ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./Services/Object/classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
17  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21 
29  var $parent;
30 
31  var $allow_register;
32  var $assign_users;
33 
35  var $disk_quota;
36  var $wsp_disk_quota;
37 
44  function ilObjRole($a_id = 0,$a_call_by_reference = false)
45  {
46  $this->type = "role";
47  $this->disk_quota = 0;
48  $this->wsp_disk_quota = 0;
49  $this->ilObject($a_id,$a_call_by_reference);
50  }
51 
56  public function validate()
57  {
58  global $ilErr;
59 
60  if(substr($this->getTitle(),0,3) == 'il_')
61  {
62  $ilErr->setMessage('msg_role_reserved_prefix');
63  return false;
64  }
65  return true;
66  }
67 
72  public function getPresentationTitle()
73  {
74  return ilObjRole::_getTranslation($this->getTitle());
75  }
76 
77  function toggleAssignUsersStatus($a_assign_users)
78  {
79  $this->assign_users = (int) $a_assign_users;
80  }
81  function getAssignUsersStatus()
82  {
83  return $this->assign_users ? $this->assign_users : 0;
84  }
85  // Same method (static)
86  function _getAssignUsersStatus($a_role_id)
87  {
88  global $ilDB;
89 
90  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
91  $res = $ilDB->query($query);
92  while($row = $ilDB->fetchObject($res))
93  {
94  return $row->assign_users ? true : false;
95  }
96  return false;
97  }
98 
103  function read ()
104  {
105  global $ilDB;
106 
107  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
108 
109  $res = $ilDB->query($query);
110  if ($res->numRows() > 0)
111  {
112  $data = $ilDB->fetchAssoc($res);
113 
114  // fill member vars in one shot
115  $this->assignData($data);
116  }
117  else
118  {
119  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
120  }
121 
122  parent::read();
123  }
124 
130  function assignData($a_data)
131  {
132  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
133  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
134  $this->setAllowRegister($a_data["allow_register"]);
135  $this->toggleAssignUsersStatus($a_data['assign_users']);
136  $this->setDiskQuota($a_data['disk_quota']);
137  $this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
138  }
139 
144  function update ()
145  {
146  global $ilDB;
147 
148  $query = "UPDATE role_data SET ".
149  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
150  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
151  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer').", ".
152  "wsp_disk_quota = ".$ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer')." ".
153  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
154  $res = $ilDB->manipulate($query);
155 
156  parent::update();
157 
158  $this->read();
159 
160  return true;
161  }
162 
170  function create()
171  {
172  global $ilDB;
173 
174  $this->id = parent::create();
175 
176  $query = "INSERT INTO role_data ".
177  "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) ".
178  "VALUES ".
179  "(".$ilDB->quote($this->id,'integer').",".
180  $ilDB->quote($this->getAllowRegister(),'integer').",".
181  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
182  $ilDB->quote($this->getDiskQuota(),'integer').",".
183  $ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer').")"
184  ;
185  $res = $ilDB->query($query);
186 
187  return $this->id;
188  }
189 
196  function setAllowRegister($a_allow_register)
197  {
198  if (empty($a_allow_register))
199  {
200  $a_allow_register == 0;
201  }
202 
203  $this->allow_register = (int) $a_allow_register;
204  }
205 
212  function getAllowRegister()
213  {
214  return $this->allow_register ? $this->allow_register : false;
215  }
216 
225  function setDiskQuota($a_disk_quota)
226  {
227  $this->disk_quota = $a_disk_quota;
228  }
229 
239  function getDiskQuota()
240  {
241  return $this->disk_quota;
242  }
243 
244 
253  function setPersonalWorkspaceDiskQuota($a_disk_quota)
254  {
255  $this->wsp_disk_quota = $a_disk_quota;
256  }
257 
267  function getPersonalWorkspaceDiskQuota()
268  {
269  return $this->wsp_disk_quota;
270  }
271 
278  function _lookupRegisterAllowed()
279  {
280  global $ilDB;
281 
282  $query = "SELECT * FROM role_data ".
283  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
284  "WHERE allow_register = 1";
285  $res = $ilDB->query($query);
286 
287  $roles = array();
288  while($role = $ilDB->fetchAssoc($res))
289  {
290  $roles[] = array("id" => $role["obj_id"],
291  "title" => $role["title"],
292  "auth_mode" => $role['auth_mode']);
293  }
294 
295  return $roles;
296  }
297 
304  function _lookupAllowRegister($a_role_id)
305  {
306  global $ilDB;
307 
308  $query = "SELECT * FROM role_data ".
309  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
310 
311  $res = $ilDB->query($query);
312  if ($role_rec = $ilDB->fetchAssoc($res))
313  {
314  if ($role_rec["allow_register"])
315  {
316  return true;
317  }
318  }
319  return false;
320  }
321 
329  function setParent($a_parent_ref)
330  {
331  $this->parent = $a_parent_ref;
332  }
333 
340  function getParent()
341  {
342  return $this->parent;
343  }
344 
345 
352  function delete()
353  {
354  global $rbacadmin, $rbacreview,$ilDB;
355 
356  $role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
357 
358  // Temporary bugfix
359  if($rbacreview->hasMultipleAssignments($this->getId()))
360  {
361  $GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
362  return false;
363  }
364 
365  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
366  {
367  // do not delete a global role, if the role is the last
368  // role a user is assigned to.
369  //
370  // Performance improvement: In the code section below, we
371  // only need to consider _global_ roles. We don't need
372  // to check for _local_ roles, because a user who has
373  // a local role _always_ has a global role too.
374  $last_role_user_ids = array();
375  if ($this->getParent() == ROLE_FOLDER_ID)
376  {
377  // The role is a global role: check if
378  // we find users who aren't assigned to any
379  // other global role than this one.
380  $user_ids = $rbacreview->assignedUsers($this->getId());
381 
382  foreach ($user_ids as $user_id)
383  {
384  // get all roles each user has
385  $role_ids = $rbacreview->assignedRoles($user_id);
386 
387  // is last role?
388  if (count($role_ids) == 1)
389  {
390  $last_role_user_ids[] = $user_id;
391  }
392  }
393  }
394 
395  // users with last role found?
396  if (count($last_role_user_ids) > 0)
397  {
398  foreach ($last_role_user_ids as $user_id)
399  {
400 //echo "<br>last role for user id:".$user_id.":";
401  // GET OBJECT TITLE
402  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
403  $user_names[] = $tmp_obj->getFullname();
404  unset($tmp_obj);
405  }
406 
407  // TODO: This check must be done in rolefolder object because if multiple
408  // roles were selected the other roles are still deleted and the system does not
409  // give any feedback about this.
410  $users = implode(', ',$user_names);
411  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
412  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
413  }
414  else
415  {
416  // IT'S A BASE ROLE
417  $rbacadmin->deleteRole($this->getId(),$this->getParent());
418 
419  // Delete ldap role group mappings
420  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
421  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
422 
423  // delete object_data entry
424  parent::delete();
425 
426  // delete role_data entry
427  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
428  $res = $ilDB->manipulate($query);
429 
430  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
431  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
432  $role_desk_item_obj->deleteAll();
433 
434  }
435  }
436  else
437  {
438  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
439  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
440  }
441 
442  // purge empty rolefolders
443  //
444  // Performance improvement: We filter out all role folders
445  // which still contain roles, _before_ we attempt to purge them.
446  // This is faster than attempting to purge all role folders,
447  // and let function purge() of the role folder find out, if
448  // purging is possible.
449 
450  $non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
451  $role_folders = array_diff($role_folders,$non_empty_role_folders);
452 
453  // Attempt to purge the role folders
454  foreach ($role_folders as $rolf)
455  {
456  if (ilObject::_exists($rolf,true))
457  {
458  $rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
459  $rolfObj->purge();
460  unset($rolfObj);
461  }
462  }
463 
464  return true;
465  }
466 
467  function getCountMembers()
468  {
469  global $rbacreview;
470 
471  return count($rbacreview->assignedUsers($this->getId()));
472  }
473 
474  function _getTranslation($a_role_title)
475  {
476  global $lng;
477 
478  $test_str = explode('_',$a_role_title);
479 
480  if ($test_str[0] == 'il')
481  {
482  $test2 = (int) $test_str[3];
483  if ($test2 > 0)
484  {
485  unset($test_str[3]);
486  }
487 
488  return $lng->txt(implode('_',$test_str));
489  }
490 
491  return $a_role_title;
492  }
493 
494 
495 
496  function _updateAuthMode($a_roles)
497  {
498  global $ilDB;
499 
500  foreach ($a_roles as $role_id => $auth_mode)
501  {
502  $query = "UPDATE role_data SET ".
503  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
504  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
505  $res = $ilDB->manipulate($query);
506  }
507  }
508 
509  function _getAuthMode($a_role_id)
510  {
511  global $ilDB;
512 
513  $query = "SELECT auth_mode FROM role_data ".
514  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
515  $res = $ilDB->query($query);
516  $row = $ilDB->fetchAssoc($res);
517 
518  return $row['auth_mode'];
519  }
520 
528  public static function _getRolesByAuthMode($a_auth_mode)
529  {
530  global $ilDB;
531 
532  $query = "SELECT * FROM role_data ".
533  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
534  $res = $ilDB->query($query);
535  $roles = array();
536  while($row = $ilDB->fetchObject($res))
537  {
538  $roles[] = $row->role_id;
539  }
540  return $roles;
541  }
542 
551  public static function _resetAuthMode($a_auth_mode)
552  {
553  global $ilDB;
554 
555  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
556  $res = $ilDB->manipulate($query);
557  }
558 
559  // returns array of operation/objecttype definitions
560  // private
561  function __getPermissionDefinitions()
562  {
563  global $ilDB, $lng, $objDefinition,$rbacreview;
564 
565  $operation_info = $rbacreview->getOperationAssignment();
566  foreach($operation_info as $info)
567  {
568  if($objDefinition->getDevMode($info['type']))
569  {
570  continue;
571  }
572  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
573  "type" => $info['type']);
574 
575  // handle plugin permission texts
576  $txt = $objDefinition->isPlugin($info['type'])
577  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
578  : $lng->txt($info['type']."_".$info['operation']);
579  if (substr($info['operation'], 0, 7) == "create_" &&
580  $objDefinition->isPlugin(substr($info['operation'], 7)))
581  {
582  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
583  }
584  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
585  "ops_id" => $info['ops_id'],
586  "title" => $info['operation'],
587  "name" => $txt);
588 
589  }
590  return array($rbac_objects,$rbac_operations);
591  }
592 
598  public function isDeletable($a_role_folder_id)
599  {
600  global $rbacreview;
601 
602  if(!$rbacreview->isAssignable($this->getId(), $a_role_folder_id))
603  {
604  return false;
605  }
606 
607  if(substr($this->getTitle(),0,3) == 'il_')
608  {
609  return false;
610  }
611  return true;
612 
613  }
614 
615  public static function isAutoGenerated($a_role_id)
616  {
617  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
618  }
619 
627  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
628  {
629  global $tree,$rbacreview;
630 
631  // Get node info of subtree
632  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
633 
634 
635  // get local policies
636  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
637 
638  // filter relevant roles
639  $local_policies = array();
640  foreach($all_local_policies as $lp)
641  {
642  if(isset($nodes[$lp]))
643  {
644  $local_policies[] = $lp;
645  }
646  }
647 
648  // Delete deprecated policies
649  switch($a_mode)
650  {
651  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
652  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
653  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
654  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
655  break;
656  }
657  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
658 
659  #var_dump(memory_get_peak_usage());
660  #var_dump(memory_get_usage());
661  }
662 
668  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
669  {
670  global $rbacreview,$rbacadmin;
671 
672  $local_policies = array();
673  foreach($a_policies as $policy)
674  {
675  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
676  {
677  $local_policies[] = $policy;
678  continue;
679  }
680  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
681  {
682  $local_policies[] = $policy;
683  continue;
684  }
685 
686  if($rolf = $rbacreview->getRoleFolderIdOfObject($policy))
687  {
688  $rbacadmin->deleteLocalRole($this->getId(),$rolf);
689  }
690  }
691  return $local_policies;
692  }
693 
702  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
703  {
704  global $rbacadmin, $rbacreview, $tree;
705 
706  $operation_stack = array();
707  $policy_stack = array();
708  $node_stack = array();
709 
710  $start_node = current($a_nodes);
711  array_push($node_stack,$start_node);
712  $this->updatePolicyStack($policy_stack, $start_node['child']);
713  $this->updateOperationStack($operation_stack, $start_node['child'],true);
714 
715  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
716  $rbac_log_active = ilRbacLog::isActive();
717 
718  $local_policy = false;
719  foreach($a_nodes as $node)
720  {
721  $cmp_node = end($node_stack);
722  while($relation = $tree->getRelationOfNodes($node,$cmp_node))
723  {
724  switch($relation)
725  {
726  case ilTree::RELATION_NONE:
727  case ilTree::RELATION_SIBLING:
728  $GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none relation.');
729  array_pop($operation_stack);
730  array_pop($policy_stack);
731  array_pop($node_stack);
732  $cmp_node = end($node_stack);
733  $local_policy = false;
734  break;
735 
736  case ilTree::RELATION_CHILD:
737  case ilTree::RELATION_EQUALS:
738  case ilTree::RELATION_PARENT:
739  default:
740  $GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
741  break 2;
742  }
743 
744  }
745 
746  if($local_policy)
747  {
748  continue;
749  }
750 
751  // Start node => set permissions and continue
752  if($node['child'] == $start_node['child'])
753  {
754  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
755  {
756  if($rbac_log_active)
757  {
758  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
759  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
760  }
761 
762  // Set permissions
763  $perms = end($operation_stack);
764  $rbacadmin->grantPermission(
765  $this->getId(),
766  (array) $perms[$node['type']],
767  $node['child']
768  );
769 
770  if($rbac_log_active)
771  {
772  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
773  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
774  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
775  }
776  }
777  continue;
778  }
779 
780  // Node has local policies => update permission stack and continue
781  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
782  {
783  $local_policy = true;
784  $this->updatePolicyStack($policy_stack, $node['child']);
785  $this->updateOperationStack($operation_stack, $node['child']);
786  array_push($node_stack, $node);
787  continue;
788  }
789 
790  // Continue if this object type is not in filter
791  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
792  {
793  continue;
794  }
795 
796  if($rbac_log_active)
797  {
798  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
799  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
800  }
801 
802  // Node is course => create course permission intersection
803  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
804  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
805 
806  {
807  // Copy role permission intersection
808  $perms = end($operation_stack);
809  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
810  if($this->updateOperationStack($operation_stack,$node['child']))
811  {
812  $this->updatePolicyStack($policy_stack, $node['child']);
813  array_push($node_stack, $node);
814  }
815  }
816 
817  // Node is group => create group permission intersection
818  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
819  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
820  {
821  // Copy role permission intersection
822  $perms = end($operation_stack);
823  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
824  if($this->updateOperationStack($operation_stack,$node['child']))
825  {
826  $this->updatePolicyStack($policy_stack, $node['child']);
827  array_push($node_stack, $node);
828  }
829  }
830 
831  // Set permission
832  $perms = end($operation_stack);
833  $rbacadmin->grantPermission(
834  $this->getId(),
835  (array) $perms[$node['type']],
836  $node['child']
837  );
838 
839  if($rbac_log_active)
840  {
841  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
842  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
843  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
844  }
845  }
846  }
847 
854  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
855  {
856  if(in_array($a_type,$a_exclusion_filter))
857  {
858  return false;
859  }
860 
861  if(in_array('all',$a_filter))
862  {
863  return true;
864  }
865  return in_array($a_type,$a_filter);
866  }
867 
874  protected function updateOperationStack(&$a_stack,$a_node, $a_init = false)
875  {
876  global $rbacreview;
877 
878  if($a_node == ROOT_FOLDER_ID)
879  {
880  $rolf = ROLE_FOLDER_ID;
881  }
882  else
883  {
884  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
885 
886  if($a_init)
887  {
888  $parent_roles = $rbacreview->getParentRoleIds($a_node,false);
889  if($parent_roles[$this->getId()])
890  {
891  $a_stack[] = $rbacreview->getAllOperationsOfRole(
892  $this->getId(),
893  $parent_roles[$this->getId()]['parent']
894  );
895  }
896  return true;
897  }
898  }
899 
900  if(!$rolf)
901  {
902  return false;
903  }
904 
905  $a_stack[] = $rbacreview->getAllOperationsOfRole(
906  $this->getId(),
907  $rolf
908  );
909  return true;
910  }
911 
917  protected function updatePolicyStack(&$a_stack,$a_node)
918  {
919  global $rbacreview;
920 
921  if($a_node == ROOT_FOLDER_ID)
922  {
923  $rolf = ROLE_FOLDER_ID;
924  }
925  else
926  {
927  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
928  }
929 
930  if(!$rolf)
931  {
932  return false;
933  }
934 
935  $a_stack[] = $rolf;
936  return TRUE;
937  }
938 
946  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
947  {
948  global $ilDB, $rbacreview,$rbacadmin;
949 
950  static $course_non_member_id = null;
951  static $group_non_member_id = null;
952  static $group_open_id = null;
953  static $group_closed_id = null;
954 
955  // Get template id
956  switch($a_type)
957  {
958  case 'grp':
959 
960  include_once './Modules/Group/classes/class.ilObjGroup.php';
961  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
962  #var_dump("GROUP TYPE",$type);
963  switch($type)
964  {
965  case GRP_TYPE_CLOSED:
966  if(!$group_closed_id)
967  {
968  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
969  $res = $ilDB->query($query);
970  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
971  {
972  $group_closed_id = $row->obj_id;
973  }
974  }
975  $template_id = $group_closed_id;
976  #var_dump("GROUP CLOSED id:" . $template_id);
977  break;
978 
979  case GRP_TYPE_OPEN:
980  default:
981  if(!$group_open_id)
982  {
983  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
984  $res = $ilDB->query($query);
985  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
986  {
987  $group_open_id = $row->obj_id;
988  }
989  }
990  $template_id = $group_open_id;
991  #var_dump("GROUP OPEN id:" . $template_id);
992  break;
993  }
994  break;
995 
996  case 'crs':
997  if(!$course_non_member_id)
998  {
999  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
1000  $res = $ilDB->query($query);
1001  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1002  {
1003  $course_non_member_id = $row->obj_id;
1004  }
1005  }
1006  $template_id = $course_non_member_id;
1007  break;
1008  }
1009 
1010  $current_ops = $a_current_ops[$a_type];
1011 
1012  // Create intersection template permissions
1013  if($template_id)
1014  {
1015  $rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
1016 
1017  $rbacadmin->copyRolePermissionIntersection(
1018  $template_id, ROLE_FOLDER_ID,
1019  $this->getId(), end($policy_stack),
1020  $rolf,$this->getId()
1021  );
1022  }
1023  else
1024  {
1025  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1026  }
1027  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1028  if($rolf and !$GLOBALS['rbacreview']->isRoleAssignedToFolder($this->getId(),$rolf))
1029  {
1030  $rbacadmin->assignRoleToFolder($this->getId(),$rolf,"n");
1031  }
1032  return true;
1033  }
1034 
1035 } // END class.ilObjRole
1036 ?>