ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Protected Attributes | Static Private Attributes
ilRbacReview Class Reference
Services/AccessControl

class ilRbacReview Contains Review functions of core Rbac. More...

+ Collaboration diagram for ilRbacReview:

Public Member Functions

 __construct ()
 Constructor public.
 searchRolesByMailboxAddressList ($a_address_list)
 Finds all role ids that match the specified user friendly role mailbox address list.
 getRoleMailboxAddress ($a_role_id, $is_localize=true)
 Returns the mailbox address of a role.
 roleExists ($a_title, $a_id=0)
 Checks if a role already exists.
 getParentRoleIds ($a_endnode_id, $a_templates=false)
 get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates public
 getRoleListByObject ($a_ref_id, $a_templates=false)
 Returns a list of roles in an container public.
 getAssignableRoles ($a_templates=false, $a_internal_roles=false, $title_filter= '')
 Returns a list of all assignable roles public.
 getAssignableRolesInSubtree ($ref_id)
 Returns a list of assignable roles in a subtree of the repository public.
 getAssignableChildRoles ($a_ref_id)
 Get all assignable roles directly under a specific node public.
 getNumberOfAssignedUsers (Array $a_roles)
 Get the number of assigned users to roles ilDB $ilDB.
 assignedUsers ($a_rol_id, $a_fields=NULL)
 get all assigned users to a given role public
 isAssigned ($a_usr_id, $a_role_id)
 check if a specific user is assigned to specific role public
 isAssignedToAtLeastOneGivenRole ($a_usr_id, $a_role_ids)
 check if a specific user is assigned to at least one of the given role ids.
 assignedRoles ($a_usr_id)
 get all assigned roles to a given user public
 assignedGlobalRoles ($a_usr_id)
 Get assigned global roles for an user.
 isAssignable ($a_rol_id, $a_ref_id)
 Check if its possible to assign users public.
 hasMultipleAssignments ($a_role_id)
 Temporary bugfix.
 getFoldersAssignedToRole ($a_rol_id, $a_assignable=false)
 Returns an array of objects assigned to a role.
 getRolesOfObject ($a_ref_id, $a_assignable_only=FALSE)
 Get roles of object.
 getRolesOfRoleFolder ($a_ref_id, $a_nonassignable=true)
 get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids public
 getGlobalRoles ()
 get only 'global' roles public
 getLocalRoles ($a_ref_id)
 Get local roles of object.
 getLocalPolicies ($a_ref_id)
 Get all roles with local policies.
 getGlobalRolesArray ()
 get only 'global' roles public
 getGlobalAssignableRoles ()
 get only 'global' roles (with flag 'assign_users') public
 isRoleAssignedToObject ($a_role_id, $a_parent_id)
 Check if role is assigned to an object.
 getOperations ()
 get all possible operations public
 getOperation ($ops_id)
 get one operation by operation id public
 getAllOperationsOfRole ($a_rol_id, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public
 getActiveOperationsOfRole ($a_ref_id, $a_role_id)
 Get active operations for a role.
 getOperationsOfRole ($a_rol_id, $a_type, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public
 getRoleOperationsOnObject ($a_role_id, $a_ref_id)
 ilDB $ilDB
 getOperationsOnType ($a_typ_id)
 all possible operations of a type public
 getOperationsOnTypeString ($a_type)
 all possible operations of a type public
 getOperationsByTypeAndClass ($a_type, $a_class)
 Get operations by type and class.
 getObjectsWithStopedInheritance ($a_rol_id, $a_filter=array())
 get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.
 isDeleted ($a_node_id)
 Checks if a rolefolder is set as deleted (negative tree_id) public.
 isGlobalRole ($a_role_id)
 Check if role is a global role.
 getRolesByFilter ($a_filter=0, $a_user_id=0, $title_filter= '')
 ilDB $ilDB
 getTypeId ($a_type)
 Get type id of object ilDB $ilDB.
 isProtected ($a_ref_id, $a_role_id)
 getObjectOfRole ($a_role_id)
 Get object id of objects a role is assigned to.
 getObjectReferenceOfRole ($a_role_id)
 Get reference of role.
 isRoleDeleted ($a_role_id)
 return if role is only attached to deleted role folders
 getRolesForIDs ($role_ids, $use_templates)
 ilDB $ilDB
 getOperationAssignment ()
 get operation assignments
 isDeleteable ($a_role_id, $a_rolf_id)
 Check if role is deleteable at a specific position.
 isSystemGeneratedRole ($a_role_id)
 Check if the role is system generate role or role template.
 getRoleFolderOfRole ($a_role_id)
 Get role folder of role ilDB $ilDB.
 getUserPermissionsOnObject ($a_user_id, $a_ref_id)
 Get all user permissions on an object.
 setAssignedCacheEntry ($a_role_id, $a_user_id, $a_value)
 set entry of assigned_chache
 getAssignedCacheEntry ($a_role_id, $a_user_id)
 get entry of assigned_chache

Static Public Member Functions

static _getOperationIdsByName ($operations)
 get ops_id's by name.
static _getOperationIdByName ($a_operation)
 get operation id by name of operation public static
static lookupCreateOperationIds ($a_type_arr)
 Lookup operation ids.
static _getOperationList ($a_type=null)
 get operation list by object type public static
static _groupOperationsByClass ($a_ops_arr)

Data Fields

const FILTER_ALL = 1
const FILTER_ALL_GLOBAL = 2
const FILTER_ALL_LOCAL = 3
const FILTER_INTERNAL = 4
const FILTER_NOT_INTERNAL = 5
const FILTER_TEMPLATES = 6
 $log = null

Protected Member Functions

 __getParentRoles ($a_path, $a_templates)
 Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan.
 __setTemplateFilter ($a_templates)
 get roles and templates or only roles; returns string for where clause private
 __setRoleType ($a_role_list)
 computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates
 __setProtectedStatus ($a_parent_roles, $a_role_hierarchy, $a_ref_id)
 Set protected status type $rbacsystem type $ilUser type $log.

Protected Attributes

 $assigned_roles = array()

Static Protected Attributes

static $assigned_users_cache = array()
static $is_assigned_cache = array()

Static Private Attributes

static $_opsCache = null

Detailed Description

class ilRbacReview Contains Review functions of core Rbac.

This class offers the possibility to view the contents of the user <-> role (UR) relation and the permission <-> role (PR) relation. For example, from the UA relation the administrator should have the facility to view all user assigned to a given role.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
Id:
class.ilRbacReview.php 61612 2016-02-19 15:10:21Z gitmgr

Definition at line 19 of file class.ilRbacReview.php.

Constructor & Destructor Documentation

ilRbacReview::__construct ( )

Constructor public.

Definition at line 48 of file class.ilRbacReview.php.

References $ilDB, $ilErr, $ilLog, if, and PEAR_ERROR_CALLBACK.

{
global $ilDB,$ilErr,$ilias,$ilLog;
$this->log =& $ilLog;
// set db & error handler
(isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
if (!isset($ilErr))
{
$ilErr = new ilErrorHandling();
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
}
else
{
$this->ilErr =& $ilErr;
}
}

Member Function Documentation

ilRbacReview::__getParentRoles (   $a_path,
  $a_templates 
)
protected

Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan.

Get parent roles in a path. If last parameter is set 'true' it delivers also all templates in the path protected

Parameters
arrayarray with path_ids
booleantrue for role templates (default: false)
Returns
array array with all parent roles (obj_ids)
Todo:
refactor rolf => DONE

Definition at line 597 of file class.ilRbacReview.php.

References $ref_id, __setProtectedStatus(), and getRoleListByObject().

Referenced by getParentRoleIds().

{
if (!isset($a_path) or !is_array($a_path))
{
$message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$parent_roles = array();
$role_hierarchy = array();
foreach($a_path as $ref_id)
{
$roles = $this->getRoleListByObject($ref_id,$a_templates);
foreach($roles as $role)
{
$id = $role["obj_id"];
$role["parent"] = $ref_id;
$parent_roles[$id] = $role;
if (!array_key_exists($role['obj_id'],$role_hierarchy))
{
$role_hierarchy[$id] = $ref_id;
}
}
}
return $this->__setProtectedStatus($parent_roles,$role_hierarchy,reset($a_path));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::__setProtectedStatus (   $a_parent_roles,
  $a_role_hierarchy,
  $a_ref_id 
)
protected

Set protected status type $rbacsystem type $ilUser type $log.

Parameters
type$a_parent_roles
type$a_role_hierarchy
type$a_ref_id
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 1934 of file class.ilRbacReview.php.

References $ilUser, $log, and assignedRoles().

Referenced by __getParentRoles().

{
//vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
global $rbacsystem,$ilUser,$log;
if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
{
$leveladmin = true;
}
else
{
$leveladmin = false;
}
#vd("RoleHierarchy",$a_role_hierarchy);
foreach ($a_role_hierarchy as $role_id => $rolf_id)
{
//$log->write("ilRBACreview::__setProtectedStatus(), 0");
#echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
//var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
if ($leveladmin == true)
{
$a_parent_roles[$role_id]['protected'] = false;
continue;
}
if ($a_parent_roles[$role_id]['protected'] == true)
{
$arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
#vd("intersection",$arr_lvl_roles_user);
foreach ($arr_lvl_roles_user as $lvl_role_id)
{
#echo "<br/>level_role: ".$lvl_role_id;
#echo "<br/>a_ref_id: ".$a_ref_id;
//$log->write("ilRBACreview::__setProtectedStatus(), 1");
// check if role grants 'edit_permission' to parent
$rolf = $a_parent_roles[$role_id]['parent'];
#$parent_obj = $GLOBALS['tree']->getParentId($rolf);
if ($rbacsystem->checkPermission($rolf,$lvl_role_id,'edit_permission'))
{
#echo "<br />Permission granted";
//$log->write("ilRBACreview::__setProtectedStatus(), 2");
// user may change permissions of that higher-ranked role
$a_parent_roles[$role_id]['protected'] = false;
// remember successful check
//$leveladmin = true;
}
}
}
}
return $a_parent_roles;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::__setRoleType (   $a_role_list)
protected

computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates

private

Parameters
arrayrole list
Returns
array role list with additional entry for role_type
Todo:
refactor rolf => DONE

Definition at line 835 of file class.ilRbacReview.php.

Referenced by getAssignableRoles(), getRoleListByObject(), getRolesByFilter(), and getRolesForIDs().

{
foreach ($a_role_list as $key => $val)
{
// determine role type
if ($val["type"] == "rolt")
{
$a_role_list[$key]["role_type"] = "template";
}
else
{
if ($val["assign"] == "y")
{
if ($val["parent"] == ROLE_FOLDER_ID)
{
$a_role_list[$key]["role_type"] = "global";
}
else
{
$a_role_list[$key]["role_type"] = "local";
}
}
else
{
$a_role_list[$key]["role_type"] = "linked";
}
}
if ($val["protected"] == "y")
{
$a_role_list[$key]["protected"] = true;
}
else
{
$a_role_list[$key]["protected"] = false;
}
}
return $a_role_list;
}

+ Here is the caller graph for this function:

ilRbacReview::__setTemplateFilter (   $a_templates)
protected

get roles and templates or only roles; returns string for where clause private

Parameters
booleantrue: with templates
Returns
string where clause
Todo:
refactor rolf => DONE

Definition at line 807 of file class.ilRbacReview.php.

References $ilDB.

Referenced by getAssignableRoles(), getRoleListByObject(), and getRolesForIDs().

{
global $ilDB;
if ($a_templates === true)
{
$where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
}
else
{
$where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
}
return $where;
}

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationIdByName (   $a_operation)
static

get operation id by name of operation public static

Parameters
stringoperation name
Returns
integer operation id
Todo:
refactor rolf => DONE

Definition at line 1831 of file class.ilRbacReview.php.

References $ilDB, $ilErr, $row, and DB_FETCHMODE_OBJECT.

Referenced by ilRbacSystem\checkAccessOfUser(), and ilObjBlog\getRolesWithContribute().

{
global $ilDB,$ilErr;
if (!isset($a_operation))
{
$message = "perm::getOperationId(): No operation given!";
$ilErr->raiseError($message,$ilErr->WARNING);
}
// Cache operation ids
if (! is_array(self::$_opsCache)) {
self::$_opsCache = array();
$q = "SELECT ops_id, operation FROM rbac_operations";
$r = $ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
self::$_opsCache[$row->operation] = $row->ops_id;
}
}
// Get operation ID by name from cache
if (array_key_exists($a_operation, self::$_opsCache)) {
return self::$_opsCache[$a_operation];
}
return null;
}

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationIdsByName (   $operations)
static

get ops_id's by name.

Example usage: $rbacadmin->grantPermission($roles,ilRbacReview::_getOperationIdsByName(array('visible','read'),$ref_id));

public

Parameters
arraystring name of operation. see rbac_operations
Returns
array integer ops_id's
Todo:
refactor rolf => DONE

Definition at line 1803 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilUtil\_getObjectsByOperations(), ilLicense\getPotentialAccesses(), and ilECSObjectSettings\handlePermissionUpdate().

{
global $ilDB;
if(!count($operations))
{
return array();
}
$query = 'SELECT ops_id FROM rbac_operations '.
'WHERE '.$ilDB->in('operation',$operations,false,'text');
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops_ids[] = $row->ops_id;
}
return $ops_ids ? $ops_ids : array();
}

+ Here is the caller graph for this function:

static ilRbacReview::_getOperationList (   $a_type = null)
static

get operation list by object type public static

Parameters
stringobject type you want to have the operation list
stringorder column
stringorder direction (possible values: ASC or DESC)
Returns
array returns array of operations
Todo:
refactor rolf => DONE

Definition at line 2002 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilObjTypeDefinitionGUI\editObject(), ilObjectPermissionStatusGUI\getAccessPermissionTableData(), ilObjectPermissionStatusGUI\getAssignedValidRoles(), ilObjRoleTemplateGUI\permObject(), and ilObjTypeDefinitionGUI\viewObject().

{
global $ilDB;
$arr = array();
if ($a_type)
{
$query = sprintf('SELECT * FROM rbac_operations '.
'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
'WHERE object_data.title = %s '.
'AND object_data.type = %s '.
'ORDER BY op_order ASC',
$ilDB->quote($a_type,'text'),
$ilDB->quote('typ','text'));
}
else
{
$query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
}
$res = $ilDB->query($query);
while ($row = $ilDB->fetchAssoc($res))
{
$arr[] = array(
"ops_id" => $row['ops_id'],
"operation" => $row['operation'],
"desc" => $row['description'],
"class" => $row['class'],
"order" => $row['op_order']
);
}
return $arr;
}

+ Here is the caller graph for this function:

static ilRbacReview::_groupOperationsByClass (   $a_ops_arr)
static
Parameters
type$a_ops_arr
Returns
type
Todo:
refactor rolf => DONE

Definition at line 2043 of file class.ilRbacReview.php.

{
$arr = array();
foreach ($a_ops_arr as $ops)
{
$arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
'name' => $ops['operation']
);
}
return $arr;
}
ilRbacReview::assignedGlobalRoles (   $a_usr_id)

Get assigned global roles for an user.

Parameters
int$a_usr_idId of user account
Todo:
refactor rolf => DONE

Definition at line 1051 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT ua.rol_id FROM rbac_ua ua ".
"JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
"WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
"AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
"AND assign = 'y' ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$role_arr[] = $row->rol_id;
}
return $role_arr ? $role_arr : array();
}
ilRbacReview::assignedRoles (   $a_usr_id)

get all assigned roles to a given user public

Parameters
integerusr_id
Returns
array all roles (id) the user have
Todo:
refactor rolf => DONE

Definition at line 1030 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by __setProtectedStatus(), and getRolesByFilter().

{
global $ilDB;
$role_arr = array();
$query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$role_arr[] = $row->rol_id;
}
return $role_arr ? $role_arr : array();
}

+ Here is the caller graph for this function:

ilRbacReview::assignedUsers (   $a_rol_id,
  $a_fields = NULL 
)

get all assigned users to a given role public

Parameters
integerrole_id
arraycolumns to get form usr_data table (optional)
Returns
array all users (id) assigned to role OR arrays of user datas
Todo:
refactor rolf => (check result buffering)

Definition at line 904 of file class.ilRbacReview.php.

References $ilBench, $ilDB, $query, $res, and $row.

{
global $ilBench,$ilDB;
$ilBench->start("RBAC", "review_assignedUsers");
if (!isset($a_rol_id))
{
$message = get_class($this)."::assignedUsers(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if (! $a_fields AND isset(self::$assigned_users_cache[$a_rol_id])) {
return self::$assigned_users_cache[$a_rol_id];
}
$result_arr = array();
if ($a_fields !== NULL and is_array($a_fields))
{
if (count($a_fields) == 0)
{
$select = "*";
}
else
{
if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
unset($a_fields[$usr_id_field]);
$select = implode(",",$a_fields).",usr_data.usr_id";
$select = addslashes($select);
}
$ilDB->enableResultBuffering(false);
$query = "SELECT ".$select." FROM usr_data ".
"LEFT JOIN rbac_ua ON usr_data.usr_id = rbac_ua.usr_id ".
"WHERE rbac_ua.rol_id =".$ilDB->quote($a_rol_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$result_arr[] = $row;
}
$ilDB->enableResultBuffering(true);
}
else
{
$ilDB->enableResultBuffering(false);
$query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
array_push($result_arr,$row["usr_id"]);
}
$ilDB->enableResultBuffering(true);
}
$ilBench->stop("RBAC", "review_assignedUsers");
if (! $a_fields) {
self::$assigned_users_cache[$a_rol_id] = $result_arr;
}
return $result_arr;
}
ilRbacReview::getActiveOperationsOfRole (   $a_ref_id,
  $a_role_id 
)

Get active operations for a role.

Parameters
object$a_ref_id
object$a_role_id
Returns
Todo:
refactor rolf => DONE

Definition at line 1419 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_ASSOC.

{
global $ilDB;
$query = 'SELECT * FROM rbac_pa '.
'WHERE ref_id = '.$ilDB->quote($a_ref_id,'integer').' '.
'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' ';
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_ASSOC))
{
return unserialize($row['ops_id']);
}
return array();
}
ilRbacReview::getAllOperationsOfRole (   $a_rol_id,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public

Parameters
integerrole_id
integerrole folder id
Returns
array array of operation_id and types
Todo:
refactor rolf => DONE

Definition at line 1390 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
if(!$a_parent)
{
$a_parent = ROLE_FOLDER_ID;
}
$query = "SELECT ops_id,type FROM rbac_templates ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_parent,'integer');
$res = $ilDB->query($query);
$ops_arr = array();
while ($row = $ilDB->fetchObject($res))
{
$ops_arr[$row->type][] = $row->ops_id;
}
return (array) $ops_arr;
}
ilRbacReview::getAssignableChildRoles (   $a_ref_id)

Get all assignable roles directly under a specific node public.

Parameters
ref_id
Returns
array set ids
Todo:
refactor rolf => Find a better name; reduce sql fields

Definition at line 781 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT fa.*, rd.* ".
"FROM object_data rd ".
"JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
"WHERE fa.assign = 'y' ".
"AND fa.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
;
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$roles_data[] = $row;
}
return $roles_data ? $roles_data : array();
}
ilRbacReview::getAssignableRoles (   $a_templates = false,
  $a_internal_roles = false,
  $title_filter = '' 
)

Returns a list of all assignable roles public.

Parameters
booleanif true fetch template roles too
Returns
array set ids
Todo:
refactor rolf => DONE

Definition at line 708 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), and __setTemplateFilter().

Referenced by getRolesByFilter().

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON obj_id = rol_id ".
$where.
"AND rbac_fa.assign = 'y' ";
if(strlen($title_filter))
{
$query .= (' AND '.$ilDB->like(
'title',
'text',
$title_filter.'%'
));
}
$res = $ilDB->query($query);
while ($row = $ilDB->fetchAssoc($res))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getAssignableRolesInSubtree (   $ref_id)

Returns a list of assignable roles in a subtree of the repository public.

Parameters
ref_idRoot node of subtree
Returns
array set ids
Todo:
refactor rolf => DONE

Definition at line 750 of file class.ilRbacReview.php.

References $GLOBALS, $ilDB, $query, $ref_id, $res, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = 'SELECT rol_id FROM rbac_fa fa '.
'JOIN tree t1 ON t1.child = fa.parent '.
'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
'WHERE assign = '.$ilDB->quote('y','text').' '.
'AND obd.type = '.$ilDB->quote('role','text').' '.
'AND t1.child IN ('.
$GLOBALS['tree']->getSubTreeQuery($ref_id,array('child')).' '.
') ';
$res = $ilDB->query($query);
$role_list = array();
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_list[] = $row->rol_id;
}
return $role_list;
}
ilRbacReview::getAssignedCacheEntry (   $a_role_id,
  $a_user_id 
)

get entry of assigned_chache

Parameters
int$a_role_id
int$a_user_id

Definition at line 2329 of file class.ilRbacReview.php.

{
return self::$is_assigned_cache[$a_role_id][$a_user_id];
}
ilRbacReview::getFoldersAssignedToRole (   $a_rol_id,
  $a_assignable = false 
)

Returns an array of objects assigned to a role.

A role with stopped inheritance may be assigned to more than one objects. To get only the original location of a role, set the second parameter to true

public

Parameters
integerrole id
booleanget only rolefolders where role is assignable (true)
Returns
array reference IDs of role folders
Todo:
refactor rolf => RENAME (rest done)

Definition at line 1132 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by isRoleDeleted().

{
global $ilDB;
if (!isset($a_rol_id))
{
$message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if ($a_assignable)
{
$where = " AND assign ='y'";
}
$query = "SELECT DISTINCT parent FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$folders[] = $row->parent;
}
return $folders ? $folders : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getGlobalAssignableRoles ( )

get only 'global' roles (with flag 'assign_users') public

Returns
array Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 1306 of file class.ilRbacReview.php.

References ilObjRole\_getAssignUsersStatus(), and getGlobalRoles().

{
include_once './Services/AccessControl/classes/class.ilObjRole.php';
foreach($this->getGlobalRoles() as $role_id)
{
if(ilObjRole::_getAssignUsersStatus($role_id))
{
$ga[] = array('obj_id' => $role_id,
'role_type' => 'global');
}
}
return $ga ? $ga : array();
}

+ Here is the call graph for this function:

ilRbacReview::getGlobalRoles ( )

get only 'global' roles public

Returns
array Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 1244 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

Referenced by getGlobalAssignableRoles(), getRolesByFilter(), and isGlobalRole().

{
return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getGlobalRolesArray ( )

get only 'global' roles public

Returns
array Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 1290 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

{
foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
{
$ga[] = array('obj_id' => $role_id,
'role_type' => 'global');
}
return $ga ? $ga : array();
}

+ Here is the call graph for this function:

ilRbacReview::getLocalPolicies (   $a_ref_id)

Get all roles with local policies.

Parameters
type$a_ref_id
Returns
type

Definition at line 1274 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

{
$lroles = array();
foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
{
$lroles[] = $role_id;
}
return $lroles;
}

+ Here is the call graph for this function:

ilRbacReview::getLocalRoles (   $a_ref_id)

Get local roles of object.

Parameters
int$a_ref_id
Todo:
refactor rolf => DONE

Definition at line 1254 of file class.ilRbacReview.php.

References $ilDB, getRolesOfRoleFolder(), and isAssignable().

{
global $ilDB;
$lroles = array();
foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
{
if($this->isAssignable($role_id, $a_ref_id))
{
$lroles[] = $role_id;
}
}
return $lroles;
}

+ Here is the call graph for this function:

ilRbacReview::getNumberOfAssignedUsers ( Array  $a_roles)

Get the number of assigned users to roles ilDB $ilDB.

Parameters
array$a_roles
Returns
int
Todo:
refactor rolf => DONE

Definition at line 883 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua '.
'WHERE '.$ilDB->in('rol_id', $a_roles, false, 'integer').' ';
$res = $ilDB->query($query);
$row = $res->fetchRow(DB_FETCHMODE_OBJECT);
return $row->num ? $row->num : 0;
}
ilRbacReview::getObjectOfRole (   $a_role_id)

Get object id of objects a role is assigned to.

Todo:
refactor rolf (due to performance reasons the new version does not check for deleted roles only in object reference)

public

Parameters
introle id

Definition at line 2065 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilObjUserGUI\roleassignmentObject().

{
// internal cache
static $obj_cache = array();
global $ilDB;
if(isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id])
{
return $obj_cache[$a_role_id];
}
$query = 'SELECT obr.obj_id FROM rbac_fa rfa '.
'JOIN object_reference obr ON rfa.parent = obr.ref_id '.
'WHERE assign = '.$ilDB->quote('y','text'). ' '.
'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
'AND deleted IS NULL';
#$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
# "JOIN tree ON rfa.parent = tree.child ".
# "JOIN object_reference obr ON tree.parent = obr.ref_id ".
# "WHERE tree.tree = 1 ".
# "AND assign = 'y' ".
# "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
$res = $ilDB->query($query);
$obj_cache[$a_role_id] = 0;
while($row = $ilDB->fetchObject($res))
{
$obj_cache[$a_role_id] = $row->obj_id;
}
return $obj_cache[$a_role_id];
}

+ Here is the caller graph for this function:

ilRbacReview::getObjectReferenceOfRole (   $a_role_id)

Get reference of role.

Parameters
object$a_role_id
Returns
int
Todo:
refactor rolf (no deleted check)

Definition at line 2106 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$query = 'SELECT parent role_ref FROM rbac_fa '.
'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
'AND assign = '.$ilDB->quote('y','text');
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
return $row->role_ref;
}
return 0;
}
ilRbacReview::getObjectsWithStopedInheritance (   $a_rol_id,
  $a_filter = array() 
)

get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.

public

Parameters
integerrole_id
arrayfilter ref_ids
Returns
array with ref_ids of objects
Todo:
refactor rolf => DONE

Definition at line 1609 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
#$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
# 'WHERE assign = '.$ilDB->quote('n','text').' '.
# 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
$query = 'SELECT parent p FROM rbac_fa '.
'WHERE assign = '.$ilDB->quote('n','text').' '.
'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
if($a_filter)
{
$query .= ('AND '.$ilDB->in('parent',(array) $a_filter,false,'integer'));
}
$res = $ilDB->query($query);
$parent = array();
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$parent[] = $row->p;
}
return $parent;
}
ilRbacReview::getOperation (   $ops_id)

get one operation by operation id public

Returns
array data of operation_id
Todo:
refactor rolf => DONE

Definition at line 1365 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilDB\query().

{
global $ilDB;
$query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
$res = $this->ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops = array('ops_id' => $row->ops_id,
'operation' => $row->operation,
'description' => $row->description);
}
return $ops ? $ops : array();
}

+ Here is the call graph for this function:

ilRbacReview::getOperationAssignment ( )

get operation assignments

Returns
array array(array('typ_id' => $typ_id,'title' => $title,'ops_id => '$ops_is,'operation' => $operation),...
Todo:
refactor rolf => DONE

Definition at line 2186 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
$res = $ilDB->query($query);
$counter = 0;
while($row = $ilDB->fetchObject($res))
{
$info[$counter]['typ_id'] = $row->typ_id;
$info[$counter]['type'] = $row->title;
$info[$counter]['ops_id'] = $row->ops_id;
$info[$counter]['operation'] = $row->operation;
$counter++;
}
return $info ? $info : array();
}
ilRbacReview::getOperations ( )

get all possible operations public

Returns
array array of operation_id
Todo:
refactor rolf => DONE

Definition at line 1343 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilDB\query().

{
global $ilDB;
$query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
$res = $this->ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops[] = array('ops_id' => $row->ops_id,
'operation' => $row->operation,
'description' => $row->description);
}
return $ops ? $ops : array();
}

+ Here is the call graph for this function:

ilRbacReview::getOperationsByTypeAndClass (   $a_type,
  $a_class 
)

Get operations by type and class.

Parameters
string$a_typeType is "object" or
string$a_class
Returns
Todo:
refactor rolf => DONE

Definition at line 1568 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
if($a_class != 'create')
{
$condition = "AND class != ".$ilDB->quote('create','text');
}
else
{
$condition = "AND class = ".$ilDB->quote('create','text');
}
$query = "SELECT ro.ops_id FROM rbac_operations ro ".
"JOIN rbac_ta rt ON ro.ops_id = rt.ops_id ".
"JOIN object_data od ON rt.typ_id = od.obj_id ".
"WHERE type = ".$ilDB->quote('typ','text')." ".
"AND title = ".$ilDB->quote($a_type,'text')." ".
$condition." ".
"ORDER BY op_order ";
$res = $ilDB->query($query);
$ops = array();
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$ops[] = $row->ops_id;
}
return $ops;
}
ilRbacReview::getOperationsOfRole (   $a_rol_id,
  $a_type,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles public

Parameters
integerrole_id
stringobject type
integerrole folder id
Returns
array array of operation_id
Todo:
refactor rolf => DONE

Definition at line 1446 of file class.ilRbacReview.php.

References $ilDB, $ilLog, $query, $res, and $row.

{
global $ilDB,$ilLog;
if (!isset($a_rol_id) or !isset($a_type))
{
$message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
"role_id: ".$a_rol_id.
"type: ".$a_type.
"parent_id: ".$a_parent;
$ilLog->logStack("Missing parameter! ");
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$ops_arr = array();
// if no rolefolder id is given, assume global role folder as target
if ($a_parent == 0)
{
$a_parent = ROLE_FOLDER_ID;
}
$query = "SELECT ops_id FROM rbac_templates ".
"WHERE type =".$ilDB->quote($a_type,'text')." ".
"AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_parent,'integer');
$res = $ilDB->query($query);
while ($row = $ilDB->fetchObject($res))
{
$ops_arr[] = $row->ops_id;
}
return $ops_arr;
}
ilRbacReview::getOperationsOnType (   $a_typ_id)

all possible operations of a type public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs
Todo:
rafactor rolf => DONE

Definition at line 1512 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by getOperationsOnTypeString().

{
global $ilDB;
if (!isset($a_typ_id))
{
$message = get_class($this)."::getOperationsOnType(): No type_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
#$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
$query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id '.
'WHERE typ_id = '.$ilDB->quote($a_typ_id,'integer').' '.
'ORDER BY op_order';
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops_id[] = $row->ops_id;
}
return $ops_id ? $ops_id : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getOperationsOnTypeString (   $a_type)

all possible operations of a type public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs
Todo:
rafactor rolf => DONE

Definition at line 1546 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, DB_FETCHMODE_OBJECT, getOperationsOnType(), and ilDB\query().

{
global $ilDB;
$query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
$res = $this->ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
return $this->getOperationsOnType($row->obj_id);
}
return false;
}

+ Here is the call graph for this function:

ilRbacReview::getParentRoleIds (   $a_endnode_id,
  $a_templates = false 
)

get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates public

Parameters
integerref_id of an object which is end node
booleantrue for role templates (default: false)
Returns
array array(role_ids => role_data)
Todo:
refactor rolf => DONE

Definition at line 635 of file class.ilRbacReview.php.

References $GLOBALS, and __getParentRoles().

{
global $tree;
if (!isset($a_endnode_id))
{
$GLOBALS['ilLog']->logStack();
$message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
//var_dump($a_endnode_id);exit;
//$log->write("ilRBACreview::getParentRoleIds(), 0");
$pathIds = $tree->getPathId($a_endnode_id);
// add system folder since it may not in the path
//$pathIds[0] = SYSTEM_FOLDER_ID;
$pathIds[0] = ROLE_FOLDER_ID;
//$log->write("ilRBACreview::getParentRoleIds(), 1");
#return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
return $this->__getParentRoles($pathIds,$a_templates);
}

+ Here is the call graph for this function:

ilRbacReview::getRoleFolderOfRole (   $a_role_id)

Get role folder of role ilDB $ilDB.

Parameters
int$a_role_id
Returns
int
Todo:
refactor rolf => RENAME

Definition at line 2252 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, ilObject\_lookupType(), and DB_FETCHMODE_OBJECT.

{
global $ilDB;
if(ilObject::_lookupType($a_role_id) == 'role')
{
$and = ('AND assign = '.$ilDB->quote('y','text'));
}
else
{
$and = '';
}
$query = 'SELECT * FROM rbac_fa '.
'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
$and;
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
return $row->parent;
}
return 0;
}

+ Here is the call graph for this function:

ilRbacReview::getRoleListByObject (   $a_ref_id,
  $a_templates = false 
)

Returns a list of roles in an container public.

Parameters
integerref_id of object
booleanif true fetch template roles too
Returns
array set ids
Todo:
refactor rolf => DONE

Definition at line 666 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), and __setTemplateFilter().

Referenced by __getParentRoles().

{
global $ilDB;
if (!isset($a_ref_id) or !isset($a_templates))
{
$message = get_class($this)."::getRoleListByObject(): Missing parameter!".
"ref_id: ".$a_ref_id.
"tpl_flag: ".$a_templates;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$role_list = array();
$where = $this->__setTemplateFilter($a_templates);
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON obj_id = rol_id ".
$where.
"AND object_data.obj_id = rbac_fa.rol_id ".
"AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
while ($row = $ilDB->fetchAssoc($res))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::getRoleMailboxAddress (   $a_role_id,
  $is_localize = true 
)

Returns the mailbox address of a role. 

Example 1: Mailbox address for an ILIAS reserved role name
The il_crs_member_345 role of the course object "English Course 1" is returned as one of the following mailbox addresses:

a) Course Member <#member@[English Course 1]> b) Course Member <#il_crs_member_345@[English Course 1]> c) Course Member <#il_crs_member_345>

Address a) is returned, if the title of the object is unique, and if there is only one local role with the substring "member" defined for the object.

Address b) is returned, if the title of the object is unique, but there is more than one local role with the substring "member" in its title.

Address c) is returned, if the title of the course object is not unique. 

Example 2: Mailbox address for a manually defined role name
The "Admin" role of the category object "Courses" is returned as one of the following mailbox addresses:

a) Course Administrator <#Admin> b) Course Administrator <#Admin> c) Course Adminstrator <#il_role_34211> 

Address a) is returned, if the title of the object is unique, and
if there is only one local role with the substring "Admin" defined for
the course object.

Address b) is returned, if the title of the object is not unique, but

the role title is unique.

Address c) is returned, if neither the role title nor the title of the course object is unique. 

Example 3: Mailbox address for a manually defined role title that can
       contains special characters in the local-part of a 
       mailbox address
The "Author Courses" role of the category object "Courses" is returned as one of the following mailbox addresses:

a) "#Author Courses" b) Author Courses <#il_role_34234> 

Address a) is returned, if the title of the role is unique.

Address b) is returned, if neither the role title nor the title of the course object is unique, or if the role title contains a quote or a backslash.

Parameters
inta role id
booleanis_localize whether mailbox addresses should be localized
Returns
String mailbox address or null, if role does not exist.
Todo:
refactor rolf

Definition at line 336 of file class.ilRbacReview.php.

References $ilDB, $lng, $log, $query, $row, DB_FETCHMODE_OBJECT, if, ilMail\ILIAS_HOST, and ilDB\query().

{
global $log, $lng,$ilDB;
include_once "Services/Mail/classes/class.ilMail.php";
if (ilMail::_usePearMail())
{
// Retrieve the role title and the object title.
$query = "SELECT rdat.title role_title,odat.title object_title, ".
" oref.ref_id object_ref ".
"FROM object_data rdat ".
"JOIN rbac_fa fa ON fa.rol_id = rdat.obj_id ".
"JOIN tree rtree ON rtree.child = fa.parent ".
"JOIN object_reference oref ON oref.ref_id = rtree.child ".
"JOIN object_data odat ON odat.obj_id = oref.obj_id ".
"WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id,'integer')." ".
"AND fa.assign = 'y' ";
$r = $ilDB->query($query);
if (!$row = $ilDB->fetchObject($r))
{
//$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
return null; // role does not exist
}
$object_title = $row->object_title;
$object_ref = $row->object_ref;
$role_title = $row->role_title;
// In a perfect world, we could use the object_title in the
// domain part of the mailbox address, and the role title
// with prefix '#' in the local part of the mailbox address.
$domain = $object_title;
$local_part = $role_title;
// Determine if the object title is unique
$q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
"FROM object_data dat ".
"JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
"JOIN tree ON tree.child = ref.ref_id ".
"WHERE title = ".$this->ilDB->quote($object_title,'text')." ".
"AND tree.tree = 1 ";
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
// If the object title is not unique, we get rid of the domain.
if ($row->count > 1)
{
$domain = null;
}
// If the domain contains illegal characters, we get rid of it.
//if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
// Fix for Mantis Bug: 7429 sending mail fails because of brakets
// Fix for Mantis Bug: 9978 sending mail fails because of semicolon
if ($domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]|[\x28-\x29]|[;]/',$domain))
{
$domain = null;
}
// If the domain contains special characters, we put square
// brackets around it.
if ($domain != null &&
(preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
preg_match('/[^\x21-\x8f]/',$domain))
)
{
$domain = '['.$domain.']';
}
// If the role title is one of the ILIAS reserved role titles,
// we can use a shorthand version of it for the local part
// of the mailbox address.
if (strpos($role_title, 'il_') === 0 && $domain != null)
{
$unambiguous_role_title = $role_title;
$pos = strpos($role_title, '_', 3) + 1;
$local_part = substr(
$role_title,
$pos,
strrpos($role_title, '_') - $pos
);
}
else
{
$unambiguous_role_title = 'il_role_'.$a_role_id;
}
// Determine if the local part is unique. If we don't have a
// domain, the local part must be unique within the whole repositry.
// If we do have a domain, the local part must be unique for that
// domain.
if ($domain == null)
{
$q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
"FROM object_data dat ".
"JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
"JOIN tree ON tree.child = ref.ref_id ".
"WHERE title = ".$this->ilDB->quote($local_part,'text')." ".
"AND tree.tree = 1 ";
}
else
{
$q = "SELECT COUNT(rd.obj_id) count ".
"FROM object_data rd ".
"JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE fa.assign = 'y' ".
"AND t.child = ".$this->ilDB->quote($object_ref,'integer')." ".
"AND rd.title LIKE ".$this->ilDB->quote(
'%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%','text')." ";
}
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
// if the local_part is not unique, we use the unambiguous role title
// instead for the local part of the mailbox address
if ($row->count > 1)
{
$local_part = $unambiguous_role_title;
}
$use_phrase = true;
// If the local part contains illegal characters, we use
// the unambiguous role title instead.
if (preg_match('/[\\"\x00-\x1f]/',$local_part))
{
$local_part = $unambiguous_role_title;
}
else if(!preg_match('/^[\\x00-\\x7E]+$/i', $local_part))
{
// 2013-12-05: According to #12283, we do not accept umlauts in the local part
$local_part = $unambiguous_role_title;
$use_phrase = false;
}
// Add a "#" prefix to the local part
$local_part = '#'.$local_part;
// Put quotes around the role title, if needed
if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
{
$local_part = '"'.$local_part.'"';
}
$mailbox = ($domain == null) ?
$local_part :
$local_part.'@'.$domain;
if ($is_localize)
{
if (substr($role_title,0,3) == 'il_')
{
$phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
}
else
{
$phrase = $role_title;
}
if($use_phrase)
{
// make phrase RFC 822 conformant:
// - strip excessive whitespace
// - strip special characters
$phrase = preg_replace('/\s\s+/', ' ', $phrase);
$phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
$mailbox = $phrase.' <'.$mailbox.'>';
}
}
require_once './Services/PEAR/lib/Mail/RFC822.php';
$obj = new Mail_RFC822($mailbox, ilMail::ILIAS_HOST);
if(@$obj->parseAddressList() instanceof PEAR_Error)
{
$q = "SELECT title ".
"FROM object_data ".
"WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
$r = $this->ilDB->query($q);
if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return '#'.$row->title;
}
else
{
return null;
}
}
return $mailbox;
}
else
{
$q = "SELECT title ".
"FROM object_data ".
"WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
$r = $this->ilDB->query($q);
if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return '#'.$row->title;
}
else
{
return null;
}
}
}

+ Here is the call graph for this function:

ilRbacReview::getRoleOperationsOnObject (   $a_role_id,
  $a_ref_id 
)

ilDB $ilDB

Parameters
type$a_role_id
type$a_ref_id
Returns
type
Todo:
rafactor rolf => DONE

Definition at line 1488 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT * FROM rbac_pa ".
"WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
"AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$ops = unserialize($row->ops_id);
}
return $ops ? $ops : array();
}
ilRbacReview::getRolesByFilter (   $a_filter = 0,
  $a_user_id = 0,
  $title_filter = '' 
)

ilDB $ilDB

Parameters
type$a_filter
type$a_user_id
type$title_filter
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1690 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), assignedRoles(), getAssignableRoles(), and getGlobalRoles().

{
global $ilDB;
$assign = "y";
switch($a_filter)
{
// all (assignable) roles
case self::FILTER_ALL:
return $this->getAssignableRoles(true,true,$title_filter);
break;
// all (assignable) global roles
case self::FILTER_ALL_GLOBAL:
$where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
break;
// all (assignable) local roles
case self::FILTER_ALL_LOCAL:
case self::FILTER_INTERNAL:
case self::FILTER_NOT_INTERNAL:
$where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
break;
// all role templates
case self::FILTER_TEMPLATES:
$where = "WHERE object_data.type = 'rolt'";
$assign = "n";
break;
// only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
case 0:
default:
if(!$a_user_id)
return array();
$where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
break;
}
$roles = array();
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON obj_id = rol_id ".
$where.
"AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
if(strlen($title_filter))
{
$query .= (' AND '.$ilDB->like(
'title',
'text',
'%'.$title_filter.'%'
));
}
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$prefix = (substr($row["title"],0,3) == "il_") ? true : false;
// all (assignable) internal local roles only
if ($a_filter == 4 and !$prefix)
{
continue;
}
// all (assignable) non internal local roles only
if ($a_filter == 5 and $prefix)
{
continue;
}
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$roles[] = $row;
}
$roles = $this->__setRoleType($roles);
return $roles ? $roles : array();
}

+ Here is the call graph for this function:

ilRbacReview::getRolesForIDs (   $role_ids,
  $use_templates 
)

ilDB $ilDB

Parameters
type$role_ids
type$use_templates
Returns
type
Todo:
refactor rolf => DONE

Definition at line 2155 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, __setRoleType(), and __setTemplateFilter().

{
global $ilDB;
$role_list = array();
$where = $this->__setTemplateFilter($use_templates);
$query = "SELECT * FROM object_data ".
"JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
$where.
"AND rbac_fa.assign = 'y' " .
'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
$res = $ilDB->query($query);
while($row = $ilDB->fetchAssoc($res))
{
$row["desc"] = $row["description"];
$row["user_id"] = $row["owner"];
$role_list[] = $row;
}
$role_list = $this->__setRoleType($role_list);
return $role_list;
}

+ Here is the call graph for this function:

ilRbacReview::getRolesOfObject (   $a_ref_id,
  $a_assignable_only = FALSE 
)

Get roles of object.

Parameters
type$a_ref_id
type$a_assignable
Exceptions
InvalidArgumentException
Todo:
refactor rolf => DONE

Definition at line 1165 of file class.ilRbacReview.php.

References $GLOBALS, $ilDB, $query, $res, and $row.

{
global $ilDB;
if(!isset($a_ref_id))
{
$GLOBALS['ilLog']->logStack();
throw new InvalidArgumentException(__METHOD__.': No ref_id given!');
}
if($a_assignable_only === TRUE)
{
$and = 'AND assign = '.$ilDB->quote('y','text');
}
$query = "SELECT rol_id FROM rbac_fa ".
"WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
$and;
$res = $ilDB->query($query);
$role_ids = array();
while($row = $ilDB->fetchObject($res))
{
$role_ids[] = $row->rol_id;
}
return $role_ids;
}
ilRbacReview::getRolesOfRoleFolder (   $a_ref_id,
  $a_nonassignable = true 
)

get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids public

Parameters
integerref_id of object
booleanif false only get true local roles
Returns
array Array with rol_ids
Deprecated:
since version 4.5.0
Todo:
refactor rolf => RENAME

Definition at line 1205 of file class.ilRbacReview.php.

References $ilBench, $ilDB, $ilLog, $query, $res, and $row.

Referenced by getGlobalRoles(), getGlobalRolesArray(), getLocalPolicies(), and getLocalRoles().

{
global $ilBench,$ilDB,$ilLog;
$ilBench->start("RBAC", "review_getRolesOfRoleFolder");
if (!isset($a_ref_id))
{
$message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
if ($a_nonassignable === false)
{
$and = " AND assign='y'";
}
$query = "SELECT rol_id FROM rbac_fa ".
"WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
$and;
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
$rol_id[] = $row->rol_id;
}
$ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
return $rol_id ? $rol_id : array();
}

+ Here is the caller graph for this function:

ilRbacReview::getTypeId (   $a_type)

Get type id of object ilDB $ilDB.

Parameters
type$a_type
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1781 of file class.ilRbacReview.php.

References $ilDB, $row, and DB_FETCHMODE_OBJECT.

{
global $ilDB;
$q = "SELECT obj_id FROM object_data ".
"WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
$r = $ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
return $row->obj_id;
}
ilRbacReview::getUserPermissionsOnObject (   $a_user_id,
  $a_ref_id 
)

Get all user permissions on an object.

Parameters
int$a_user_iduser id
int$a_ref_idref id
Todo:
refactor rolf => DONE

Definition at line 2283 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua ".
"ON (rbac_pa.rol_id = rbac_ua.rol_id) ".
"WHERE rbac_ua.usr_id = ".$ilDB->quote($a_user_id,'integer')." ".
"AND rbac_pa.ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
$all_ops = array();
while ($row = $ilDB->fetchObject($res))
{
$ops = unserialize($row->ops_id);
$all_ops = array_merge($all_ops, $ops);
}
$all_ops = array_unique($all_ops);
$set = $ilDB->query("SELECT operation FROM rbac_operations ".
" WHERE ".$ilDB->in("ops_id", $all_ops, false, "integer"));
$perms = array();
while ($rec = $ilDB->fetchAssoc($set))
{
$perms[] = $rec["operation"];
}
return $perms;
}
ilRbacReview::hasMultipleAssignments (   $a_role_id)

Temporary bugfix.

Todo:
refactor rolf => DONE

Definition at line 1111 of file class.ilRbacReview.php.

References $ilDB, $query, and $res.

{
global $ilDB;
$query = "SELECT * FROM rbac_fa WHERE rol_id = ".$ilDB->quote($a_role_id,'integer').' '.
"AND assign = ".$ilDB->quote('y','text');
$res = $ilDB->query($query);
return $res->numRows() > 1;
}
ilRbacReview::isAssignable (   $a_rol_id,
  $a_ref_id 
)

Check if its possible to assign users public.

Parameters
integerobject id of role
integerref_id of object in question
Returns
boolean
Todo:
refactor rolf (expects object reference id instead of rolf) => DONE

Definition at line 1077 of file class.ilRbacReview.php.

References $ilBench, $ilDB, $query, $res, and $row.

Referenced by getLocalRoles(), and isDeleteable().

{
global $ilBench,$ilDB;
$ilBench->start("RBAC", "review_isAssignable");
// exclude system role from rbac
if ($a_rol_id == SYSTEM_ROLE_ID)
{
$ilBench->stop("RBAC", "review_isAssignable");
return true;
}
if (!isset($a_rol_id) or !isset($a_ref_id))
{
$message = get_class($this)."::isAssignable(): Missing parameter!".
" role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$query = "SELECT * FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
"AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
$res = $ilDB->query($query);
$row = $ilDB->fetchObject($res);
$ilBench->stop("RBAC", "review_isAssignable");
return $row->assign == 'y' ? true : false;
}

+ Here is the caller graph for this function:

ilRbacReview::isAssigned (   $a_usr_id,
  $a_role_id 
)

check if a specific user is assigned to specific role public

Parameters
integerusr_id
integerrole_id
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 978 of file class.ilRbacReview.php.

References $ilDB, $query, and $res.

{
if(isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
return self::$is_assigned_cache[$a_role_id][$a_usr_id];
}
// Quickly determine if user is assigned to a role
global $ilDB;
$ilDB->setLimit(1,0);
$query = "SELECT usr_id FROM rbac_ua WHERE ".
"rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
"AND usr_id= ".$ilDB->quote($a_usr_id);
$res = $ilDB->query($query);
$is_assigned = $res->numRows() == 1;
self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
return $is_assigned;
}
ilRbacReview::isAssignedToAtLeastOneGivenRole (   $a_usr_id,
  $a_role_ids 
)

check if a specific user is assigned to at least one of the given role ids.

This function is used to quickly check whether a user is member of a course or a group.

public

Parameters
integerusr_id
array[integer]role_ids
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 1010 of file class.ilRbacReview.php.

References $ilDB, $query, and $res.

{
global $ilDB;
$ilDB->setLimit(1,0);
$query = "SELECT usr_id FROM rbac_ua WHERE ".
$ilDB->in('rol_id',$a_role_ids,false,'integer').
" AND usr_id= ".$ilDB->quote($a_usr_id);
$res = $ilDB->query($query);
return $ilDB->numRows($res) == 1;
}
ilRbacReview::isDeleteable (   $a_role_id,
  $a_rolf_id 
)

Check if role is deleteable at a specific position.

Parameters
object$a_role_id
introlf_id
Returns
Todo:
refactor rolf => DONE

Definition at line 2215 of file class.ilRbacReview.php.

References ilObject\_lookupTitle(), and isAssignable().

{
if(!$this->isAssignable($a_role_id, $a_rolf_id))
{
return false;
}
if($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID)
{
return false;
}
if(substr(ilObject::_lookupTitle($a_role_id),0,3) == 'il_')
{
return false;
}
return true;
}

+ Here is the call graph for this function:

ilRbacReview::isDeleted (   $a_node_id)

Checks if a rolefolder is set as deleted (negative tree_id) public.

Parameters
integerref_id of rolefolder
Returns
boolean true if rolefolder is set as deleted
Todo:
refactor rolf => DELETE method

Definition at line 1642 of file class.ilRbacReview.php.

References $ilDB, $row, DB_FETCHMODE_OBJECT, and ilDB\query().

Referenced by isRoleDeleted().

{
global $ilDB;
$q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
$r = $this->ilDB->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
if (!$row)
{
$message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
get_class($this),
$a_node_id);
$this->log->write($message,$this->log->FATAL);
return true;
}
// rolefolder is deleted
if ($row->tree < 0)
{
return true;
}
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilRbacReview::isGlobalRole (   $a_role_id)

Check if role is a global role.

Parameters
type$a_role_id
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1676 of file class.ilRbacReview.php.

References getGlobalRoles().

{
return in_array($a_role_id,$this->getGlobalRoles());
}

+ Here is the call graph for this function:

ilRbacReview::isProtected (   $a_ref_id,
  $a_role_id 
)
Todo:
refactor rolf => search calls ilDB $ilDB
Parameters
type$a_ref_id
type$a_role_id
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1907 of file class.ilRbacReview.php.

References $ilDB, $query, $res, $row, and ilUtil\yn2tf().

{
global $ilDB;
// ref_id not used yet. protected permission acts 'global' for each role,
$query = "SELECT protected FROM rbac_fa ".
"WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
$res = $ilDB->query($query);
$row = $ilDB->fetchAssoc($res);
return ilUtil::yn2tf($row['protected']);
}

+ Here is the call graph for this function:

ilRbacReview::isRoleAssignedToObject (   $a_role_id,
  $a_parent_id 
)

Check if role is assigned to an object.

Todo:
refactor rolf => DONE (renamed)

Definition at line 1326 of file class.ilRbacReview.php.

References $ilDB, $query, and $res.

{
global $rbacreview, $ilDB;
$query = 'SELECT * FROM rbac_fa '.
'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
'AND parent = '.$ilDB->quote($a_parent_id,'integer');
$res = $ilDB->query($query);
return $res->numRows() ? true : false;
}
ilRbacReview::isRoleDeleted (   $a_role_id)

return if role is only attached to deleted role folders

Parameters
int$a_role_id
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 2129 of file class.ilRbacReview.php.

References getFoldersAssignedToRole(), and isDeleted().

{
$rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
$deleted = true;
if (count($rolf_list))
{
foreach ($rolf_list as $rolf) {
// only list roles that are not set to status "deleted"
if (!$this->isDeleted($rolf))
{
$deleted = false;
break;
}
}
}
return $deleted;
}

+ Here is the call graph for this function:

ilRbacReview::isSystemGeneratedRole (   $a_role_id)

Check if the role is system generate role or role template.

Parameters
int$a_role_id
Returns
bool
Todo:
refactor rolf => DONE

Definition at line 2238 of file class.ilRbacReview.php.

References ilObject\_lookupTitle().

{
$title = ilObject::_lookupTitle($a_role_id);
return substr($title,0,3) == 'il_' ? true : false;
}

+ Here is the call graph for this function:

static ilRbacReview::lookupCreateOperationIds (   $a_type_arr)
static

Lookup operation ids.

Parameters
array$a_type_arre.g array('cat','crs','grp'). The operation name (e.g. 'create_cat') is generated automatically
Returns
array int Array with operation ids
Todo:
refactor rolf => DONE

Definition at line 1866 of file class.ilRbacReview.php.

References $ilDB, $query, $res, and $row.

Referenced by ilObjectXMLWriter\__appendOperations(), ilObjectRoleTemplatePermissionTableGUI\parse(), ilObjectRolePermissionTableGUI\parse(), and ilPermissionGUI\savePermissions().

{
global $ilDB;
$operations = array();
foreach($a_type_arr as $type)
{
$operations[] = ('create_'.$type);
}
if(!count($operations))
{
return array();
}
$query = 'SELECT ops_id, operation FROM rbac_operations '.
'WHERE '.$ilDB->in('operation',$operations,false,'text');
$res = $ilDB->query($query);
$ops_ids = array();
while($row = $ilDB->fetchObject($res))
{
$type_arr = explode('_', $row->operation);
$type = $type_arr[1];
$ops_ids[$type] = $row->ops_id;
}
return $ops_ids;
}

+ Here is the caller graph for this function:

ilRbacReview::roleExists (   $a_title,
  $a_id = 0 
)

Checks if a role already exists.

Role title should be unique public

Parameters
stringrole title
integerobj_id of role to exclude in the check. Commonly this is the current role you want to edit
Returns
boolean true if exists
Todo:
refactor rolf => DONE

Definition at line 559 of file class.ilRbacReview.php.

References $ilDB, $row, DB_FETCHMODE_OBJECT, and ilDB\query().

{
global $ilDB;
if (empty($a_title))
{
$message = get_class($this)."::roleExists(): No title given!";
$this->ilErr->raiseError($message,$this->ilErr->WARNING);
}
$clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
$q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
"WHERE title =".$ilDB->quote($a_title)." ".
"AND type IN('role','rolt')".
$clause." ";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
return $row->obj_id;
}
return false;
}

+ Here is the call graph for this function:

ilRbacReview::searchRolesByMailboxAddressList (   $a_address_list)

Finds all role ids that match the specified user friendly role mailbox address list.

The role mailbox name address list is an e-mail address list according to IETF RFC 822:

address list = role mailbox, {"," role mailbox } ; role mailbox = "#", local part, ["@" domain] ;

Examples: The following role mailbox names are all resolved to the role il_crs_member_123:

#Course.A #member.A #il_crs_member_123.A #il_crs_member_123 #il_crs_member_123

Examples: The following role mailbox names are all resolved to the role il_crs_member_345:

#member@[English Course] #il_crs_member_345@[English Course] #il_crs_member_345 #il_crs_member_345

If only the local part is specified, or if domain is equal to "ilias", ILIAS compares the title of role objects with local part. Only roles that are not in a trash folder are considered for the comparison.

If a domain is specified, and if the domain is not equal to "ilias", ILIAS compares the title of objects with the domain. Only objects that are not in a trash folder are considered for the comparison. Then ILIAS searches for local roles which contain the local part in their title. This allows for abbreviated role names, e.g. instead of having to specify #il_grp_member_345, it is sufficient to specify #member.

The address list may contain addresses thate are not role mailboxes. These addresses are ignored.

If a role mailbox address is ambiguous, this function returns the ID's of all role objects that are possible recipients for the role mailbox address.

If Pear Mail is not installed, then the mailbox address

public

Parameters
stringIETF RFX 822 address list containing role mailboxes.
Returns
int[] Array with role ids that were found
Todo:
refactor rolf

Definition at line 115 of file class.ilRbacReview.php.

References $ilDB, $query, $row, DB_FETCHMODE_OBJECT, ilMail\ILIAS_HOST, ilDB\query(), and ilDB\quote().

{
global $ilDB;
$role_ids = array();
include_once "Services/Mail/classes/class.ilMail.php";
if(ilMail::_usePearMail())
{
require_once './Services/PEAR/lib/Mail/RFC822.php';
$parser = new Mail_RFC822();
$parsedList = $parser->parseAddressList($a_address_list, ilMail::ILIAS_HOST, false, true);
foreach ($parsedList as $address)
{
$local_part = $address->mailbox;
if (strpos($local_part,'#') !== 0 &&
!($local_part{0} == '"' && $local_part{1} == "#"))
{
// A local-part which doesn't start with a '#' doesn't denote a role.
// Therefore we can skip it.
continue;
}
$local_part = substr($local_part, 1);
/* If role contains spaces, eg. 'foo role', double quotes are added which have to be
removed here.*/
if( $local_part{0} == '#' && $local_part{strlen($local_part) - 1} == '"' )
{
$local_part = substr($local_part, 1);
$local_part = substr($local_part, 0, strlen($local_part) - 1);
}
if (substr($local_part,0,8) == 'il_role_')
{
$role_id = substr($local_part,8);
$query = "SELECT t.tree ".
"FROM rbac_fa fa ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE fa.rol_id = ".$this->ilDB->quote($role_id,'integer')." ".
"AND fa.assign = 'y' ".
"AND t.tree = 1";
$r = $ilDB->query($query);
if ($r->numRows() > 0)
{
$role_ids[] = $role_id;
}
continue;
}
$domain = $address->host;
if (strpos($domain,'[') == 0 && strrpos($domain,']'))
{
$domain = substr($domain,1,strlen($domain) - 2);
}
if (strlen($local_part) == 0)
{
$local_part = $domain;
$address->host = ilMail::ILIAS_HOST;
$domain = ilMail::ILIAS_HOST;
}
if (strtolower($address->host) == ilMail::ILIAS_HOST)
{
// Search for roles = local-part in the whole repository
$query = "SELECT dat.obj_id ".
"FROM object_data dat ".
"JOIN rbac_fa fa ON fa.rol_id = dat.obj_id ".
"JOIN tree t ON t.child = fa.parent ".
"WHERE dat.title =".$this->ilDB->quote($local_part,'text')." ".
"AND dat.type = 'role' ".
"AND fa.assign = 'y' ".
"AND t.tree = 1";
}
else
{
// Search for roles like local-part in objects = host
$query = "SELECT rdat.obj_id ".
"FROM object_data odat ".
"JOIN object_reference oref ON oref.obj_id = odat.obj_id ".
"JOIN tree otree ON otree.child = oref.ref_id ".
"JOIN rbac_fa rfa ON rfa.parent = otree.child ".
"JOIN object_data rdat ON rdat.obj_id = rfa.rol_id ".
"WHERE odat.title = ".$this->ilDB->quote($domain,'text')." ".
"AND otree.tree = 1 ".
"AND rfa.assign = 'y' ".
"AND rdat.title LIKE ".
$this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%','text');
}
$r = $ilDB->query($query);
$count = 0;
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
$count++;
}
// Nothing found?
// In this case, we search for roles = host.
if ($count == 0 && strtolower($address->host) == ilMail::ILIAS_HOST)
{
$q = "SELECT dat.obj_id ".
"FROM object_data dat ".
"JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
"JOIN tree t ON t.child = ref.ref_id ".
"WHERE dat.title = ".$this->ilDB->quote($domain ,'text')." ".
"AND dat.type = 'role' ".
"AND t.tree = 1 ";
$r = $this->ilDB->query($q);
while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
}
}
//echo '<br>ids='.var_export($role_ids,true);
}
}
else
{
// the following code is executed, when Pear Mail is
// not installed
$titles = explode(',', $a_address_list);
$titleList = '';
foreach ($titles as $title)
{
if (strlen($inList) > 0)
{
$titleList .= ',';
}
$title = trim($title);
if (strpos($title,'#') == 0)
{
$titleList .= $this->ilDB->quote(substr($title, 1));
}
}
if (strlen($titleList) > 0)
{
$q = "SELECT obj_id ".
"FROM object_data ".
"WHERE title IN (".$titleList.") ".
"AND type='role'";
$r = $this->ilDB->query($q);
while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
{
$role_ids[] = $row->obj_id;
}
}
}
return $role_ids;
}

+ Here is the call graph for this function:

ilRbacReview::setAssignedCacheEntry (   $a_role_id,
  $a_user_id,
  $a_value 
)

set entry of assigned_chache

Parameters
int$a_role_id
int$a_user_id
bool$a_value

Definition at line 2318 of file class.ilRbacReview.php.

{
self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
}

Field Documentation

ilRbacReview::$_opsCache = null
staticprivate

Definition at line 32 of file class.ilRbacReview.php.

ilRbacReview::$assigned_roles = array()
protected

Definition at line 28 of file class.ilRbacReview.php.

ilRbacReview::$assigned_users_cache = array()
staticprotected

Definition at line 37 of file class.ilRbacReview.php.

ilRbacReview::$is_assigned_cache = array()
staticprotected

Definition at line 42 of file class.ilRbacReview.php.

ilRbacReview::$log = null

Definition at line 29 of file class.ilRbacReview.php.

Referenced by __setProtectedStatus(), and getRoleMailboxAddress().

const ilRbacReview::FILTER_ALL = 1

Definition at line 21 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter(), and ilRoleTableGUI\parse().

const ilRbacReview::FILTER_ALL_GLOBAL = 2

Definition at line 22 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

const ilRbacReview::FILTER_ALL_LOCAL = 3

Definition at line 23 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

const ilRbacReview::FILTER_INTERNAL = 4

Definition at line 24 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter(), and ilRoleTableGUI\parse().

const ilRbacReview::FILTER_NOT_INTERNAL = 5

Definition at line 25 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

const ilRbacReview::FILTER_TEMPLATES = 6

Definition at line 26 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

The documentation for this class was generated from the following file: