ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions
ilObjRole Class Reference
Services/AccessControl

Class ilObjRole. More...

+ Inheritance diagram for ilObjRole:
+ Collaboration diagram for ilObjRole:

Public Member Functions

 ilObjRole ($a_id=0, $a_call_by_reference=false)
 Constructor public.
 validate ()
 Validate role data.
 getPresentationTitle ()
 return translated title for autogenerated roles
 toggleAssignUsersStatus ($a_assign_users)
 getAssignUsersStatus ()
 _getAssignUsersStatus ($a_role_id)
 read ()
 loads "role" from database private
 assignData ($a_data)
 loads a record "role" from array public
 update ()
 updates a record "role" and write it into database public
 create ()
 create
 setAllowRegister ($a_allow_register)
 set allow_register of role
 getAllowRegister ()
 get allow_register
 setDiskQuota ($a_disk_quota)
 Sets the minimal disk quota imposed by this role.
 getDiskQuota ()
 Gets the minimal disk quota imposed by this role.
 setPersonalWorkspaceDiskQuota ($a_disk_quota)
 Sets the minimal personal workspace disk quota imposed by this role.
 getPersonalWorkspaceDiskQuota ()
 Gets the minimal personal workspace disk quota imposed by this role.
 _lookupRegisterAllowed ()
 get all roles that are activated in user registration
 _lookupAllowRegister ($a_role_id)
 check whether role is allowed in user registration or not
 setParent ($a_parent_ref)
 set reference id of parent object this is neccessary for non RBAC protected objects!!!
 getParent ()
 get reference id of parent object
 delete ()
 delete role and all related data
 getCountMembers ()
 _getTranslation ($a_role_title)
 _updateAuthMode ($a_roles)
 _getAuthMode ($a_role_id)
 __getPermissionDefinitions ()
 changeExistingObjects ($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
 Change existing objects.
- Public Member Functions inherited from ilObject
 ilObject ($a_id=0, $a_reference=true)
 Constructor public.
 withReferences ()
 determines wehter objects are referenced or not (got ref ids or not)
 read ($a_force_db=false)
 read object data from db into object
 getId ()
 get object id public
 setId ($a_id)
 set object id public
 setRefId ($a_id)
 set reference id public
 getRefId ()
 get reference id public
 getType ()
 get object type public
 setType ($a_type)
 set object type public
 getTitle ()
 get object title public
 getUntranslatedTitle ()
 get untranslated object title public
 setTitle ($a_title)
 set object title
 getDescription ()
 get object description
 setDescription ($a_desc)
 set object description
 getLongDescription ()
 get object long description (stored in object_description)
 getImportId ()
 get import id
 setImportId ($a_import_id)
 set import id
 getOwner ()
 get object owner
 getOwnerName ()
 _lookupOwnerName ($a_owner_id)
 lookup owner name for owner id
 setOwner ($a_owner)
 set object owner
 getCreateDate ()
 get create date public
 getLastUpdateDate ()
 get last update date public
 getDiskUsage ()
 Gets the disk usage of the object in bytes.
 setObjDataRecord ($a_record)
 set object_data record (note: this method should only be called from the ilObjectFactory class)
 MDUpdateListener ($a_element)
 Meta data update listener.
 createMetaData ()
 create meta data entry
 updateMetaData ()
 update meta data entry
 deleteMetaData ()
 delete meta data entry
 updateOwner ()
 update owner of object in db
 _getIdForImportId ($a_import_id)
 get current object id for import id (static)
 _lookupOwner ($a_id)
 lookup object owner
 _lookupLastUpdate ($a_id, $a_as_string=false)
 lookup last update
 _getLastUpdateOfObjects ($a_objs)
 Get last update for a set of media objects.
 _setDeletedDate ($a_ref_id)
 only called in ilTree::saveSubTree
 _resetDeletedDate ($a_ref_id)
 only called in ilObjectGUI::insertSavedNodes
 _lookupDeletedDate ($a_ref_id)
 only called in ilObjectGUI::insertSavedNodes
 _writeTitle ($a_obj_id, $a_title)
 write title to db (static)
 _writeDescription ($a_obj_id, $a_desc)
 write description to db (static)
 _writeImportId ($a_obj_id, $a_import_id)
 write import id to db (static)
 _isInTrash ($a_ref_id)
 checks wether object is in trash
 _hasUntrashedReference ($a_obj_id)
 checks wether an object has at least one reference that is not in trash
 _getObjectsDataForType ($a_type, $a_omit_trash=false)
 get all objects of a certain type
 putInTree ($a_parent_ref)
 maybe this method should be in tree object!?
 setPermissions ($a_parent_ref)
 set permissions of object
 setParentRolePermissions ($a_parent_ref)
 Initialize the permissions of parent roles (local roles of categories, global roles...) This method is overwritten in e.g courses, groups for building permission intersections with non_member templates.
 createReference ()
 creates reference for object
 countReferences ()
 count references of object
 initDefaultRoles ()
 init default roles settings Purpose of this function is to create a local role folder and local roles, that are needed depending on the object type If you want to setup default local roles you MUST overwrite this method in derived object classes (see ilObjForum for an example) public
 applyDidacticTemplate ($a_tpl_id)
 Apply template.
 notify ($a_event, $a_ref_id, $a_parent_non_rbac_id, $a_node_id, $a_params=0)
 notifys an object about an event occured Based on the event passed, each object may decide how it reacts.
 setRegisterMode ($a_bool)
 isUserRegistered ($a_user_id=0)
 requireRegistration ()
 getXMLZip ()
 getHTMLDirectory ()
 cloneObject ($a_target_id, $a_copy_id=0, $a_omit_tree=false)
 Clone object permissions, put in tree ...
 appendCopyInfo ($a_target_id, $a_copy_id)
 Prepend Copy info if object with same name exists in that container.
 cloneDependencies ($a_target_id, $a_copy_id)
 Clone object dependencies.
 cloneMetaData ($target_obj)
 Copy meta data.
 _lookupCreationDate ($a_id)
 Lookup creation date.

Static Public Member Functions

static createDefaultRole ($a_title, $a_description, $a_tpl_name, $a_ref_id)
static _getRolesByAuthMode ($a_auth_mode)
 Get roles by auth mode.
static _resetAuthMode ($a_auth_mode)
 Reset auth mode to default.
static isAutoGenerated ($a_role_id)
- Static Public Member Functions inherited from ilObject
static _lookupObjIdByImportId ($a_import_id)
static _getAllReferences ($a_id)
 get all reference ids of object
static _lookupTitle ($a_id)
 lookup object title
static _getIdsForTitle ($title, $type= '', $partialmatch=false)
static _lookupDescription ($a_id)
 lookup object description
static _lookupObjId ($a_id)
static setDeletedDates ($a_ref_ids)
 Set deleted date type $ilDB.
static _lookupType ($a_id, $a_reference=false)
 lookup object type
static _lookupObjectId ($a_ref_id)
 lookup object id
static _exists ($a_id, $a_reference=false, $a_type=null)
 checks if an object exists in object_data
static _getObjectsByType ($a_obj_type="", $a_owner="")
 Get objects by type.
static _prepareCloneSelection ($a_ref_ids, $new_type, $show_path=true)
 Prepare copy wizard object selection.
static _getIcon ($a_obj_id="", $a_size="big", $a_type="", $a_offline=false)
 Get icon for repository item.
static collectDeletionDependencies (&$deps, $a_ref_id, $a_obj_id, $a_type, $a_depth=0)
 Collect deletion dependencies.
static getDeletionDependencies ($a_obj_id)
 Get deletion dependencies.
static getLongDescriptions (array $a_obj_ids)
 Get long description data.
static getAllOwnedRepositoryObjects ($a_user_id)
 Get all ids of objects user owns.
static hasAutoRating ($a_type, $a_ref_id)
 Check if auto rating is active for parent group/course.

Data Fields

const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1
const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4
 $parent
 $allow_register
 $assign_users
 $disk_quota
 The disk quota in bytes.
 $wsp_disk_quota
- Data Fields inherited from ilObject
const TITLE_LENGTH = 255
 max length of object title
const DESC_LENGTH = 128
 $ilias
 $lng
 $id
 $ref_id
 $type
 $title
 $untranslatedTitle
 $desc
 $long_desc
 $owner
 $create_date
 $last_update
 $import_id
 $register = false
 $referenced
 $objectList
 $max_title
 $max_desc
 $add_dots
 $obj_data_record
 object_data record

Protected Member Functions

 deleteLocalPolicies ($a_start, $a_policies, $a_filter)
 Delete local policies.
 adjustPermissions ($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
 Adjust permissions.
 isHandledObjectType ($a_filter, $a_exclusion_filter, $a_type)
 Check if type is filterer.
 updateOperationStack (&$a_stack, $a_node, $a_init=false)
 Update operation stack.
 updatePolicyStack (&$a_stack, $a_node)
 Update policy stack.
 createPermissionIntersection ($policy_stack, $a_current_ops, $a_id, $a_type)
 Create course group permission intersection.

Detailed Description

Class ilObjRole.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
Id:
class.ilObjRole.php 57801 2015-02-04 10:42:26Z smeyer

Definition at line 15 of file class.ilObjRole.php.

Member Function Documentation

ilObjRole::__getPermissionDefinitions ( )

Definition at line 591 of file class.ilObjRole.php.

References $ilDB, ilObject\$lng, $txt, and ilPlugin\lookupTxt().

{
global $ilDB, $lng, $objDefinition,$rbacreview;
$operation_info = $rbacreview->getOperationAssignment();
foreach($operation_info as $info)
{
if($objDefinition->getDevMode($info['type']))
{
continue;
}
$rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
"type" => $info['type']);
// handle plugin permission texts
$txt = $objDefinition->isPlugin($info['type'])
? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
: $lng->txt($info['type']."_".$info['operation']);
if (substr($info['operation'], 0, 7) == "create_" &&
$objDefinition->isPlugin(substr($info['operation'], 7)))
{
$txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
}
$rbac_operations[$info['typ_id']][$info['ops_id']] = array(
"ops_id" => $info['ops_id'],
"title" => $info['operation'],
"name" => $txt);
}
return array($rbac_objects,$rbac_operations);
}

+ Here is the call graph for this function:

ilObjRole::_getAssignUsersStatus (   $a_role_id)

Definition at line 141 of file class.ilObjRole.php.

References $ilDB, $query, $res, and $row.

Referenced by ilRbacReview\getGlobalAssignableRoles(), ilObjUserFolderGUI\importUserRoleAssignmentObject(), ilSoapUserAdministration\importUsers(), ilObjUserFolderGUI\importUsersObject(), ilObjUserGUI\initCreate(), and ilSoapUserAdministration\isPermittedRole().

{
global $ilDB;
$query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
$res = $ilDB->query($query);
while($row = $ilDB->fetchObject($res))
{
return $row->assign_users ? true : false;
}
return false;
}

+ Here is the caller graph for this function:

ilObjRole::_getAuthMode (   $a_role_id)

Definition at line 539 of file class.ilObjRole.php.

References $ilDB, $query, $res, and $row.

{
global $ilDB;
$query = "SELECT auth_mode FROM role_data ".
"WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
$res = $ilDB->query($query);
$row = $ilDB->fetchAssoc($res);
return $row['auth_mode'];
}
static ilObjRole::_getRolesByAuthMode (   $a_auth_mode)
static

Get roles by auth mode.

public

Parameters
stringauth mode

Definition at line 558 of file class.ilObjRole.php.

References $ilDB, $query, $res, and $row.

Referenced by ilRadiusSettings\read().

{
global $ilDB;
$query = "SELECT * FROM role_data ".
"WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
$res = $ilDB->query($query);
$roles = array();
while($row = $ilDB->fetchObject($res))
{
$roles[] = $row->role_id;
}
return $roles;
}

+ Here is the caller graph for this function:

ilObjRole::_getTranslation (   $a_role_title)

Definition at line 504 of file class.ilObjRole.php.

References ilObject\$lng.

Referenced by ilCourseEditParticipantsTableGUI\__construct(), ilObjRoleGUI\adoptPermObject(), ilObjRoleFolderGUI\confirmDeleteObject(), ilObjectRolePermissionTableGUI\createTitle(), ilObjectPermissionStatusGUI\getAssignedValidRoles(), ilObjectPermissionStatusGUI\getAvailableRolesTableData(), ilObjCourse\getLocalCourseRoles(), ilObjGroup\getLocalGroupRoles(), ilObjiLincCourse\getLocalRoles(), ilObjGroupGUI\getLocalRoles(), ilObjCourseGUI\getLocalRoles(), ilObjiLincCourse\getMemberRolesTitle(), getPresentationTitle(), ilObjBlog\getRolesWithContribute(), ilPermissionGUI\initRoleForm(), ilObjiLincCourseGUI\mailMembersObject(), ilObjGroupGUI\mailMembersObject(), ilObjCourseGUI\mailMembersObject(), ilRoleSelectionTableGUI\parse(), ilRoleTableGUI\parse(), ilObjRoleTemplateGUI\permObject(), ilObjUserGUI\roleassignmentObject(), ilPermissionGUI\showConfirmBlockRole(), and ilSoapRoleObjectXMLWriter\start().

{
global $lng;
$test_str = explode('_',$a_role_title);
if ($test_str[0] == 'il')
{
$test2 = (int) $test_str[3];
if ($test2 > 0)
{
unset($test_str[3]);
}
return $lng->txt(implode('_',$test_str));
}
return $a_role_title;
}

+ Here is the caller graph for this function:

ilObjRole::_lookupAllowRegister (   $a_role_id)

check whether role is allowed in user registration or not

Parameters
int$a_role_idrole id
Returns
boolean true if role is allowed in user registration

Definition at line 359 of file class.ilObjRole.php.

References $ilDB, $query, and $res.

Referenced by ilRegistrationSettingsGUI\editRoles(), and ilAccountRegistrationGUI\saveForm().

{
global $ilDB;
$query = "SELECT * FROM role_data ".
" WHERE role_id =".$ilDB->quote($a_role_id,'integer');
$res = $ilDB->query($query);
if ($role_rec = $ilDB->fetchAssoc($res))
{
if ($role_rec["allow_register"])
{
return true;
}
}
return false;
}

+ Here is the caller graph for this function:

ilObjRole::_lookupRegisterAllowed ( )

get all roles that are activated in user registration

public

Returns
array array of int: role ids

Definition at line 333 of file class.ilObjRole.php.

References $ilDB, $query, and $res.

Referenced by ilRegistrationSettingsGUI\__prepareAccessLimitationRoleList(), ilRegistrationSettingsGUI\__prepareRoleList(), ilShopUtils\_createRandomUserAccount(), ilUserProfile\addStandardFieldsToForm(), ilObjAuthSettingsGUI\authSettingsObject(), ilRegistrationSettingsGUI\editRoleAccessLimitations(), and ilRegistrationSettingsGUI\saveRoleAccessLimitations().

{
global $ilDB;
$query = "SELECT * FROM role_data ".
"JOIN object_data ON object_data.obj_id = role_data.role_id ".
"WHERE allow_register = 1";
$res = $ilDB->query($query);
$roles = array();
while($role = $ilDB->fetchAssoc($res))
{
$roles[] = array("id" => $role["obj_id"],
"title" => $role["title"],
"auth_mode" => $role['auth_mode']);
}
return $roles;
}

+ Here is the caller graph for this function:

static ilObjRole::_resetAuthMode (   $a_auth_mode)
static

Reset auth mode to default.

public

Parameters
stringauth mode

Definition at line 581 of file class.ilObjRole.php.

References $ilDB, $query, and $res.

Referenced by ilRadiusSettings\save().

{
global $ilDB;
$query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
$res = $ilDB->manipulate($query);
}

+ Here is the caller graph for this function:

ilObjRole::_updateAuthMode (   $a_roles)

Definition at line 526 of file class.ilObjRole.php.

References $ilDB, $query, and $res.

Referenced by ilRadiusSettings\save(), and ilObjAuthSettingsGUI\updateAuthRolesObject().

{
global $ilDB;
foreach ($a_roles as $role_id => $auth_mode)
{
$query = "UPDATE role_data SET ".
"auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
"WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
$res = $ilDB->manipulate($query);
}
}

+ Here is the caller graph for this function:

ilObjRole::adjustPermissions (   $a_mode,
  $a_nodes,
  $a_policies,
  $a_filter,
  $a_exclusion_filter = array() 
)
protected

Adjust permissions.

Parameters
int$a_mode
array$a_nodesarray of nodes
array$a_policiesarray of object ref ids
array$a_exclusion_filterof object types.
Returns

Definition at line 706 of file class.ilObjRole.php.

References $GLOBALS, ilRbacLog\add(), createPermissionIntersection(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_TEMPLATE_EXISTING, ilRbacLog\gatherFaPa(), ilObject\getId(), ilRbacLog\isActive(), isHandledObjectType(), ilTree\RELATION_CHILD, ilTree\RELATION_EQUALS, ilTree\RELATION_NONE, ilTree\RELATION_PARENT, ilTree\RELATION_SIBLING, updateOperationStack(), and updatePolicyStack().

Referenced by changeExistingObjects().

{
global $rbacadmin, $rbacreview, $tree;
$operation_stack = array();
$policy_stack = array();
$node_stack = array();
$start_node = current($a_nodes);
array_push($node_stack,$start_node);
$this->updatePolicyStack($policy_stack, $start_node['child']);
$this->updateOperationStack($operation_stack, $start_node['child'],true);
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$rbac_log_active = ilRbacLog::isActive();
$local_policy = false;
foreach($a_nodes as $node)
{
$cmp_node = end($node_stack);
while($relation = $tree->getRelationOfNodes($node,$cmp_node))
{
switch($relation)
{
case ilTree::RELATION_NONE:
case ilTree::RELATION_SIBLING:
$GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none relation.');
array_pop($operation_stack);
array_pop($policy_stack);
array_pop($node_stack);
$cmp_node = end($node_stack);
$local_policy = false;
break;
case ilTree::RELATION_CHILD:
case ilTree::RELATION_EQUALS:
case ilTree::RELATION_PARENT:
default:
$GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
break 2;
}
}
if($local_policy)
{
continue;
}
// Start node => set permissions and continue
if($node['child'] == $start_node['child'])
{
if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
{
if($rbac_log_active)
{
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
// Set permissions
$perms = end($operation_stack);
$rbacadmin->grantPermission(
$this->getId(),
(array) $perms[$node['type']],
$node['child']
);
if($rbac_log_active)
{
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
continue;
}
// Node has local policies => update permission stack and continue
if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
{
$local_policy = true;
$this->updatePolicyStack($policy_stack, $node['child']);
$this->updateOperationStack($operation_stack, $node['child']);
array_push($node_stack, $node);
continue;
}
// Continue if this object type is not in filter
if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
{
continue;
}
if($rbac_log_active)
{
$rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
$rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
}
// Node is course => create course permission intersection
if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
$a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
{
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
if($this->updateOperationStack($operation_stack,$node['child']))
{
$this->updatePolicyStack($policy_stack, $node['child']);
array_push($node_stack, $node);
}
}
// Node is group => create group permission intersection
if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
$a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
{
// Copy role permission intersection
$perms = end($operation_stack);
$this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
if($this->updateOperationStack($operation_stack,$node['child']))
{
$this->updatePolicyStack($policy_stack, $node['child']);
array_push($node_stack, $node);
}
}
// Set permission
$perms = end($operation_stack);
$rbacadmin->grantPermission(
$this->getId(),
(array) $perms[$node['type']],
$node['child']
);
if($rbac_log_active)
{
$rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
$rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
}
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::assignData (   $a_data)

loads a record "role" from array public

Parameters
arrayroledata

Definition at line 185 of file class.ilObjRole.php.

References setAllowRegister(), ilObject\setDescription(), setDiskQuota(), setPersonalWorkspaceDiskQuota(), ilObject\setTitle(), ilUtil\stripSlashes(), and toggleAssignUsersStatus().

Referenced by read().

{
$this->setTitle(ilUtil::stripSlashes($a_data["title"]));
$this->setDescription(ilUtil::stripslashes($a_data["desc"]));
$this->setAllowRegister($a_data["allow_register"]);
$this->toggleAssignUsersStatus($a_data['assign_users']);
$this->setDiskQuota($a_data['disk_quota']);
$this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::changeExistingObjects (   $a_start_node,
  $a_mode,
  $a_filter,
  $a_exclusion_filter = array() 
)

Change existing objects.

Parameters
int$a_start_node
int$a_mode
arrayfilter Filter of object types (array('all') => change all objects
Returns

Definition at line 636 of file class.ilObjRole.php.

References adjustPermissions(), deleteLocalPolicies(), and ilObject\getId().

{
global $tree,$rbacreview;
// Get node info of subtree
$nodes = $tree->getRbacSubtreeInfo($a_start_node);
// get local policies
$all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
// filter relevant roles
$local_policies = array();
foreach($all_local_policies as $lp)
{
if(isset($nodes[$lp]))
{
$local_policies[] = $lp;
}
}
// Delete deprecated policies
switch($a_mode)
{
case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
$local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
#$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
break;
}
$this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
#var_dump(memory_get_peak_usage());
#var_dump(memory_get_usage());
}

+ Here is the call graph for this function:

ilObjRole::create ( )

create

public

Returns
integer object id

Reimplemented from ilObject.

Definition at line 225 of file class.ilObjRole.php.

References ilObject\$id, $ilDB, $query, $res, getAllowRegister(), getAssignUsersStatus(), getDiskQuota(), and getPersonalWorkspaceDiskQuota().

{
global $ilDB;
$this->id = parent::create();
$query = "INSERT INTO role_data ".
"(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) ".
"VALUES ".
"(".$ilDB->quote($this->id,'integer').",".
$ilDB->quote($this->getAllowRegister(),'integer').",".
$ilDB->quote($this->getAssignUsersStatus(),'integer').",".
$ilDB->quote($this->getDiskQuota(),'integer').",".
$ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer').")"
;
$res = $ilDB->query($query);
return $this->id;
}

+ Here is the call graph for this function:

static ilObjRole::createDefaultRole (   $a_title,
  $a_description,
  $a_tpl_name,
  $a_ref_id 
)
static
Parameters
type$a_title
type$a_description
type$a_tpl_name
type$a_ref_id
Returns
ilObjRole

Definition at line 60 of file class.ilObjRole.php.

References $GLOBALS, $ilDB, $res, $row, ilObject\_lookupType(), DB_FETCHMODE_OBJECT, and ilObjRole().

Referenced by ilObjChatroom\initDefaultRoles(), ilObjOrgUnit\initDefaultRoles(), ilObjForum\initDefaultRoles(), ilObjBlog\initDefaultRoles(), ilObjGroup\initDefaultRoles(), and ilObjCourse\initDefaultRoles().

{
global $ilDB;
// SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
$res = $ilDB->query("SELECT obj_id FROM object_data ".
" WHERE type=".$ilDB->quote("rolt", "text").
" AND title=".$ilDB->quote($a_tpl_name, "text"));
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$tpl_id = $row->obj_id;
}
if(!$tpl_id)
{
return null;
}
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle($a_title);
$role->setDescription($a_description);
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$a_ref_id,'y');
$GLOBALS['rbacadmin']->copyRoleTemplatePermissions(
$tpl_id,
ROLE_FOLDER_ID,
$a_ref_id,
$role->getId()
);
$ops = $GLOBALS['rbacreview']->getOperationsOfRole(
$role->getId(),
ilObject::_lookupType($a_ref_id, TRUE),
$a_ref_id
);
$GLOBALS['rbacadmin']->grantPermission(
$role->getId(),
$ops,
$a_ref_id
);
return $role;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::createPermissionIntersection (   $policy_stack,
  $a_current_ops,
  $a_id,
  $a_type 
)
protected

Create course group permission intersection.

Parameters
arrayoperation stack
int$a_id
string$a_type
Returns

Definition at line 961 of file class.ilObjRole.php.

References $GLOBALS, $ilDB, $query, $res, $row, ilObject\$type, ilObject\_lookupObjId(), DB_FETCHMODE_OBJECT, ilObject\getId(), GRP_TYPE_CLOSED, GRP_TYPE_OPEN, and ilObjGroup\lookupGroupTye().

Referenced by adjustPermissions().

{
global $ilDB, $rbacreview,$rbacadmin;
static $course_non_member_id = null;
static $group_non_member_id = null;
static $group_open_id = null;
static $group_closed_id = null;
// Get template id
switch($a_type)
{
case 'grp':
include_once './Modules/Group/classes/class.ilObjGroup.php';
$type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
#var_dump("GROUP TYPE",$type);
switch($type)
{
case GRP_TYPE_CLOSED:
if(!$group_closed_id)
{
$query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$group_closed_id = $row->obj_id;
}
}
$template_id = $group_closed_id;
#var_dump("GROUP CLOSED id:" . $template_id);
break;
case GRP_TYPE_OPEN:
default:
if(!$group_open_id)
{
$query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$group_open_id = $row->obj_id;
}
}
$template_id = $group_open_id;
#var_dump("GROUP OPEN id:" . $template_id);
break;
}
break;
case 'crs':
if(!$course_non_member_id)
{
$query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
$res = $ilDB->query($query);
while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
{
$course_non_member_id = $row->obj_id;
}
}
$template_id = $course_non_member_id;
break;
}
$current_ops = $a_current_ops[$a_type];
// Create intersection template permissions
if($template_id)
{
//$rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
$rbacadmin->copyRolePermissionIntersection(
$template_id, ROLE_FOLDER_ID,
$this->getId(), end($policy_stack),
$a_id,$this->getId()
);
}
else
{
#echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
}
#echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
if($a_id and !$GLOBALS['rbacreview']->isRoleAssignedToObject($this->getId(),$a_id))
{
$rbacadmin->assignRoleToFolder($this->getId(),$a_id,"n");
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::delete ( )

delete role and all related data

public

Returns
boolean true if all object data were removed; false if only a references were removed

Reimplemented from ilObject.

Definition at line 407 of file class.ilObjRole.php.

References $GLOBALS, $ilDB, $query, $res, ilLDAPRoleGroupMappingSettings\_deleteByRole(), ilObject\getId(), and getParent().

{
global $rbacadmin, $rbacreview,$ilDB;
// Temporary bugfix
if($rbacreview->hasMultipleAssignments($this->getId()))
{
$GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
return false;
}
if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
{
// do not delete a global role, if the role is the last
// role a user is assigned to.
//
// Performance improvement: In the code section below, we
// only need to consider _global_ roles. We don't need
// to check for _local_ roles, because a user who has
// a local role _always_ has a global role too.
$last_role_user_ids = array();
if ($this->getParent() == ROLE_FOLDER_ID)
{
// The role is a global role: check if
// we find users who aren't assigned to any
// other global role than this one.
$user_ids = $rbacreview->assignedUsers($this->getId());
foreach ($user_ids as $user_id)
{
// get all roles each user has
$role_ids = $rbacreview->assignedRoles($user_id);
// is last role?
if (count($role_ids) == 1)
{
$last_role_user_ids[] = $user_id;
}
}
}
// users with last role found?
if (count($last_role_user_ids) > 0)
{
foreach ($last_role_user_ids as $user_id)
{
//echo "<br>last role for user id:".$user_id.":";
// GET OBJECT TITLE
$tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
$user_names[] = $tmp_obj->getFullname();
unset($tmp_obj);
}
// TODO: This check must be done in rolefolder object because if multiple
// roles were selected the other roles are still deleted and the system does not
// give any feedback about this.
$users = implode(', ',$user_names);
$this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
$users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
}
else
{
// IT'S A BASE ROLE
$rbacadmin->deleteRole($this->getId(),$this->getParent());
// Delete ldap role group mappings
include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
// delete object_data entry
parent::delete();
// delete role_data entry
$query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
$res = $ilDB->manipulate($query);
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($this->getId());
$role_desk_item_obj->deleteAll();
}
}
else
{
// linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
$rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
}
return true;
}

+ Here is the call graph for this function:

ilObjRole::deleteLocalPolicies (   $a_start,
  $a_policies,
  $a_filter 
)
protected

Delete local policies.

Parameters
array$a_policiesarray of object ref ids that define local policies
Returns

Definition at line 676 of file class.ilObjRole.php.

References ilObject\_lookupObjId(), ilObject\_lookupType(), and ilObject\getId().

Referenced by changeExistingObjects().

{
global $rbacreview,$rbacadmin;
$local_policies = array();
foreach($a_policies as $policy)
{
if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
{
$local_policies[] = $policy;
continue;
}
if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
{
$local_policies[] = $policy;
continue;
}
$rbacadmin->deleteLocalRole($this->getId(),$policy);
}
return $local_policies;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::getAllowRegister ( )

get allow_register

public

Returns
integer

Definition at line 267 of file class.ilObjRole.php.

Referenced by create(), and ilObjRoleGUI\readRoleProperties().

{
return $this->allow_register ? $this->allow_register : false;
}

+ Here is the caller graph for this function:

ilObjRole::getAssignUsersStatus ( )

Definition at line 136 of file class.ilObjRole.php.

Referenced by create(), ilObjRoleGUI\readRoleProperties(), and update().

{
return $this->assign_users ? $this->assign_users : 0;
}

+ Here is the caller graph for this function:

ilObjRole::getCountMembers ( )

Definition at line 497 of file class.ilObjRole.php.

{
global $rbacreview;
return count($rbacreview->assignedUsers($this->getId()));
}
ilObjRole::getDiskQuota ( )

Gets the minimal disk quota imposed by this role.

Returns the minimal disk quota in bytes. The default value is 0.

public

Returns
integer

Definition at line 294 of file class.ilObjRole.php.

References $disk_quota.

Referenced by create(), ilObjRoleGUI\readRoleProperties(), and update().

{
return $this->disk_quota;
}

+ Here is the caller graph for this function:

ilObjRole::getParent ( )

get reference id of parent object

public

Returns
integer ref_id of parent object

Definition at line 395 of file class.ilObjRole.php.

References $parent.

Referenced by delete().

{
return $this->parent;
}

+ Here is the caller graph for this function:

ilObjRole::getPersonalWorkspaceDiskQuota ( )

Gets the minimal personal workspace disk quota imposed by this role.

Returns the minimal disk quota in bytes. The default value is 0.

public

Returns
integer

Definition at line 322 of file class.ilObjRole.php.

References $wsp_disk_quota.

Referenced by create(), ilObjRoleGUI\readRoleProperties(), and update().

{
return $this->wsp_disk_quota;
}

+ Here is the caller graph for this function:

ilObjRole::getPresentationTitle ( )

return translated title for autogenerated roles

Returns

Reimplemented from ilObject.

Definition at line 127 of file class.ilObjRole.php.

References _getTranslation(), and ilObject\getTitle().

{
return ilObjRole::_getTranslation($this->getTitle());
}

+ Here is the call graph for this function:

ilObjRole::ilObjRole (   $a_id = 0,
  $a_call_by_reference = false 
)

Constructor public.

Parameters
integerreference_id or object_id
booleantreat the id as reference_id (true) or object_id (false)

Definition at line 44 of file class.ilObjRole.php.

References ilObject\ilObject().

Referenced by createDefaultRole().

{
$this->type = "role";
$this->disk_quota = 0;
$this->wsp_disk_quota = 0;
$this->ilObject($a_id,$a_call_by_reference);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

static ilObjRole::isAutoGenerated (   $a_role_id)
static

Definition at line 624 of file class.ilObjRole.php.

References ilObject\_lookupTitle().

Referenced by ilObjRoleGUI\initFormRoleProperties().

{
return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::isHandledObjectType (   $a_filter,
  $a_exclusion_filter,
  $a_type 
)
protected

Check if type is filterer.

Parameters
array$a_filter
string$a_type
Returns

Definition at line 858 of file class.ilObjRole.php.

Referenced by adjustPermissions().

{
if(in_array($a_type,$a_exclusion_filter))
{
return false;
}
if(in_array('all',$a_filter))
{
return true;
}
return in_array($a_type,$a_filter);
}

+ Here is the caller graph for this function:

ilObjRole::read ( )

loads "role" from database private

Definition at line 158 of file class.ilObjRole.php.

References $ilDB, $query, $res, and assignData().

Referenced by update().

{
global $ilDB;
$query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
$res = $ilDB->query($query);
if ($res->numRows() > 0)
{
$data = $ilDB->fetchAssoc($res);
// fill member vars in one shot
$this->assignData($data);
}
else
{
$this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
}
parent::read();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::setAllowRegister (   $a_allow_register)

set allow_register of role

public

Parameters
integer

Definition at line 251 of file class.ilObjRole.php.

Referenced by assignData(), and ilObjRoleGUI\loadRoleProperties().

{
if (empty($a_allow_register))
{
$a_allow_register == 0;
}
$this->allow_register = (int) $a_allow_register;
}

+ Here is the caller graph for this function:

ilObjRole::setDiskQuota (   $a_disk_quota)

Sets the minimal disk quota imposed by this role.

The minimal disk quota is specified in bytes. 

@access     public
@param      integer

Definition at line 280 of file class.ilObjRole.php.

Referenced by assignData(), and ilObjRoleGUI\loadRoleProperties().

{
$this->disk_quota = $a_disk_quota;
}

+ Here is the caller graph for this function:

ilObjRole::setParent (   $a_parent_ref)

set reference id of parent object this is neccessary for non RBAC protected objects!!!

public

Parameters
integerref_id of parent object

Definition at line 384 of file class.ilObjRole.php.

{
$this->parent = $a_parent_ref;
}
ilObjRole::setPersonalWorkspaceDiskQuota (   $a_disk_quota)

Sets the minimal personal workspace disk quota imposed by this role.

The minimal disk quota is specified in bytes. 

@access     public
@param      integer

Definition at line 308 of file class.ilObjRole.php.

Referenced by assignData(), and ilObjRoleGUI\loadRoleProperties().

{
$this->wsp_disk_quota = $a_disk_quota;
}

+ Here is the caller graph for this function:

ilObjRole::toggleAssignUsersStatus (   $a_assign_users)

Definition at line 132 of file class.ilObjRole.php.

Referenced by assignData(), and ilObjRoleGUI\loadRoleProperties().

{
$this->assign_users = (int) $a_assign_users;
}

+ Here is the caller graph for this function:

ilObjRole::update ( )

updates a record "role" and write it into database public

Reimplemented from ilObject.

Definition at line 199 of file class.ilObjRole.php.

References $ilDB, $query, $res, getAssignUsersStatus(), getDiskQuota(), getPersonalWorkspaceDiskQuota(), and read().

{
global $ilDB;
$query = "UPDATE role_data SET ".
"allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
"assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
"disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer').", ".
"wsp_disk_quota = ".$ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer')." ".
"WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
$res = $ilDB->manipulate($query);
parent::update();
$this->read();
return true;
}

+ Here is the call graph for this function:

ilObjRole::updateOperationStack ( $a_stack,
  $a_node,
  $a_init = false 
)
protected

Update operation stack.

Parameters
array$a_stack
int$a_node
Returns

Definition at line 878 of file class.ilObjRole.php.

References ilObject\getId().

Referenced by adjustPermissions().

{
global $rbacreview;
$has_policies = null;
$policy_origin = null;
if($a_node == ROOT_FOLDER_ID)
{
$has_policies = TRUE;
$policy_origin = ROLE_FOLDER_ID;
}
else
{
$has_policies = $rbacreview->getLocalPolicies($a_node);
$policy_origin = $a_node;
if($a_init)
{
$parent_roles = $rbacreview->getParentRoleIds($a_node,false);
if($parent_roles[$this->getId()])
{
$a_stack[] = $rbacreview->getAllOperationsOfRole(
$this->getId(),
$parent_roles[$this->getId()]['parent']
);
}
return true;
}
}
if(!$has_policies)
{
return false;
}
$a_stack[] = $rbacreview->getAllOperationsOfRole(
$this->getId(),
$policy_origin
);
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilObjRole::updatePolicyStack ( $a_stack,
  $a_node 
)
protected

Update policy stack.

Parameters
object$a_node
Returns

Definition at line 927 of file class.ilObjRole.php.

Referenced by adjustPermissions().

{
global $rbacreview;
$has_policies = null;
$policy_origin = null;
if($a_node == ROOT_FOLDER_ID)
{
$has_policies = TRUE;
$policy_origin = ROLE_FOLDER_ID;
}
else
{
$has_policies = $rbacreview->getLocalPolicies($a_node);
$policy_origin = $a_node;
}
if(!$has_policies)
{
return false;
}
$a_stack[] = $policy_origin;
return true;
}

+ Here is the caller graph for this function:

ilObjRole::validate ( )

Validate role data.

Returns
bool

Definition at line 111 of file class.ilObjRole.php.

References $ilErr, and ilObject\getTitle().

{
global $ilErr;
if(substr($this->getTitle(),0,3) == 'il_')
{
$ilErr->setMessage('msg_role_reserved_prefix');
return false;
}
return true;
}

+ Here is the call graph for this function:

Field Documentation

ilObjRole::$allow_register

Definition at line 31 of file class.ilObjRole.php.

ilObjRole::$assign_users

Definition at line 32 of file class.ilObjRole.php.

ilObjRole::$disk_quota

The disk quota in bytes.

Definition at line 35 of file class.ilObjRole.php.

Referenced by getDiskQuota().

ilObjRole::$parent

Definition at line 29 of file class.ilObjRole.php.

Referenced by getParent().

ilObjRole::$wsp_disk_quota

Definition at line 36 of file class.ilObjRole.php.

Referenced by getPersonalWorkspaceDiskQuota().

const ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1

Definition at line 17 of file class.ilObjRole.php.

Referenced by ilDidacticTemplateLocalPolicyAction\createLocalPolicy(), ilObjRoleFolderGUI\doCopyRole(), ilDidacticTemplateLocalPolicyAction\revert(), ilDidacticTemplateLocalPolicyAction\revertLocalPolicy(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

const ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2

Definition at line 18 of file class.ilObjRole.php.

Referenced by ilPermissionGUI\addRole(), ilObjRoleGUI\permSaveObject(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

const ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3

Definition at line 19 of file class.ilObjRole.php.

Referenced by ilDidacticTemplateLocalPolicyAction\createLocalPolicy(), ilDidacticTemplateBlockRoleAction\deleteLocalPolicy(), ilObjRoleFolderGUI\doCopyRole(), ilDidacticTemplateLocalPolicyAction\revert(), ilDidacticTemplateLocalPolicyAction\revertLocalPolicy(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

const ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4

Definition at line 20 of file class.ilObjRole.php.

Referenced by ilPermissionGUI\addRole(), ilObjRoleGUI\permSaveObject(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

The documentation for this class was generated from the following file: