ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
17  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21 
29  var $parent;
30 
31  var $allow_register;
32  var $assign_users;
33 
35  var $disk_quota;
36 
43  function ilObjRole($a_id = 0,$a_call_by_reference = false)
44  {
45  $this->type = "role";
46  $this->disk_quota = 0;
47  $this->ilObject($a_id,$a_call_by_reference);
48  }
49 
54  public function validate()
55  {
56  global $ilErr;
57 
58  if(substr($this->getTitle(),0,3) == 'il_')
59  {
60  $ilErr->setMessage('msg_role_reserved_prefix');
61  return false;
62  }
63  return true;
64  }
65 
70  public function getPresentationTitle()
71  {
72  return ilObjRole::_getTranslation($this->getTitle());
73  }
74 
75  function toggleAssignUsersStatus($a_assign_users)
76  {
77  $this->assign_users = (int) $a_assign_users;
78  }
79  function getAssignUsersStatus()
80  {
81  return $this->assign_users ? $this->assign_users : 0;
82  }
83  // Same method (static)
84  function _getAssignUsersStatus($a_role_id)
85  {
86  global $ilDB;
87 
88  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
89  $res = $ilDB->query($query);
90  while($row = $ilDB->fetchObject($res))
91  {
92  return $row->assign_users ? true : false;
93  }
94  return false;
95  }
96 
101  function read ()
102  {
103  global $ilDB;
104 
105  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
106 
107  $res = $ilDB->query($query);
108  if ($res->numRows() > 0)
109  {
110  $data = $ilDB->fetchAssoc($res);
111 
112  // fill member vars in one shot
113  $this->assignData($data);
114  }
115  else
116  {
117  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
118  }
119 
120  parent::read();
121  }
122 
128  function assignData($a_data)
129  {
130  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
131  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
132  $this->setAllowRegister($a_data["allow_register"]);
133  $this->toggleAssignUsersStatus($a_data['assign_users']);
134  $this->setDiskQuota($a_data['disk_quota']);
135  }
136 
141  function update ()
142  {
143  global $ilDB;
144 
145  $query = "UPDATE role_data SET ".
146  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
147  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
148  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer')." ".
149  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
150  $res = $ilDB->manipulate($query);
151 
152  parent::update();
153 
154  $this->read();
155 
156  return true;
157  }
158 
166  function create()
167  {
168  global $ilDB;
169 
170  $this->id = parent::create();
171 
172  $query = "INSERT INTO role_data ".
173  "(role_id,allow_register,assign_users,disk_quota) ".
174  "VALUES ".
175  "(".$ilDB->quote($this->id,'integer').",".
176  $ilDB->quote($this->getAllowRegister(),'integer').",".
177  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
178  $ilDB->quote($this->getDiskQuota(),'integer').")"
179  ;
180  $res = $ilDB->query($query);
181 
182  return $this->id;
183  }
184 
191  function setAllowRegister($a_allow_register)
192  {
193  if (empty($a_allow_register))
194  {
195  $a_allow_register == 0;
196  }
197 
198  $this->allow_register = (int) $a_allow_register;
199  }
200 
207  function getAllowRegister()
208  {
209  return $this->allow_register ? $this->allow_register : false;
210  }
211 
220  function setDiskQuota($a_disk_quota)
221  {
222  $this->disk_quota = $a_disk_quota;
223  }
224 
234  function getDiskQuota()
235  {
236  return $this->disk_quota;
237  }
244  function _lookupRegisterAllowed()
245  {
246  global $ilDB;
247 
248  $query = "SELECT * FROM role_data ".
249  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
250  "WHERE allow_register = 1";
251  $res = $ilDB->query($query);
252 
253  $roles = array();
254  while($role = $ilDB->fetchAssoc($res))
255  {
256  $roles[] = array("id" => $role["obj_id"],
257  "title" => $role["title"],
258  "auth_mode" => $role['auth_mode']);
259  }
260 
261  return $roles;
262  }
263 
270  function _lookupAllowRegister($a_role_id)
271  {
272  global $ilDB;
273 
274  $query = "SELECT * FROM role_data ".
275  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
276 
277  $res = $ilDB->query($query);
278  if ($role_rec = $ilDB->fetchAssoc($res))
279  {
280  if ($role_rec["allow_register"])
281  {
282  return true;
283  }
284  }
285  return false;
286  }
287 
295  function setParent($a_parent_ref)
296  {
297  $this->parent = $a_parent_ref;
298  }
299 
306  function getParent()
307  {
308  return $this->parent;
309  }
310 
311 
318  function delete()
319  {
320  global $rbacadmin, $rbacreview,$ilDB;
321 
322  $role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
323 
324  // Temporary bugfix
325  if($rbacreview->hasMultipleAssignments($this->getId()))
326  {
327  $GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
328  return false;
329  }
330 
331  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
332  {
333  // do not delete a global role, if the role is the last
334  // role a user is assigned to.
335  //
336  // Performance improvement: In the code section below, we
337  // only need to consider _global_ roles. We don't need
338  // to check for _local_ roles, because a user who has
339  // a local role _always_ has a global role too.
340  $last_role_user_ids = array();
341  if ($this->getParent() == ROLE_FOLDER_ID)
342  {
343  // The role is a global role: check if
344  // we find users who aren't assigned to any
345  // other global role than this one.
346  $user_ids = $rbacreview->assignedUsers($this->getId());
347 
348  foreach ($user_ids as $user_id)
349  {
350  // get all roles each user has
351  $role_ids = $rbacreview->assignedRoles($user_id);
352 
353  // is last role?
354  if (count($role_ids) == 1)
355  {
356  $last_role_user_ids[] = $user_id;
357  }
358  }
359  }
360 
361  // users with last role found?
362  if (count($last_role_user_ids) > 0)
363  {
364  foreach ($last_role_user_ids as $user_id)
365  {
366 //echo "<br>last role for user id:".$user_id.":";
367  // GET OBJECT TITLE
368  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
369  $user_names[] = $tmp_obj->getFullname();
370  unset($tmp_obj);
371  }
372 
373  // TODO: This check must be done in rolefolder object because if multiple
374  // roles were selected the other roles are still deleted and the system does not
375  // give any feedback about this.
376  $users = implode(', ',$user_names);
377  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
378  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
379  }
380  else
381  {
382  // IT'S A BASE ROLE
383  $rbacadmin->deleteRole($this->getId(),$this->getParent());
384 
385  // Delete ldap role group mappings
386  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
387  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
388 
389  // delete object_data entry
390  parent::delete();
391 
392  // delete role_data entry
393  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
394  $res = $ilDB->manipulate($query);
395 
396  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
397  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
398  $role_desk_item_obj->deleteAll();
399 
400  }
401  }
402  else
403  {
404  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
405  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
406  }
407 
408  // purge empty rolefolders
409  //
410  // Performance improvement: We filter out all role folders
411  // which still contain roles, _before_ we attempt to purge them.
412  // This is faster than attempting to purge all role folders,
413  // and let function purge() of the role folder find out, if
414  // purging is possible.
415 
416  $non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
417  $role_folders = array_diff($role_folders,$non_empty_role_folders);
418 
419  // Attempt to purge the role folders
420  foreach ($role_folders as $rolf)
421  {
422  if (ilObject::_exists($rolf,true))
423  {
424  $rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
425  $rolfObj->purge();
426  unset($rolfObj);
427  }
428  }
429 
430  return true;
431  }
432 
433  function getCountMembers()
434  {
435  global $rbacreview;
436 
437  return count($rbacreview->assignedUsers($this->getId()));
438  }
439 
440  function _getTranslation($a_role_title)
441  {
442  global $lng;
443 
444  $test_str = explode('_',$a_role_title);
445 
446  // check for plugins
447  if(substr($a_role_title, 0, 4) == 'il_x')
448  {
449  include_once './Services/Component/classes/class.ilPlugin.php';
450  array_pop($test_str);
451  return ilPlugin::lookupTxt('rep_robj', $test_str[1], implode('_',$test_str));
452  }
453 
454  if ($test_str[0] == 'il')
455  {
456  $test2 = (int) $test_str[3];
457  if ($test2 > 0)
458  {
459  unset($test_str[3]);
460  }
461 
462  return $lng->txt(implode('_',$test_str));
463  }
464 
465  return $a_role_title;
466  }
467 
468 
469 
470  function _updateAuthMode($a_roles)
471  {
472  global $ilDB;
473 
474  foreach ($a_roles as $role_id => $auth_mode)
475  {
476  $query = "UPDATE role_data SET ".
477  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
478  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
479  $res = $ilDB->manipulate($query);
480  }
481  }
482 
483  function _getAuthMode($a_role_id)
484  {
485  global $ilDB;
486 
487  $query = "SELECT auth_mode FROM role_data ".
488  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
489  $res = $ilDB->query($query);
490  $row = $ilDB->fetchAssoc($res);
491 
492  return $row['auth_mode'];
493  }
494 
502  public static function _getRolesByAuthMode($a_auth_mode)
503  {
504  global $ilDB;
505 
506  $query = "SELECT * FROM role_data ".
507  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
508  $res = $ilDB->query($query);
509  $roles = array();
510  while($row = $ilDB->fetchObject($res))
511  {
512  $roles[] = $row->role_id;
513  }
514  return $roles;
515  }
516 
525  public static function _resetAuthMode($a_auth_mode)
526  {
527  global $ilDB;
528 
529  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
530  $res = $ilDB->manipulate($query);
531  }
532 
533  // returns array of operation/objecttype definitions
534  // private
535  function __getPermissionDefinitions()
536  {
537  global $ilDB, $lng, $objDefinition,$rbacreview;
538 
539  $operation_info = $rbacreview->getOperationAssignment();
540  foreach($operation_info as $info)
541  {
542  if($objDefinition->getDevMode($info['type']))
543  {
544  continue;
545  }
546  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
547  "type" => $info['type']);
548 
549  // handle plugin permission texts
550  $txt = $objDefinition->isPlugin($info['type'])
551  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
552  : $lng->txt($info['type']."_".$info['operation']);
553  if (substr($info['operation'], 0, 7) == "create_" &&
554  $objDefinition->isPlugin(substr($info['operation'], 7)))
555  {
556  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
557  }
558  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
559  "ops_id" => $info['ops_id'],
560  "title" => $info['operation'],
561  "name" => $txt);
562 
563  }
564  return array($rbac_objects,$rbac_operations);
565  }
566 
572  public function isDeletable($a_role_folder_id)
573  {
574  global $rbacreview;
575 
576  if(!$rbacreview->isAssignable($this->getId(), $a_role_folder_id))
577  {
578  return false;
579  }
580 
581  if(substr($this->getTitle(),0,3) == 'il_')
582  {
583  return false;
584  }
585  return true;
586 
587  }
588 
589  public static function isAutoGenerated($a_role_id)
590  {
591  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
592  }
593 
601  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
602  {
603  global $tree,$rbacreview;
604 
605  // Get node info of subtree
606  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
607 
608  // get local policies
609  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
610 
611  // filter relevant roles
612  $local_policies = array();
613  foreach($all_local_policies as $lp)
614  {
615  if(isset($nodes[$lp]))
616  {
617  $local_policies[] = $lp;
618  }
619  }
620 
621  // Delete deprecated policies
622  switch($a_mode)
623  {
624  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
625  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
626  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
627  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
628  break;
629  }
630  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
631 
632  #var_dump(memory_get_peak_usage());
633  #var_dump(memory_get_usage());
634  }
635 
641  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
642  {
643  global $rbacreview,$rbacadmin;
644 
645  $local_policies = array();
646  foreach($a_policies as $policy)
647  {
648  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
649  {
650  $local_policies[] = $policy;
651  continue;
652  }
653  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
654  {
655  $local_policies[] = $policy;
656  continue;
657  }
658 
659  if($rolf = $rbacreview->getRoleFolderIdOfObject($policy))
660  {
661  $rbacadmin->deleteLocalRole($this->getId(),$rolf);
662  }
663  }
664  return $local_policies;
665  }
666 
675  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
676  {
677  global $rbacadmin, $rbacreview;
678 
679  $operation_stack = array();
680  $policy_stack = array();
681  $left_stack = array();
682  $right_stack = array();
683 
684  $start_node = current($a_nodes);
685  array_push($left_stack, $start_node['lft']);
686  array_push($right_stack, $start_node['rgt']);
687  $this->initPolicyStack($policy_stack, $start_node['child']);
688  $this->initOperationStack($operation_stack, $start_node['child']);
689 
690  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($policy_stack,true));
691  #$GLOBALS['ilLog']->write(__METHOD__.': '.print_r($operation_stack,true));
692 
693  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
694  $rbac_log_active = ilRbacLog::isActive();
695 
696  $local_policy = false;
697  foreach($a_nodes as $node)
698  {
699  $lft = end($left_stack);
700  $rgt = end($right_stack);
701 
702  #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
703 
704  while(($node['lft'] < $lft) or ($node['rgt'] > $rgt))
705  {
706  #echo "LEFT ".$node['child'].'<br>';
707  array_pop($operation_stack);
708  array_pop($policy_stack);
709  array_pop($left_stack);
710  array_pop($right_stack);
711 
712  $lft = end($left_stack);
713  $rgt = end($right_stack);
714 
715  $local_policy = false;
716  }
717 
718  if($local_policy)
719  {
720  #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
721  // Continue if inside of local policy
722  continue;
723  }
724 
725  // Start node => set permissions and continue
726  if($node['child'] == $start_node['child'])
727  {
728  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
729  {
730  if($rbac_log_active)
731  {
732  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
733  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
734  }
735 
736  // Set permissions
737  $perms = end($operation_stack);
738  $rbacadmin->grantPermission(
739  $this->getId(),
740  (array) $perms[$node['type']],
741  $node['child']
742  );
743 
744  if($rbac_log_active)
745  {
746  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
747  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
748  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
749  }
750  }
751  continue;
752  }
753 
754  // Node has local policies => update permission stack and continue
755  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
756  {
757  #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
758  $local_policy = true;
759  $this->updatePolicyStack($policy_stack, $node['child']);
760  $this->updateOperationStack($operation_stack, $node['child']);
761  array_push($left_stack,$node['lft']);
762  array_push($right_stack, $node['rgt']);
763  continue;
764  }
765 
766  // Continue if this object type is in filter
767  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
768  {
769  continue;
770  }
771 
772  if($rbac_log_active)
773  {
774  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
775  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
776  }
777 
778  #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
779  // Node is course => create course permission intersection
780  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
781  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
782 
783  {
784  #echo "CRS ".$node['child'].'<br>';
785  // Copy role permission intersection
786 
787  $perms = end($operation_stack);
788  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
789  if($this->updateOperationStack($operation_stack,$node['child']))
790  {
791  #echo "CRS SUCCESS ".$node['child'].'<br>';
792  $this->updatePolicyStack($policy_stack, $node['child']);
793  array_push($left_stack, $node['lft']);
794  array_push($right_stack, $node['rgt']);
795  }
796  }
797 
798  // Node is group => create group permission intersection
799  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
800  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
801  {
802  #echo "GRP ".$node['child'].'<br>';
803  // Copy role permission intersection
804  $perms = end($operation_stack);
805  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
806  if($this->updateOperationStack($operation_stack,$node['child']))
807  {
808  #echo "GRP SUCCESS ".$node['child'].'<br>';
809  $this->updatePolicyStack($policy_stack, $node['child']);
810  array_push($left_stack, $node['lft']);
811  array_push($right_stack, $node['rgt']);
812  }
813  }
814 
815  #echo "GRANTED ".$node['child'].'<br>';
816  // Set permission
817  $perms = end($operation_stack);
818  $rbacadmin->grantPermission(
819  $this->getId(),
820  (array) $perms[$node['type']],
821  $node['child']
822  );
823  #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
824 
825  if($rbac_log_active)
826  {
827  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
828  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
829  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
830  }
831  }
832  }
833 
840  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
841  {
842  if(in_array($a_type,$a_exclusion_filter))
843  {
844  return false;
845  }
846 
847  if(in_array('all',$a_filter))
848  {
849  return true;
850  }
851  return in_array($a_type,$a_filter);
852  }
853 
860  protected function updateOperationStack(&$a_stack,$a_node)
861  {
862  global $rbacreview;
863 
864  if($a_node == ROOT_FOLDER_ID)
865  {
866  $rolf = ROLE_FOLDER_ID;
867  }
868  else
869  {
870  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
871  }
872 
873  if(!$rolf)
874  {
875  return false;
876  }
877 
878  $a_stack[] = $rbacreview->getAllOperationsOfRole(
879  $this->getId(),
880  $rolf
881  );
882  return true;
883  }
884 
892  protected function initOperationStack(&$a_stack, $a_node)
893  {
894  global $rbacreview;
895 
896  if($a_node == ROOT_FOLDER_ID)
897  {
898  $rolf = ROLE_FOLDER_ID;
899  }
900  else
901  {
902  $roles = $rbacreview->getParentRoleIds($a_node,false,true);
903  $rolf = $roles[$this->getId()]['parent'];
904  }
905  if(!$rolf)
906  {
907  return false;
908  }
909 
910  $a_stack[] = $rbacreview->getAllOperationsOfRole(
911  $this->getId(),
912  $rolf
913  );
914  return true;
915  }
916 
922  protected function updatePolicyStack(&$a_stack,$a_node)
923  {
924  global $rbacreview;
925 
926  if($a_node == ROOT_FOLDER_ID)
927  {
928  $rolf = ROLE_FOLDER_ID;
929  }
930  else
931  {
932  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
933  }
934 
935  if(!$rolf)
936  {
937  return false;
938  }
939 
940  $a_stack[] = $rolf;
941  return true;
942  }
943 
950  protected function initPolicyStack(&$a_stack, $a_node)
951  {
952  global $rbacreview;
953 
954  if($a_node == ROOT_FOLDER_ID)
955  {
956  $rolf = ROLE_FOLDER_ID;
957  }
958  else
959  {
960  $roles = $rbacreview->getParentRoleIds($a_node,false,true);
961 
962  $GLOBALS['ilLog']->write(__METHOD__.': '.print_r($roles,true));
963  $rolf = $roles[$this->getId()]['parent'];
964  }
965  $a_stack[] = $rolf;
966  }
967 
975  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
976  {
977  global $ilDB, $rbacreview,$rbacadmin;
978 
979  static $course_non_member_id = null;
980  static $group_non_member_id = null;
981  static $group_open_id = null;
982  static $group_closed_id = null;
983 
984  // Get template id
985  switch($a_type)
986  {
987  case 'grp':
988 
989  include_once './Modules/Group/classes/class.ilObjGroup.php';
990  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
991  #var_dump("GROUP TYPE",$type);
992  switch($type)
993  {
994  case GRP_TYPE_CLOSED:
995  if(!$group_closed_id)
996  {
997  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
998  $res = $ilDB->query($query);
999  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1000  {
1001  $group_closed_id = $row->obj_id;
1002  }
1003  }
1004  $template_id = $group_closed_id;
1005  #var_dump("GROUP CLOSED id:" . $template_id);
1006  break;
1007 
1008  case GRP_TYPE_OPEN:
1009  default:
1010  if(!$group_open_id)
1011  {
1012  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
1013  $res = $ilDB->query($query);
1014  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1015  {
1016  $group_open_id = $row->obj_id;
1017  }
1018  }
1019  $template_id = $group_open_id;
1020  #var_dump("GROUP OPEN id:" . $template_id);
1021  break;
1022  }
1023  break;
1024 
1025  case 'crs':
1026  if(!$course_non_member_id)
1027  {
1028  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
1029  $res = $ilDB->query($query);
1030  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1031  {
1032  $course_non_member_id = $row->obj_id;
1033  }
1034  }
1035  $template_id = $course_non_member_id;
1036  break;
1037  }
1038 
1039  $current_ops = $a_current_ops[$a_type];
1040 
1041  // Create intersection template permissions
1042  if($template_id)
1043  {
1044  $rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
1045 
1046  $rbacadmin->copyRolePermissionIntersection(
1047  $template_id, ROLE_FOLDER_ID,
1048  $this->getId(), end($policy_stack),
1049  $rolf,$this->getId()
1050  );
1051  }
1052  else
1053  {
1054  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1055  }
1056  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1057  if($rolf)
1058  {
1059  $rbacadmin->assignRoleToFolder($this->getId(),$rolf,"n");
1060  }
1061  return true;
1062  }
1063 
1064 } // END class.ilObjRole
1065 ?>