ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
17  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21 
29  var $parent;
30 
31  var $allow_register;
32  var $assign_users;
33 
35  var $disk_quota;
36 
43  function ilObjRole($a_id = 0,$a_call_by_reference = false)
44  {
45  $this->type = "role";
46  $this->disk_quota = 0;
47  $this->ilObject($a_id,$a_call_by_reference);
48  }
49 
54  public function validate()
55  {
56  global $ilErr;
57 
58  if(substr($this->getTitle(),0,3) == 'il_')
59  {
60  $ilErr->setMessage('msg_role_reserved_prefix');
61  return false;
62  }
63  return true;
64  }
65 
70  public function getPresentationTitle()
71  {
72  return ilObjRole::_getTranslation($this->getTitle());
73  }
74 
75  function toggleAssignUsersStatus($a_assign_users)
76  {
77  $this->assign_users = (int) $a_assign_users;
78  }
79  function getAssignUsersStatus()
80  {
81  return $this->assign_users ? $this->assign_users : 0;
82  }
83  // Same method (static)
84  function _getAssignUsersStatus($a_role_id)
85  {
86  global $ilDB;
87 
88  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
89  $res = $ilDB->query($query);
90  while($row = $ilDB->fetchObject($res))
91  {
92  return $row->assign_users ? true : false;
93  }
94  return false;
95  }
96 
101  function read ()
102  {
103  global $ilDB;
104 
105  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
106 
107  $res = $ilDB->query($query);
108  if ($res->numRows() > 0)
109  {
110  $data = $ilDB->fetchAssoc($res);
111 
112  // fill member vars in one shot
113  $this->assignData($data);
114  }
115  else
116  {
117  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
118  }
119 
120  parent::read();
121  }
122 
128  function assignData($a_data)
129  {
130  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
131  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
132  $this->setAllowRegister($a_data["allow_register"]);
133  $this->toggleAssignUsersStatus($a_data['assign_users']);
134  $this->setDiskQuota($a_data['disk_quota']);
135  }
136 
141  function update ()
142  {
143  global $ilDB;
144 
145  $query = "UPDATE role_data SET ".
146  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
147  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
148  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer')." ".
149  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
150  $res = $ilDB->manipulate($query);
151 
152  parent::update();
153 
154  $this->read();
155 
156  return true;
157  }
158 
166  function create()
167  {
168  global $ilDB;
169 
170  $this->id = parent::create();
171 
172  $query = "INSERT INTO role_data ".
173  "(role_id,allow_register,assign_users,disk_quota) ".
174  "VALUES ".
175  "(".$ilDB->quote($this->id,'integer').",".
176  $ilDB->quote($this->getAllowRegister(),'integer').",".
177  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
178  $ilDB->quote($this->getDiskQuota(),'integer').")"
179  ;
180  $res = $ilDB->query($query);
181 
182  return $this->id;
183  }
184 
191  function setAllowRegister($a_allow_register)
192  {
193  if (empty($a_allow_register))
194  {
195  $a_allow_register == 0;
196  }
197 
198  $this->allow_register = (int) $a_allow_register;
199  }
200 
207  function getAllowRegister()
208  {
209  return $this->allow_register ? $this->allow_register : false;
210  }
211 
220  function setDiskQuota($a_disk_quota)
221  {
222  $this->disk_quota = $a_disk_quota;
223  }
224 
234  function getDiskQuota()
235  {
236  return $this->disk_quota;
237  }
244  function _lookupRegisterAllowed()
245  {
246  global $ilDB;
247 
248  $query = "SELECT * FROM role_data ".
249  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
250  "WHERE allow_register = 1";
251  $res = $ilDB->query($query);
252 
253  $roles = array();
254  while($role = $ilDB->fetchAssoc($res))
255  {
256  $roles[] = array("id" => $role["obj_id"],
257  "title" => $role["title"],
258  "auth_mode" => $role['auth_mode']);
259  }
260 
261  return $roles;
262  }
263 
270  function _lookupAllowRegister($a_role_id)
271  {
272  global $ilDB;
273 
274  $query = "SELECT * FROM role_data ".
275  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
276 
277  $res = $ilDB->query($query);
278  if ($role_rec = $ilDB->fetchAssoc($res))
279  {
280  if ($role_rec["allow_register"])
281  {
282  return true;
283  }
284  }
285  return false;
286  }
287 
295  function setParent($a_parent_ref)
296  {
297  $this->parent = $a_parent_ref;
298  }
299 
306  function getParent()
307  {
308  return $this->parent;
309  }
310 
311 
318  function delete()
319  {
320  global $rbacadmin, $rbacreview,$ilDB;
321 
322  $role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
323 
324  // Temporary bugfix
325  if($rbacreview->hasMultipleAssignments($this->getId()))
326  {
327  $GLOBALS['ilLog']->write(__METHOD__.': Found role with multiple assignments: '.$this->getId());
328  return false;
329  }
330 
331  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
332  {
333  // do not delete a global role, if the role is the last
334  // role a user is assigned to.
335  //
336  // Performance improvement: In the code section below, we
337  // only need to consider _global_ roles. We don't need
338  // to check for _local_ roles, because a user who has
339  // a local role _always_ has a global role too.
340  $last_role_user_ids = array();
341  if ($this->getParent() == ROLE_FOLDER_ID)
342  {
343  // The role is a global role: check if
344  // we find users who aren't assigned to any
345  // other global role than this one.
346  $user_ids = $rbacreview->assignedUsers($this->getId());
347 
348  foreach ($user_ids as $user_id)
349  {
350  // get all roles each user has
351  $role_ids = $rbacreview->assignedRoles($user_id);
352 
353  // is last role?
354  if (count($role_ids) == 1)
355  {
356  $last_role_user_ids[] = $user_id;
357  }
358  }
359  }
360 
361  // users with last role found?
362  if (count($last_role_user_ids) > 0)
363  {
364  foreach ($last_role_user_ids as $user_id)
365  {
366 //echo "<br>last role for user id:".$user_id.":";
367  // GET OBJECT TITLE
368  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
369  $user_names[] = $tmp_obj->getFullname();
370  unset($tmp_obj);
371  }
372 
373  // TODO: This check must be done in rolefolder object because if multiple
374  // roles were selected the other roles are still deleted and the system does not
375  // give any feedback about this.
376  $users = implode(', ',$user_names);
377  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
378  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
379  }
380  else
381  {
382  // IT'S A BASE ROLE
383  $rbacadmin->deleteRole($this->getId(),$this->getParent());
384 
385  // Delete ldap role group mappings
386  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
387  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
388 
389  // delete object_data entry
390  parent::delete();
391 
392  // delete role_data entry
393  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
394  $res = $ilDB->manipulate($query);
395 
396  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
397  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
398  $role_desk_item_obj->deleteAll();
399 
400  }
401  }
402  else
403  {
404  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
405  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
406  }
407 
408  // purge empty rolefolders
409  //
410  // Performance improvement: We filter out all role folders
411  // which still contain roles, _before_ we attempt to purge them.
412  // This is faster than attempting to purge all role folders,
413  // and let function purge() of the role folder find out, if
414  // purging is possible.
415 
416  $non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
417  $role_folders = array_diff($role_folders,$non_empty_role_folders);
418 
419  // Attempt to purge the role folders
420  foreach ($role_folders as $rolf)
421  {
422  if (ilObject::_exists($rolf,true))
423  {
424  $rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
425  $rolfObj->purge();
426  unset($rolfObj);
427  }
428  }
429 
430  return true;
431  }
432 
433  function getCountMembers()
434  {
435  global $rbacreview;
436 
437  return count($rbacreview->assignedUsers($this->getId()));
438  }
439 
440  function _getTranslation($a_role_title)
441  {
442  global $lng;
443 
444  $test_str = explode('_',$a_role_title);
445 
446  if ($test_str[0] == 'il')
447  {
448  $test2 = (int) $test_str[3];
449  if ($test2 > 0)
450  {
451  unset($test_str[3]);
452  }
453 
454  return $lng->txt(implode('_',$test_str));
455  }
456 
457  return $a_role_title;
458  }
459 
460 
461 
462  function _updateAuthMode($a_roles)
463  {
464  global $ilDB;
465 
466  foreach ($a_roles as $role_id => $auth_mode)
467  {
468  $query = "UPDATE role_data SET ".
469  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
470  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
471  $res = $ilDB->manipulate($query);
472  }
473  }
474 
475  function _getAuthMode($a_role_id)
476  {
477  global $ilDB;
478 
479  $query = "SELECT auth_mode FROM role_data ".
480  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
481  $res = $ilDB->query($query);
482  $row = $ilDB->fetchAssoc($res);
483 
484  return $row['auth_mode'];
485  }
486 
494  public static function _getRolesByAuthMode($a_auth_mode)
495  {
496  global $ilDB;
497 
498  $query = "SELECT * FROM role_data ".
499  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
500  $res = $ilDB->query($query);
501  $roles = array();
502  while($row = $ilDB->fetchObject($res))
503  {
504  $roles[] = $row->role_id;
505  }
506  return $roles;
507  }
508 
517  public static function _resetAuthMode($a_auth_mode)
518  {
519  global $ilDB;
520 
521  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
522  $res = $ilDB->manipulate($query);
523  }
524 
525  // returns array of operation/objecttype definitions
526  // private
527  function __getPermissionDefinitions()
528  {
529  global $ilDB, $lng, $objDefinition,$rbacreview;
530 
531  $operation_info = $rbacreview->getOperationAssignment();
532  foreach($operation_info as $info)
533  {
534  if($objDefinition->getDevMode($info['type']))
535  {
536  continue;
537  }
538  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
539  "type" => $info['type']);
540 
541  // handle plugin permission texts
542  $txt = $objDefinition->isPlugin($info['type'])
543  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
544  : $lng->txt($info['type']."_".$info['operation']);
545  if (substr($info['operation'], 0, 7) == "create_" &&
546  $objDefinition->isPlugin(substr($info['operation'], 7)))
547  {
548  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
549  }
550  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
551  "ops_id" => $info['ops_id'],
552  "title" => $info['operation'],
553  "name" => $txt);
554 
555  }
556  return array($rbac_objects,$rbac_operations);
557  }
558 
564  public function isDeletable($a_role_folder_id)
565  {
566  global $rbacreview;
567 
568  if(!$rbacreview->isAssignable($this->getId(), $a_role_folder_id))
569  {
570  return false;
571  }
572 
573  if(substr($this->getTitle(),0,3) == 'il_')
574  {
575  return false;
576  }
577  return true;
578 
579  }
580 
581  public static function isAutoGenerated($a_role_id)
582  {
583  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
584  }
585 
593  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
594  {
595  global $tree,$rbacreview;
596 
597  // Get node info of subtree
598  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
599 
600  #var_dump($nodes);
601 
602  // get local policies
603  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
604 
605 
606  // filter relevant roles
607  $local_policies = array();
608  foreach($all_local_policies as $lp)
609  {
610  if(isset($nodes[$lp]))
611  {
612  $local_policies[] = $lp;
613  }
614  }
615 
616  // Delete deprecated policies
617  switch($a_mode)
618  {
619  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
620  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
621  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
622  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
623  break;
624  }
625  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
626 
627  #var_dump(memory_get_peak_usage());
628  #var_dump(memory_get_usage());
629  }
630 
636  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
637  {
638  global $rbacreview,$rbacadmin;
639 
640  $local_policies = array();
641  foreach($a_policies as $policy)
642  {
643  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
644  {
645  $local_policies[] = $policy;
646  continue;
647  }
648  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
649  {
650  $local_policies[] = $policy;
651  continue;
652  }
653 
654  if($rolf = $rbacreview->getRoleFolderIdOfObject($policy))
655  {
656  $rbacadmin->deleteLocalRole($this->getId(),$rolf);
657  }
658  }
659  return $local_policies;
660  }
661 
670  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
671  {
672  global $rbacadmin, $rbacreview;
673 
674  $operation_stack = array();
675  $policy_stack = array();
676  $left_stack = array();
677  $right_stack = array();
678 
679  $start_node = current($a_nodes);
680  array_push($left_stack, $start_node['lft']);
681  array_push($right_stack, $start_node['rgt']);
682  $this->updatePolicyStack($policy_stack, $start_node['child']);
683  $this->updateOperationStack($operation_stack, $start_node['child']);
684 
685  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
686  $rbac_log_active = ilRbacLog::isActive();
687 
688  $local_policy = false;
689  foreach($a_nodes as $node)
690  {
691  $lft = end($left_stack);
692  $rgt = end($right_stack);
693 
694  #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
695 
696  if(($node['lft'] < $lft) or ($node['rgt'] > $rgt))
697  {
698  #echo "LEFT ".$node['child'].'<br>';
699  array_pop($operation_stack);
700  array_pop($policy_stack);
701  array_pop($left_stack);
702  array_pop($right_stack);
703  $local_policy = false;
704  }
705 
706  if($local_policy)
707  {
708  #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
709  // Continue if inside of local policy
710  continue;
711  }
712 
713  // Start node => set permissions and continue
714  if($node['child'] == $start_node['child'])
715  {
716  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
717  {
718  if($rbac_log_active)
719  {
720  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
721  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
722  }
723 
724  // Set permissions
725  $perms = end($operation_stack);
726  $rbacadmin->grantPermission(
727  $this->getId(),
728  (array) $perms[$node['type']],
729  $node['child']
730  );
731 
732  if($rbac_log_active)
733  {
734  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
735  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
736  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
737  }
738  }
739  continue;
740  }
741 
742  // Node has local policies => update permission stack and continue
743  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
744  {
745  #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
746  $local_policy = true;
747  $this->updatePolicyStack($policy_stack, $node['child']);
748  $this->updateOperationStack($operation_stack, $node['child']);
749  array_push($left_stack,$node['lft']);
750  array_push($right_stack, $node['rgt']);
751  continue;
752  }
753 
754  // Continue if this object type is in filter
755  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
756  {
757  continue;
758  }
759 
760  if($rbac_log_active)
761  {
762  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
763  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
764  }
765 
766  #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
767  // Node is course => create course permission intersection
768  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
769  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
770 
771  {
772  #echo "CRS ".$node['child'].'<br>';
773  // Copy role permission intersection
774 
775  $perms = end($operation_stack);
776  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
777  if($this->updateOperationStack($operation_stack,$node['child']))
778  {
779  #echo "CRS SUCCESS ".$node['child'].'<br>';
780  $this->updatePolicyStack($policy_stack, $node['child']);
781  array_push($left_stack, $node['lft']);
782  array_push($right_stack, $node['rgt']);
783  }
784  }
785 
786  // Node is group => create group permission intersection
787  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
788  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
789  {
790  #echo "GRP ".$node['child'].'<br>';
791  // Copy role permission intersection
792  $perms = end($operation_stack);
793  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
794  if($this->updateOperationStack($operation_stack,$node['child']))
795  {
796  #echo "GRP SUCCESS ".$node['child'].'<br>';
797  $this->updatePolicyStack($policy_stack, $node['child']);
798  array_push($left_stack, $node['lft']);
799  array_push($right_stack, $node['rgt']);
800  }
801  }
802 
803  #echo "GRANTED ".$node['child'].'<br>';
804  // Set permission
805  $perms = end($operation_stack);
806  $rbacadmin->grantPermission(
807  $this->getId(),
808  (array) $perms[$node['type']],
809  $node['child']
810  );
811  #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
812 
813  if($rbac_log_active)
814  {
815  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
816  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
817  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
818  }
819  }
820  }
821 
828  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
829  {
830  if(in_array($a_type,$a_exclusion_filter))
831  {
832  return false;
833  }
834 
835  if(in_array('all',$a_filter))
836  {
837  return true;
838  }
839  return in_array($a_type,$a_filter);
840  }
841 
848  protected function updateOperationStack(&$a_stack,$a_node)
849  {
850  global $rbacreview;
851 
852  if($a_node == ROOT_FOLDER_ID)
853  {
854  $rolf = ROLE_FOLDER_ID;
855  }
856  else
857  {
858  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
859  }
860 
861  if(!$rolf)
862  {
863  return false;
864  }
865 
866  $a_stack[] = $rbacreview->getAllOperationsOfRole(
867  $this->getId(),
868  $rolf
869  );
870  return true;
871  }
872 
878  protected function updatePolicyStack(&$a_stack,$a_node)
879  {
880  global $rbacreview;
881 
882  if($a_node == ROOT_FOLDER_ID)
883  {
884  $rolf = ROLE_FOLDER_ID;
885  }
886  else
887  {
888  $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
889  }
890 
891  if(!$rolf)
892  {
893  return false;
894  }
895 
896  $a_stack[] = $rolf;
897  return true;
898  }
899 
907  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
908  {
909  global $ilDB, $rbacreview,$rbacadmin;
910 
911  static $course_non_member_id = null;
912  static $group_non_member_id = null;
913  static $group_open_id = null;
914  static $group_closed_id = null;
915 
916  // Get template id
917  switch($a_type)
918  {
919  case 'grp':
920 
921  include_once './Modules/Group/classes/class.ilObjGroup.php';
922  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
923  #var_dump("GROUP TYPE",$type);
924  switch($type)
925  {
926  case GRP_TYPE_CLOSED:
927  if(!$group_closed_id)
928  {
929  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
930  $res = $ilDB->query($query);
931  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
932  {
933  $group_closed_id = $row->obj_id;
934  }
935  }
936  $template_id = $group_closed_id;
937  #var_dump("GROUP CLOSED id:" . $template_id);
938  break;
939 
940  case GRP_TYPE_OPEN:
941  default:
942  if(!$group_open_id)
943  {
944  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
945  $res = $ilDB->query($query);
946  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
947  {
948  $group_open_id = $row->obj_id;
949  }
950  }
951  $template_id = $group_open_id;
952  #var_dump("GROUP OPEN id:" . $template_id);
953  break;
954  }
955  break;
956 
957  case 'crs':
958  if(!$course_non_member_id)
959  {
960  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
961  $res = $ilDB->query($query);
962  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
963  {
964  $course_non_member_id = $row->obj_id;
965  }
966  }
967  $template_id = $course_non_member_id;
968  break;
969  }
970 
971  $current_ops = $a_current_ops[$a_type];
972 
973  // Create intersection template permissions
974  if($template_id)
975  {
976  $rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
977 
978  $rbacadmin->copyRolePermissionIntersection(
979  $template_id, ROLE_FOLDER_ID,
980  $this->getId(), end($policy_stack),
981  $rolf,$this->getId()
982  );
983  }
984  else
985  {
986  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
987  }
988  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
989  if($rolf)
990  {
991  $rbacadmin->assignRoleToFolder($this->getId(),$rolf,"n");
992  }
993  return true;
994  }
995 
996 } // END class.ilObjRole
997 ?>