ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./Services/Object/classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
17  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21 
29  var $parent;
30 
31  var $allow_register;
32  var $assign_users;
33 
35  var $disk_quota;
36  var $wsp_disk_quota;
37 
44  function ilObjRole($a_id = 0,$a_call_by_reference = false)
45  {
46  $this->type = "role";
47  $this->disk_quota = 0;
48  $this->wsp_disk_quota = 0;
49  $this->ilObject($a_id,$a_call_by_reference);
50  }
51 
60  public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
61  {
62  global $ilDB;
63 
64  // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
65  $res = $ilDB->query("SELECT obj_id FROM object_data ".
66  " WHERE type=".$ilDB->quote("rolt", "text").
67  " AND title=".$ilDB->quote($a_tpl_name, "text"));
68  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
69  {
70  $tpl_id = $row->obj_id;
71  }
72 
73  if(!$tpl_id)
74  {
75  return null;
76  }
77 
78  include_once './Services/AccessControl/classes/class.ilObjRole.php';
79  $role = new ilObjRole();
80  $role->setTitle($a_title);
81  $role->setDescription($a_description);
82  $role->create();
83 
84  $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$a_ref_id,'y');
85 
86  $GLOBALS['rbacadmin']->copyRoleTemplatePermissions(
87  $tpl_id,
88  ROLE_FOLDER_ID,
89  $a_ref_id,
90  $role->getId()
91  );
92 
93  $ops = $GLOBALS['rbacreview']->getOperationsOfRole(
94  $role->getId(),
95  ilObject::_lookupType($a_ref_id, TRUE),
96  $a_ref_id
97  );
98  $GLOBALS['rbacadmin']->grantPermission(
99  $role->getId(),
100  $ops,
101  $a_ref_id
102  );
103  return $role;
104  }
105 
106 
111  public function validate()
112  {
113  global $ilErr;
114 
115  if(substr($this->getTitle(),0,3) == 'il_')
116  {
117  $ilErr->setMessage('msg_role_reserved_prefix');
118  return false;
119  }
120  return true;
121  }
122 
127  public function getPresentationTitle()
128  {
129  return ilObjRole::_getTranslation($this->getTitle());
130  }
131 
132  function toggleAssignUsersStatus($a_assign_users)
133  {
134  $this->assign_users = (int) $a_assign_users;
135  }
136  function getAssignUsersStatus()
137  {
138  return $this->assign_users ? $this->assign_users : 0;
139  }
140  // Same method (static)
141  function _getAssignUsersStatus($a_role_id)
142  {
143  global $ilDB;
144 
145  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
146  $res = $ilDB->query($query);
147  while($row = $ilDB->fetchObject($res))
148  {
149  return $row->assign_users ? true : false;
150  }
151  return false;
152  }
153 
158  function read ()
159  {
160  global $ilDB;
161 
162  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
163 
164  $res = $ilDB->query($query);
165  if ($res->numRows() > 0)
166  {
167  $data = $ilDB->fetchAssoc($res);
168 
169  // fill member vars in one shot
170  $this->assignData($data);
171  }
172  else
173  {
174  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
175  }
176 
177  parent::read();
178  }
179 
185  function assignData($a_data)
186  {
187  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
188  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
189  $this->setAllowRegister($a_data["allow_register"]);
190  $this->toggleAssignUsersStatus($a_data['assign_users']);
191  $this->setDiskQuota($a_data['disk_quota']);
192  $this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
193  }
194 
199  function update ()
200  {
201  global $ilDB;
202 
203  $query = "UPDATE role_data SET ".
204  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
205  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
206  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer').", ".
207  "wsp_disk_quota = ".$ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer')." ".
208  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
209  $res = $ilDB->manipulate($query);
210 
211  parent::update();
212 
213  $this->read();
214 
215  return true;
216  }
217 
225  function create()
226  {
227  global $ilDB;
228 
229  $this->id = parent::create();
230 
231  $query = "INSERT INTO role_data ".
232  "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) ".
233  "VALUES ".
234  "(".$ilDB->quote($this->id,'integer').",".
235  $ilDB->quote($this->getAllowRegister(),'integer').",".
236  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
237  $ilDB->quote($this->getDiskQuota(),'integer').",".
238  $ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer').")"
239  ;
240  $res = $ilDB->query($query);
241 
242  return $this->id;
243  }
244 
251  function setAllowRegister($a_allow_register)
252  {
253  if (empty($a_allow_register))
254  {
255  $a_allow_register == 0;
256  }
257 
258  $this->allow_register = (int) $a_allow_register;
259  }
260 
267  function getAllowRegister()
268  {
269  return $this->allow_register ? $this->allow_register : false;
270  }
271 
280  function setDiskQuota($a_disk_quota)
281  {
282  $this->disk_quota = $a_disk_quota;
283  }
284 
294  function getDiskQuota()
295  {
296  return $this->disk_quota;
297  }
298 
299 
308  function setPersonalWorkspaceDiskQuota($a_disk_quota)
309  {
310  $this->wsp_disk_quota = $a_disk_quota;
311  }
312 
322  function getPersonalWorkspaceDiskQuota()
323  {
324  return $this->wsp_disk_quota;
325  }
326 
333  function _lookupRegisterAllowed()
334  {
335  global $ilDB;
336 
337  $query = "SELECT * FROM role_data ".
338  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
339  "WHERE allow_register = 1";
340  $res = $ilDB->query($query);
341 
342  $roles = array();
343  while($role = $ilDB->fetchAssoc($res))
344  {
345  $roles[] = array("id" => $role["obj_id"],
346  "title" => $role["title"],
347  "auth_mode" => $role['auth_mode']);
348  }
349 
350  return $roles;
351  }
352 
359  function _lookupAllowRegister($a_role_id)
360  {
361  global $ilDB;
362 
363  $query = "SELECT * FROM role_data ".
364  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
365 
366  $res = $ilDB->query($query);
367  if ($role_rec = $ilDB->fetchAssoc($res))
368  {
369  if ($role_rec["allow_register"])
370  {
371  return true;
372  }
373  }
374  return false;
375  }
376 
384  function setParent($a_parent_ref)
385  {
386  $this->parent = $a_parent_ref;
387  }
388 
395  function getParent()
396  {
397  return $this->parent;
398  }
399 
400 
407  function delete()
408  {
409  global $rbacadmin, $rbacreview,$ilDB;
410 
411  // Temporary bugfix
412  if($rbacreview->hasMultipleAssignments($this->getId()))
413  {
414  $GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
415  return false;
416  }
417 
418  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
419  {
420  // do not delete a global role, if the role is the last
421  // role a user is assigned to.
422  //
423  // Performance improvement: In the code section below, we
424  // only need to consider _global_ roles. We don't need
425  // to check for _local_ roles, because a user who has
426  // a local role _always_ has a global role too.
427  $last_role_user_ids = array();
428  if ($this->getParent() == ROLE_FOLDER_ID)
429  {
430  // The role is a global role: check if
431  // we find users who aren't assigned to any
432  // other global role than this one.
433  $user_ids = $rbacreview->assignedUsers($this->getId());
434 
435  foreach ($user_ids as $user_id)
436  {
437  // get all roles each user has
438  $role_ids = $rbacreview->assignedRoles($user_id);
439 
440  // is last role?
441  if (count($role_ids) == 1)
442  {
443  $last_role_user_ids[] = $user_id;
444  }
445  }
446  }
447 
448  // users with last role found?
449  if (count($last_role_user_ids) > 0)
450  {
451  foreach ($last_role_user_ids as $user_id)
452  {
453 //echo "<br>last role for user id:".$user_id.":";
454  // GET OBJECT TITLE
455  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
456  $user_names[] = $tmp_obj->getFullname();
457  unset($tmp_obj);
458  }
459 
460  // TODO: This check must be done in rolefolder object because if multiple
461  // roles were selected the other roles are still deleted and the system does not
462  // give any feedback about this.
463  $users = implode(', ',$user_names);
464  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
465  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
466  }
467  else
468  {
469  // IT'S A BASE ROLE
470  $rbacadmin->deleteRole($this->getId(),$this->getParent());
471 
472  // Delete ldap role group mappings
473  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
474  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
475 
476  // delete object_data entry
477  parent::delete();
478 
479  // delete role_data entry
480  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
481  $res = $ilDB->manipulate($query);
482 
483  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
484  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
485  $role_desk_item_obj->deleteAll();
486 
487  }
488  }
489  else
490  {
491  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
492  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
493  }
494  return true;
495  }
496 
497  function getCountMembers()
498  {
499  global $rbacreview;
500 
501  return count($rbacreview->assignedUsers($this->getId()));
502  }
503 
504  function _getTranslation($a_role_title)
505  {
506  global $lng;
507 
508  $test_str = explode('_',$a_role_title);
509 
510  if ($test_str[0] == 'il')
511  {
512  $test2 = (int) $test_str[3];
513  if ($test2 > 0)
514  {
515  unset($test_str[3]);
516  }
517 
518  return $lng->txt(implode('_',$test_str));
519  }
520 
521  return $a_role_title;
522  }
523 
524 
525 
526  function _updateAuthMode($a_roles)
527  {
528  global $ilDB;
529 
530  foreach ($a_roles as $role_id => $auth_mode)
531  {
532  $query = "UPDATE role_data SET ".
533  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
534  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
535  $res = $ilDB->manipulate($query);
536  }
537  }
538 
539  function _getAuthMode($a_role_id)
540  {
541  global $ilDB;
542 
543  $query = "SELECT auth_mode FROM role_data ".
544  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
545  $res = $ilDB->query($query);
546  $row = $ilDB->fetchAssoc($res);
547 
548  return $row['auth_mode'];
549  }
550 
558  public static function _getRolesByAuthMode($a_auth_mode)
559  {
560  global $ilDB;
561 
562  $query = "SELECT * FROM role_data ".
563  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
564  $res = $ilDB->query($query);
565  $roles = array();
566  while($row = $ilDB->fetchObject($res))
567  {
568  $roles[] = $row->role_id;
569  }
570  return $roles;
571  }
572 
581  public static function _resetAuthMode($a_auth_mode)
582  {
583  global $ilDB;
584 
585  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
586  $res = $ilDB->manipulate($query);
587  }
588 
589  // returns array of operation/objecttype definitions
590  // private
591  function __getPermissionDefinitions()
592  {
593  global $ilDB, $lng, $objDefinition,$rbacreview;
594 
595  $operation_info = $rbacreview->getOperationAssignment();
596  foreach($operation_info as $info)
597  {
598  if($objDefinition->getDevMode($info['type']))
599  {
600  continue;
601  }
602  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
603  "type" => $info['type']);
604 
605  // handle plugin permission texts
606  $txt = $objDefinition->isPlugin($info['type'])
607  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
608  : $lng->txt($info['type']."_".$info['operation']);
609  if (substr($info['operation'], 0, 7) == "create_" &&
610  $objDefinition->isPlugin(substr($info['operation'], 7)))
611  {
612  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
613  }
614  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
615  "ops_id" => $info['ops_id'],
616  "title" => $info['operation'],
617  "name" => $txt);
618 
619  }
620  return array($rbac_objects,$rbac_operations);
621  }
622 
623 
624  public static function isAutoGenerated($a_role_id)
625  {
626  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
627  }
628 
636  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
637  {
638  global $tree,$rbacreview;
639 
640  // Get node info of subtree
641  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
642 
643  // get local policies
644  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
645 
646  // filter relevant roles
647  $local_policies = array();
648  foreach($all_local_policies as $lp)
649  {
650  if(isset($nodes[$lp]))
651  {
652  $local_policies[] = $lp;
653  }
654  }
655 
656  // Delete deprecated policies
657  switch($a_mode)
658  {
659  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
660  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
661  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
662  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
663  break;
664  }
665  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
666 
667  #var_dump(memory_get_peak_usage());
668  #var_dump(memory_get_usage());
669  }
670 
676  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
677  {
678  global $rbacreview,$rbacadmin;
679 
680  $local_policies = array();
681  foreach($a_policies as $policy)
682  {
683  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
684  {
685  $local_policies[] = $policy;
686  continue;
687  }
688  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
689  {
690  $local_policies[] = $policy;
691  continue;
692  }
693  $rbacadmin->deleteLocalRole($this->getId(),$policy);
694  }
695  return $local_policies;
696  }
697 
706  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
707  {
708  global $rbacadmin, $rbacreview, $tree;
709 
710  $operation_stack = array();
711  $policy_stack = array();
712  $node_stack = array();
713 
714  $start_node = current($a_nodes);
715  array_push($node_stack,$start_node);
716  $this->updatePolicyStack($policy_stack, $start_node['child']);
717  $this->updateOperationStack($operation_stack, $start_node['child'],true);
718 
719  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
720  $rbac_log_active = ilRbacLog::isActive();
721 
722  $local_policy = false;
723  foreach($a_nodes as $node)
724  {
725  $cmp_node = end($node_stack);
726  while($relation = $tree->getRelationOfNodes($node,$cmp_node))
727  {
728  switch($relation)
729  {
730  case ilTree::RELATION_NONE:
731  case ilTree::RELATION_SIBLING:
732  $GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none relation.');
733  array_pop($operation_stack);
734  array_pop($policy_stack);
735  array_pop($node_stack);
736  $cmp_node = end($node_stack);
737  $local_policy = false;
738  break;
739 
740  case ilTree::RELATION_CHILD:
741  case ilTree::RELATION_EQUALS:
742  case ilTree::RELATION_PARENT:
743  default:
744  $GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
745  break 2;
746  }
747 
748  }
749 
750  if($local_policy)
751  {
752  continue;
753  }
754 
755  // Start node => set permissions and continue
756  if($node['child'] == $start_node['child'])
757  {
758  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
759  {
760  if($rbac_log_active)
761  {
762  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
763  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
764  }
765 
766  // Set permissions
767  $perms = end($operation_stack);
768  $rbacadmin->grantPermission(
769  $this->getId(),
770  (array) $perms[$node['type']],
771  $node['child']
772  );
773 
774  if($rbac_log_active)
775  {
776  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
777  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
778  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
779  }
780  }
781  continue;
782  }
783 
784  // Node has local policies => update permission stack and continue
785  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
786  {
787  $local_policy = true;
788  $this->updatePolicyStack($policy_stack, $node['child']);
789  $this->updateOperationStack($operation_stack, $node['child']);
790  array_push($node_stack, $node);
791  continue;
792  }
793 
794  // Continue if this object type is not in filter
795  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
796  {
797  continue;
798  }
799 
800  if($rbac_log_active)
801  {
802  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
803  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
804  }
805 
806  // Node is course => create course permission intersection
807  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
808  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
809 
810  {
811  // Copy role permission intersection
812  $perms = end($operation_stack);
813  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
814  if($this->updateOperationStack($operation_stack,$node['child']))
815  {
816  $this->updatePolicyStack($policy_stack, $node['child']);
817  array_push($node_stack, $node);
818  }
819  }
820 
821  // Node is group => create group permission intersection
822  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
823  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
824  {
825  // Copy role permission intersection
826  $perms = end($operation_stack);
827  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
828  if($this->updateOperationStack($operation_stack,$node['child']))
829  {
830  $this->updatePolicyStack($policy_stack, $node['child']);
831  array_push($node_stack, $node);
832  }
833  }
834 
835  // Set permission
836  $perms = end($operation_stack);
837  $rbacadmin->grantPermission(
838  $this->getId(),
839  (array) $perms[$node['type']],
840  $node['child']
841  );
842 
843  if($rbac_log_active)
844  {
845  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
846  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
847  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
848  }
849  }
850  }
851 
858  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
859  {
860  if(in_array($a_type,$a_exclusion_filter))
861  {
862  return false;
863  }
864 
865  if(in_array('all',$a_filter))
866  {
867  return true;
868  }
869  return in_array($a_type,$a_filter);
870  }
871 
878  protected function updateOperationStack(&$a_stack,$a_node, $a_init = false)
879  {
880  global $rbacreview;
881 
882  $has_policies = null;
883  $policy_origin = null;
884 
885  if($a_node == ROOT_FOLDER_ID)
886  {
887  $has_policies = TRUE;
888  $policy_origin = ROLE_FOLDER_ID;
889  }
890  else
891  {
892  $has_policies = $rbacreview->getLocalPolicies($a_node);
893  $policy_origin = $a_node;
894 
895  if($a_init)
896  {
897  $parent_roles = $rbacreview->getParentRoleIds($a_node,false);
898  if($parent_roles[$this->getId()])
899  {
900  $a_stack[] = $rbacreview->getAllOperationsOfRole(
901  $this->getId(),
902  $parent_roles[$this->getId()]['parent']
903  );
904  }
905  return true;
906  }
907 
908  }
909 
910  if(!$has_policies)
911  {
912  return false;
913  }
914 
915  $a_stack[] = $rbacreview->getAllOperationsOfRole(
916  $this->getId(),
917  $policy_origin
918  );
919  return true;
920  }
921 
927  protected function updatePolicyStack(&$a_stack,$a_node)
928  {
929  global $rbacreview;
930 
931  $has_policies = null;
932  $policy_origin = null;
933 
934  if($a_node == ROOT_FOLDER_ID)
935  {
936  $has_policies = TRUE;
937  $policy_origin = ROLE_FOLDER_ID;
938  }
939  else
940  {
941  $has_policies = $rbacreview->getLocalPolicies($a_node);
942  $policy_origin = $a_node;
943  }
944 
945  if(!$has_policies)
946  {
947  return false;
948  }
949 
950  $a_stack[] = $policy_origin;
951  return true;
952  }
953 
961  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
962  {
963  global $ilDB, $rbacreview,$rbacadmin;
964 
965  static $course_non_member_id = null;
966  static $group_non_member_id = null;
967  static $group_open_id = null;
968  static $group_closed_id = null;
969 
970  // Get template id
971  switch($a_type)
972  {
973  case 'grp':
974 
975  include_once './Modules/Group/classes/class.ilObjGroup.php';
976  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
977  #var_dump("GROUP TYPE",$type);
978  switch($type)
979  {
980  case GRP_TYPE_CLOSED:
981  if(!$group_closed_id)
982  {
983  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
984  $res = $ilDB->query($query);
985  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
986  {
987  $group_closed_id = $row->obj_id;
988  }
989  }
990  $template_id = $group_closed_id;
991  #var_dump("GROUP CLOSED id:" . $template_id);
992  break;
993 
994  case GRP_TYPE_OPEN:
995  default:
996  if(!$group_open_id)
997  {
998  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
999  $res = $ilDB->query($query);
1000  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1001  {
1002  $group_open_id = $row->obj_id;
1003  }
1004  }
1005  $template_id = $group_open_id;
1006  #var_dump("GROUP OPEN id:" . $template_id);
1007  break;
1008  }
1009  break;
1010 
1011  case 'crs':
1012  if(!$course_non_member_id)
1013  {
1014  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
1015  $res = $ilDB->query($query);
1016  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1017  {
1018  $course_non_member_id = $row->obj_id;
1019  }
1020  }
1021  $template_id = $course_non_member_id;
1022  break;
1023  }
1024 
1025  $current_ops = $a_current_ops[$a_type];
1026 
1027  // Create intersection template permissions
1028  if($template_id)
1029  {
1030  //$rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
1031 
1032  $rbacadmin->copyRolePermissionIntersection(
1033  $template_id, ROLE_FOLDER_ID,
1034  $this->getId(), end($policy_stack),
1035  $a_id,$this->getId()
1036  );
1037  }
1038  else
1039  {
1040  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1041  }
1042  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1043  if($a_id and !$GLOBALS['rbacreview']->isRoleAssignedToObject($this->getId(),$a_id))
1044  {
1045  $rbacadmin->assignRoleToFolder($this->getId(),$a_id,"n");
1046  }
1047  return true;
1048  }
1049 
1050 } // END class.ilObjRole
1051 ?>