ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
Public Member Functions | Protected Member Functions
ilRbacAdmin Class Reference
Services/AccessControl

Class ilRbacAdmin Core functions for role based access control. More...

+ Collaboration diagram for ilRbacAdmin:

Public Member Functions

 __construct ()
 Constructor public. More...
 
 removeUser ($a_usr_id)
 deletes a user from rbac_ua all user <-> role relations are deleted public More...
 
 deleteRole ($a_rol_id, $a_ref_id)
 Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. More...
 
 deleteTemplate ($a_obj_id)
 Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public. More...
 
 deleteLocalRole ($a_rol_id, $a_ref_id=0)
 Deletes a local role and entries in rbac_fa and rbac_templates public. More...
 
 assignUserLimited ($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
 Assign user limited. More...
 
 assignUser ($a_rol_id, $a_usr_id)
 Assigns an user to a role. More...
 
 deassignUser ($a_rol_id, $a_usr_id)
 Deassigns a user from a role. More...
 
 grantPermission ($a_rol_id, $a_ops, $a_ref_id)
 Grants a permission to an object and a specific role. More...
 
 revokePermission ($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
 Revokes permissions of an object of one role. More...
 
 revokeSubtreePermissions ($a_ref_id, $a_role_id)
 Revoke subtree permissions. More...
 
 deleteSubtreeTemplates ($a_ref_id, $a_rol_id)
 Delete all template permissions of subtree nodes. More...
 
 revokePermissionList ($a_ref_ids, $a_rol_id)
 Revokes permissions of a LIST of objects of ONE role. More...
 
 copyRolePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions and permission of one role to another. More...
 
 copyRoleTemplatePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions of one role to another. More...
 
 copyRolePermissionIntersection ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
 Copies the intersection of the template permissions of two roles to a third role. More...
 
 copyRolePermissionUnion ( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
 <type> $ilDB More...
 
 copyRolePermissionSubtract ($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
 Subtract role permissions. More...
 
 deleteRolePermission ($a_rol_id, $a_ref_id, $a_type=false)
 Deletes all entries of a template. More...
 
 setRolePermission ($a_rol_id, $a_type, $a_ops, $a_ref_id)
 Inserts template permissions in rbac_templates for an specific object type. More...
 
 assignRoleToFolder ($a_rol_id, $a_parent, $a_assign="y")
 Assigns a role to an role folder A role folder is an object to store roles. More...
 
 assignOperationToObject ($a_type_id, $a_ops_id)
 Assign an existing operation to an object Update of rbac_ta. More...
 
 deassignOperationFromObject ($a_type_id, $a_ops_id)
 Deassign an existing operation from an object Update of rbac_ta public. More...
 
 setProtected ($a_ref_id, $a_role_id, $a_value)
 Set protected $ilDB. More...
 
 copyLocalRoles ($a_source_id, $a_target_id)
 Copy local roles This method creates a copy of all local role. More...
 
 initIntersectionPermissions ($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
 Init intersection permissions. More...
 
 adjustMovedObjectPermissions ($a_ref_id, $a_old_parent)
 Adjust permissions of moved objects. More...
 
 copyEffectiveRolePermissions ($a_source_ref_id, $target_ref_id, $a_subtree_id)
 Copies all permission from source to target for all roles. More...
 

Protected Member Functions

 addDesktopItem ($a_rol_id, $a_usr_id)
 Add desktop item. More...
 

Detailed Description

Class ilRbacAdmin Core functions for role based access control.

Creation and maintenance of Relations. The main relations of Rbac are user <-> role (UR) assignment relation and the permission <-> role (PR) assignment relation. This class contains methods to 'create' and 'delete' instances of the (UR) relation e.g.: assignUser(), deassignUser() Required methods for the PR relation are grantPermission(), revokePermission()

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 18 of file class.ilRbacAdmin.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacAdmin::__construct ( )

Constructor public.

Definition at line 24 of file class.ilRbacAdmin.php.

References $ilDB, $ilErr, if, and PEAR_ERROR_CALLBACK.

25  {
26  global $ilDB,$ilErr,$ilias;
27 
28  // set db & error handler
29  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
30 
31  if (!isset($ilErr))
32  {
33  $ilErr = new ilErrorHandling();
34  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
35  }
36  else
37  {
38  $this->ilErr =& $ilErr;
39  }
40  }
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
if
if(!file_exists(getcwd().'/ilias.ini.php')) if(isset( $_GET["client_id"]))
registration confirmation script for ilias
Definition: confirmReg.php:20
ilErrorHandling
Error Handling & global info handling uses PEAR error class.
Definition: class.ilErrorHandling.php:18
ilDB
Database Wrapper.
Definition: class.ilDB.php:28
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ilErr
$ilErr
Definition: inc.setup_header.php:81

Member Function Documentation

◆ addDesktopItem()

ilRbacAdmin::addDesktopItem (   $a_rol_id,
  $a_usr_id 
)
protected

Add desktop item.

Parameters
type$a_rol_id
type$a_usr_id

Definition at line 227 of file class.ilRbacAdmin.php.

References ilObjUser\_addDesktopItem().

Referenced by assignUser(), and assignUserLimited().

228  {
229  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
230  $role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
231  foreach($role_desk_item_obj->getAll() as $item_data)
232  {
233  include_once './Services/User/classes/class.ilObjUser.php';
234  ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
235  }
236  }
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilObjUser\_addDesktopItem
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user&#39;s personal desktop
Definition: class.ilObjUser.php:3057
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ adjustMovedObjectPermissions()

ilRbacAdmin::adjustMovedObjectPermissions (   $a_ref_id,
  $a_old_parent 
)

Adjust permissions of moved objects.

  • Delete permissions of parent roles that do not exist in new context
  • Delete role templates of parent roles that do not exist in new context
  • Add permissions for parent roles that did not exist in old context

public

Parameters
intref id of moved object
intref_id of old parent

Definition at line 1190 of file class.ilRbacAdmin.php.

References $ilLog, $log, ilRbacLog\add(), deleteLocalRole(), ilRbacLog\diffFaPa(), ilRbacLog\gatherFaPa(), grantPermission(), initIntersectionPermissions(), ilRbacLog\isActive(), ilObjCourse\lookupCourseNonMemberTemplatesId(), ilObjGroup\lookupGroupStatusTemplateId(), ilRbacLog\MOVE_OBJECT, and revokePermission().

1191  {
1192  global $rbacreview,$tree,$ilLog;
1193 
1194  $new_parent = $tree->getParentId($a_ref_id);
1195  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent,false);
1196  $new_context_roles = $rbacreview->getParentRoleIds($new_parent,false);
1197 
1198  $for_addition = $for_deletion = array();
1199  foreach($new_context_roles as $new_role_id => $new_role)
1200  {
1201  if(!isset($old_context_roles[$new_role_id]))
1202  {
1203  $for_addition[$new_role_id] = $new_role;
1204  }
1205  elseif($new_role['parent'] != $old_context_roles[$new_role_id]['parent'])
1206  {
1207  // handle stopped inheritance
1208  $for_deletion[$new_role_id] = $new_role;
1209  $for_addition[$new_role_id] = $new_role;
1210  }
1211  }
1212  foreach($old_context_roles as $old_role_id => $old_role)
1213  {
1214  if(!isset($new_context_roles[$old_role_id]))
1215  {
1216  $for_deletion[$old_role_id] = $old_role;
1217  }
1218  }
1219 
1220  if(!count($for_deletion) and !count($for_addition))
1221  {
1222  return true;
1223  }
1224 
1225  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1226  $rbac_log_active = ilRbacLog::isActive();
1227  if($rbac_log_active)
1228  {
1229  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1230  }
1231 
1232  foreach($nodes = $tree->getSubTree($tree->getNodeData($a_ref_id),true) as $node_data)
1233  {
1234  $node_id = $node_data['child'];
1235 
1236  if($rbac_log_active)
1237  {
1238  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1239  }
1240 
1241  // If $node_data['type'] is not set, this means there is a tree entry without
1242  // object_reference and/or object_data entry
1243  // Continue in this case
1244  if(!$node_data['type'])
1245  {
1246  $ilLog->write(__METHOD__.': No type give. Choosing next tree entry.');
1247  continue;
1248  }
1249 
1250  if(!$node_id)
1251  {
1252  $ilLog->write(__METHOD__.': Missing subtree node_id');
1253  continue;
1254  }
1255 
1256  foreach($for_deletion as $role_id => $role_data)
1257  {
1258  $this->deleteLocalRole($role_id,$node_id);
1259  $this->revokePermission($node_id,$role_id,false);
1260 //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
1261  }
1262  foreach($for_addition as $role_id => $role_data)
1263  {
1264  switch($node_data['type'])
1265  {
1266  case 'grp':
1267  include_once './Modules/Group/classes/class.ilObjGroup.php';
1268  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1269  $this->initIntersectionPermissions(
1270  $node_data['child'],
1271  $role_id,
1272  $role_data['parent'],
1273  $tpl_id,
1274  ROLE_FOLDER_ID
1275  );
1276  break;
1277 
1278  case 'crs':
1279  include_once './Modules/Course/classes/class.ilObjCourse.php';
1280  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1281  $this->initIntersectionPermissions(
1282  $node_data['child'],
1283  $role_id,
1284  $role_data['parent'],
1285  $tpl_id,
1286  ROLE_FOLDER_ID
1287  );
1288  break;
1289 
1290 
1291  default:
1292  $this->grantPermission(
1293  $role_id,
1294  $ops = $rbacreview->getOperationsOfRole($role_id,$node_data['type'],$role_data['parent']),
1295  $node_id);
1296  break;
1297 
1298 
1299  }
1300 
1301 
1302 //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
1303  }
1304 
1305  if($rbac_log_active)
1306  {
1307  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1308  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1309  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1310  }
1311  }
1312 
1313  }
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1194
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1572
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:146
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1120
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:319
$ilLog
$ilLog
Definition: inc.setup_header.php:132
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:384
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
$log
$log
Definition: inc.setup_header.php:131
+ Here is the call graph for this function:

◆ assignOperationToObject()

ilRbacAdmin::assignOperationToObject (   $a_type_id,
  $a_ops_id 
)

Assign an existing operation to an object Update of rbac_ta.

public

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 994 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

995  {
996  global $ilDB;
997 
998  if (!isset($a_type_id) or !isset($a_ops_id))
999  {
1000  $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
1001  "type_id: ".$a_type_id.
1002  "ops_id: ".$a_ops_id;
1003  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1004  }
1005 
1006  $query = "INSERT INTO rbac_ta (typ_id, ops_id) ".
1007  "VALUES(".$ilDB->quote($a_type_id,'integer').",".$ilDB->quote($a_ops_id,'integer').")";
1008  $res = $ilDB->manipulate($query);
1009  return true;
1010  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ assignRoleToFolder()

ilRbacAdmin::assignRoleToFolder (   $a_rol_id,
  $a_parent,
  $a_assign = "y" 
)

Assigns a role to an role folder A role folder is an object to store roles.

Every role is assigned to minimum one role folder If the inheritance of a role is stopped, a new role template will created, and the role is assigned to minimum two role folders. All roles with stopped inheritance need the flag '$a_assign = false'

public

Parameters
integerobject id of role
integerref_id of role folder
stringassignable('y','n'); default: 'y'
Returns
boolean

Definition at line 950 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

Referenced by copyLocalRoles(), and initIntersectionPermissions().

951  {
952  global $ilDB,$rbacreview;
953 
954  if (!isset($a_rol_id) or !isset($a_parent))
955  {
956  $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
957  " role_id: ".$a_rol_id.
958  " parent_id: ".$a_parent.
959  " assign: ".$a_assign;
960  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
961  }
962 
963  // exclude system role from rbac
964  if ($a_rol_id == SYSTEM_ROLE_ID)
965  {
966  return true;
967  }
968 
969  // if a wrong value is passed, always set assign to "n"
970  if ($a_assign != "y")
971  {
972  $a_assign = "n";
973  }
974 
975  $query = sprintf('INSERT INTO rbac_fa (rol_id, parent, assign, protected) '.
976  'VALUES (%s,%s,%s,%s)',
977  $ilDB->quote($a_rol_id,'integer'),
978  $ilDB->quote($a_parent,'integer'),
979  $ilDB->quote($a_assign,'text'),
980  $ilDB->quote('n','text'));
981  $res = $ilDB->manipulate($query);
982 
983  return true;
984  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ assignUser()

ilRbacAdmin::assignUser (   $a_rol_id,
  $a_usr_id 
)

Assigns an user to a role.

Update of table rbac_ua TODO: remove deprecated 3rd parameter sometime public

Parameters
integerobject_id of role
integerobject_id of user
booleantrue means default role (optional
Returns
boolean

Definition at line 248 of file class.ilRbacAdmin.php.

References $ilDB, $query, $res, ilLDAPRoleGroupMapping\_getInstance(), and addDesktopItem().

249  {
250  global $ilDB,$rbacreview;
251 
252  if (!isset($a_rol_id) or !isset($a_usr_id))
253  {
254  $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
255  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
256  }
257 
258  // check if already assigned user id and role_id
259  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id,$a_rol_id);
260 
261  // enhanced: only if we haven't had this role for this user
262  if (!$alreadyAssigned)
263  {
264  $query = "INSERT INTO rbac_ua (usr_id, rol_id) ".
265  "VALUES (".$ilDB->quote($a_usr_id,'integer').",".$ilDB->quote($a_rol_id,'integer').")";
266  $res = $ilDB->manipulate($query);
267 
268  $this->addDesktopItem($a_rol_id, $a_usr_id);
269 
270  $rbacreview->setAssignedCacheEntry($a_rol_id,$a_usr_id,true);
271  }
272 
273  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
274  $mapping = ilLDAPRoleGroupMapping::_getInstance();
275  $mapping->assign($a_rol_id,$a_usr_id);
276 
277  return true;
278  }
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:227
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ assignUserLimited()

ilRbacAdmin::assignUserLimited (   $a_role_id,
  $a_usr_id,
  $a_limit,
  $a_limited_roles = array() 
)

Assign user limited.

Parameters
type$a_role_id
type$a_usr_id
type$a_limit

Definition at line 185 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, $res, $row, ilLDAPRoleGroupMapping\_getInstance(), addDesktopItem(), DB_FETCHMODE_OBJECT, and ilDB\LOCK_WRITE.

186  {
187  global $ilDB;
188 
189  $GLOBALS['ilDB']->lockTables(
190  array(
191  0 => array('name' => 'rbac_ua', 'type' => ilDB::LOCK_WRITE)
192  )
193  );
194 
195  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua '.
196  'WHERE '.$GLOBALS['ilDB']->in('rol_id',(array) $a_limited_roles,FALSE,'integer');
197  $res = $GLOBALS['ilDB']->query($limit_query);
198  $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
199  if($row->num >= $a_limit)
200  {
201  $GLOBALS['ilDB']->unlockTables();
202  return FALSE;
203  }
204 
205  $query = "INSERT INTO rbac_ua (usr_id, rol_id) ".
206  "VALUES (".
207  $ilDB->quote($a_usr_id,'integer').",".$ilDB->quote($a_role_id,'integer').
208  ")";
209  $res = $ilDB->manipulate($query);
210 
211  $GLOBALS['ilDB']->unlockTables();
212  $GLOBALS['rbacreview']->setAssignedCacheEntry($a_role_id,$a_usr_id,TRUE);
213 
214  $this->addDesktopItem($a_role_id,$a_usr_id);
215 
216  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
217  $mapping = ilLDAPRoleGroupMapping::_getInstance();
218  $mapping->assign($a_role_id,$a_usr_id);
219  return TRUE;
220  }
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:227
ilDB\LOCK_WRITE
const LOCK_WRITE
Definition: class.ilDB.php:30
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ copyEffectiveRolePermissions()

ilRbacAdmin::copyEffectiveRolePermissions (   $a_source_ref_id,
  $target_ref_id,
  $a_subtree_id 
)

Copies all permission from source to target for all roles.

Parameters
type$a_source_ref_id
type$target_ref_id
type$a_subtree_id

Definition at line 1322 of file class.ilRbacAdmin.php.

References $GLOBALS.

1323  {
1324  global $rbacreview;
1325 
1326  $parent_roles = $rbacreview->getParentRoleIds($a_source_ref_id, FALSE);
1327  $GLOBALS['ilLog']->write(__METHOD__.': '. print_r($parent_roles,TRUE));
1328 
1329 
1330 
1331  }
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4

◆ copyLocalRoles()

ilRbacAdmin::copyLocalRoles (   $a_source_id,
  $a_target_id 
)

Copy local roles This method creates a copy of all local role.

Note: auto generated roles are excluded

public

Parameters
intsource id of object (not role folder)
inttarget id of object

Definition at line 1071 of file class.ilRbacAdmin.php.

References $ilLog, assignRoleToFolder(), and copyRolePermissions().

1072  {
1073  global $rbacreview,$ilLog,$ilObjDataCache;
1074 
1075  $real_local = array();
1076  foreach($rbacreview->getRolesOfRoleFolder($a_source_id,false) as $role_data)
1077  {
1078  $title = $ilObjDataCache->lookupTitle($role_data);
1079  if(substr($title,0,3) == 'il_')
1080  {
1081  continue;
1082  }
1083  $real_local[] = $role_data;
1084  }
1085  if(!count($real_local))
1086  {
1087  return true;
1088  }
1089  // Create role folder
1090  foreach($real_local as $role)
1091  {
1092  include_once ("./Services/AccessControl/classes/class.ilObjRole.php");
1093  $orig = new ilObjRole($role);
1094  $orig->read();
1095 
1096  $ilLog->write(__METHOD__.': Start copying of role '.$orig->getTitle());
1097  $roleObj = new ilObjRole();
1098  $roleObj->setTitle($orig->getTitle());
1099  $roleObj->setDescription($orig->getDescription());
1100  $roleObj->setImportId($orig->getImportId());
1101  $roleObj->create();
1102 
1103  $this->assignRoleToFolder($roleObj->getId(),$a_target_id,"y");
1104  $this->copyRolePermissions($role,$a_source_id,$a_target_id,$roleObj->getId(),true);
1105  $ilLog->write(__METHOD__.': Added new local role, id '.$roleObj->getId());
1106  }
1107 
1108  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:15
$ilLog
$ilLog
Definition: inc.setup_header.php:132
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:572
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:950
+ Here is the call graph for this function:

◆ copyRolePermissionIntersection()

ilRbacAdmin::copyRolePermissionIntersection (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_parent,
  $a_dest_id 
)

Copies the intersection of the template permissions of two roles to a third role.

public

Parameters
integer$a_source1_idrole_id source
integer$a_source1_parentparent_id source
integer$a_source2_idrole_id source
integer$a_source2_parentparent_id source
integer$a_dest_idrole_id destination
integer$a_dest_parentparent_id destination
Returns
boolean

Definition at line 669 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, $res, $row, and DB_FETCHMODE_OBJECT.

Referenced by initIntersectionPermissions().

670  {
671  global $rbacreview,$ilDB;
672 
673  if (!isset($a_source1_id) or !isset($a_source1_parent)
674  or !isset($a_source2_id) or !isset($a_source2_parent)
675  or !isset($a_dest_id) or !isset($a_dest_parent))
676  {
677  $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
678  " source1_parent: ".$a_source1_parent.
679  " source2_id: ".$a_source2_id.
680  " source2_parent: ".$a_source2_parent.
681  " dest_id: ".$a_dest_id.
682  " dest_parent_id: ".$a_dest_parent;
683  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
684  }
685 
686  // exclude system role from rbac
687  if ($a_dest_id == SYSTEM_ROLE_ID)
688  {
689  return true;
690  }
691 
692  if ($rbacreview->isProtected($a_source2_parent,$a_source2_id))
693  {
694  $GLOBALS['ilLog']->write(__METHOD__.': Role is protected');
695  return true;
696  }
697 
698  $query = "SELECT s1.type, s1.ops_id ".
699  "FROM rbac_templates s1, rbac_templates s2 ".
700  "WHERE s1.rol_id = ".$ilDB->quote($a_source1_id,'integer')." ".
701  "AND s1.parent = ".$ilDB->quote($a_source1_parent,'integer')." ".
702  "AND s2.rol_id = ".$ilDB->quote($a_source2_id,'integer')." ".
703  "AND s2.parent = ".$ilDB->quote($a_source2_parent,'integer')." ".
704  "AND s1.type = s2.type ".
705  "AND s1.ops_id = s2.ops_id";
706  $res = $ilDB->query($query);
707  $operations = array();
708  $rowNum = 0;
709  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
710  {
711  $operations[$rowNum]['type'] = $row->type;
712  $operations[$rowNum]['ops_id'] = $row->ops_id;
713 
714  $rowNum++;
715  }
716 
717  // Delete template permissions of target
718  $query = 'DELETE FROM rbac_templates WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
719  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
720  $res = $ilDB->manipulate($query);
721 
722  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
723  'VALUES (?,?,?,?)';
724  $sta = $ilDB->prepareManip($query,array('integer','text','integer','integer'));
725  foreach($operations as $key => $set)
726  {
727  $ilDB->execute($sta,array(
728  $a_dest_id,
729  $set['type'],
730  $set['ops_id'],
731  $a_dest_parent));
732  }
733  return true;
734  }
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ copyRolePermissions()

ilRbacAdmin::copyRolePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions and permission of one role to another.

public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 572 of file class.ilRbacAdmin.php.

References copyRoleTemplatePermissions(), grantPermission(), and revokePermission().

Referenced by copyLocalRoles().

573  {
574  global $tree,$rbacreview;
575 
576  // Copy template permissions
577  $this->copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected);
578 
579  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id,$a_source_parent);
580 
581  $this->revokePermission($a_dest_parent,$a_dest_id);
582  $this->grantPermission($a_dest_id,$ops,$a_dest_parent);
583  return true;
584  }
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:596
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:319
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:384
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissionSubtract()

ilRbacAdmin::copyRolePermissionSubtract (   $a_source_id,
  $a_source_parent,
  $a_dest_id,
  $a_dest_parent 
)

Subtract role permissions.

Parameters
type$a_source_id
type$a_source_parent
type$a_dest_id
type$a_dest_parent

Definition at line 812 of file class.ilRbacAdmin.php.

References $ilDB, and $query.

813  {
814  global $rbacreview, $ilDB;
815 
816  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id,$a_source_parent);
817  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id,$a_dest_parent);
818 
819  foreach($s1_ops as $type => $ops)
820  {
821  foreach($ops as $op)
822  {
823  if(isset($d_ops[$type]) and in_array($op, $d_ops[$type]))
824  {
825  $query = 'DELETE FROM rbac_templates '.
826  'WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
827  'AND type = '.$ilDB->quote($type,'text').' '.
828  'AND ops_id = '.$ilDB->quote($op,'integer').' '.
829  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
830  $ilDB->manipulate($query);
831  }
832  }
833  }
834  return true;
835  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ copyRolePermissionUnion()

ilRbacAdmin::copyRolePermissionUnion (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_id,
  $a_dest_parent 
)

<type> $ilDB

Parameters
<type>$a_source1_id
<type>$a_source1_parent
<type>$a_source2_id
<type>$a_source2_parent
<type>$a_dest_id
<type>$a_dest_parent
Returns
<type>

Definition at line 747 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, and deleteRolePermission().

754  {
755  global $ilDB, $rbacreview;
756 
757 
758  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id,$a_source1_parent);
759  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id,$a_source2_parent);
760 
761  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
762 
763  $GLOBALS['ilLog']->write(__METHOD__.': '.print_r($s1_ops,TRUE));
764  $GLOBALS['ilLog']->write(__METHOD__.': '.print_r($s2_ops,TRUE));
765 
766  foreach($s1_ops as $type => $ops)
767  {
768  foreach($ops as $op)
769  {
770  // insert all permission of source 1
771  // #15469
772  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
773  'VALUES( '.
774  $ilDB->quote($a_dest_id,'integer').', '.
775  $ilDB->quote($type,'text').', '.
776  $ilDB->quote($op,'integer').', '.
777  $ilDB->quote($a_dest_parent,'integer').' '.
778  ')';
779  $ilDB->manipulate($query);
780  }
781  }
782 
783  // and the other direction...
784  foreach($s2_ops as $type => $ops)
785  {
786  foreach($ops as $op)
787  {
788  if(!isset($s1_ops[$type]) or !in_array($op, $s1_ops[$type]))
789  {
790  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
791  'VALUES( '.
792  $ilDB->quote($a_dest_id,'integer').', '.
793  $ilDB->quote($type,'text').', '.
794  $ilDB->quote($op,'integer').', '.
795  $ilDB->quote($a_dest_parent,'integer').' '.
796  ')';
797  $ilDB->manipulate($query);
798  }
799  }
800  }
801 
802  return true;
803  }
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:848
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ copyRoleTemplatePermissions()

ilRbacAdmin::copyRoleTemplatePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions of one role to another.

It's also possible to copy template permissions from/to RoleTemplateObject public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 596 of file class.ilRbacAdmin.php.

References $ilDB, $query, $res, $row, and setProtected().

Referenced by copyRolePermissions().

597  {
598  global $rbacreview,$ilDB;
599 
600  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
601  {
602  $message = __METHOD__.": Missing parameter! source_id: ".$a_source_id.
603  " source_parent_id: ".$a_source_parent.
604  " dest_id : ".$a_dest_id.
605  " dest_parent_id: ".$a_dest_parent;
606  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
607  }
608 
609  // exclude system role from rbac
610  if ($a_dest_id == SYSTEM_ROLE_ID)
611  {
612  return true;
613  }
614 
615  // Read operations
616  $query = 'SELECT * FROM rbac_templates '.
617  'WHERE rol_id = '.$ilDB->quote($a_source_id,'integer').' '.
618  'AND parent = '.$ilDB->quote($a_source_parent,'integer');
619  $res = $ilDB->query($query);
620  $operations = array();
621  $rownum = 0;
622  while ($row = $ilDB->fetchObject($res))
623  {
624  $operations[$rownum]['type'] = $row->type;
625  $operations[$rownum]['ops_id'] = $row->ops_id;
626  $rownum++;
627  }
628 
629  // Delete target permissions
630  $query = 'DELETE FROM rbac_templates WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
631  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
632  $res = $ilDB->manipulate($query);
633 
634  foreach($operations as $row => $op)
635  {
636  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
637  'VALUES ('.
638  $ilDB->quote($a_dest_id,'integer').",".
639  $ilDB->quote($op['type'],'text').",".
640  $ilDB->quote($op['ops_id'],'integer').",".
641  $ilDB->quote($a_dest_parent,'integer').")";
642  $ilDB->manipulate($query);
643  }
644 
645  // copy also protection status if applicable
646  if ($a_consider_protected == true)
647  {
648  if ($rbacreview->isProtected($a_source_parent,$a_source_id))
649  {
650  $this->setProtected($a_dest_parent,$a_dest_id,'y');
651  }
652  }
653 
654  return true;
655  }
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1048
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deassignOperationFromObject()

ilRbacAdmin::deassignOperationFromObject (   $a_type_id,
  $a_ops_id 
)

Deassign an existing operation from an object Update of rbac_ta public.

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1020 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

1021  {
1022  global $ilDB;
1023 
1024  if (!isset($a_type_id) or !isset($a_ops_id))
1025  {
1026  $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
1027  "type_id: ".$a_type_id.
1028  "ops_id: ".$a_ops_id;
1029  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1030  }
1031 
1032  $query = "DELETE FROM rbac_ta ".
1033  "WHERE typ_id = ".$ilDB->quote($a_type_id,'integer')." ".
1034  "AND ops_id = ".$ilDB->quote($a_ops_id,'integer');
1035  $res = $ilDB->manipulate($query);
1036 
1037  return true;
1038  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ deassignUser()

ilRbacAdmin::deassignUser (   $a_rol_id,
  $a_usr_id 
)

Deassigns a user from a role.

Update of table rbac_ua public

Parameters
integerobject id of role
integerobject id of user
Returns
boolean true on success

Definition at line 287 of file class.ilRbacAdmin.php.

References $ilDB, $query, $res, and ilLDAPRoleGroupMapping\_getInstance().

288  {
289  global $ilDB, $rbacreview;
290 
291  if (!isset($a_rol_id) or !isset($a_usr_id))
292  {
293  $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
294  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
295  }
296 
297  $query = "DELETE FROM rbac_ua ".
298  "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer')." ".
299  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
300  $res = $ilDB->manipulate($query);
301 
302  $rbacreview->setAssignedCacheEntry($a_rol_id,$a_usr_id,false);
303 
304  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
305  $mapping = ilLDAPRoleGroupMapping::_getInstance();
306  $mapping->deassign($a_rol_id,$a_usr_id);
307 
308  return true;
309  }
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ deleteLocalRole()

ilRbacAdmin::deleteLocalRole (   $a_rol_id,
  $a_ref_id = 0 
)

Deletes a local role and entries in rbac_fa and rbac_templates public.

Parameters
integerobject_id of role
integerref_id of role folder (optional)
Returns
boolean true on success

Definition at line 146 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

Referenced by adjustMovedObjectPermissions(), and deleteRole().

147  {
148  global $ilDB;
149 
150  if (!isset($a_rol_id))
151  {
152  $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
153  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
154  }
155 
156  // exclude system role from rbac
157  if ($a_rol_id == SYSTEM_ROLE_ID)
158  {
159  return true;
160  }
161 
162  if ($a_ref_id != 0)
163  {
164  $clause = 'AND parent = '.$ilDB->quote($a_ref_id,'integer').' ';
165  }
166 
167  $query = 'DELETE FROM rbac_fa '.
168  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
169  $clause;
170  $res = $ilDB->manipulate($query);
171 
172  $query = 'DELETE FROM rbac_templates '.
173  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
174  $clause;
175  $res = $ilDB->manipulate($query);
176  return true;
177  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ deleteRole()

ilRbacAdmin::deleteRole (   $a_rol_id,
  $a_ref_id 
)

Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.

Parameters
integerobj_id of role (role_id)
integerref_id of role folder (ref_id)
Returns
boolean true on success

Definition at line 72 of file class.ilRbacAdmin.php.

References $ilDB, $lng, $query, $res, ilLDAPRoleGroupMapping\_getInstance(), and deleteLocalRole().

73  {
74  global $lng,$ilDB;
75 
76  if (!isset($a_rol_id) or !isset($a_ref_id))
77  {
78  $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
79  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
80  }
81 
82  // exclude system role from rbac
83  if ($a_rol_id == SYSTEM_ROLE_ID)
84  {
85  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
86  }
87 
88  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
89  $mapping = ilLDAPRoleGroupMapping::_getInstance();
90  $mapping->deleteRole($a_rol_id);
91 
92 
93  // TODO: check assigned users before deletion
94  // This is done in ilObjRole. Should be better moved to this place?
95 
96  // delete user assignements
97  $query = "DELETE FROM rbac_ua ".
98  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer');
99  $res = $ilDB->manipulate($query);
100 
101  // delete permission assignments
102  $query = "DELETE FROM rbac_pa ".
103  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
104  $res = $ilDB->manipulate($query);
105 
106  //delete rbac_templates and rbac_fa
107  $this->deleteLocalRole($a_rol_id);
108 
109  return true;
110  }
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:146
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
$lng
global $lng
Definition: privfeed.php:40
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ deleteRolePermission()

ilRbacAdmin::deleteRolePermission (   $a_rol_id,
  $a_ref_id,
  $a_type = false 
)

Deletes all entries of a template.

If an object type is given for third parameter only the entries for that object type are deleted Update of table rbac_templates. public

Parameters
integerobject id of role
integerref_id of role folder
stringobject type (optional)
Returns
boolean

Definition at line 848 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

Referenced by copyRolePermissionUnion().

849  {
850  global $ilDB;
851 
852  if (!isset($a_rol_id) or !isset($a_ref_id))
853  {
854  $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
855  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
856  }
857 
858  // exclude system role from rbac
859  if ($a_rol_id == SYSTEM_ROLE_ID)
860  {
861  return true;
862  }
863 
864  if ($a_type !== false)
865  {
866  $and_type = " AND type=".$ilDB->quote($a_type,'text')." ";
867  }
868 
869  $query = 'DELETE FROM rbac_templates '.
870  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
871  'AND parent = '.$ilDB->quote($a_ref_id,'integer').' '.
872  $and_type;
873 
874  $res = $ilDB->manipulate($query);
875 
876  return true;
877  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ deleteSubtreeTemplates()

ilRbacAdmin::deleteSubtreeTemplates (   $a_ref_id,
  $a_rol_id 
)

Delete all template permissions of subtree nodes.

Parameters
object$a_ref_id
object$a_rol_id
Returns

Definition at line 504 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, and $query.

505  {
506  global $ilDB;
507 
508  $query = 'DELETE FROM rbac_templates '.
509  'WHERE parent IN ( '.
510  $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')).' ) '.
511  'AND rol_id = '.$ilDB->quote($a_rol_id,'integer');
512 
513  $ilDB->manipulate($query);
514 
515  $query = 'DELETE FROM rbac_fa '.
516  'WHERE parent IN ( '.
517  $GLOBALS['tree']->getSubTreeQuery($a_ref_id,array('child')).' ) '.
518  'AND rol_id = '.$ilDB->quote($a_rol_id,'integer');
519 
520  $ilDB->manipulate($query);
521 
522  return true;
523  }
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ deleteTemplate()

ilRbacAdmin::deleteTemplate (   $a_obj_id)

Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public.

Parameters
integerobject_id of role template
Returns
boolean

Definition at line 118 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

119  {
120  global $ilDB;
121 
122  if (!isset($a_obj_id))
123  {
124  $message = get_class($this)."::deleteTemplate(): No obj_id given!";
125  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
126  }
127 
128  $query = 'DELETE FROM rbac_templates '.
129  'WHERE rol_id = '.$ilDB->quote($a_obj_id,'integer');
130  $res = $ilDB->manipulate($query);
131 
132  $query = 'DELETE FROM rbac_fa '.
133  'WHERE rol_id = '.$ilDB->quote($a_obj_id,'integer');
134  $res = $ilDB->manipulate($query);
135 
136  return true;
137  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ grantPermission()

ilRbacAdmin::grantPermission (   $a_rol_id,
  $a_ops,
  $a_ref_id 
)

Grants a permission to an object and a specific role.

Update of table rbac_pa public

Parameters
integerobject id of role
arrayarray of operation ids
integerreference id of that object which is granted the permissions
Returns
boolean

Definition at line 319 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

320  {
321  global $ilDB;
322 
323  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
324  {
325  $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
326  "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
327  }
328 
329  if (!is_array($a_ops))
330  {
331  $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
332  $this->ilErr->WARNING);
333  }
334 
335  /*
336  if (count($a_ops) == 0)
337  {
338  return false;
339  }
340  */
341  // exclude system role from rbac
342  if ($a_rol_id == SYSTEM_ROLE_ID)
343  {
344  return true;
345  }
346 
347  // convert all values to integer
348  foreach ($a_ops as $key => $operation)
349  {
350  $a_ops[$key] = (int) $operation;
351  }
352 
353  // Serialization des ops_id Arrays
354  $ops_ids = serialize($a_ops);
355 
356  $query = 'DELETE FROM rbac_pa '.
357  'WHERE rol_id = %s '.
358  'AND ref_id = %s';
359  $res = $ilDB->queryF($query,array('integer','integer'),
360  array($a_rol_id,$a_ref_id));
361 
362  if(!count($a_ops))
363  {
364  return false;
365  }
366 
367  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) ".
368  "VALUES ".
369  "(".$ilDB->quote($a_rol_id,'integer').",".$ilDB->quote($ops_ids,'text').",".$ilDB->quote($a_ref_id,'integer').")";
370  $res = $ilDB->manipulate($query);
371 
372  return true;
373  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ initIntersectionPermissions()

ilRbacAdmin::initIntersectionPermissions (   $a_ref_id,
  $a_role_id,
  $a_role_parent,
  $a_template_id,
  $a_template_parent 
)

Init intersection permissions.

type $rbacreview

Parameters
type$a_ref_id
type$a_role_id
type$a_role_parent
type$a_template_id
type$a_template_parent
Returns
type

Definition at line 1120 of file class.ilRbacAdmin.php.

References ilObject\_lookupType(), assignRoleToFolder(), copyRolePermissionIntersection(), and grantPermission().

Referenced by adjustMovedObjectPermissions().

1121  {
1122  global $rbacreview;
1123 
1124  if($rbacreview->isProtected($a_role_parent, $a_role_id))
1125  {
1126  // Assign object permissions
1127  $new_ops = $rbacreview->getOperationsOfRole(
1128  $a_role_id,
1129  ilObject::_lookupType($a_ref_id, true),
1130  $a_role_parent
1131  );
1132 
1133  // set new permissions for object
1134  $this->grantPermission(
1135  $a_role_id,
1136  (array) $new_ops,
1137  $a_ref_id
1138  );
1139  return;
1140  }
1141  if(!$a_template_id)
1142  {
1143  return;
1144  }
1145  // create template permission intersection
1146  $this->copyRolePermissionIntersection(
1147  $a_template_id,
1148  $a_template_parent,
1149  $a_role_id,
1150  $a_role_parent,
1151  $a_ref_id,
1152  $a_role_id
1153  );
1154 
1155  // assign role to folder
1156  $this->assignRoleToFolder(
1157  $a_role_id,
1158  $a_ref_id,
1159  'n'
1160  );
1161 
1162  // Assign object permissions
1163  $new_ops = $rbacreview->getOperationsOfRole(
1164  $a_role_id,
1165  ilObject::_lookupType($a_ref_id, true),
1166  $a_ref_id
1167  );
1168 
1169  // set new permissions for object
1170  $this->grantPermission(
1171  $a_role_id,
1172  (array) $new_ops,
1173  $a_ref_id
1174  );
1175 
1176  return;
1177  }
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:669
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:319
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1183
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:950
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeUser()

ilRbacAdmin::removeUser (   $a_usr_id)

deletes a user from rbac_ua all user <-> role relations are deleted public

Parameters
integeruser_id
Returns
boolean true on success

Definition at line 49 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

50  {
51  global $ilDB;
52 
53  if (!isset($a_usr_id))
54  {
55  $message = get_class($this)."::removeUser(): No usr_id given!";
56  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
57  }
58 
59  $query = "DELETE FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
60  $res = $ilDB->manipulate($query);
61 
62  return true;
63  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ revokePermission()

ilRbacAdmin::revokePermission (   $a_ref_id,
  $a_rol_id = 0,
  $a_keep_protected = true 
)

Revokes permissions of an object of one role.

Update of table rbac_pa. Revokes all permission for all roles for that object (with this reference). When a role_id is given this applies only to that role public

Parameters
integerreference id of object where permissions should be revoked
integerrole_id (optional: if you want to revoke permissions of object only for a specific role)
Returns
boolean

Definition at line 384 of file class.ilRbacAdmin.php.

References $ilDB, $ilLog, $log, $query, and $res.

Referenced by adjustMovedObjectPermissions(), and copyRolePermissions().

385  {
386  global $rbacreview,$log,$ilDB,$ilLog;
387 
388  if (!isset($a_ref_id))
389  {
390  $ilLog->logStack();
391  $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
392  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
393  }
394 #$log->write("ilRBACadmin::revokePermission(), 0");
395 
396  // bypass protected status of roles
397  if ($a_keep_protected != true)
398  {
399  // exclude system role from rbac
400  if ($a_rol_id == SYSTEM_ROLE_ID)
401  {
402  return true;
403  }
404 
405  if ($a_rol_id)
406  {
407  $and1 = " AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
408  }
409  else
410  {
411  $and1 = "";
412  }
413 
414  $query = "DELETE FROM rbac_pa ".
415  "WHERE ref_id = ".$ilDB->quote($a_ref_id,'integer').
416  $and1;
417 
418  $res = $ilDB->manipulate($query);
419 
420  return true;
421  }
422 
423  // consider protected status of roles
424 
425  // in any case, get all roles in scope first
426  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
427 
428  if (!$a_rol_id)
429  {
430 #$log->write("ilRBACadmin::revokePermission(), 1");
431 
432  $role_ids = array();
433 
434  foreach ($roles_in_scope as $role)
435  {
436  if ($role['protected'] == true)
437  {
438  continue;
439  }
440 
441  $role_ids[] = $role['obj_id'];
442  }
443 
444  // return if no role in array
445  if (!$role_ids)
446  {
447  return true;
448  }
449 
450  $query = 'DELETE FROM rbac_pa '.
451  'WHERE '.$ilDB->in('rol_id',$role_ids,false,'integer').' '.
452  'AND ref_id = '.$ilDB->quote($a_ref_id,'integer');
453  $res = $ilDB->manipulate($query);
454  }
455  else
456  {
457 #$log->write("ilRBACadmin::revokePermission(), 2");
458  // exclude system role from rbac
459  if ($a_rol_id == SYSTEM_ROLE_ID)
460  {
461  return true;
462  }
463 
464  // exclude protected permission settings from revoking
465  if ($roles_in_scope[$a_rol_id]['protected'] == true)
466  {
467  return true;
468  }
469 
470  $query = "DELETE FROM rbac_pa ".
471  "WHERE ref_id = ".$ilDB->quote($a_ref_id,'integer')." ".
472  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
473  $res = $ilDB->manipulate($query);
474  }
475 
476  return true;
477  }
$ilLog
$ilLog
Definition: inc.setup_header.php:132
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$log
$log
Definition: inc.setup_header.php:131
+ Here is the caller graph for this function:

◆ revokePermissionList()

ilRbacAdmin::revokePermissionList (   $a_ref_ids,
  $a_rol_id 
)

Revokes permissions of a LIST of objects of ONE role.

Update of table rbac_pa. public

Parameters
arraylist of reference_ids to revoke permissions
integerrole_id
Returns
boolean

Definition at line 532 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

533  {
534  global $ilDB;
535 
536  if (!isset($a_ref_ids) or !is_array($a_ref_ids))
537  {
538  $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: ".var_dump($a_ref_ids);
539  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
540  }
541 
542  if (!isset($a_rol_id))
543  {
544  $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
545  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
546  }
547 
548  // exclude system role from rbac
549  if ($a_rol_id == SYSTEM_ROLE_ID)
550  {
551  return true;
552  }
553 
554  $query = "DELETE FROM rbac_pa ".
555  "WHERE ".$ilDB->in('ref_id',$a_ref_ids,false,'integer').' '.
556  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer');
557  $res = $ilDB->manipulate($query);
558 
559  return true;
560  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ revokeSubtreePermissions()

ilRbacAdmin::revokeSubtreePermissions (   $a_ref_id,
  $a_role_id 
)

Revoke subtree permissions.

Parameters
object$a_ref_id
object$a_role_id
Returns

Definition at line 485 of file class.ilRbacAdmin.php.

References $ilDB, and $query.

486  {
487  global $ilDB;
488 
489  $query = 'DELETE FROM rbac_pa '.
490  'WHERE ref_id IN '.
491  '( '.$GLOBALS['tree']->getSubTreeQuery($a_ref_id,array('child')).' ) '.
492  'AND rol_id = '.$ilDB->quote($a_role_id,'integer');
493 
494  $ilDB->manipulate($query);
495  return true;
496  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ setProtected()

ilRbacAdmin::setProtected (   $a_ref_id,
  $a_role_id,
  $a_value 
)

Set protected $ilDB.

Parameters
type$a_ref_id
type$a_role_id
type$a_valuey or n
Returns
boolean

Definition at line 1048 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

Referenced by copyRoleTemplatePermissions().

1049  {
1050  global $ilDB;
1051 
1052  // ref_id not used yet. protected permission acts 'global' for each role,
1053  // regardless of any broken inheritance before
1054  $query = 'UPDATE rbac_fa '.
1055  'SET protected = '.$ilDB->quote($a_value,'text').' '.
1056  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer');
1057  $res = $ilDB->manipulate($query);
1058  return true;
1059  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ setRolePermission()

ilRbacAdmin::setRolePermission (   $a_rol_id,
  $a_type,
  $a_ops,
  $a_ref_id 
)

Inserts template permissions in rbac_templates for an specific object type.

Update of table rbac_templates public

Parameters
integerrole_id
stringobject type
arrayoperation_ids
integerref_id of role folder object
Returns
boolean

Definition at line 889 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

890  {
891  global $ilDB;
892 
893  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
894  {
895  $message = get_class($this)."::setRolePermission(): Missing parameter!".
896  " role_id: ".$a_rol_id.
897  " type: ".$a_type.
898  " operations: ".$a_ops.
899  " ref_id: ".$a_ref_id;
900  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
901  }
902 
903  if (!is_string($a_type) or empty($a_type))
904  {
905  $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
906  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
907  }
908 
909  if (!is_array($a_ops) or empty($a_ops))
910  {
911  $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
912  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
913  }
914 
915  // exclude system role from rbac
916  if ($a_rol_id == SYSTEM_ROLE_ID)
917  {
918  return true;
919  }
920 
921  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
922  'VALUES (?,?,?,?)';
923  $sta = $ilDB->prepareManip($query,array('integer','text','integer','integer'));
924  foreach ($a_ops as $op)
925  {
926  $res = $ilDB->execute($sta,array(
927  $a_rol_id,
928  $a_type,
929  $op,
930  $a_ref_id
931  ));
932  }
933 
934  return true;
935  }
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
The documentation for this class was generated from the following file: