ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
17  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21 
29  var $parent;
30 
31  var $allow_register;
32  var $assign_users;
33 
35  var $disk_quota;
36 
43  function ilObjRole($a_id = 0,$a_call_by_reference = false)
44  {
45  $this->type = "role";
46  $this->disk_quota = 0;
47  $this->ilObject($a_id,$a_call_by_reference);
48  }
49 
54  public function validate()
55  {
56  global $ilErr;
57 
58  if(substr($this->getTitle(),0,3) == 'il_')
59  {
60  $ilErr->setMessage('msg_role_reserved_prefix');
61  return false;
62  }
63  return true;
64  }
65 
70  public function getPresentationTitle()
71  {
72  return ilObjRole::_getTranslation($this->getTitle());
73  }
74 
75  function toggleAssignUsersStatus($a_assign_users)
76  {
77  $this->assign_users = (int) $a_assign_users;
78  }
79  function getAssignUsersStatus()
80  {
81  return $this->assign_users ? $this->assign_users : 0;
82  }
83  // Same method (static)
84  function _getAssignUsersStatus($a_role_id)
85  {
86  global $ilDB;
87 
88  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
89  $res = $ilDB->query($query);
90  while($row = $ilDB->fetchObject($res))
91  {
92  return $row->assign_users ? true : false;
93  }
94  return false;
95  }
96 
101  function read ()
102  {
103  global $ilDB;
104 
105  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
106 
107  $res = $ilDB->query($query);
108  if ($res->numRows() > 0)
109  {
110  $data = $ilDB->fetchAssoc($res);
111 
112  // fill member vars in one shot
113  $this->assignData($data);
114  }
115  else
116  {
117  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
118  }
119 
120  parent::read();
121  }
122 
128  function assignData($a_data)
129  {
130  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
131  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
132  $this->setAllowRegister($a_data["allow_register"]);
133  $this->toggleAssignUsersStatus($a_data['assign_users']);
134  $this->setDiskQuota($a_data['disk_quota']);
135  }
136 
141  function update ()
142  {
143  global $ilDB;
144 
145  $query = "UPDATE role_data SET ".
146  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
147  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
148  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer')." ".
149  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
150  $res = $ilDB->manipulate($query);
151 
152  parent::update();
153 
154  $this->read();
155 
156  return true;
157  }
158 
166  function create()
167  {
168  global $ilDB;
169 
170  $this->id = parent::create();
171 
172  $query = "INSERT INTO role_data ".
173  "(role_id,allow_register,assign_users,disk_quota) ".
174  "VALUES ".
175  "(".$ilDB->quote($this->id,'integer').",".
176  $ilDB->quote($this->getAllowRegister(),'integer').",".
177  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
178  $ilDB->quote($this->getDiskQuota(),'integer').")"
179  ;
180  $res = $ilDB->query($query);
181 
182  return $this->id;
183  }
184 
191  function setAllowRegister($a_allow_register)
192  {
193  if (empty($a_allow_register))
194  {
195  $a_allow_register == 0;
196  }
197 
198  $this->allow_register = (int) $a_allow_register;
199  }
200 
207  function getAllowRegister()
208  {
209  return $this->allow_register ? $this->allow_register : false;
210  }
211 
220  function setDiskQuota($a_disk_quota)
221  {
222  $this->disk_quota = $a_disk_quota;
223  }
224 
234  function getDiskQuota()
235  {
236  return $this->disk_quota;
237  }
244  function _lookupRegisterAllowed()
245  {
246  global $ilDB;
247 
248  $query = "SELECT * FROM role_data ".
249  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
250  "WHERE allow_register = 1";
251  $res = $ilDB->query($query);
252 
253  $roles = array();
254  while($role = $ilDB->fetchAssoc($res))
255  {
256  $roles[] = array("id" => $role["obj_id"],
257  "title" => $role["title"],
258  "auth_mode" => $role['auth_mode']);
259  }
260 
261  return $roles;
262  }
263 
270  function _lookupAllowRegister($a_role_id)
271  {
272  global $ilDB;
273 
274  $query = "SELECT * FROM role_data ".
275  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
276 
277  $res = $ilDB->query($query);
278  if ($role_rec = $ilDB->fetchAssoc($res))
279  {
280  if ($role_rec["allow_register"])
281  {
282  return true;
283  }
284  }
285  return false;
286  }
287 
295  function setParent($a_parent_ref)
296  {
297  $this->parent = $a_parent_ref;
298  }
299 
306  function getParent()
307  {
308  return $this->parent;
309  }
310 
311 
318  function delete()
319  {
320  global $rbacadmin, $rbacreview,$ilDB;
321 
322  $role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
323 
324  // Temporary bugfix
325  if($rbacreview->hasMultipleAssignments($this->getId()))
326  {
327  $GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
328  return false;
329  }
330 
331  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
332  {
333  // do not delete a global role, if the role is the last
334  // role a user is assigned to.
335  //
336  // Performance improvement: In the code section below, we
337  // only need to consider _global_ roles. We don't need
338  // to check for _local_ roles, because a user who has
339  // a local role _always_ has a global role too.
340  $last_role_user_ids = array();
341  if ($this->getParent() == ROLE_FOLDER_ID)
342  {
343  // The role is a global role: check if
344  // we find users who aren't assigned to any
345  // other global role than this one.
346  $user_ids = $rbacreview->assignedUsers($this->getId());
347 
348  foreach ($user_ids as $user_id)
349  {
350  // get all roles each user has
351  $role_ids = $rbacreview->assignedRoles($user_id);
352 
353  // is last role?
354  if (count($role_ids) == 1)
355  {
356  $last_role_user_ids[] = $user_id;
357  }
358  }
359  }
360 
361  // users with last role found?
362  if (count($last_role_user_ids) > 0)
363  {
364  foreach ($last_role_user_ids as $user_id)
365  {
366 //echo "<br>last role for user id:".$user_id.":";
367  // GET OBJECT TITLE
368  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
369  $user_names[] = $tmp_obj->getFullname();
370  unset($tmp_obj);
371  }
372 
373  // TODO: This check must be done in rolefolder object because if multiple
374  // roles were selected the other roles are still deleted and the system does not
375  // give any feedback about this.
376  $users = implode(', ',$user_names);
377  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
378  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
379  }
380  else
381  {
382  // IT'S A BASE ROLE
383  $rbacadmin->deleteRole($this->getId(),$this->getParent());
384 
385  // Delete ldap role group mappings
386  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
387  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
388 
389  // delete object_data entry
390  parent::delete();
391 
392  // delete role_data entry
393  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
394  $res = $ilDB->manipulate($query);
395 
396  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
397  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
398  $role_desk_item_obj->deleteAll();
399 
400  }
401  }
402  else
403  {
404  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
405  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
406  }
407 
408  // purge empty rolefolders
409  //
410  // Performance improvement: We filter out all role folders
411  // which still contain roles, _before_ we attempt to purge them.
412  // This is faster than attempting to purge all role folders,
413  // and let function purge() of the role folder find out, if
414  // purging is possible.
415 
416  $non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
417  $role_folders = array_diff($role_folders,$non_empty_role_folders);
418 
419  // Attempt to purge the role folders
420  foreach ($role_folders as $rolf)
421  {
422  if (ilObject::_exists($rolf,true))
423  {
424  $rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
425  $rolfObj->purge();
426  unset($rolfObj);
427  }
428  }
429 
430  return true;
431  }
432 
433  function getCountMembers()
434  {
435  global $rbacreview;
436 
437  return count($rbacreview->assignedUsers($this->getId()));
438  }
439 
440  function _getTranslation($a_role_title)
441  {
442  global $lng;
443 
444  $test_str = explode('_',$a_role_title);
445 
446  if ($test_str[0] == 'il')
447  {
448  $test2 = (int) $test_str[3];
449  if ($test2 > 0)
450  {
451  unset($test_str[3]);
452  }
453 
454  return $lng->txt(implode('_',$test_str));
455  }
456 
457  return $a_role_title;
458  }
459 
460 
461 
462  function _updateAuthMode($a_roles)
463  {
464  global $ilDB;
465 
466  foreach ($a_roles as $role_id => $auth_mode)
467  {
468  $query = "UPDATE role_data SET ".
469  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
470  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
471  $res = $ilDB->manipulate($query);
472  }
473  }
474 
475  function _getAuthMode($a_role_id)
476  {
477  global $ilDB;
478 
479  $query = "SELECT auth_mode FROM role_data ".
480  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
481  $res = $ilDB->query($query);
482  $row = $ilDB->fetchAssoc($res);
483 
484  return $row['auth_mode'];
485  }
486 
494  public static function _getRolesByAuthMode($a_auth_mode)
495  {
496  global $ilDB;
497 
498  $query = "SELECT * FROM role_data ".
499  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
500  $res = $ilDB->query($query);
501  $roles = array();
502  while($row = $ilDB->fetchObject($res))
503  {
504  $roles[] = $row->role_id;
505  }
506  return $roles;
507  }
508 
517  public static function _resetAuthMode($a_auth_mode)
518  {
519  global $ilDB;
520 
521  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
522  $res = $ilDB->manipulate($query);
523  }
524 
525  // returns array of operation/objecttype definitions
526  // private
527  function __getPermissionDefinitions()
528  {
529  global $ilDB, $lng, $objDefinition,$rbacreview;
530 
531  $operation_info = $rbacreview->getOperationAssignment();
532  foreach($operation_info as $info)
533  {
534  if($objDefinition->getDevMode($info['type']))
535  {
536  continue;
537  }
538  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
539  "type" => $info['type']);
540 
541  // handle plugin permission texts
542  $txt = $objDefinition->isPlugin($info['type'])
543  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
544  : $lng->txt($info['type']."_".$info['operation']);
545  if (substr($info['operation'], 0, 7) == "create_" &&
546  $objDefinition->isPlugin(substr($info['operation'], 7)))
547  {
548  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
549  }
550  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
551  "ops_id" => $info['ops_id'],
552  "title" => $info['operation'],
553  "name" => $txt);
554 
555  }
556  return array($rbac_objects,$rbac_operations);
557  }
558 
564  public function isDeletable($a_role_folder_id)
565  {
566  global $rbacreview;
567 
568  if(!$rbacreview->isAssignable($this->getId(), $a_role_folder_id))
569  {
570  return false;
571  }
572 
573  if(substr($this->getTitle(),0,3) == 'il_')
574  {
575  return false;
576  }
577  return true;
578 
579  }
580 
581  public static function isAutoGenerated($a_role_id)
582  {
583  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
584  }
585 
593  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
594  {
595  global $tree,$rbacreview;
596 
597  // Get node info of subtree
598  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
599 
600  #var_dump($nodes);
601 
602  // get local policies
603  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
604 
605 
606  // filter relevant roles
607  $local_policies = array();
608  foreach($all_local_policies as $lp)
609  {
610  if(isset($nodes[$lp]))
611  {
612  $local_policies[] = $lp;
613  }
614  }
615 
616  // Delete deprecated policies
617  switch($a_mode)
618  {
619  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
620  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
621  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
622  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
623  break;
624  }
625  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
626 
627  #var_dump(memory_get_peak_usage());
628  #var_dump(memory_get_usage());
629  }
630 
636  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
637  {
638  global $rbacreview,$rbacadmin;
639 
640  $local_policies = array();
641  foreach($a_policies as $policy)
642  {
643  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
644  {
645  $local_policies[] = $policy;
646  continue;
647  }
648  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
649  {
650  $local_policies[] = $policy;
651  continue;
652  }
653 
654  if($rolf = $rbacreview->getRoleFolderIdOfObject($policy))
655  {
656  $rbacadmin->deleteLocalRole($this->getId(),$rolf);
657  }
658  }
659  return $local_policies;
660  }
661 
670  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
671  {
672  global $rbacadmin, $rbacreview;
673 
674  $operation_stack = array();
675  $policy_stack = array();
676  $left_stack = array();
677  $right_stack = array();
678 
679  $start_node = current($a_nodes);
680  array_push($left_stack, $start_node['lft']);
681  array_push($right_stack, $start_node['rgt']);
682  $this->updatePolicyStack($policy_stack, $start_node['child']);
683  $this->updateOperationStack($operation_stack, $start_node['child']);
684 
685  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
686  $rbac_log_active = ilRbacLog::isActive();
687 
688  $local_policy = false;
689  foreach($a_nodes as $node)
690  {
691  $lft = end($left_stack);
692  $rgt = end($right_stack);
693 
694  #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
695 
696  while(($node['lft'] < $lft) or ($node['rgt'] > $rgt))
697  {
698  #echo "LEFT ".$node['child'].'<br>';
699  array_pop($operation_stack);
700  array_pop($policy_stack);
701  array_pop($left_stack);
702  array_pop($right_stack);
703 
704  $lft = end($left_stack);
705  $rgt = end($right_stack);
706 
707  $local_policy = false;
708  }
709 
710  if($local_policy)
711  {
712  #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
713  // Continue if inside of local policy
714  continue;
715  }
716 
717  // Start node => set permissions and continue
718  if($node['child'] == $start_node['child'])
719  {
720  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
721  {
722  if($rbac_log_active)
723  {
724  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
725  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
726  }
727 
728  // Set permissions
729  $perms = end($operation_stack);
730  $rbacadmin->grantPermission(
731  $this->getId(),
732  (array) $perms[$node['type']],
733  $node['child']
734  );
735 
736  if($rbac_log_active)
737  {
738  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
739  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
740  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
741  }
742  }
743  continue;
744  }
745 
746  // Node has local policies => update permission stack and continue
747  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
748  {
749  #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
750  $local_policy = true;
751  $this->updatePolicyStack($policy_stack, $node['child']);
752  $this->updateOperationStack($operation_stack, $node['child']);
753  array_push($left_stack,$node['lft']);
754  array_push($right_stack, $node['rgt']);
755  continue;
756  }
757 
758  // Continue if this object type is in filter
759  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
760  {
761  continue;
762  }
763 
764  if($rbac_log_active)
765  {
766  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
767  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
768  }
769 
770  #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
771  // Node is course => create course permission intersection
772  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
773  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
774 
775  {
776  #echo "CRS ".$node['child'].'<br>';
777  // Copy role permission intersection
778 
779  $perms = end($operation_stack);
780  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
781  if($this->updateOperationStack($operation_stack,$node['child']))
782  {
783  #echo "CRS SUCCESS ".$node['child'].'<br>';
784  $this->updatePolicyStack($policy_stack, $node['child']);
785  array_push($left_stack, $node['lft']);
786  array_push($right_stack, $node['rgt']);
787  }
788  }
789 
790  // Node is group => create group permission intersection
791  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
792  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
793  {
794  #echo "GRP ".$node['child'].'<br>';
795  // Copy role permission intersection
796  $perms = end($operation_stack);
797  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
798  if($this->updateOperationStack($operation_stack,$node['child']))
799  {
800  #echo "GRP SUCCESS ".$node['child'].'<br>';
801  $this->updatePolicyStack($policy_stack, $node['child']);
802  array_push($left_stack, $node['lft']);
803  array_push($right_stack, $node['rgt']);
804  }
805  }
806 
807  #echo "GRANTED ".$node['child'].'<br>';
808  // Set permission
809  $perms = end($operation_stack);
810  $rbacadmin->grantPermission(
811  $this->getId(),
812  (array) $perms[$node['type']],
813  $node['child']
814  );
815  #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
816 
817  if($rbac_log_active)
818  {
819  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
820  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
821  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
822  }
823  }
824  }
825 
832  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
833  {
834  if(in_array($a_type,$a_exclusion_filter))
835  {
836  return false;
837  }
838 
839  if(in_array('all',$a_filter))
840  {
841  return true;
842  }
843  return in_array($a_type,$a_filter);
844  }
845 
852  protected function updateOperationStack(&$a_stack,$a_node)
853  {
854  global $rbacreview;
855 
856  if($a_node == ROOT_FOLDER_ID)
857  {
858  $rolf = ROLE_FOLDER_ID;
859  }
860  else
861  {
862  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
863  }
864 
865  if(!$rolf)
866  {
867  return false;
868  }
869 
870  $a_stack[] = $rbacreview->getAllOperationsOfRole(
871  $this->getId(),
872  $rolf
873  );
874  return true;
875  }
876 
882  protected function updatePolicyStack(&$a_stack,$a_node)
883  {
884  global $rbacreview;
885 
886  if($a_node == ROOT_FOLDER_ID)
887  {
888  $rolf = ROLE_FOLDER_ID;
889  }
890  else
891  {
892  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
893  }
894 
895  if(!$rolf)
896  {
897  return false;
898  }
899 
900  $a_stack[] = $rolf;
901  return true;
902  }
903 
911  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
912  {
913  global $ilDB, $rbacreview,$rbacadmin;
914 
915  static $course_non_member_id = null;
916  static $group_non_member_id = null;
917  static $group_open_id = null;
918  static $group_closed_id = null;
919 
920  // Get template id
921  switch($a_type)
922  {
923  case 'grp':
924 
925  include_once './Modules/Group/classes/class.ilObjGroup.php';
926  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
927  #var_dump("GROUP TYPE",$type);
928  switch($type)
929  {
930  case GRP_TYPE_CLOSED:
931  if(!$group_closed_id)
932  {
933  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
934  $res = $ilDB->query($query);
935  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
936  {
937  $group_closed_id = $row->obj_id;
938  }
939  }
940  $template_id = $group_closed_id;
941  #var_dump("GROUP CLOSED id:" . $template_id);
942  break;
943 
944  case GRP_TYPE_OPEN:
945  default:
946  if(!$group_open_id)
947  {
948  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
949  $res = $ilDB->query($query);
950  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
951  {
952  $group_open_id = $row->obj_id;
953  }
954  }
955  $template_id = $group_open_id;
956  #var_dump("GROUP OPEN id:" . $template_id);
957  break;
958  }
959  break;
960 
961  case 'crs':
962  if(!$course_non_member_id)
963  {
964  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
965  $res = $ilDB->query($query);
966  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
967  {
968  $course_non_member_id = $row->obj_id;
969  }
970  }
971  $template_id = $course_non_member_id;
972  break;
973  }
974 
975  $current_ops = $a_current_ops[$a_type];
976 
977  // Create intersection template permissions
978  if($template_id)
979  {
980  $rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
981 
982  $rbacadmin->copyRolePermissionIntersection(
983  $template_id, ROLE_FOLDER_ID,
984  $this->getId(), end($policy_stack),
985  $rolf,$this->getId()
986  );
987  }
988  else
989  {
990  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
991  }
992  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
993  if($rolf)
994  {
995  $rbacadmin->assignRoleToFolder($this->getId(),$rolf,"n");
996  }
997  return true;
998  }
999 
1000 } // END class.ilObjRole
1001 ?>