5 require_once
"./Services/Object/classes/class.ilObject.php";
43 function ilObjRole($a_id = 0,$a_call_by_reference =
false)
46 $this->disk_quota = 0;
47 $this->
ilObject($a_id,$a_call_by_reference);
58 if(substr($this->
getTitle(),0,3) ==
'il_')
60 $ilErr->setMessage(
'msg_role_reserved_prefix');
77 $this->assign_users = (int) $a_assign_users;
81 return $this->assign_users ? $this->assign_users : 0;
88 $query =
"SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,
'integer').
" ";
90 while(
$row = $ilDB->fetchObject(
$res))
92 return $row->assign_users ?
true :
false;
105 $query =
"SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->
id,
'integer').
" ";
108 if (
$res->numRows() > 0)
117 $this->ilias->raiseError(
"<b>Error: There is no dataset with id ".$this->
id.
"!</b><br />class: ".get_class($this).
"<br />Script: ".__FILE__.
"<br />Line: ".__LINE__, $this->ilias->FATAL);
145 $query =
"UPDATE role_data SET ".
146 "allow_register= ".$ilDB->quote($this->allow_register,
'integer').
", ".
148 "disk_quota = ".$ilDB->quote($this->
getDiskQuota(),
'integer').
" ".
149 "WHERE role_id= ".$ilDB->quote($this->
id,
'integer').
" ";
172 $query =
"INSERT INTO role_data ".
173 "(role_id,allow_register,assign_users,disk_quota) ".
175 "(".$ilDB->quote($this->
id,
'integer').
",".
193 if (empty($a_allow_register))
195 $a_allow_register == 0;
198 $this->allow_register = (int) $a_allow_register;
209 return $this->allow_register ? $this->allow_register :
false;
222 $this->disk_quota = $a_disk_quota;
248 $query =
"SELECT * FROM role_data ".
249 "JOIN object_data ON object_data.obj_id = role_data.role_id ".
250 "WHERE allow_register = 1";
254 while($role = $ilDB->fetchAssoc(
$res))
256 $roles[] = array(
"id" => $role[
"obj_id"],
257 "title" => $role[
"title"],
258 "auth_mode" => $role[
'auth_mode']);
274 $query =
"SELECT * FROM role_data ".
275 " WHERE role_id =".$ilDB->quote($a_role_id,
'integer');
278 if ($role_rec = $ilDB->fetchAssoc(
$res))
280 if ($role_rec[
"allow_register"])
297 $this->parent = $a_parent_ref;
320 global $rbacadmin, $rbacreview,$ilDB;
322 $role_folders = $rbacreview->getFoldersAssignedToRole($this->
getId());
325 if($rbacreview->hasMultipleAssignments($this->getId()))
327 $GLOBALS[
'ilLog']->write(__METHOD__.
': Found role with multiple assignments: '.$this->getId());
331 if ($rbacreview->isAssignable($this->getId(),$this->
getParent()))
340 $last_role_user_ids = array();
341 if ($this->
getParent() == ROLE_FOLDER_ID)
346 $user_ids = $rbacreview->assignedUsers($this->
getId());
348 foreach ($user_ids as $user_id)
351 $role_ids = $rbacreview->assignedRoles($user_id);
354 if (count($role_ids) == 1)
356 $last_role_user_ids[] = $user_id;
362 if (count($last_role_user_ids) > 0)
364 foreach ($last_role_user_ids as $user_id)
368 $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
369 $user_names[] = $tmp_obj->getFullname();
376 $users = implode(
', ',$user_names);
377 $this->ilias->raiseError($this->lng->txt(
"msg_user_last_role1").
" ".
378 $users.
"<br/>".$this->lng->txt(
"msg_user_last_role2"),$this->ilias->error_obj->WARNING);
386 include_once(
'./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
393 $query =
"DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->
getId(),
'integer');
396 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
398 $role_desk_item_obj->deleteAll();
416 $non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
417 $role_folders = array_diff($role_folders,$non_empty_role_folders);
420 foreach ($role_folders as $rolf)
424 $rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
437 return count($rbacreview->assignedUsers($this->getId()));
444 $test_str = explode(
'_',$a_role_title);
446 if ($test_str[0] ==
'il')
448 $test2 = (int) $test_str[3];
454 return $lng->txt(implode(
'_',$test_str));
457 return $a_role_title;
466 foreach ($a_roles as $role_id => $auth_mode)
468 $query =
"UPDATE role_data SET ".
469 "auth_mode= ".$ilDB->quote($auth_mode,
'text').
" ".
470 "WHERE role_id= ".$ilDB->quote($role_id,
'integer').
" ";
479 $query =
"SELECT auth_mode FROM role_data ".
480 "WHERE role_id= ".$ilDB->quote($a_role_id,
'integer').
" ";
484 return $row[
'auth_mode'];
498 $query =
"SELECT * FROM role_data ".
499 "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,
'text');
502 while(
$row = $ilDB->fetchObject(
$res))
504 $roles[] =
$row->role_id;
521 $query =
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,
'text');
529 global $ilDB,
$lng, $objDefinition,$rbacreview;
531 $operation_info = $rbacreview->getOperationAssignment();
532 foreach($operation_info as $info)
534 if($objDefinition->getDevMode($info[
'type']))
538 $rbac_objects[$info[
'typ_id']] = array(
"obj_id" => $info[
'typ_id'],
539 "type" => $info[
'type']);
542 $txt = $objDefinition->isPlugin($info[
'type'])
544 : $lng->txt($info[
'type'].
"_".$info[
'operation']);
545 if (substr($info[
'operation'], 0, 7) ==
"create_" &&
546 $objDefinition->isPlugin(substr($info[
'operation'], 7)))
548 $txt =
ilPlugin::lookupTxt(
"rep_robj", substr($info[
'operation'], 7), $info[
'type'].
"_".$info[
'operation']);
550 $rbac_operations[$info[
'typ_id']][$info[
'ops_id']] = array(
551 "ops_id" => $info[
'ops_id'],
552 "title" => $info[
'operation'],
556 return array($rbac_objects,$rbac_operations);
568 if(!$rbacreview->isAssignable($this->getId(), $a_role_folder_id))
573 if(substr($this->
getTitle(),0,3) ==
'il_')
595 global $tree,$rbacreview;
598 $nodes = $tree->getRbacSubtreeInfo($a_start_node);
602 $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->
getId());
606 $local_policies = array();
607 foreach($all_local_policies as $lp)
609 if(isset($nodes[$lp]))
611 $local_policies[] = $lp;
618 case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
619 case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
621 #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
624 $this->
adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
626 #var_dump(memory_get_peak_usage());
627 #var_dump(memory_get_usage());
637 global $rbacreview,$rbacadmin;
639 $local_policies = array();
640 foreach($a_policies as $policy)
642 if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
644 $local_policies[] = $policy;
649 $local_policies[] = $policy;
653 if($rolf = $rbacreview->getRoleFolderIdOfObject($policy))
655 $rbacadmin->deleteLocalRole($this->
getId(),$rolf);
658 return $local_policies;
669 protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
671 global $rbacadmin, $rbacreview;
673 $operation_stack = array();
674 $policy_stack = array();
675 $left_stack = array();
676 $right_stack = array();
678 $start_node = current($a_nodes);
679 array_push($left_stack, $start_node[
'lft']);
680 array_push($right_stack, $start_node[
'rgt']);
684 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
687 $local_policy =
false;
688 foreach($a_nodes as $node)
690 $lft = end($left_stack);
691 $rgt = end($right_stack);
693 #echo "----STACK---- ".$lft.' - '.$rgt.'<br/>';
695 while(($node[
'lft'] < $lft) or ($node[
'rgt'] > $rgt))
697 #echo "LEFT ".$node['child'].'<br>';
698 array_pop($operation_stack);
699 array_pop($policy_stack);
700 array_pop($left_stack);
701 array_pop($right_stack);
703 $lft = end($left_stack);
704 $rgt = end($right_stack);
706 $local_policy =
false;
711 #echo "LOCAL ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
717 if($node[
'child'] == $start_node[
'child'])
723 $rbac_log_roles = $rbacreview->getParentRoleIds($node[
'child'],
false);
728 $perms = end($operation_stack);
729 $rbacadmin->grantPermission(
731 (array) $perms[$node[
'type']],
746 if(in_array($node[
'child'], $a_policies) and ($node[
'child'] != SYSTEM_FOLDER_ID))
748 #echo "POLICIES ".$node['child'].' left:'.$node['lft'].' right: '.$node['rgt'].'<br>';
749 $local_policy =
true;
752 array_push($left_stack,$node[
'lft']);
753 array_push($right_stack, $node[
'rgt']);
765 $rbac_log_roles = $rbacreview->getParentRoleIds($node[
'child'],
false);
769 #echo "MODE: ".$a_mode.'TYPE: '.$node['type'].'<br>';
771 if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
772 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] ==
'crs'))
775 #echo "CRS ".$node['child'].'<br>';
778 $perms = end($operation_stack);
782 #echo "CRS SUCCESS ".$node['child'].'<br>';
784 array_push($left_stack, $node[
'lft']);
785 array_push($right_stack, $node[
'rgt']);
790 if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
791 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] ==
'grp'))
793 #echo "GRP ".$node['child'].'<br>';
795 $perms = end($operation_stack);
799 #echo "GRP SUCCESS ".$node['child'].'<br>';
801 array_push($left_stack, $node[
'lft']);
802 array_push($right_stack, $node[
'rgt']);
806 #echo "GRANTED ".$node['child'].'<br>';
808 $perms = end($operation_stack);
809 $rbacadmin->grantPermission(
811 (array) $perms[$node[
'type']],
814 #var_dump("ALL INFO ",$this->getId(),$perms[$node['type']]);
833 if(in_array($a_type,$a_exclusion_filter))
838 if(in_array(
'all',$a_filter))
842 return in_array($a_type,$a_filter);
855 if($a_node == ROOT_FOLDER_ID)
857 $rolf = ROLE_FOLDER_ID;
861 $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
865 $parent_roles = $rbacreview->getParentRoleIds($a_node,
false);
866 if($parent_roles[$this->
getId()])
868 $a_stack[] = $rbacreview->getAllOperationsOfRole(
870 $parent_roles[$this->
getId()][
'parent']
882 $a_stack[] = $rbacreview->getAllOperationsOfRole(
898 if($a_node == ROOT_FOLDER_ID)
900 $rolf = ROLE_FOLDER_ID;
904 $rolf = $rbacreview->getRoleFolderIdOfObject($a_node);
925 global $ilDB, $rbacreview,$rbacadmin;
927 static $course_non_member_id = null;
928 static $group_non_member_id = null;
929 static $group_open_id = null;
930 static $group_closed_id = null;
937 include_once
'./Modules/Group/classes/class.ilObjGroup.php';
939 #var_dump("GROUP TYPE",$type);
943 if(!$group_closed_id)
945 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
949 $group_closed_id =
$row->obj_id;
952 $template_id = $group_closed_id;
953 #var_dump("GROUP CLOSED id:" . $template_id);
960 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
964 $group_open_id =
$row->obj_id;
967 $template_id = $group_open_id;
968 #var_dump("GROUP OPEN id:" . $template_id);
974 if(!$course_non_member_id)
976 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
980 $course_non_member_id =
$row->obj_id;
983 $template_id = $course_non_member_id;
987 $current_ops = $a_current_ops[$a_type];
992 $rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
994 $rbacadmin->copyRolePermissionIntersection(
995 $template_id, ROLE_FOLDER_ID,
996 $this->
getId(), end($policy_stack),
1002 #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1004 #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1007 $rbacadmin->assignRoleToFolder($this->
getId(),$rolf,
"n");