ILIAS
release_4-3 Revision
|
Class ilRbacAdmin Core functions for role based access control. More...
Public Member Functions | |
ilRbacAdmin () | |
Constructor public. | |
removeUser ($a_usr_id) | |
deletes a user from rbac_ua all user <-> role relations are deleted public | |
deleteRole ($a_rol_id, $a_ref_id) | |
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. | |
deleteTemplate ($a_obj_id) | |
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public. | |
deleteLocalRole ($a_rol_id, $a_ref_id=0) | |
Deletes a local role and entries in rbac_fa and rbac_templates public. | |
assignUser ($a_rol_id, $a_usr_id, $a_default=false) | |
Assigns an user to a role. | |
deassignUser ($a_rol_id, $a_usr_id) | |
Deassigns a user from a role. | |
grantPermission ($a_rol_id, $a_ops, $a_ref_id) | |
Grants a permission to an object and a specific role. | |
revokePermission ($a_ref_id, $a_rol_id=0, $a_keep_protected=true) | |
Revokes permissions of an object of one role. | |
revokeSubtreePermissions ($a_ref_id, $a_role_id) | |
Revoke subtree permissions. | |
deleteSubtreeTemplates ($a_ref_id, $a_rol_id) | |
Delete all template permissions of subtree nodes. | |
revokePermissionList ($a_ref_ids, $a_rol_id) | |
Revokes permissions of a LIST of objects of ONE role. | |
copyRolePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true) | |
Copies template permissions and permission of one role to another. | |
copyRoleTemplatePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true) | |
Copies template permissions of one role to another. | |
copyRolePermissionIntersection ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id) | |
Copies the intersection of the template permissions of two roles to a third role. | |
copyRolePermissionUnion ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent) | |
<type> $ilDB | |
deleteRolePermission ($a_rol_id, $a_ref_id, $a_type=false) | |
Deletes all entries of a template. | |
setRolePermission ($a_rol_id, $a_type, $a_ops, $a_ref_id) | |
Inserts template permissions in rbac_templates for an specific object type. | |
assignRoleToFolder ($a_rol_id, $a_parent, $a_assign="y") | |
Assigns a role to an role folder A role folder is an object to store roles. | |
assignOperationToObject ($a_type_id, $a_ops_id) | |
Assign an existing operation to an object Update of rbac_ta. | |
deassignOperationFromObject ($a_type_id, $a_ops_id) | |
Deassign an existing operation from an object Update of rbac_ta public. | |
setProtected ($a_ref_id, $a_role_id, $a_value) | |
copyLocalRoles ($a_source_id, $a_target_id) | |
Copy local roles This method creates a copy of all local role. | |
adjustMovedObjectPermissions ($a_ref_id, $a_old_parent) | |
Adjust permissions of moved objects. |
Class ilRbacAdmin Core functions for role based access control.
Creation and maintenance of Relations. The main relations of Rbac are user <-> role (UR) assignment relation and the permission <-> role (PR) assignment relation. This class contains methods to 'create' and 'delete' instances of the (UR) relation e.g.: assignUser(), deassignUser() Required methods for the PR relation are grantPermission(), revokePermission()
Definition at line 38 of file class.ilRbacAdmin.php.
ilRbacAdmin::adjustMovedObjectPermissions | ( | $a_ref_id, | |
$a_old_parent | |||
) |
Adjust permissions of moved objects.
public
int | ref id of moved object |
int | ref_id of old parent |
Definition at line 1064 of file class.ilRbacAdmin.php.
References $ilLog, $log, ilRbacLog\add(), deleteLocalRole(), ilRbacLog\diffFaPa(), ilRbacLog\gatherFaPa(), grantPermission(), ilRbacLog\isActive(), ilRbacLog\MOVE_OBJECT, and revokePermission().
ilRbacAdmin::assignOperationToObject | ( | $a_type_id, | |
$a_ops_id | |||
) |
Assign an existing operation to an object Update of rbac_ta.
public
integer | object type |
integer | operation_id |
Definition at line 926 of file class.ilRbacAdmin.php.
ilRbacAdmin::assignRoleToFolder | ( | $a_rol_id, | |
$a_parent, | |||
$a_assign = "y" |
|||
) |
Assigns a role to an role folder A role folder is an object to store roles.
Every role is assigned to minimum one role folder If the inheritance of a role is stopped, a new role template will created, and the role is assigned to minimum two role folders. All roles with stopped inheritance need the flag '$a_assign = false'
public
integer | object id of role |
integer | ref_id of role folder |
string | assignable('y','n'); default: 'y' |
Definition at line 882 of file class.ilRbacAdmin.php.
Referenced by copyLocalRoles().
ilRbacAdmin::assignUser | ( | $a_rol_id, | |
$a_usr_id, | |||
$a_default = false |
|||
) |
Assigns an user to a role.
Update of table rbac_ua TODO: remove deprecated 3rd parameter sometime public
integer | object_id of role |
integer | object_id of user |
boolean | true means default role (optional |
Definition at line 209 of file class.ilRbacAdmin.php.
References $query, $res, ilLDAPRoleGroupMapping\_getInstance(), and ilObjectFactory\getInstanceByObjId().
ilRbacAdmin::copyLocalRoles | ( | $a_source_id, | |
$a_target_id | |||
) |
Copy local roles This method creates a copy of all local role.
Note: auto generated roles are excluded
public
int | source id of object (not role folder) |
int | target id of object |
Definition at line 995 of file class.ilRbacAdmin.php.
References $ilLog, $title, assignRoleToFolder(), copyRolePermissions(), and ilObjectFactory\getInstanceByRefId().
ilRbacAdmin::copyRolePermissionIntersection | ( | $a_source1_id, | |
$a_source1_parent, | |||
$a_source2_id, | |||
$a_source2_parent, | |||
$a_dest_parent, | |||
$a_dest_id | |||
) |
Copies the intersection of the template permissions of two roles to a third role.
public
integer | $a_source1_id | role_id source |
integer | $a_source1_parent | parent_id source |
integer | $a_source2_id | role_id source |
integer | $a_source2_parent | parent_id source |
integer | $a_dest_id | role_id destination |
integer | $a_dest_parent | parent_id destination |
Definition at line 651 of file class.ilRbacAdmin.php.
References $GLOBALS, $query, $res, $row, and DB_FETCHMODE_OBJECT.
ilRbacAdmin::copyRolePermissions | ( | $a_source_id, | |
$a_source_parent, | |||
$a_dest_parent, | |||
$a_dest_id, | |||
$a_consider_protected = true |
|||
) |
Copies template permissions and permission of one role to another.
public
integer | $a_source_id | role_id source |
integer | $a_source_parent | parent_id source |
integer | $a_dest_parent | parent_id destination |
integer | $a_dest_id | role_id destination |
Definition at line 552 of file class.ilRbacAdmin.php.
References copyRoleTemplatePermissions(), grantPermission(), and revokePermission().
Referenced by copyLocalRoles().
ilRbacAdmin::copyRolePermissionUnion | ( | $a_source1_id, | |
$a_source1_parent, | |||
$a_source2_id, | |||
$a_source2_parent, | |||
$a_dest_id, | |||
$a_dest_parent | |||
) |
<type> $ilDB
<type> | $a_source1_id |
<type> | $a_source1_parent |
<type> | $a_source2_id |
<type> | $a_source2_parent |
<type> | $a_dest_id |
<type> | $a_dest_parent |
Definition at line 729 of file class.ilRbacAdmin.php.
References $query, and copyRoleTemplatePermissions().
ilRbacAdmin::copyRoleTemplatePermissions | ( | $a_source_id, | |
$a_source_parent, | |||
$a_dest_parent, | |||
$a_dest_id, | |||
$a_consider_protected = true |
|||
) |
Copies template permissions of one role to another.
It's also possible to copy template permissions from/to RoleTemplateObject public
integer | $a_source_id | role_id source |
integer | $a_source_parent | parent_id source |
integer | $a_dest_parent | parent_id destination |
integer | $a_dest_id | role_id destination |
Definition at line 578 of file class.ilRbacAdmin.php.
References $query, $res, $row, and setProtected().
Referenced by copyRolePermissions(), and copyRolePermissionUnion().
ilRbacAdmin::deassignOperationFromObject | ( | $a_type_id, | |
$a_ops_id | |||
) |
Deassign an existing operation from an object Update of rbac_ta public.
integer | object type |
integer | operation_id |
Definition at line 952 of file class.ilRbacAdmin.php.
ilRbacAdmin::deassignUser | ( | $a_rol_id, | |
$a_usr_id | |||
) |
Deassigns a user from a role.
Update of table rbac_ua public
integer | object id of role |
integer | object id of user |
Definition at line 259 of file class.ilRbacAdmin.php.
References $query, $res, and ilLDAPRoleGroupMapping\_getInstance().
ilRbacAdmin::deleteLocalRole | ( | $a_rol_id, | |
$a_ref_id = 0 |
|||
) |
Deletes a local role and entries in rbac_fa and rbac_templates public.
integer | object_id of role |
integer | ref_id of role folder (optional) |
Definition at line 166 of file class.ilRbacAdmin.php.
Referenced by adjustMovedObjectPermissions(), and deleteRole().
ilRbacAdmin::deleteRole | ( | $a_rol_id, | |
$a_ref_id | |||
) |
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
integer | obj_id of role (role_id) |
integer | ref_id of role folder (ref_id) |
Definition at line 92 of file class.ilRbacAdmin.php.
References $lng, $query, $res, ilLDAPRoleGroupMapping\_getInstance(), and deleteLocalRole().
ilRbacAdmin::deleteRolePermission | ( | $a_rol_id, | |
$a_ref_id, | |||
$a_type = false |
|||
) |
Deletes all entries of a template.
If an object type is given for third parameter only the entries for that object type are deleted Update of table rbac_templates. public
integer | object id of role |
integer | ref_id of role folder |
string | object type (optional) |
Definition at line 780 of file class.ilRbacAdmin.php.
ilRbacAdmin::deleteSubtreeTemplates | ( | $a_ref_id, | |
$a_rol_id | |||
) |
Delete all template permissions of subtree nodes.
object | $a_ref_id | |
object | $a_rol_id |
Definition at line 477 of file class.ilRbacAdmin.php.
References $query.
ilRbacAdmin::deleteTemplate | ( | $a_obj_id | ) |
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public.
integer | object_id of role template |
Definition at line 138 of file class.ilRbacAdmin.php.
ilRbacAdmin::grantPermission | ( | $a_rol_id, | |
$a_ops, | |||
$a_ref_id | |||
) |
Grants a permission to an object and a specific role.
Update of table rbac_pa public
integer | object id of role |
array | array of operation ids |
integer | reference id of that object which is granted the permissions |
Definition at line 289 of file class.ilRbacAdmin.php.
Referenced by adjustMovedObjectPermissions(), and copyRolePermissions().
ilRbacAdmin::ilRbacAdmin | ( | ) |
Constructor public.
Definition at line 44 of file class.ilRbacAdmin.php.
References $ilErr, if, and PEAR_ERROR_CALLBACK.
ilRbacAdmin::removeUser | ( | $a_usr_id | ) |
deletes a user from rbac_ua all user <-> role relations are deleted public
integer | user_id |
Definition at line 69 of file class.ilRbacAdmin.php.
ilRbacAdmin::revokePermission | ( | $a_ref_id, | |
$a_rol_id = 0 , |
|||
$a_keep_protected = true |
|||
) |
Revokes permissions of an object of one role.
Update of table rbac_pa. Revokes all permission for all roles for that object (with this reference). When a role_id is given this applies only to that role public
integer | reference id of object where permissions should be revoked |
integer | role_id (optional: if you want to revoke permissions of object only for a specific role) |
Definition at line 354 of file class.ilRbacAdmin.php.
References $ilLog, $log, $query, and $res.
Referenced by adjustMovedObjectPermissions(), and copyRolePermissions().
ilRbacAdmin::revokePermissionList | ( | $a_ref_ids, | |
$a_rol_id | |||
) |
Revokes permissions of a LIST of objects of ONE role.
Update of table rbac_pa. public
array | list of reference_ids to revoke permissions |
integer | role_id |
Definition at line 512 of file class.ilRbacAdmin.php.
ilRbacAdmin::revokeSubtreePermissions | ( | $a_ref_id, | |
$a_role_id | |||
) |
Revoke subtree permissions.
object | $a_ref_id | |
object | $a_role_id |
Definition at line 455 of file class.ilRbacAdmin.php.
References $query.
ilRbacAdmin::setProtected | ( | $a_ref_id, | |
$a_role_id, | |||
$a_value | |||
) |
Definition at line 972 of file class.ilRbacAdmin.php.
Referenced by copyRoleTemplatePermissions().
ilRbacAdmin::setRolePermission | ( | $a_rol_id, | |
$a_type, | |||
$a_ops, | |||
$a_ref_id | |||
) |
Inserts template permissions in rbac_templates for an specific object type.
Update of table rbac_templates public
integer | role_id |
string | object type |
array | operation_ids |
integer | ref_id of role folder object |
Definition at line 821 of file class.ilRbacAdmin.php.