ($a_dest_id == SYSTEM_ROLE_ID)
536  {
537  return true;
538  }
539 
540  $query = 'DELETE FROM rbac_templates WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
541  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
542  $res = $ilDB->manipulate($query);
543 
544  $query = 'SELECT * FROM rbac_templates '.
545  'WHERE rol_id = '.$ilDB->quote($a_source_id,'integer').' '.
546  'AND parent = '.$ilDB->quote($a_source_parent,'integer');
547  $res = $ilDB->query($query);
548  while ($row = $ilDB->fetchObject($res))
549  {
550  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
551  'VALUES ('.
552  $ilDB->quote($a_dest_id,'integer').",".
553  $ilDB->quote($row->type,'text').",".
554  $ilDB->quote($row->ops_id,'integer').",".
555  $ilDB->quote($a_dest_parent,'integer').")";
556  $ilDB->manipulate($query);
557  }
558 
559  // copy also protection status if applicable
560  if ($a_consider_protected == true)
561  {
562  if ($rbacreview->isProtected($a_source_parent,$a_source_id))
563  {
564  $this->setProtected($a_dest_parent,$a_dest_id,'y');
565  }
566  }
567 
568  return true;
569  }
583  function copyRolePermissionIntersection($a_source1_id,$a_source1_parent,$a_source2_id,$a_source2_parent,$a_dest_parent,$a_dest_id)
584  {
585  global $rbacreview,$ilDB;
586 
587  if (!isset($a_source1_id) or !isset($a_source1_parent)
588  or !isset($a_source2_id) or !isset($a_source2_parent)
589  or !isset($a_dest_id) or !isset($a_dest_parent))
590  {
591  $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
592  " source1_parent: ".$a_source1_parent.
593  " source2_id: ".$a_source2_id.
594  " source2_parent: ".$a_source2_parent.
595  " dest_id: ".$a_dest_id.
596  " dest_parent_id: ".$a_dest_parent;
597  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
598  }
599 
600  // exclude system role from rbac
601  if ($a_dest_id == SYSTEM_ROLE_ID)
602  {
603  return true;
604  }
605 
606  if ($rbacreview->isProtected($a_source2_parent,$a_source2_id))
607  {
608  return true;
609  }
610 
611  $query = "SELECT s1.type, s1.ops_id ".
612  "FROM rbac_templates s1, rbac_templates s2 ".
613  "WHERE s1.rol_id = ".$ilDB->quote($a_source1_id,'integer')." ".
614  "AND s1.parent = ".$ilDB->quote($a_source1_parent,'integer')." ".
615  "AND s2.rol_id = ".$ilDB->quote($a_source2_id,'integer')." ".
616  "AND s2.parent = ".$ilDB->quote($a_source2_parent,'integer')." ".
617  "AND s1.type = s2.type ".
618  "AND s1.ops_id = s2.ops_id";
619  $res = $ilDB->query($query);
620 
621  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
622  'VALUES (?,?,?,?)';
623  $sta = $ilDB->prepareManip($query,array('integer','text','integer','integer'));
624  while($row = $ilDB->fetchObject($res))
625  {
626  $ilDB->execute($sta,array(
627  $a_dest_id,
628  $row->type,
629  $row->ops_id,
630  $a_dest_parent));
631  }
632 
633  return true;
634  }
635 
646  function deleteRolePermission($a_rol_id,$a_ref_id,$a_type = false)
647  {
648  global $ilDB;
649 
650  if (!isset($a_rol_id) or !isset($a_ref_id))
651  {
652  $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
653  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
654  }
655 
656  // exclude system role from rbac
657  if ($a_rol_id == SYSTEM_ROLE_ID)
658  {
659  return true;
660  }
661 
662  if ($a_type !== false)
663  {
664  $and_type = " AND type=".$ilDB->quote($a_type,'text')." ";
665  }
666 
667  $query = 'DELETE FROM rbac_templates '.
668  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
669  'AND parent = '.$ilDB->quote($a_ref_id,'integer').' '.
670  $and_type;
671  $res = $ilDB->manipulate($query);
672 
673  return true;
674  }
675 
686  function setRolePermission($a_rol_id,$a_type,$a_ops,$a_ref_id)
687  {
688  global $ilDB;
689 
690  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
691  {
692  $message = get_class($this)."::setRolePermission(): Missing parameter!".
693  " role_id: ".$a_rol_id.
694  " type: ".$a_type.
695  " operations: ".$a_ops.
696  " ref_id: ".$a_ref_id;
697  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
698  }
699 
700  if (!is_string($a_type) or empty($a_type))
701  {
702  $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
703  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
704  }
705 
706  if (!is_array($a_ops) or empty($a_ops))
707  {
708  $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
709  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
710  }
711 
712  // exclude system role from rbac
713  if ($a_rol_id == SYSTEM_ROLE_ID)
714  {
715  return true;
716  }
717 
718  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
719  'VALUES (?,?,?,?)';
720  $sta = $ilDB->prepareManip($query,array('integer','text','integer','integer'));
721  foreach ($a_ops as $op)
722  {
723  $res = $ilDB->execute($sta,array(
724  $a_rol_id,
725  $a_type,
726  $op,
727  $a_ref_id
728  ));
729  }
730 
731  return true;
732  }
733 
747  function assignRoleToFolder($a_rol_id,$a_parent,$a_assign = "y")
748  {
749  global $ilDB;
750 
751  if (!isset($a_rol_id) or !isset($a_parent))
752  {
753  $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
754  " role_id: ".$a_rol_id.
755  " parent_id: ".$a_parent.
756  " assign: ".$a_assign;
757  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
758  }
759 
760  // exclude system role from rbac
761  if ($a_rol_id == SYSTEM_ROLE_ID)
762  {
763  return true;
764  }
765 
766  // if a wrong value is passed, always set assign to "n"
767  if ($a_assign != "y")
768  {
769  $a_assign = "n";
770  }
771 
772  $query = sprintf('INSERT INTO rbac_fa (rol_id, parent, assign, protected) '.
773  'VALUES (%s,%s,%s,%s)',
774  $ilDB->quote($a_rol_id,'integer'),
775  $ilDB->quote($a_parent,'integer'),
776  $ilDB->quote($a_assign,'text'),
777  $ilDB->quote('n','text'));
778  $res = $ilDB->manipulate($query);
779 
780  return true;
781  }
782 
791  function assignOperationToObject($a_type_id,$a_ops_id)
792  {
793  global $ilDB;
794 
795  if (!isset($a_type_id) or !isset($a_ops_id))
796  {
797  $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
798  "type_id: ".$a_type_id.
799  "ops_id: ".$a_ops_id;
800  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
801  }
802 
803  $query = "INSERT INTO rbac_ta (typ_id, ops_id) ".
804  "VALUES(".$ilDB->quote($a_type_id,'integer').",".$ilDB->quote($a_ops_id,'integer').")";
805  $res = $ilDB->manipulate($query);
806  return true;
807  }
808 
817  function deassignOperationFromObject($a_type_id,$a_ops_id)
818  {
819  global $ilDB;
820 
821  if (!isset($a_type_id) or !isset($a_ops_id))
822  {
823  $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
824  "type_id: ".$a_type_id.
825  "ops_id: ".$a_ops_id;
826  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
827  }
828 
829  $query = "DELETE FROM rbac_ta ".
830  "WHERE typ_id = ".$ilDB->quote($a_type_id,'integer')." ".
831  "AND ops_id = ".$ilDB->quote($a_ops_id,'integer');
832  $res = $ilDB->manipulate($query);
833 
834  return true;
835  }
836 
837  function setProtected($a_ref_id,$a_role_id,$a_value)
838  {
839  global $ilDB;
840 
841  // ref_id not used yet. protected permission acts 'global' for each role,
842  // regardless of any broken inheritance before
843  $query = 'UPDATE rbac_fa '.
844  'SET protected = '.$ilDB->quote($a_value,'text').' '.
845  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer');
846  $res = $ilDB->manipulate($query);
847  return true;
848  }
849 
860  public function copyLocalRoles($a_source_id,$a_target_id)
861  {
862  global $rbacreview,$ilLog,$ilObjDataCache;
863 
864  $source_rolf = $rbacreview->getRoleFolderIdOfObject($a_source_id);
865  $target_rolf = $rbacreview->getRoleFolderIdOfObject($a_target_id);
866 
867  if(!$source_rolf)
868  {
869  // Nothing to do
870  return true;
871  }
872  $real_local = array();
873  foreach($rbacreview->getRolesOfRoleFolder($source_rolf,false) as $role_data)
874  {
875  $title = $ilObjDataCache->lookupTitle($role_data);
876  if(substr($title,0,3) == 'il_')
877  {
878  continue;
879  }
880  $real_local[] = $role_data;
881  }
882  if(!count($real_local))
883  {
884  return true;
885  }
886  // Create role folder
887  if(!$target_rolf)
888  {
889  $tmp_obj = ilObjectFactory::getInstanceByRefId($a_target_id,false);
890  if(!is_object($tmp_obj))
891  {
892  return false;
893  }
894  $rolf = $tmp_obj->createRoleFolder();
895  $target_rolf = $rolf->getRefId();
896  $ilLog->write(__METHOD__.': Created new role folder with id '.$rolf->getRefId());
897  }
898  foreach($real_local as $role)
899  {
900  include_once ("./Services/AccessControl/classes/class.ilObjRole.php");
901  $orig = new ilObjRole($role);
902  $orig->read();
903 
904  $ilLog->write(__METHOD__.': Start copying of role '.$orig->getTitle());
905  $roleObj = new ilObjRole();
906  $roleObj->setTitle($orig->getTitle());
907  $roleObj->setDescription($orig->getDescription());
908  $roleObj->setImportId($orig->getImportId());
909  $roleObj->create();
910 
911  $this->assignRoleToFolder($roleObj->getId(),$target_rolf,"y");
912  $this->copyRolePermissions($role,$source_rolf,$target_rolf,$roleObj->getId(),true);
913  $ilLog->write(__METHOD__.': Added new local role, id '.$roleObj->getId());
914  }
915 
916  }
917 
929  public function adjustMovedObjectPermissions($a_ref_id,$a_old_parent)
930  {
931  global $rbacreview,$tree,$ilLog;
932 
933  $new_parent = $tree->getParentId($a_ref_id);
934  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent,false);
935  $new_context_roles = $rbacreview->getParentRoleIds($new_parent,false);
936 
937  $for_addition = $for_deletion = array();
938  foreach($new_context_roles as $new_role_id => $new_role)
939  {
940  if(!isset($old_context_roles[$new_role_id]))
941  {
942  $for_addition[$new_role_id] = $new_role;
943  }
944  elseif($new_role['parent'] != $old_context_roles[$new_role_id]['parent'])
945  {
946  // handle stopped inheritance
947  $for_deletion[$new_role_id] = $new_role;
948  $for_addition[$new_role_id] = $new_role;
949  }
950  }
951  foreach($old_context_roles as $old_role_id => $old_role)
952  {
953  if(!isset($new_context_roles[$old_role_id]))
954  {
955  $for_deletion[$old_role_id] = $old_role;
956  }
957  }
958 
959  if(!count($for_deletion) and !count($for_addition))
960  {
961  return true;
962  }
963  foreach($nodes = $tree->getSubTree($node_data = $tree->getNodeData($a_ref_id),true) as $node_data)
964  {
965  $node_id = $node_data['child'];
966 
967  // If $node_data['type'] is not set, this means there is a tree entry without
968  // object_reference and/or object_data entry
969  // Continue in this case
970  if(!$node_data['type'])
971  {
972  $ilLog->write(__METHOD__.': No type give. Choosing next tree entry.');
973  continue;
974  }
975 
976  if(!$node_id)
977  {
978  $ilLog->write(__METHOD__.': Missing subtree node_id');
979  continue;
980  }
981 
982  foreach($for_deletion as $role_id => $role_data)
983  {
984  if($rolf_id = $rbacreview->getRoleFolderIdOfObject($node_id))
985  {
986  $this->deleteLocalRole($role_id,$rolf_id);
987  }
988  $this->revokePermission($node_id,$role_id,false);
989 //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
990  }
991  foreach($for_addition as $role_id => $role_data)
992  {
993  $this->grantPermission(
994  $role_id,
995  $ops = $rbacreview->getOperationsOfRole($role_id,$node_data['type'],$role_data['parent']),
996  $node_id);
997 //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
998 
999  }
1000  }
1001 
1002  }
1003 } // END class.ilRbacAdmin
1004 ?>