ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
19class ilRbacReview
20{
21 const FILTER_ALL = 1;
22 const FILTER_ALL_GLOBAL = 2;
23 const FILTER_ALL_LOCAL = 3;
24 const FILTER_INTERNAL = 4;
25 const FILTER_NOT_INTERNAL = 5;
26 const FILTER_TEMPLATES = 6;
27
28 protected $assigned_roles = array();
29 var $log = null;
30
31 // Cache operation ids
32 private static $_opsCache = null;
33
37 protected static $assigned_users_cache = array();
38
42 protected static $is_assigned_cache = array();
43
48 public function __construct()
49 {
50 global $ilDB,$ilErr,$ilias,$ilLog;
51
52 $this->log =& $ilLog;
53
54 // set db & error handler
55 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
56
57 if (!isset($ilErr))
58 {
59 $ilErr = new ilErrorHandling();
60 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
61 }
62 else
63 {
64 $this->ilErr =& $ilErr;
65 }
66 }
67
115 function searchRolesByMailboxAddressList($a_address_list)
116 {
117 global $ilDB;
118
119 $role_ids = array();
120
121 include_once "Services/Mail/classes/class.ilMail.php";
122 if(ilMail::_usePearMail())
123 {
124 require_once './Services/PEAR/lib/Mail/RFC822.php';
125 $parser = new Mail_RFC822();
126 $parsedList = $parser->parseAddressList($a_address_list, ilMail::ILIAS_HOST, false, true);
127 foreach ($parsedList as $address)
128 {
129 $local_part = $address->mailbox;
130 if (strpos($local_part,'#') !== 0 &&
131 !($local_part{0} == '"' && $local_part{1} == "#"))
132 {
133 // A local-part which doesn't start with a '#' doesn't denote a role.
134 // Therefore we can skip it.
135 continue;
136 }
137
138 $local_part = substr($local_part, 1);
139
140 /* If role contains spaces, eg. 'foo role', double quotes are added which have to be
141 removed here.*/
142 if( $local_part{0} == '#' && $local_part{strlen($local_part) - 1} == '"' )
143 {
144 $local_part = substr($local_part, 1);
145 $local_part = substr($local_part, 0, strlen($local_part) - 1);
146 }
147
148 if (substr($local_part,0,8) == 'il_role_')
149 {
150 $role_id = substr($local_part,8);
151 $query = "SELECT t.tree ".
152 "FROM rbac_fa fa ".
153 "JOIN tree t ON t.child = fa.parent ".
154 "WHERE fa.rol_id = ".$this->ilDB->quote($role_id,'integer')." ".
155 "AND fa.assign = 'y' ".
156 "AND t.tree = 1";
157 $r = $ilDB->query($query);
158 if ($r->numRows() > 0)
159 {
160 $role_ids[] = $role_id;
161 }
162 continue;
163 }
164
165
166 $domain = $address->host;
167 if (strpos($domain,'[') == 0 && strrpos($domain,']'))
168 {
169 $domain = substr($domain,1,strlen($domain) - 2);
170 }
171 if (strlen($local_part) == 0)
172 {
173 $local_part = $domain;
174 $address->host = ilMail::ILIAS_HOST;
175 $domain = ilMail::ILIAS_HOST;
176 }
177
178 if (strtolower($address->host) == ilMail::ILIAS_HOST)
179 {
180 // Search for roles = local-part in the whole repository
181 $query = "SELECT dat.obj_id ".
182 "FROM object_data dat ".
183 "JOIN rbac_fa fa ON fa.rol_id = dat.obj_id ".
184 "JOIN tree t ON t.child = fa.parent ".
185 "WHERE dat.title =".$this->ilDB->quote($local_part,'text')." ".
186 "AND dat.type = 'role' ".
187 "AND fa.assign = 'y' ".
188 "AND t.tree = 1";
189 }
190 else
191 {
192 // Search for roles like local-part in objects = host
193 $query = "SELECT rdat.obj_id ".
194 "FROM object_data odat ".
195 "JOIN object_reference oref ON oref.obj_id = odat.obj_id ".
196 "JOIN tree otree ON otree.child = oref.ref_id ".
197 "JOIN rbac_fa rfa ON rfa.parent = otree.child ".
198 "JOIN object_data rdat ON rdat.obj_id = rfa.rol_id ".
199 "WHERE odat.title = ".$this->ilDB->quote($domain,'text')." ".
200 "AND otree.tree = 1 ".
201 "AND rfa.assign = 'y' ".
202 "AND rdat.title LIKE ".
203 $this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%','text');
204 }
205 $r = $ilDB->query($query);
206
207 $count = 0;
208 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
209 {
210 $role_ids[] = $row->obj_id;
211 $count++;
212 }
213
214 // Nothing found?
215 // In this case, we search for roles = host.
216 if ($count == 0 && strtolower($address->host) == ilMail::ILIAS_HOST)
217 {
218 $q = "SELECT dat.obj_id ".
219 "FROM object_data dat ".
220 "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
221 "JOIN tree t ON t.child = ref.ref_id ".
222 "WHERE dat.title = ".$this->ilDB->quote($domain ,'text')." ".
223 "AND dat.type = 'role' ".
224 "AND t.tree = 1 ";
225 $r = $this->ilDB->query($q);
226
227 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
228 {
229 $role_ids[] = $row->obj_id;
230 }
231 }
232 //echo '<br>ids='.var_export($role_ids,true);
233 }
234 }
235 else
236 {
237 // the following code is executed, when Pear Mail is
238 // not installed
239
240 $titles = explode(',', $a_address_list);
241
242 $titleList = '';
243 foreach ($titles as $title)
244 {
245 if (strlen($inList) > 0)
246 {
247 $titleList .= ',';
248 }
249 $title = trim($title);
250 if (strpos($title,'#') == 0)
251 {
252 $titleList .= $this->ilDB->quote(substr($title, 1));
253 }
254 }
255 if (strlen($titleList) > 0)
256 {
257 $q = "SELECT obj_id ".
258 "FROM object_data ".
259 "WHERE title IN (".$titleList.") ".
260 "AND type='role'";
261 $r = $this->ilDB->query($q);
262 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
263 {
264 $role_ids[] = $row->obj_id;
265 }
266 }
267 }
268
269 return $role_ids;
270 }
271
336 function getRoleMailboxAddress($a_role_id, $is_localize = true)
337 {
338 global $log, $lng,$ilDB;
339
340 include_once "Services/Mail/classes/class.ilMail.php";
341 if (ilMail::_usePearMail())
342 {
343 // Retrieve the role title and the object title.
344 $query = "SELECT rdat.title role_title,odat.title object_title, ".
345 " oref.ref_id object_ref ".
346 "FROM object_data rdat ".
347 "JOIN rbac_fa fa ON fa.rol_id = rdat.obj_id ".
348 "JOIN tree rtree ON rtree.child = fa.parent ".
349 "JOIN object_reference oref ON oref.ref_id = rtree.child ".
350 "JOIN object_data odat ON odat.obj_id = oref.obj_id ".
351 "WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id,'integer')." ".
352 "AND fa.assign = 'y' ";
353 $r = $ilDB->query($query);
354 if (!$row = $ilDB->fetchObject($r))
355 {
356 //$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
357 return null; // role does not exist
358 }
359 $object_title = $row->object_title;
360 $object_ref = $row->object_ref;
361 $role_title = $row->role_title;
362
363
364 // In a perfect world, we could use the object_title in the
365 // domain part of the mailbox address, and the role title
366 // with prefix '#' in the local part of the mailbox address.
367 $domain = $object_title;
368 $local_part = $role_title;
369
370
371 // Determine if the object title is unique
372 $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
373 "FROM object_data dat ".
374 "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
375 "JOIN tree ON tree.child = ref.ref_id ".
376 "WHERE title = ".$this->ilDB->quote($object_title,'text')." ".
377 "AND tree.tree = 1 ";
378 $r = $this->ilDB->query($q);
379 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
380
381 // If the object title is not unique, we get rid of the domain.
382 if ($row->count > 1)
383 {
384 $domain = null;
385 }
386
387 // If the domain contains illegal characters, we get rid of it.
388 //if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
389 // Fix for Mantis Bug: 7429 sending mail fails because of brakets
390 // Fix for Mantis Bug: 9978 sending mail fails because of semicolon
391 if ($domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]|[\x28-\x29]|[;]/',$domain))
392 {
393 $domain = null;
394 }
395
396 // If the domain contains special characters, we put square
397 // brackets around it.
398 if ($domain != null &&
399 (preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
400 preg_match('/[^\x21-\x8f]/',$domain))
401 )
402 {
403 $domain = '['.$domain.']';
404 }
405
406 // If the role title is one of the ILIAS reserved role titles,
407 // we can use a shorthand version of it for the local part
408 // of the mailbox address.
409 if (strpos($role_title, 'il_') === 0 && $domain != null)
410 {
411 $unambiguous_role_title = $role_title;
412
413 $pos = strpos($role_title, '_', 3) + 1;
414 $local_part = substr(
415 $role_title,
416 $pos,
417 strrpos($role_title, '_') - $pos
418 );
419 }
420 else
421 {
422 $unambiguous_role_title = 'il_role_'.$a_role_id;
423 }
424
425 // Determine if the local part is unique. If we don't have a
426 // domain, the local part must be unique within the whole repositry.
427 // If we do have a domain, the local part must be unique for that
428 // domain.
429 if ($domain == null)
430 {
431 $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
432 "FROM object_data dat ".
433 "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
434 "JOIN tree ON tree.child = ref.ref_id ".
435 "WHERE title = ".$this->ilDB->quote($local_part,'text')." ".
436 "AND tree.tree = 1 ";
437 }
438 else
439 {
440 $q = "SELECT COUNT(rd.obj_id) count ".
441 "FROM object_data rd ".
442 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
443 "JOIN tree t ON t.child = fa.parent ".
444 "WHERE fa.assign = 'y' ".
445 "AND t.child = ".$this->ilDB->quote($object_ref,'integer')." ".
446 "AND rd.title LIKE ".$this->ilDB->quote(
447 '%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%','text')." ";
448 }
449
450 $r = $this->ilDB->query($q);
451 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
452
453 // if the local_part is not unique, we use the unambiguous role title
454 // instead for the local part of the mailbox address
455 if ($row->count > 1)
456 {
457 $local_part = $unambiguous_role_title;
458 }
459
460 $use_phrase = true;
461
462 // If the local part contains illegal characters, we use
463 // the unambiguous role title instead.
464 if (preg_match('/[\\"\x00-\x1f]/',$local_part))
465 {
466 $local_part = $unambiguous_role_title;
467 }
468 else if(!preg_match('/^[\\x00-\\x7E]+$/i', $local_part))
469 {
470 // 2013-12-05: According to #12283, we do not accept umlauts in the local part
471 $local_part = $unambiguous_role_title;
472 $use_phrase = false;
473 }
474
475 // Add a "#" prefix to the local part
476 $local_part = '#'.$local_part;
477
478 // Put quotes around the role title, if needed
479 if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
480 {
481 $local_part = '"'.$local_part.'"';
482 }
483
484 $mailbox = ($domain == null) ?
485 $local_part :
486 $local_part.'@'.$domain;
487
488 if ($is_localize)
489 {
490 if (substr($role_title,0,3) == 'il_')
491 {
492 $phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
493 }
494 else
495 {
496 $phrase = $role_title;
497 }
498
499 if($use_phrase)
500 {
501 // make phrase RFC 822 conformant:
502 // - strip excessive whitespace
503 // - strip special characters
504 $phrase = preg_replace('/\s\s+/', ' ', $phrase);
505 $phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
506
507 $mailbox = $phrase.' <'.$mailbox.'>';
508 }
509 }
510
511 require_once './Services/PEAR/lib/Mail/RFC822.php';
512 $obj = new Mail_RFC822($mailbox, ilMail::ILIAS_HOST);
513 if(@$obj->parseAddressList() instanceof PEAR_Error)
514 {
515 $q = "SELECT title ".
516 "FROM object_data ".
517 "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
518 $r = $this->ilDB->query($q);
519
520 if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
521 {
522 return '#'.$row->title;
523 }
524 else
525 {
526 return null;
527 }
528 }
529
530 return $mailbox;
531 }
532 else
533 {
534 $q = "SELECT title ".
535 "FROM object_data ".
536 "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
537 $r = $this->ilDB->query($q);
538
539 if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
540 {
541 return '#'.$row->title;
542 }
543 else
544 {
545 return null;
546 }
547 }
548 }
549
550
559 public function roleExists($a_title,$a_id = 0)
560 {
561 global $ilDB;
562
563 if (empty($a_title))
564 {
565 $message = get_class($this)."::roleExists(): No title given!";
566 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
567 }
568
569 $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
570
571 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
572 "WHERE title =".$ilDB->quote($a_title)." ".
573 "AND type IN('role','rolt')".
574 $clause." ";
575 $r = $this->ilDB->query($q);
576
577 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
578 {
579 return $row->obj_id;
580 }
581 return false;
582 }
583
597 protected function __getParentRoles($a_path,$a_templates)
598 {
599 if (!isset($a_path) or !is_array($a_path))
600 {
601 $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
602 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
603 }
604
605 $parent_roles = array();
606 $role_hierarchy = array();
607
608 foreach($a_path as $ref_id)
609 {
610 $roles = $this->getRoleListByObject($ref_id,$a_templates);
611 foreach($roles as $role)
612 {
613 $id = $role["obj_id"];
614 $role["parent"] = $ref_id;
615 $parent_roles[$id] = $role;
616
617 if (!array_key_exists($role['obj_id'],$role_hierarchy))
618 {
619 $role_hierarchy[$id] = $ref_id;
620 }
621 }
622 }
623 return $this->__setProtectedStatus($parent_roles,$role_hierarchy,reset($a_path));
624 }
625
635 public function getParentRoleIds($a_endnode_id,$a_templates = false)
636 {
637 global $tree;
638
639 if (!isset($a_endnode_id))
640 {
641 $GLOBALS['ilLog']->logStack();
642 $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
643 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
644 }
645
646 //var_dump($a_endnode_id);exit;
647 //$log->write("ilRBACreview::getParentRoleIds(), 0");
648 $pathIds = $tree->getPathId($a_endnode_id);
649
650 // add system folder since it may not in the path
651 //$pathIds[0] = SYSTEM_FOLDER_ID;
652 $pathIds[0] = ROLE_FOLDER_ID;
653 //$log->write("ilRBACreview::getParentRoleIds(), 1");
654 #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
655 return $this->__getParentRoles($pathIds,$a_templates);
656 }
657
666 public function getRoleListByObject($a_ref_id,$a_templates = false)
667 {
668 global $ilDB;
669
670 if (!isset($a_ref_id) or !isset($a_templates))
671 {
672 $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
673 "ref_id: ".$a_ref_id.
674 "tpl_flag: ".$a_templates;
675 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
676 }
677
678 $role_list = array();
679
680 $where = $this->__setTemplateFilter($a_templates);
681
682 $query = "SELECT * FROM object_data ".
683 "JOIN rbac_fa ON obj_id = rol_id ".
684 $where.
685 "AND object_data.obj_id = rbac_fa.rol_id ".
686 "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
687
688 $res = $ilDB->query($query);
689 while ($row = $ilDB->fetchAssoc($res))
690 {
691 $row["desc"] = $row["description"];
692 $row["user_id"] = $row["owner"];
693 $role_list[] = $row;
694 }
695
696 $role_list = $this->__setRoleType($role_list);
697
698 return $role_list;
699 }
700
708 function getAssignableRoles($a_templates = false,$a_internal_roles = false, $title_filter = '')
709 {
710 global $ilDB;
711
712 $role_list = array();
713
714 $where = $this->__setTemplateFilter($a_templates);
715
716 $query = "SELECT * FROM object_data ".
717 "JOIN rbac_fa ON obj_id = rol_id ".
718 $where.
719 "AND rbac_fa.assign = 'y' ";
720
721 if(strlen($title_filter))
722 {
723 $query .= (' AND '.$ilDB->like(
724 'title',
725 'text',
726 $title_filter.'%'
727 ));
728 }
729 $res = $ilDB->query($query);
730
731 while ($row = $ilDB->fetchAssoc($res))
732 {
733 $row["desc"] = $row["description"];
734 $row["user_id"] = $row["owner"];
735 $role_list[] = $row;
736 }
737
738 $role_list = $this->__setRoleType($role_list);
739
740 return $role_list;
741 }
742
750 public function getAssignableRolesInSubtree($ref_id)
751 {
752 global $ilDB;
753
754 $query = 'SELECT rol_id FROM rbac_fa fa '.
755 'JOIN tree t1 ON t1.child = fa.parent '.
756 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
757 'WHERE assign = '.$ilDB->quote('y','text').' '.
758 'AND obd.type = '.$ilDB->quote('role','text').' '.
759 'AND t1.child IN ('.
760 $GLOBALS['tree']->getSubTreeQuery($ref_id,array('child')).' '.
761 ') ';
762
763
764 $res = $ilDB->query($query);
765
766 $role_list = array();
767 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
768 {
769 $role_list[] = $row->rol_id;
770 }
771 return $role_list;
772 }
773
781 public function getAssignableChildRoles($a_ref_id)
782 {
783 global $ilDB;
784
785 $query = "SELECT fa.*, rd.* ".
786 "FROM object_data rd ".
787 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
788 "WHERE fa.assign = 'y' ".
789 "AND fa.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
790 ;
791
792 $res = $ilDB->query($query);
793 while($row = $ilDB->fetchAssoc($res))
794 {
795 $roles_data[] = $row;
796 }
797 return $roles_data ? $roles_data : array();
798 }
799
807 protected function __setTemplateFilter($a_templates)
808 {
809 global $ilDB;
810
811 if ($a_templates === true)
812 {
813 $where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
814 }
815 else
816 {
817 $where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
818 }
819
820 return $where;
821 }
822
835 protected function __setRoleType($a_role_list)
836 {
837 foreach ($a_role_list as $key => $val)
838 {
839 // determine role type
840 if ($val["type"] == "rolt")
841 {
842 $a_role_list[$key]["role_type"] = "template";
843 }
844 else
845 {
846 if ($val["assign"] == "y")
847 {
848 if ($val["parent"] == ROLE_FOLDER_ID)
849 {
850 $a_role_list[$key]["role_type"] = "global";
851 }
852 else
853 {
854 $a_role_list[$key]["role_type"] = "local";
855 }
856 }
857 else
858 {
859 $a_role_list[$key]["role_type"] = "linked";
860 }
861 }
862
863 if ($val["protected"] == "y")
864 {
865 $a_role_list[$key]["protected"] = true;
866 }
867 else
868 {
869 $a_role_list[$key]["protected"] = false;
870 }
871 }
872
873 return $a_role_list;
874 }
875
883 public function getNumberOfAssignedUsers(Array $a_roles)
884 {
885 global $ilDB;
886
887 $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua '.
888 'WHERE '.$ilDB->in('rol_id', $a_roles, false, 'integer').' ';
889
890 $res = $ilDB->query($query);
891 $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
892 return $row->num ? $row->num : 0;
893 }
894
895
904 public function assignedUsers($a_rol_id, $a_fields = NULL)
905 {
906 global $ilBench,$ilDB;
907
908 $ilBench->start("RBAC", "review_assignedUsers");
909
910 if (!isset($a_rol_id))
911 {
912 $message = get_class($this)."::assignedUsers(): No role_id given!";
913 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
914 }
915 if (! $a_fields AND isset(self::$assigned_users_cache[$a_rol_id])) {
916 return self::$assigned_users_cache[$a_rol_id];
917 }
918
919 $result_arr = array();
920
921 if ($a_fields !== NULL and is_array($a_fields))
922 {
923 if (count($a_fields) == 0)
924 {
925 $select = "*";
926 }
927 else
928 {
929 if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
930 unset($a_fields[$usr_id_field]);
931
932 $select = implode(",",$a_fields).",usr_data.usr_id";
933 $select = addslashes($select);
934 }
935
936 $ilDB->enableResultBuffering(false);
937 $query = "SELECT ".$select." FROM usr_data ".
938 "LEFT JOIN rbac_ua ON usr_data.usr_id = rbac_ua.usr_id ".
939 "WHERE rbac_ua.rol_id =".$ilDB->quote($a_rol_id,'integer');
940 $res = $ilDB->query($query);
941 while($row = $ilDB->fetchAssoc($res))
942 {
943 $result_arr[] = $row;
944 }
945 $ilDB->enableResultBuffering(true);
946 }
947 else
948 {
949 $ilDB->enableResultBuffering(false);
950 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
951
952 $res = $ilDB->query($query);
953 while($row = $ilDB->fetchAssoc($res))
954 {
955 array_push($result_arr,$row["usr_id"]);
956 }
957 $ilDB->enableResultBuffering(true);
958 }
959
960 $ilBench->stop("RBAC", "review_assignedUsers");
961
962 if (! $a_fields) {
963 self::$assigned_users_cache[$a_rol_id] = $result_arr;
964 }
965
966 return $result_arr;
967 }
968
969
978 public function isAssigned($a_usr_id,$a_role_id)
979 {
980 if(isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
981 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
982 }
983 // Quickly determine if user is assigned to a role
984 global $ilDB;
985
986 $ilDB->setLimit(1,0);
987 $query = "SELECT usr_id FROM rbac_ua WHERE ".
988 "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
989 "AND usr_id= ".$ilDB->quote($a_usr_id);
990 $res = $ilDB->query($query);
991
992 $is_assigned = $res->numRows() == 1;
993 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
994
995 return $is_assigned;
996 }
997
1010 public function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
1011 {
1012 global $ilDB;
1013
1014 $ilDB->setLimit(1,0);
1015 $query = "SELECT usr_id FROM rbac_ua WHERE ".
1016 $ilDB->in('rol_id',$a_role_ids,false,'integer').
1017 " AND usr_id= ".$ilDB->quote($a_usr_id);
1018 $res = $ilDB->query($query);
1019
1020 return $ilDB->numRows($res) == 1;
1021 }
1022
1030 public function assignedRoles($a_usr_id)
1031 {
1032 global $ilDB;
1033
1034 $role_arr = array();
1035
1036 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
1037
1038 $res = $ilDB->query($query);
1039 while($row = $ilDB->fetchObject($res))
1040 {
1041 $role_arr[] = $row->rol_id;
1042 }
1043 return $role_arr ? $role_arr : array();
1044 }
1045
1051 public function assignedGlobalRoles($a_usr_id)
1052 {
1053 global $ilDB;
1054
1055 $query = "SELECT ua.rol_id FROM rbac_ua ua ".
1056 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
1057 "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
1058 "AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
1059 "AND assign = 'y' ";
1060
1061 $res = $ilDB->query($query);
1062 while($row = $ilDB->fetchObject($res))
1063 {
1064 $role_arr[] = $row->rol_id;
1065 }
1066 return $role_arr ? $role_arr : array();
1067 }
1068
1077 public function isAssignable($a_rol_id, $a_ref_id)
1078 {
1079 global $ilBench,$ilDB;
1080
1081 $ilBench->start("RBAC", "review_isAssignable");
1082
1083 // exclude system role from rbac
1084 if ($a_rol_id == SYSTEM_ROLE_ID)
1085 {
1086 $ilBench->stop("RBAC", "review_isAssignable");
1087 return true;
1088 }
1089
1090 if (!isset($a_rol_id) or !isset($a_ref_id))
1091 {
1092 $message = get_class($this)."::isAssignable(): Missing parameter!".
1093 " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
1094 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1095 }
1096 $query = "SELECT * FROM rbac_fa ".
1097 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1098 "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
1099 $res = $ilDB->query($query);
1100 $row = $ilDB->fetchObject($res);
1101
1102 $ilBench->stop("RBAC", "review_isAssignable");
1103 return $row->assign == 'y' ? true : false;
1104 }
1105
1111 public function hasMultipleAssignments($a_role_id)
1112 {
1113 global $ilDB;
1114
1115 $query = "SELECT * FROM rbac_fa WHERE rol_id = ".$ilDB->quote($a_role_id,'integer').' '.
1116 "AND assign = ".$ilDB->quote('y','text');
1117 $res = $ilDB->query($query);
1118 return $res->numRows() > 1;
1119 }
1120
1132 public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
1133 {
1134 global $ilDB;
1135
1136 if (!isset($a_rol_id))
1137 {
1138 $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
1139 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1140 }
1141
1142 if ($a_assignable)
1143 {
1144 $where = " AND assign ='y'";
1145 }
1146
1147 $query = "SELECT DISTINCT parent FROM rbac_fa ".
1148 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
1149
1150 $res = $ilDB->query($query);
1151 while($row = $ilDB->fetchObject($res))
1152 {
1153 $folders[] = $row->parent;
1154 }
1155 return $folders ? $folders : array();
1156 }
1157
1165 public function getRolesOfObject($a_ref_id, $a_assignable_only = FALSE)
1166 {
1167 global $ilDB;
1168
1169 if(!isset($a_ref_id))
1170 {
1171 $GLOBALS['ilLog']->logStack();
1172 throw new InvalidArgumentException(__METHOD__.': No ref_id given!');
1173 }
1174 if($a_assignable_only === TRUE)
1175 {
1176 $and = 'AND assign = '.$ilDB->quote('y','text');
1177 }
1178 $query = "SELECT rol_id FROM rbac_fa ".
1179 "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1180 $and;
1181
1182 $res = $ilDB->query($query);
1183
1184 $role_ids = array();
1185 while($row = $ilDB->fetchObject($res))
1186 {
1187 $role_ids[] = $row->rol_id;
1188 }
1189 return $role_ids;
1190 }
1191
1192
1193
1194
1205 public function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
1206 {
1207 global $ilBench,$ilDB,$ilLog;
1208
1209 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
1210
1211 if (!isset($a_ref_id))
1212 {
1213 $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
1214 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1215
1216 }
1217
1218 if ($a_nonassignable === false)
1219 {
1220 $and = " AND assign='y'";
1221 }
1222
1223 $query = "SELECT rol_id FROM rbac_fa ".
1224 "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1225 $and;
1226
1227 $res = $ilDB->query($query);
1228 while($row = $ilDB->fetchObject($res))
1229 {
1230 $rol_id[] = $row->rol_id;
1231 }
1232
1233 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
1234
1235 return $rol_id ? $rol_id : array();
1236 }
1237
1244 public function getGlobalRoles()
1245 {
1246 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
1247 }
1248
1254 public function getLocalRoles($a_ref_id)
1255 {
1256 global $ilDB;
1257
1258 $lroles = array();
1259 foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
1260 {
1261 if($this->isAssignable($role_id, $a_ref_id))
1262 {
1263 $lroles[] = $role_id;
1264 }
1265 }
1266 return $lroles;
1267 }
1268
1274 public function getLocalPolicies($a_ref_id)
1275 {
1276 $lroles = array();
1277 foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
1278 {
1279 $lroles[] = $role_id;
1280 }
1281 return $lroles;
1282 }
1283
1290 public function getGlobalRolesArray()
1291 {
1292 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
1293 {
1294 $ga[] = array('obj_id' => $role_id,
1295 'role_type' => 'global');
1296 }
1297 return $ga ? $ga : array();
1298 }
1299
1306 public function getGlobalAssignableRoles()
1307 {
1308 include_once './Services/AccessControl/classes/class.ilObjRole.php';
1309
1310 foreach($this->getGlobalRoles() as $role_id)
1311 {
1312 if(ilObjRole::_getAssignUsersStatus($role_id))
1313 {
1314 $ga[] = array('obj_id' => $role_id,
1315 'role_type' => 'global');
1316 }
1317 }
1318 return $ga ? $ga : array();
1319 }
1320
1321
1326 public function isRoleAssignedToObject($a_role_id, $a_parent_id)
1327 {
1328 global $rbacreview, $ilDB;
1329
1330 $query = 'SELECT * FROM rbac_fa '.
1331 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1332 'AND parent = '.$ilDB->quote($a_parent_id,'integer');
1333 $res = $ilDB->query($query);
1334 return $res->numRows() ? true : false;
1335 }
1336
1343 public function getOperations()
1344 {
1345 global $ilDB;
1346
1347 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
1348 $res = $this->ilDB->query($query);
1349 while($row = $ilDB->fetchObject($res))
1350 {
1351 $ops[] = array('ops_id' => $row->ops_id,
1352 'operation' => $row->operation,
1353 'description' => $row->description);
1354 }
1355
1356 return $ops ? $ops : array();
1357 }
1358
1365 public function getOperation($ops_id)
1366 {
1367 global $ilDB;
1368
1369 $query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
1370 $res = $this->ilDB->query($query);
1371 while($row = $ilDB->fetchObject($res))
1372 {
1373 $ops = array('ops_id' => $row->ops_id,
1374 'operation' => $row->operation,
1375 'description' => $row->description);
1376 }
1377
1378 return $ops ? $ops : array();
1379 }
1380
1390 public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
1391 {
1392 global $ilDB;
1393
1394 if(!$a_parent)
1395 {
1396 $a_parent = ROLE_FOLDER_ID;
1397 }
1398
1399 $query = "SELECT ops_id,type FROM rbac_templates ".
1400 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1401 "AND parent = ".$ilDB->quote($a_parent,'integer');
1402 $res = $ilDB->query($query);
1403
1404 $ops_arr = array();
1405 while ($row = $ilDB->fetchObject($res))
1406 {
1407 $ops_arr[$row->type][] = $row->ops_id;
1408 }
1409 return (array) $ops_arr;
1410 }
1411
1419 public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
1420 {
1421 global $ilDB;
1422
1423 $query = 'SELECT * FROM rbac_pa '.
1424 'WHERE ref_id = '.$ilDB->quote($a_ref_id,'integer').' '.
1425 'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' ';
1426
1427 $res = $ilDB->query($query);
1428 while($row = $res->fetchRow(DB_FETCHMODE_ASSOC))
1429 {
1430 return unserialize($row['ops_id']);
1431 }
1432 return array();
1433 }
1434
1435
1446 public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
1447 {
1448 global $ilDB,$ilLog;
1449
1450 if (!isset($a_rol_id) or !isset($a_type))
1451 {
1452 $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
1453 "role_id: ".$a_rol_id.
1454 "type: ".$a_type.
1455 "parent_id: ".$a_parent;
1456 $ilLog->logStack("Missing parameter! ");
1457 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1458 }
1459
1460 $ops_arr = array();
1461
1462 // if no rolefolder id is given, assume global role folder as target
1463 if ($a_parent == 0)
1464 {
1465 $a_parent = ROLE_FOLDER_ID;
1466 }
1467
1468 $query = "SELECT ops_id FROM rbac_templates ".
1469 "WHERE type =".$ilDB->quote($a_type,'text')." ".
1470 "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1471 "AND parent = ".$ilDB->quote($a_parent,'integer');
1472 $res = $ilDB->query($query);
1473 while ($row = $ilDB->fetchObject($res))
1474 {
1475 $ops_arr[] = $row->ops_id;
1476 }
1477
1478 return $ops_arr;
1479 }
1480
1488 public function getRoleOperationsOnObject($a_role_id,$a_ref_id)
1489 {
1490 global $ilDB;
1491
1492 $query = "SELECT * FROM rbac_pa ".
1493 "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
1494 "AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
1495
1496 $res = $ilDB->query($query);
1497 while($row = $ilDB->fetchObject($res))
1498 {
1499 $ops = unserialize($row->ops_id);
1500 }
1501
1502 return $ops ? $ops : array();
1503 }
1504
1512 public function getOperationsOnType($a_typ_id)
1513 {
1514 global $ilDB;
1515
1516 if (!isset($a_typ_id))
1517 {
1518 $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1519 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1520 }
1521
1522 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1523
1524 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id '.
1525 'WHERE typ_id = '.$ilDB->quote($a_typ_id,'integer').' '.
1526 'ORDER BY op_order';
1527
1528 $res = $ilDB->query($query);
1529
1530 while($row = $ilDB->fetchObject($res))
1531 {
1532 $ops_id[] = $row->ops_id;
1533 }
1534
1535 return $ops_id ? $ops_id : array();
1536 }
1537
1546 public function getOperationsOnTypeString($a_type)
1547 {
1548 global $ilDB;
1549
1550 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
1551
1552
1553 $res = $this->ilDB->query($query);
1554 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1555 {
1556 return $this->getOperationsOnType($row->obj_id);
1557 }
1558 return false;
1559 }
1560
1568 public function getOperationsByTypeAndClass($a_type,$a_class)
1569 {
1570 global $ilDB;
1571
1572 if($a_class != 'create')
1573 {
1574 $condition = "AND class != ".$ilDB->quote('create','text');
1575 }
1576 else
1577 {
1578 $condition = "AND class = ".$ilDB->quote('create','text');
1579 }
1580
1581 $query = "SELECT ro.ops_id FROM rbac_operations ro ".
1582 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id ".
1583 "JOIN object_data od ON rt.typ_id = od.obj_id ".
1584 "WHERE type = ".$ilDB->quote('typ','text')." ".
1585 "AND title = ".$ilDB->quote($a_type,'text')." ".
1586 $condition." ".
1587 "ORDER BY op_order ";
1588
1589 $res = $ilDB->query($query);
1590
1591 $ops = array();
1592 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1593 {
1594 $ops[] = $row->ops_id;
1595 }
1596 return $ops;
1597 }
1598
1599
1609 public function getObjectsWithStopedInheritance($a_rol_id,$a_filter = array())
1610 {
1611 global $ilDB;
1612
1613 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1614 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1615 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1616
1617 $query = 'SELECT parent p FROM rbac_fa '.
1618 'WHERE assign = '.$ilDB->quote('n','text').' '.
1619 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1620
1621 if($a_filter)
1622 {
1623 $query .= ('AND '.$ilDB->in('parent',(array) $a_filter,false,'integer'));
1624 }
1625
1626 $res = $ilDB->query($query);
1627 $parent = array();
1628 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1629 {
1630 $parent[] = $row->p;
1631 }
1632 return $parent;
1633 }
1634
1642 public function isDeleted($a_node_id)
1643 {
1644 global $ilDB;
1645
1646 $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1647 $r = $this->ilDB->query($q);
1648
1649 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1650
1651 if (!$row)
1652 {
1653 $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1654 get_class($this),
1655 $a_node_id);
1656 $this->log->write($message,$this->log->FATAL);
1657
1658 return true;
1659 }
1660
1661 // rolefolder is deleted
1662 if ($row->tree < 0)
1663 {
1664 return true;
1665 }
1666
1667 return false;
1668 }
1669
1676 public function isGlobalRole($a_role_id)
1677 {
1678 return in_array($a_role_id,$this->getGlobalRoles());
1679 }
1680
1690 public function getRolesByFilter($a_filter = 0,$a_user_id = 0, $title_filter = '')
1691 {
1692 global $ilDB;
1693
1694 $assign = "y";
1695
1696 switch($a_filter)
1697 {
1698 // all (assignable) roles
1699 case self::FILTER_ALL:
1700 return $this->getAssignableRoles(true,true,$title_filter);
1701 break;
1702
1703 // all (assignable) global roles
1704 case self::FILTER_ALL_GLOBAL:
1705 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
1706 break;
1707
1708 // all (assignable) local roles
1709 case self::FILTER_ALL_LOCAL:
1710 case self::FILTER_INTERNAL:
1711 case self::FILTER_NOT_INTERNAL:
1712 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
1713 break;
1714
1715 // all role templates
1716 case self::FILTER_TEMPLATES:
1717 $where = "WHERE object_data.type = 'rolt'";
1718 $assign = "n";
1719 break;
1720
1721 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1722 case 0:
1723 default:
1724 if(!$a_user_id)
1725 return array();
1726
1727 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
1728 break;
1729 }
1730
1731 $roles = array();
1732
1733 $query = "SELECT * FROM object_data ".
1734 "JOIN rbac_fa ON obj_id = rol_id ".
1735 $where.
1736 "AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
1737
1738 if(strlen($title_filter))
1739 {
1740 $query .= (' AND '.$ilDB->like(
1741 'title',
1742 'text',
1743 '%'.$title_filter.'%'
1744 ));
1745 }
1746
1747 $res = $ilDB->query($query);
1748 while($row = $ilDB->fetchAssoc($res))
1749 {
1750 $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1751
1752 // all (assignable) internal local roles only
1753 if ($a_filter == 4 and !$prefix)
1754 {
1755 continue;
1756 }
1757
1758 // all (assignable) non internal local roles only
1759 if ($a_filter == 5 and $prefix)
1760 {
1761 continue;
1762 }
1763
1764 $row["desc"] = $row["description"];
1765 $row["user_id"] = $row["owner"];
1766 $roles[] = $row;
1767 }
1768
1769 $roles = $this->__setRoleType($roles);
1770
1771 return $roles ? $roles : array();
1772 }
1773
1781 public function getTypeId($a_type)
1782 {
1783 global $ilDB;
1784
1785 $q = "SELECT obj_id FROM object_data ".
1786 "WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
1787 $r = $ilDB->query($q);
1788
1789 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1790 return $row->obj_id;
1791 }
1792
1803 public static function _getOperationIdsByName($operations)
1804 {
1805 global $ilDB;
1806
1807 if(!count($operations))
1808 {
1809 return array();
1810 }
1811
1812 $query = 'SELECT ops_id FROM rbac_operations '.
1813 'WHERE '.$ilDB->in('operation',$operations,false,'text');
1814
1815 $res = $ilDB->query($query);
1816 while($row = $ilDB->fetchObject($res))
1817 {
1818 $ops_ids[] = $row->ops_id;
1819 }
1820 return $ops_ids ? $ops_ids : array();
1821 }
1822
1831 public static function _getOperationIdByName($a_operation)
1832 {
1833 global $ilDB,$ilErr;
1834
1835 if (!isset($a_operation))
1836 {
1837 $message = "perm::getOperationId(): No operation given!";
1838 $ilErr->raiseError($message,$ilErr->WARNING);
1839 }
1840
1841 // Cache operation ids
1842 if (! is_array(self::$_opsCache)) {
1843 self::$_opsCache = array();
1844
1845 $q = "SELECT ops_id, operation FROM rbac_operations";
1846 $r = $ilDB->query($q);
1847 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1848 {
1849 self::$_opsCache[$row->operation] = $row->ops_id;
1850 }
1851 }
1852
1853 // Get operation ID by name from cache
1854 if (array_key_exists($a_operation, self::$_opsCache)) {
1855 return self::$_opsCache[$a_operation];
1856 }
1857 return null;
1858 }
1859
1866 public static function lookupCreateOperationIds($a_type_arr)
1867 {
1868 global $ilDB;
1869
1870 $operations = array();
1871 foreach($a_type_arr as $type)
1872 {
1873 $operations[] = ('create_'.$type);
1874 }
1875
1876 if(!count($operations))
1877 {
1878 return array();
1879 }
1880
1881 $query = 'SELECT ops_id, operation FROM rbac_operations '.
1882 'WHERE '.$ilDB->in('operation',$operations,false,'text');
1883
1884 $res = $ilDB->query($query);
1885
1886 $ops_ids = array();
1887 while($row = $ilDB->fetchObject($res))
1888 {
1889 $type_arr = explode('_', $row->operation);
1890 $type = $type_arr[1];
1891
1892 $ops_ids[$type] = $row->ops_id;
1893 }
1894 return $ops_ids;
1895 }
1896
1897
1898
1907 public function isProtected($a_ref_id,$a_role_id)
1908 {
1909 global $ilDB;
1910
1911 // ref_id not used yet. protected permission acts 'global' for each role,
1912 $query = "SELECT protected FROM rbac_fa ".
1913 "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1914 $res = $ilDB->query($query);
1915 $row = $ilDB->fetchAssoc($res);
1916
1917 return ilUtil::yn2tf($row['protected']);
1918 }
1919
1920 // this method alters the protected status of role regarding the current user's role assignment
1921 // and current postion in the hierarchy.
1922
1934 protected function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1935 {
1936 //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1937
1938 global $rbacsystem,$ilUser,$log;
1939
1940 if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
1941 {
1942 $leveladmin = true;
1943 }
1944 else
1945 {
1946 $leveladmin = false;
1947 }
1948 #vd("RoleHierarchy",$a_role_hierarchy);
1949 foreach ($a_role_hierarchy as $role_id => $rolf_id)
1950 {
1951 //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1952 #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1953 //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1954
1955 if ($leveladmin == true)
1956 {
1957 $a_parent_roles[$role_id]['protected'] = false;
1958 continue;
1959 }
1960
1961 if ($a_parent_roles[$role_id]['protected'] == true)
1962 {
1963 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
1964
1965 #vd("intersection",$arr_lvl_roles_user);
1966
1967 foreach ($arr_lvl_roles_user as $lvl_role_id)
1968 {
1969 #echo "<br/>level_role: ".$lvl_role_id;
1970 #echo "<br/>a_ref_id: ".$a_ref_id;
1971
1972 //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1973 // check if role grants 'edit_permission' to parent
1974 $rolf = $a_parent_roles[$role_id]['parent'];
1975 #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
1976 if ($rbacsystem->checkPermission($rolf,$lvl_role_id,'edit_permission'))
1977 {
1978 #echo "<br />Permission granted";
1979 //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1980 // user may change permissions of that higher-ranked role
1981 $a_parent_roles[$role_id]['protected'] = false;
1982
1983 // remember successful check
1984 //$leveladmin = true;
1985 }
1986 }
1987 }
1988 }
1989 return $a_parent_roles;
1990 }
1991
2002 public static function _getOperationList($a_type = null)
2003 {
2004 global $ilDB;
2005
2006 $arr = array();
2007
2008 if ($a_type)
2009 {
2010 $query = sprintf('SELECT * FROM rbac_operations '.
2011 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
2012 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
2013 'WHERE object_data.title = %s '.
2014 'AND object_data.type = %s '.
2015 'ORDER BY op_order ASC',
2016 $ilDB->quote($a_type,'text'),
2017 $ilDB->quote('typ','text'));
2018 }
2019 else
2020 {
2021 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
2022 }
2023 $res = $ilDB->query($query);
2024 while ($row = $ilDB->fetchAssoc($res))
2025 {
2026 $arr[] = array(
2027 "ops_id" => $row['ops_id'],
2028 "operation" => $row['operation'],
2029 "desc" => $row['description'],
2030 "class" => $row['class'],
2031 "order" => $row['op_order']
2032 );
2033 }
2034 return $arr;
2035 }
2036
2043 public static function _groupOperationsByClass($a_ops_arr)
2044 {
2045 $arr = array();
2046
2047 foreach ($a_ops_arr as $ops)
2048 {
2049 $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
2050 'name' => $ops['operation']
2051 );
2052 }
2053 return $arr;
2054 }
2055
2065 public function getObjectOfRole($a_role_id)
2066 {
2067 // internal cache
2068 static $obj_cache = array();
2069
2070 global $ilDB;
2071
2072
2073 if(isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id])
2074 {
2075 return $obj_cache[$a_role_id];
2076 }
2077
2078 $query = 'SELECT obr.obj_id FROM rbac_fa rfa '.
2079 'JOIN object_reference obr ON rfa.parent = obr.ref_id '.
2080 'WHERE assign = '.$ilDB->quote('y','text'). ' '.
2081 'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2082 'AND deleted IS NULL';
2083
2084 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
2085 # "JOIN tree ON rfa.parent = tree.child ".
2086 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
2087 # "WHERE tree.tree = 1 ".
2088 # "AND assign = 'y' ".
2089 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
2090 $res = $ilDB->query($query);
2091
2092 $obj_cache[$a_role_id] = 0;
2093 while($row = $ilDB->fetchObject($res))
2094 {
2095 $obj_cache[$a_role_id] = $row->obj_id;
2096 }
2097 return $obj_cache[$a_role_id];
2098 }
2099
2106 public function getObjectReferenceOfRole($a_role_id)
2107 {
2108 global $ilDB;
2109
2110 $query = 'SELECT parent role_ref FROM rbac_fa '.
2111 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2112 'AND assign = '.$ilDB->quote('y','text');
2113
2114 $res = $ilDB->query($query);
2115 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
2116 {
2117 return $row->role_ref;
2118 }
2119 return 0;
2120 }
2121
2129 public function isRoleDeleted ($a_role_id)
2130 {
2131 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
2132 $deleted = true;
2133 if (count($rolf_list))
2134 {
2135 foreach ($rolf_list as $rolf) {
2136 // only list roles that are not set to status "deleted"
2137 if (!$this->isDeleted($rolf))
2138 {
2139 $deleted = false;
2140 break;
2141 }
2142 }
2143 }
2144 return $deleted;
2145 }
2146
2147
2155 public function getRolesForIDs($role_ids, $use_templates)
2156 {
2157 global $ilDB;
2158
2159 $role_list = array();
2160
2161 $where = $this->__setTemplateFilter($use_templates);
2162
2163 $query = "SELECT * FROM object_data ".
2164 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
2165 $where.
2166 "AND rbac_fa.assign = 'y' " .
2167 'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
2168
2169 $res = $ilDB->query($query);
2170 while($row = $ilDB->fetchAssoc($res))
2171 {
2172 $row["desc"] = $row["description"];
2173 $row["user_id"] = $row["owner"];
2174 $role_list[] = $row;
2175 }
2176
2177 $role_list = $this->__setRoleType($role_list);
2178 return $role_list;
2179 }
2180
2186 public function getOperationAssignment()
2187 {
2188 global $ilDB;
2189
2190 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
2191 'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
2192 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
2193 $res = $ilDB->query($query);
2194
2195 $counter = 0;
2196 while($row = $ilDB->fetchObject($res))
2197 {
2198 $info[$counter]['typ_id'] = $row->typ_id;
2199 $info[$counter]['type'] = $row->title;
2200 $info[$counter]['ops_id'] = $row->ops_id;
2201 $info[$counter]['operation'] = $row->operation;
2202 $counter++;
2203 }
2204 return $info ? $info : array();
2205
2206 }
2207
2215 public function isDeleteable($a_role_id, $a_rolf_id)
2216 {
2217 if(!$this->isAssignable($a_role_id, $a_rolf_id))
2218 {
2219 return false;
2220 }
2221 if($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID)
2222 {
2223 return false;
2224 }
2225 if(substr(ilObject::_lookupTitle($a_role_id),0,3) == 'il_')
2226 {
2227 return false;
2228 }
2229 return true;
2230 }
2231
2238 public function isSystemGeneratedRole($a_role_id)
2239 {
2240 $title = ilObject::_lookupTitle($a_role_id);
2241 return substr($title,0,3) == 'il_' ? true : false;
2242 }
2243
2244
2252 public function getRoleFolderOfRole($a_role_id)
2253 {
2254 global $ilDB;
2255
2256 if(ilObject::_lookupType($a_role_id) == 'role')
2257 {
2258 $and = ('AND assign = '.$ilDB->quote('y','text'));
2259 }
2260 else
2261 {
2262 $and = '';
2263 }
2264
2265 $query = 'SELECT * FROM rbac_fa '.
2266 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2267 $and;
2268 $res = $ilDB->query($query);
2269 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
2270 {
2271 return $row->parent;
2272 }
2273 return 0;
2274 }
2275
2283 public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
2284 {
2285 global $ilDB;
2286
2287 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua ".
2288 "ON (rbac_pa.rol_id = rbac_ua.rol_id) ".
2289 "WHERE rbac_ua.usr_id = ".$ilDB->quote($a_user_id,'integer')." ".
2290 "AND rbac_pa.ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
2291
2292 $res = $ilDB->query($query);
2293 $all_ops = array();
2294 while ($row = $ilDB->fetchObject($res))
2295 {
2296 $ops = unserialize($row->ops_id);
2297 $all_ops = array_merge($all_ops, $ops);
2298 }
2299 $all_ops = array_unique($all_ops);
2300
2301 $set = $ilDB->query("SELECT operation FROM rbac_operations ".
2302 " WHERE ".$ilDB->in("ops_id", $all_ops, false, "integer"));
2303 $perms = array();
2304 while ($rec = $ilDB->fetchAssoc($set))
2305 {
2306 $perms[] = $rec["operation"];
2307 }
2308
2309 return $perms;
2310 }
2311
2318 public function setAssignedCacheEntry($a_role_id,$a_user_id, $a_value)
2319 {
2320 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
2321 }
2322
2329 public function getAssignedCacheEntry($a_role_id,$a_user_id)
2330 {
2331 return self::$is_assigned_cache[$a_role_id][$a_user_id];
2332 }
2333
2337 public function clearCaches()
2338 {
2339 self::$is_assigned_cache = array();
2340 self::$assigned_users_cache = array();
2341 }
2342
2343
2344} // END class.ilRbacReview
2345?>
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
Mail_RFC822
Definition: RFC822.php:70
PEAR_Error
Definition: PEAR.php:827
DB_FETCHMODE_ASSOC
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilDB
Database Wrapper.
Definition: class.ilDB.php:29
ilDB\query
query($sql, $a_handle_error=true)
Query.
Definition: class.ilDB.php:1393
ilDB\quote
quote($a_query, $a_type=null)
Wrapper for quote method.
Definition: class.ilDB.php:2285
ilErrorHandling
Error Handling & global info handling uses PEAR error class.
Definition: class.ilErrorHandling.php:19
ilMail\ILIAS_HOST
const ILIAS_HOST
Definition: class.ilMail.php:213
ilObjRole\_getAssignUsersStatus
_getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:141
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:931
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1183
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:20
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node @access public.
Definition: class.ilRbacReview.php:781
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1690
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1781
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:2043
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:1274
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(Array $a_roles)
Get the number of assigned users to roles @global ilDB $ilDB.
Definition: class.ilRbacReview.php:883
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
Definition: class.ilRbacReview.php:1030
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:1446
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:1254
ilRbacReview\searchRolesByMailboxAddressList
searchRolesByMailboxAddressList($a_address_list)
Finds all role ids that match the specified user friendly role mailbox address list.
Definition: class.ilRbacReview.php:115
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=FALSE)
Get roles of object.
Definition: class.ilRbacReview.php:1165
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
Definition: class.ilRbacReview.php:1831
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
Definition: class.ilRbacReview.php:1642
ilRbacReview\getRoleMailboxAddress
getRoleMailboxAddress($a_role_id, $is_localize=true)
Definition: class.ilRbacReview.php:336
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:559
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:1568
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:835
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
Definition: class.ilRbacReview.php:1934
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:1205
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:1419
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:1244
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1676
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:1326
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:1132
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1488
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:1111
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:635
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:2337
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1907
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:1051
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:1512
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:37
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
Definition: class.ilRbacReview.php:2002
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:2238
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
Definition: class.ilRbacReview.php:666
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users') @access public
Definition: class.ilRbacReview.php:1306
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:2129
ilRbacReview\assignedUsers
assignedUsers($a_rol_id, $a_fields=NULL)
get all assigned users to a given role @access public
Definition: class.ilRbacReview.php:904
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:597
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role @global ilDB $ilDB.
Definition: class.ilRbacReview.php:2252
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role @access public
Definition: class.ilRbacReview.php:978
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id's by name.
Definition: class.ilRbacReview.php:1803
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
Definition: class.ilRbacReview.php:1077
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:2329
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:2106
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1609
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1866
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:2318
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:1290
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:1546
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:2283
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:2155
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository @access public.
Definition: class.ilRbacReview.php:750
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:2186
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id @access public
Definition: class.ilRbacReview.php:1365
ilRbacReview\__construct
__construct()
Constructor @access public.
Definition: class.ilRbacReview.php:48
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:2065
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
Definition: class.ilRbacReview.php:807
ilRbacReview\getOperations
getOperations()
get all possible operations @access public
Definition: class.ilRbacReview.php:1343
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
Definition: class.ilRbacReview.php:708
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:2215
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:1010
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:1390
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:3278
if
if(!file_exists(getcwd().'/ilias.ini.php')) if(isset( $_GET["client_id"]))
registration confirmation script for ilias
Definition: confirmReg.php:20
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:132
$ilErr
$ilErr
Definition: inc.setup_header.php:81
$lng
global $lng
Definition: privfeed.php:40
$ref_id
$ref_id
Definition: sahs_server.php:39
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
global $ilUser
Definition: imgupload.php:15