5require_once 
"./Services/Object/classes/class.ilObject.php";
 
   44        function ilObjRole($a_id = 0,$a_call_by_reference = 
false)
 
   47                $this->disk_quota = 0;
 
   48                $this->wsp_disk_quota = 0;
 
   49                $this->
ilObject($a_id,$a_call_by_reference);
 
   65                $res = 
$ilDB->query(
"SELECT obj_id FROM object_data ".
 
   66                        " WHERE type=".
$ilDB->quote(
"rolt", 
"text").
 
   67                        " AND title=".$ilDB->quote($a_tpl_name, 
"text"));
 
   70                        $tpl_id = 
$row->obj_id;
 
   78                include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
   80                $role->setTitle($a_title);
 
   81                $role->setDescription($a_description);
 
   84                $GLOBALS[
'rbacadmin']->assignRoleToFolder($role->getId(),$a_ref_id,
'y');
 
   86                $GLOBALS[
'rbacadmin']->copyRoleTemplatePermissions(
 
   93                $ops = 
$GLOBALS[
'rbacreview']->getOperationsOfRole(
 
   98                $GLOBALS[
'rbacadmin']->grantPermission(
 
  115                if(substr($this->
getTitle(),0,3) == 
'il_')
 
  117                        $ilErr->setMessage(
'msg_role_reserved_prefix');
 
  134                $this->assign_users = (int) $a_assign_users;
 
  138                return $this->assign_users ? $this->assign_users : 0;
 
  145                $query = 
"SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,
'integer').
" ";
 
  149                        return $row->assign_users ? true : 
false;
 
  162                $query = 
"SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->
id,
'integer').
" ";
 
  165                if (
$res->numRows() > 0)
 
  174                         $this->
ilias->raiseError(
"<b>Error: There is no dataset with id ".$this->
id.
"!</b><br />class: ".get_class($this).
"<br />Script: ".__FILE__.
"<br />Line: ".__LINE__, $this->ilias->FATAL);
 
  203                $query = 
"UPDATE role_data SET ".
 
  204                        "allow_register= ".$ilDB->quote($this->allow_register,
'integer').
", ".
 
  206                        "disk_quota = ".$ilDB->quote($this->
getDiskQuota(),
'integer').
", ".
 
  208                        "WHERE role_id= ".$ilDB->quote($this->
id,
'integer').
" ";
 
  229                $this->
id = parent::create();
 
  231                $query = 
"INSERT INTO role_data ".
 
  232                        "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) ".
 
  234                        "(".$ilDB->quote($this->
id,
'integer').
",".
 
  253                if (empty($a_allow_register))
 
  255                        $a_allow_register == 0;
 
  258                $this->allow_register = (int) $a_allow_register;
 
  269                return $this->allow_register ? $this->allow_register : 
false;
 
  282                $this->disk_quota = $a_disk_quota;
 
  310                $this->wsp_disk_quota = $a_disk_quota;
 
  337                $query = 
"SELECT * FROM role_data ".
 
  338                        "JOIN object_data ON object_data.obj_id = role_data.role_id ".
 
  339                        "WHERE allow_register = 1";
 
  345                        $roles[] = array(
"id" => $role[
"obj_id"],
 
  346                                                         "title" => $role[
"title"],
 
  347                                                         "auth_mode" => $role[
'auth_mode']);
 
  363                $query = 
"SELECT * FROM role_data ".
 
  364                        " WHERE role_id =".$ilDB->quote($a_role_id,
'integer');
 
  369                        if ($role_rec[
"allow_register"])
 
  386                $this->parent = $a_parent_ref;
 
  409                global $rbacadmin, $rbacreview,
$ilDB;
 
  412                if($rbacreview->hasMultipleAssignments($this->getId()))
 
  414                        $GLOBALS[
'ilLog']->write(__METHOD__.
': Found role with multiple assignments: '.$this->getId());
 
  418                if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
 
  427                        $last_role_user_ids = array();
 
  428                        if ($this->
getParent() == ROLE_FOLDER_ID)
 
  433                                $user_ids = $rbacreview->assignedUsers($this->
getId());
 
  435                                foreach ($user_ids as $user_id)
 
  438                                        $role_ids = $rbacreview->assignedRoles($user_id);
 
  441                                        if (count($role_ids) == 1)
 
  443                                                $last_role_user_ids[] = $user_id;
 
  449                        if (count($last_role_user_ids) > 0)
 
  451                                foreach ($last_role_user_ids as $user_id)
 
  455                                        $tmp_obj = $this->
ilias->obj_factory->getInstanceByObjId($user_id);
 
  456                                        $user_names[] = $tmp_obj->getFullname();
 
  463                                $users = implode(
', ',$user_names);
 
  464                                $this->
ilias->raiseError($this->lng->txt(
"msg_user_last_role1").
" ".
 
  465                                                                         $users.
"<br/>".$this->lng->txt(
"msg_user_last_role2"),$this->ilias->error_obj->WARNING);                               
 
  473                                include_once(
'./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
 
  480                                $query = 
"DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->
getId(),
'integer');
 
  483                                include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  485                                $role_desk_item_obj->deleteAll();
 
  501                return count($rbacreview->assignedUsers($this->getId()));
 
  508                $test_str = explode(
'_',$a_role_title);
 
  510                if ($test_str[0] == 
'il') 
 
  512                        $test2 = (int) $test_str[3];
 
  518                        return $lng->txt(implode(
'_',$test_str));
 
  521                return $a_role_title;
 
  530                foreach ($a_roles as $role_id => $auth_mode)
 
  532                        $query = 
"UPDATE role_data SET ".
 
  533                                 "auth_mode= ".$ilDB->quote($auth_mode,
'text').
" ".
 
  534                                 "WHERE role_id= ".$ilDB->quote($role_id,
'integer').
" ";
 
  543                $query = 
"SELECT auth_mode FROM role_data ".
 
  544                         "WHERE role_id= ".$ilDB->quote($a_role_id,
'integer').
" ";
 
  548                return $row[
'auth_mode'];
 
  562                $query = 
"SELECT * FROM role_data ".
 
  563                        "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,
'text');
 
  568                        $roles[] = 
$row->role_id;
 
  585                $query = 
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,
'text');
 
  593                global 
$ilDB, 
$lng, $objDefinition,$rbacreview;         
 
  595                $operation_info = $rbacreview->getOperationAssignment();
 
  596                foreach($operation_info as $info)
 
  598                        if($objDefinition->getDevMode($info[
'type']))
 
  602                        $rbac_objects[$info[
'typ_id']] = array(
"obj_id" => $info[
'typ_id'],
 
  603                                                                                                   "type"       => $info[
'type']);
 
  606                        $txt = $objDefinition->isPlugin($info[
'type'])
 
  608                                : 
$lng->txt($info[
'type'].
"_".$info[
'operation']);
 
  609                        if (substr($info[
'operation'], 0, 7) == 
"create_" &&
 
  610                                $objDefinition->isPlugin(substr($info[
'operation'], 7)))
 
  614                        $rbac_operations[$info[
'typ_id']][$info[
'ops_id']] = array(
 
  615                                                                                                                                "ops_id"        => $info[
'ops_id'],
 
  616                                                                                                                                "title"         => $info[
'operation'],
 
  620                return array($rbac_objects,$rbac_operations);
 
  638                global $tree,$rbacreview;
 
  641                $nodes = $tree->getRbacSubtreeInfo($a_start_node);
 
  644                $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->
getId());
 
  647                $local_policies = array();
 
  648                foreach($all_local_policies as $lp)
 
  650                        if(isset($nodes[$lp]))
 
  652                                $local_policies[] = $lp;
 
  662                                #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node); 
  665                $this->
adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
 
  667                #var_dump(memory_get_peak_usage()); 
  668                #var_dump(memory_get_usage()); 
  678                global $rbacreview,$rbacadmin;
 
  680                $local_policies = array();
 
  681                foreach($a_policies as $policy)
 
  683                        if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
 
  685                                $local_policies[] = $policy;
 
  690                                $local_policies[] = $policy;
 
  693                        $rbacadmin->deleteLocalRole($this->
getId(),$policy);
 
  695                return $local_policies;
 
  706        protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
 
  708                global $rbacadmin, $rbacreview, $tree;
 
  710                $operation_stack = array();
 
  711                $policy_stack = array();
 
  712                $node_stack = array();
 
  714                $start_node = current($a_nodes);
 
  715                array_push($node_stack,$start_node);
 
  719                include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  722                $local_policy = 
false;
 
  723                foreach($a_nodes as $node)
 
  725                        $cmp_node = end($node_stack);
 
  726                        while($relation = $tree->getRelationOfNodes($node,$cmp_node))
 
  732                                                $GLOBALS[
'ilLog']->write(__METHOD__.
': Handling sibling/none relation.');
 
  733                                                array_pop($operation_stack);
 
  734                                                array_pop($policy_stack);
 
  735                                                array_pop($node_stack);
 
  736                                                $cmp_node = end($node_stack);
 
  737                                                $local_policy = 
false;
 
  744                                                $GLOBALS[
'ilLog']->write(__METHOD__.
': Handling child/equals/parent '. $relation);
 
  756                        if($node[
'child'] == $start_node[
'child'])
 
  762                                                $rbac_log_roles = $rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  767                                        $perms = end($operation_stack);
 
  768                                        $rbacadmin->grantPermission(
 
  770                                                (array) $perms[$node[
'type']],
 
  785                        if(in_array($node[
'child'], $a_policies) and ($node[
'child'] != SYSTEM_FOLDER_ID))
 
  787                                $local_policy = 
true;
 
  790                                array_push($node_stack, $node);
 
  802                                $rbac_log_roles = $rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  807                        if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
 
  808                                $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] == 
'crs'))
 
  812                                $perms = end($operation_stack);
 
  817                                        array_push($node_stack, $node);
 
  822                        if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
 
  823                                $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] == 
'grp'))
 
  826                                $perms = end($operation_stack);
 
  831                                        array_push($node_stack, $node);
 
  836                        $perms = end($operation_stack);
 
  837                        $rbacadmin->grantPermission(
 
  839                                (array) $perms[$node[
'type']],
 
  860                if(in_array($a_type,$a_exclusion_filter))
 
  865                if(in_array(
'all',$a_filter))
 
  869                return in_array($a_type,$a_filter);
 
  882                $has_policies = 
null;
 
  883                $policy_origin = 
null;
 
  885                if($a_node == ROOT_FOLDER_ID)
 
  887                        $has_policies = TRUE;
 
  888                        $policy_origin = ROLE_FOLDER_ID;
 
  892                        $has_policies = $rbacreview->getLocalPolicies($a_node);
 
  893                        $policy_origin = $a_node;
 
  897                                $parent_roles = $rbacreview->getParentRoleIds($a_node,
false);
 
  898                                if($parent_roles[$this->
getId()])
 
  900                                        $a_stack[] = $rbacreview->getAllOperationsOfRole(
 
  902                                                $parent_roles[$this->
getId()][
'parent']
 
  915                $a_stack[] = $rbacreview->getAllOperationsOfRole(
 
  931                $has_policies = 
null;
 
  932                $policy_origin = 
null;
 
  934                if($a_node == ROOT_FOLDER_ID)
 
  936                        $has_policies = TRUE;
 
  937                        $policy_origin = ROLE_FOLDER_ID;
 
  941                        $has_policies = $rbacreview->getLocalPolicies($a_node);
 
  942                        $policy_origin = $a_node;
 
  950                $a_stack[] = $policy_origin;
 
  963                        global 
$ilDB, $rbacreview,$rbacadmin;
 
  965                        static $course_non_member_id = 
null;
 
  966                        static $group_non_member_id = 
null;
 
  967                        static $group_open_id = 
null;
 
  968                        static $group_closed_id = 
null;
 
  975                                        include_once 
'./Modules/Group/classes/class.ilObjGroup.php';
 
  977                                        #var_dump("GROUP TYPE",$type);
 
  981                                                        if(!$group_closed_id)
 
  983                                                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
 
  987                                                                        $group_closed_id = 
$row->obj_id;
 
  990                                                        $template_id = $group_closed_id;
 
  991                                                        #var_dump("GROUP CLOSED id:" . $template_id);
 
  998                                                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
 
 1002                                                                        $group_open_id = 
$row->obj_id;
 
 1005                                                        $template_id = $group_open_id;
 
 1006                                                        #var_dump("GROUP OPEN id:" . $template_id);
 
 1012                                        if(!$course_non_member_id)
 
 1014                                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
 
 1018                                                        $course_non_member_id = 
$row->obj_id;
 
 1021                                        $template_id = $course_non_member_id;
 
 1025                        $current_ops = $a_current_ops[$a_type];
 
 1032                                $rbacadmin->copyRolePermissionIntersection(
 
 1033                                        $template_id, ROLE_FOLDER_ID, 
 
 1034                                        $this->
getId(), end($policy_stack),
 
 1035                                        $a_id,$this->
getId()
 
 1040                                #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
 
 1042                        #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
 
 1043                        if($a_id and !
$GLOBALS[
'rbacreview']->isRoleAssignedToObject($this->
getId(),$a_id))
 
 1045                                $rbacadmin->assignRoleToFolder($this->
getId(),$a_id,
"n");       
 
const DB_FETCHMODE_OBJECT
static _deleteByRole($a_role_id)
static lookupGroupTye($a_id)
Lookup group type.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
__getPermissionDefinitions()
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
getPersonalWorkspaceDiskQuota()
_getAssignUsersStatus($a_role_id)
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
getAllowRegister()
get allow_register
_updateAuthMode($a_roles)
ilObjRole($a_id=0, $a_call_by_reference=false)
Constructor @access public.
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
_lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
update()
updates a record "role" and write it into database @access public
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
read()
loads "role" from database @access private
$disk_quota
The disk quota in bytes.
static isAutoGenerated($a_role_id)
_lookupRegisterAllowed()
get all roles that are activated in user registration
toggleAssignUsersStatus($a_assign_users)
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
getPresentationTitle()
return translated title for autogenerated roles
validate()
Validate role data.
assignData($a_data)
loads a record "role" from array @access public
setDiskQuota($a_disk_quota)
getParent()
get reference id of parent object
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
_getTranslation($a_role_title)
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Class ilObject Basic functions for all objects.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
setTitle($a_title)
set object title
ilObject($a_id=0, $a_reference=true)
Constructor @access public.
setDescription($a_desc)
set object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getTitle()
get object title @access public
static lookupTxt($a_mod_prefix, $a_pl_id, $a_lang_var)
Lookup language text.
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
const EDIT_TEMPLATE_EXISTING
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
redirection script todo: (a better solution should control the processing via a xml file)