ILIAS  Release_4_3_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./Services/Object/classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
21 
29  var $parent;
30 
33 
36 
43  function ilObjRole($a_id = 0,$a_call_by_reference = false)
44  {
45  $this->type = "role";
46  $this->disk_quota = 0;
47  $this->ilObject($a_id,$a_call_by_reference);
48  }
49 
54  public function validate()
55  {
56  global $ilErr;
57 
58  if(substr($this->getTitle(),0,3) == 'il_')
59  {
60  $ilErr->setMessage('msg_role_reserved_prefix');
61  return false;
62  }
63  return true;
64  }
65 
70  public function getPresentationTitle()
71  {
72  return ilObjRole::_getTranslation($this->getTitle());
73  }
74 
75  function toggleAssignUsersStatus($a_assign_users)
76  {
77  $this->assign_users = (int) $a_assign_users;
78  }
80  {
81  return $this->assign_users ? $this->assign_users : 0;
82  }
83  // Same method (static)
84  function _getAssignUsersStatus($a_role_id)
85  {
86  global $ilDB;
87 
88  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
89  $res = $ilDB->query($query);
90  while($row = $ilDB->fetchObject($res))
91  {
92  return $row->assign_users ? true : false;
93  }
94  return false;
95  }
96 
101  function read ()
102  {
103  global $ilDB;
104 
105  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
106 
107  $res = $ilDB->query($query);
108  if ($res->numRows() > 0)
109  {
110  $data = $ilDB->fetchAssoc($res);
111 
112  // fill member vars in one shot
113  $this->assignData($data);
114  }
115  else
116  {
117  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
118  }
119 
120  parent::read();
121  }
122 
128  function assignData($a_data)
129  {
130  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
131  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
132  $this->setAllowRegister($a_data["allow_register"]);
133  $this->toggleAssignUsersStatus($a_data['assign_users']);
134  $this->setDiskQuota($a_data['disk_quota']);
135  }
136 
141  function update ()
142  {
143  global $ilDB;
144 
145  $query = "UPDATE role_data SET ".
146  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
147  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
148  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer')." ".
149  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
150  $res = $ilDB->manipulate($query);
151 
152  parent::update();
153 
154  $this->read();
155 
156  return true;
157  }
158 
166  function create()
167  {
168  global $ilDB;
169 
170  $this->id = parent::create();
171 
172  $query = "INSERT INTO role_data ".
173  "(role_id,allow_register,assign_users,disk_quota) ".
174  "VALUES ".
175  "(".$ilDB->quote($this->id,'integer').",".
176  $ilDB->quote($this->getAllowRegister(),'integer').",".
177  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
178  $ilDB->quote($this->getDiskQuota(),'integer').")"
179  ;
180  $res = $ilDB->query($query);
181 
182  return $this->id;
183  }
184 
191  function setAllowRegister($a_allow_register)
192  {
193  if (empty($a_allow_register))
194  {
195  $a_allow_register == 0;
196  }
197 
198  $this->allow_register = (int) $a_allow_register;
199  }
200 
207  function getAllowRegister()
208  {
209  return $this->allow_register ? $this->allow_register : false;
210  }
211 
220  function setDiskQuota($a_disk_quota)
221  {
222  $this->disk_quota = $a_disk_quota;
223  }
224 
234  function getDiskQuota()
235  {
236  return $this->disk_quota;
237  }
245  {
246  global $ilDB;
247 
248  $query = "SELECT * FROM role_data ".
249  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
250  "WHERE allow_register = 1";
251  $res = $ilDB->query($query);
252 
253  $roles = array();
254  while($role = $ilDB->fetchAssoc($res))
255  {
256  $roles[] = array("id" => $role["obj_id"],
257  "title" => $role["title"],
258  "auth_mode" => $role['auth_mode']);
259  }
260 
261  return $roles;
262  }
263 
270  function _lookupAllowRegister($a_role_id)
271  {
272  global $ilDB;
273 
274  $query = "SELECT * FROM role_data ".
275  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
276 
277  $res = $ilDB->query($query);
278  if ($role_rec = $ilDB->fetchAssoc($res))
279  {
280  if ($role_rec["allow_register"])
281  {
282  return true;
283  }
284  }
285  return false;
286  }
287 
295  function setParent($a_parent_ref)
296  {
297  $this->parent = $a_parent_ref;
298  }
299 
306  function getParent()
307  {
308  return $this->parent;
309  }
310 
311 
318  function delete()
319  {
320  global $rbacadmin, $rbacreview,$ilDB;
321 
322  $role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
323 
324  // Temporary bugfix
325  if($rbacreview->hasMultipleAssignments($this->getId()))
326  {
327  $GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
328  return false;
329  }
330 
331  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
332  {
333  // do not delete a global role, if the role is the last
334  // role a user is assigned to.
335  //
336  // Performance improvement: In the code section below, we
337  // only need to consider _global_ roles. We don't need
338  // to check for _local_ roles, because a user who has
339  // a local role _always_ has a global role too.
340  $last_role_user_ids = array();
341  if ($this->getParent() == ROLE_FOLDER_ID)
342  {
343  // The role is a global role: check if
344  // we find users who aren't assigned to any
345  // other global role than this one.
346  $user_ids = $rbacreview->assignedUsers($this->getId());
347 
348  foreach ($user_ids as $user_id)
349  {
350  // get all roles each user has
351  $role_ids = $rbacreview->assignedRoles($user_id);
352 
353  // is last role?
354  if (count($role_ids) == 1)
355  {
356  $last_role_user_ids[] = $user_id;
357  }
358  }
359  }
360 
361  // users with last role found?
362  if (count($last_role_user_ids) > 0)
363  {
364  foreach ($last_role_user_ids as $user_id)
365  {
366 //echo "<br>last role for user id:".$user_id.":";
367  // GET OBJECT TITLE
368  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
369  $user_names[] = $tmp_obj->getFullname();
370  unset($tmp_obj);
371  }
372 
373  // TODO: This check must be done in rolefolder object because if multiple
374  // roles were selected the other roles are still deleted and the system does not
375  // give any feedback about this.
376  $users = implode(', ',$user_names);
377  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
378  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
379  }
380  else
381  {
382  // IT'S A BASE ROLE
383  $rbacadmin->deleteRole($this->getId(),$this->getParent());
384 
385  // Delete ldap role group mappings
386  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
388 
389  // delete object_data entry
390  parent::delete();
391 
392  // delete role_data entry
393  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
394  $res = $ilDB->manipulate($query);
395 
396  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
397  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
398  $role_desk_item_obj->deleteAll();
399 
400  }
401  }
402  else
403  {
404  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
405  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
406  }
407 
408  // purge empty rolefolders
409  //
410  // Performance improvement: We filter out all role folders
411  // which still contain roles, _before_ we attempt to purge them.
412  // This is faster than attempting to purge all role folders,
413  // and let function purge() of the role folder find out, if
414  // purging is possible.
415 
416  $non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
417  $role_folders = array_diff($role_folders,$non_empty_role_folders);
418 
419  // Attempt to purge the role folders
420  foreach ($role_folders as $rolf)
421  {
422  if (ilObject::_exists($rolf,true))
423  {
424  $rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
425  $rolfObj->purge();
426  unset($rolfObj);
427  }
428  }
429 
430  return true;
431  }
432 
433  function getCountMembers()
434  {
435  global $rbacreview;
436 
437  return count($rbacreview->assignedUsers($this->getId()));
438  }
439 
440  function _getTranslation($a_role_title)
441  {
442  global $lng;
443 
444  $test_str = explode('_',$a_role_title);
445 
446  if ($test_str[0] == 'il')
447  {
448  $test2 = (int) $test_str[3];
449  if ($test2 > 0)
450  {
451  unset($test_str[3]);
452  }
453 
454  return $lng->txt(implode('_',$test_str));
455  }
456 
457  return $a_role_title;
458  }
459 
460 
461 
462  function _updateAuthMode($a_roles)
463  {
464  global $ilDB;
465 
466  foreach ($a_roles as $role_id => $auth_mode)
467  {
468  $query = "UPDATE role_data SET ".
469  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
470  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
471  $res = $ilDB->manipulate($query);
472  }
473  }
474 
475  function _getAuthMode($a_role_id)
476  {
477  global $ilDB;
478 
479  $query = "SELECT auth_mode FROM role_data ".
480  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
481  $res = $ilDB->query($query);
482  $row = $ilDB->fetchAssoc($res);
483 
484  return $row['auth_mode'];
485  }
486 
494  public static function _getRolesByAuthMode($a_auth_mode)
495  {
496  global $ilDB;
497 
498  $query = "SELECT * FROM role_data ".
499  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
500  $res = $ilDB->query($query);
501  $roles = array();
502  while($row = $ilDB->fetchObject($res))
503  {
504  $roles[] = $row->role_id;
505  }
506  return $roles;
507  }
508 
517  public static function _resetAuthMode($a_auth_mode)
518  {
519  global $ilDB;
520 
521  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
522  $res = $ilDB->manipulate($query);
523  }
524 
525  // returns array of operation/objecttype definitions
526  // private
528  {
529  global $ilDB, $lng, $objDefinition,$rbacreview;
530 
531  $operation_info = $rbacreview->getOperationAssignment();
532  foreach($operation_info as $info)
533  {
534  if($objDefinition->getDevMode($info['type']))
535  {
536  continue;
537  }
538  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
539  "type" => $info['type']);
540 
541  // handle plugin permission texts
542  $txt = $objDefinition->isPlugin($info['type'])
543  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
544  : $lng->txt($info['type']."_".$info['operation']);
545  if (substr($info['operation'], 0, 7) == "create_" &&
546  $objDefinition->isPlugin(substr($info['operation'], 7)))
547  {
548  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
549  }
550  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
551  "ops_id" => $info['ops_id'],
552  "title" => $info['operation'],
553  "name" => $txt);
554 
555  }
556  return array($rbac_objects,$rbac_operations);
557  }
558 
564  public function isDeletable($a_role_folder_id)
565  {
566  global $rbacreview;
567 
568  if(!$rbacreview->isAssignable($this->getId(), $a_role_folder_id))
569  {
570  return false;
571  }
572 
573  if(substr($this->getTitle(),0,3) == 'il_')
574  {
575  return false;
576  }
577  return true;
578 
579  }
580 
581  public static function isAutoGenerated($a_role_id)
582  {
583  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
584  }
585 
593  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
594  {
595  global $tree,$rbacreview;
596 
597  // Get node info of subtree
598  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
599 
600 
601  // get local policies
602  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
603 
604 
605  // filter relevant roles
606  $local_policies = array();
607  foreach($all_local_policies as $lp)
608  {
609  if(isset($nodes[$lp]))
610  {
611  $local_policies[] = $lp;
612  }
613  }
614 
615  // Delete deprecated policies
616  switch($a_mode)
617  {
618  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
619  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
620  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
621  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
622  break;
623  }
624  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
625 
626  #var_dump(memory_get_peak_usage());
627  #var_dump(memory_get_usage());
628  }
629 
635  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
636  {
637  global $rbacreview,$rbacadmin;
638 
639  $local_policies = array();
640  foreach($a_policies as $policy)
641  {
642  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
643  {
644  $local_policies[] = $policy;
645  continue;
646  }
647  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
648  {
649  $local_policies[] = $policy;
650  continue;
651  }
652 
653  if($rolf = $rbacreview->getRoleFolderIdOfObject($policy))
654  {
655  $rbacadmin->deleteLocalRole($this->getId(),$rolf);
656  }
657  }
658  return $local_policies;
659  }
660 
669  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
670  {
671  global $rbacadmin, $rbacreview;
672 
673  $operation_stack = array();
674  $policy_stack = array();
675  $left_stack = array();
676  $right_stack = array();
677 
678  $start_node = current($a_nodes);
679  array_push($left_stack, $start_node['lft']);
680  array_push($right_stack, $start_node['rgt']);
681  $this->updatePolicyStack($policy_stack, $start_node['child']);
682  $this->updateOperationStack($operation_stack, $start_node['child'],true);
683 
684  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
685  $rbac_log_active = ilRbacLog::isActive();
686 
687  $local_policy = false;
688  foreach($a_nodes as $node)
689  {
690  $lft = end($left_stack);
691  $rgt = end($right_stack);
692 
693  #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
694 
695  while(($node['lft'] < $lft) or ($node['rgt'] > $rgt))
696  {
697  #echo "LEFT ".$node['child'].'<br>';
698  array_pop($operation_stack);
699  array_pop($policy_stack);
700  array_pop($left_stack);
701  array_pop($right_stack);
702 
703  $lft = end($left_stack);
704  $rgt = end($right_stack);
705 
706  $local_policy = false;
707  }
708 
709  if($local_policy)
710  {
711  #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
712  // Continue if inside of local policy
713  continue;
714  }
715 
716  // Start node => set permissions and continue
717  if($node['child'] == $start_node['child'])
718  {
719  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
720  {
721  if($rbac_log_active)
722  {
723  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
724  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
725  }
726 
727  // Set permissions
728  $perms = end($operation_stack);
729  $rbacadmin->grantPermission(
730  $this->getId(),
731  (array) $perms[$node['type']],
732  $node['child']
733  );
734 
735  if($rbac_log_active)
736  {
737  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
738  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
739  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
740  }
741  }
742  continue;
743  }
744 
745  // Node has local policies => update permission stack and continue
746  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
747  {
748  #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
749  $local_policy = true;
750  $this->updatePolicyStack($policy_stack, $node['child']);
751  $this->updateOperationStack($operation_stack, $node['child']);
752  array_push($left_stack,$node['lft']);
753  array_push($right_stack, $node['rgt']);
754  continue;
755  }
756 
757  // Continue if this object type is in filter
758  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
759  {
760  continue;
761  }
762 
763  if($rbac_log_active)
764  {
765  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
766  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
767  }
768 
769  #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
770  // Node is course => create course permission intersection
771  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
772  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
773 
774  {
775  #echo "CRS ".$node['child'].'<br>';
776  // Copy role permission intersection
777 
778  $perms = end($operation_stack);
779  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
780  if($this->updateOperationStack($operation_stack,$node['child']))
781  {
782  #echo "CRS SUCCESS ".$node['child'].'<br>';
783  $this->updatePolicyStack($policy_stack, $node['child']);
784  array_push($left_stack, $node['lft']);
785  array_push($right_stack, $node['rgt']);
786  }
787  }
788 
789  // Node is group => create group permission intersection
790  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
791  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
792  {
793  #echo "GRP ".$node['child'].'<br>';
794  // Copy role permission intersection
795  $perms = end($operation_stack);
796  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
797  if($this->updateOperationStack($operation_stack,$node['child']))
798  {
799  #echo "GRP SUCCESS ".$node['child'].'<br>';
800  $this->updatePolicyStack($policy_stack, $node['child']);
801  array_push($left_stack, $node['lft']);
802  array_push($right_stack, $node['rgt']);
803  }
804  }
805 
806  #echo "GRANTED ".$node['child'].'<br>';
807  // Set permission
808  $perms = end($operation_stack);
809  $rbacadmin->grantPermission(
810  $this->getId(),
811  (array) $perms[$node['type']],
812  $node['child']
813  );
814  #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
815 
816  if($rbac_log_active)
817  {
818  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
819  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
820  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
821  }
822  }
823  }
824 
831  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
832  {
833  if(in_array($a_type,$a_exclusion_filter))
834  {
835  return false;
836  }
837 
838  if(in_array('all',$a_filter))
839  {
840  return true;
841  }
842  return in_array($a_type,$a_filter);
843  }
844 
851  protected function updateOperationStack(&$a_stack,$a_node, $a_init = false)
852  {
853  global $rbacreview;
854 
855  if($a_node == ROOT_FOLDER_ID)
856  {
857  $rolf = ROLE_FOLDER_ID;
858  }
859  else
860  {
861  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
862 
863  if($a_init)
864  {
865  $parent_roles = $rbacreview->getParentRoleIds($a_node,false);
866  if($parent_roles[$this->getId()])
867  {
868  $a_stack[] = $rbacreview->getAllOperationsOfRole(
869  $this->getId(),
870  $parent_roles[$this->getId()]['parent']
871  );
872  }
873  return true;
874  }
875  }
876 
877  if(!$rolf)
878  {
879  return false;
880  }
881 
882  $a_stack[] = $rbacreview->getAllOperationsOfRole(
883  $this->getId(),
884  $rolf
885  );
886  return true;
887  }
888 
894  protected function updatePolicyStack(&$a_stack,$a_node)
895  {
896  global $rbacreview;
897 
898  if($a_node == ROOT_FOLDER_ID)
899  {
900  $rolf = ROLE_FOLDER_ID;
901  }
902  else
903  {
904  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
905  }
906 
907  if(!$rolf)
908  {
909  return false;
910  }
911 
912  $a_stack[] = $rolf;
913  return true;
914  }
915 
923  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
924  {
925  global $ilDB, $rbacreview,$rbacadmin;
926 
927  static $course_non_member_id = null;
928  static $group_non_member_id = null;
929  static $group_open_id = null;
930  static $group_closed_id = null;
931 
932  // Get template id
933  switch($a_type)
934  {
935  case 'grp':
936 
937  include_once './Modules/Group/classes/class.ilObjGroup.php';
939  #var_dump("GROUP TYPE",$type);
940  switch($type)
941  {
942  case GRP_TYPE_CLOSED:
943  if(!$group_closed_id)
944  {
945  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
946  $res = $ilDB->query($query);
947  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
948  {
949  $group_closed_id = $row->obj_id;
950  }
951  }
952  $template_id = $group_closed_id;
953  #var_dump("GROUP CLOSED id:" . $template_id);
954  break;
955 
956  case GRP_TYPE_OPEN:
957  default:
958  if(!$group_open_id)
959  {
960  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
961  $res = $ilDB->query($query);
962  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
963  {
964  $group_open_id = $row->obj_id;
965  }
966  }
967  $template_id = $group_open_id;
968  #var_dump("GROUP OPEN id:" . $template_id);
969  break;
970  }
971  break;
972 
973  case 'crs':
974  if(!$course_non_member_id)
975  {
976  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
977  $res = $ilDB->query($query);
978  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
979  {
980  $course_non_member_id = $row->obj_id;
981  }
982  }
983  $template_id = $course_non_member_id;
984  break;
985  }
986 
987  $current_ops = $a_current_ops[$a_type];
988 
989  // Create intersection template permissions
990  if($template_id)
991  {
992  $rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
993 
994  $rbacadmin->copyRolePermissionIntersection(
995  $template_id, ROLE_FOLDER_ID,
996  $this->getId(), end($policy_stack),
997  $rolf,$this->getId()
998  );
999  }
1000  else
1001  {
1002  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1003  }
1004  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1005  if($rolf)
1006  {
1007  $rbacadmin->assignRoleToFolder($this->getId(),$rolf,"n");
1008  }
1009  return true;
1010  }
1011 
1012 } // END class.ilObjRole
1013 ?>