ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
20{
21 const FILTER_ALL = 1;
24 const FILTER_INTERNAL = 4;
27
28 protected $assigned_roles = array();
29 var $log = null;
30
31 // Cache operation ids
32 private static $_opsCache = null;
33
37 protected static $assigned_users_cache = array();
38
42 protected static $is_assigned_cache = array();
43
48 public function __construct()
49 {
50 global $ilDB,$ilErr,$ilias,$ilLog;
51
52 $this->log =& $ilLog;
53
54 // set db & error handler
55 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
56
57 if (!isset($ilErr))
58 {
59 $ilErr = new ilErrorHandling();
60 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
61 }
62 else
63 {
64 $this->ilErr =& $ilErr;
65 }
66 }
67
115 function searchRolesByMailboxAddressList($a_address_list)
116 {
117 global $ilDB;
118
119 $role_ids = array();
120
121 include_once "Services/Mail/classes/class.ilMail.php";
122 if(ilMail::_usePearMail())
123 {
124 require_once './Services/PEAR/lib/Mail/RFC822.php';
125 $parser = new Mail_RFC822();
126 $parsedList = $parser->parseAddressList($a_address_list, ilMail::ILIAS_HOST, false, true);
127 foreach ($parsedList as $address)
128 {
129 $local_part = $address->mailbox;
130 if (strpos($local_part,'#') !== 0 &&
131 !($local_part{0} == '"' && $local_part{1} == "#"))
132 {
133 // A local-part which doesn't start with a '#' doesn't denote a role.
134 // Therefore we can skip it.
135 continue;
136 }
137
138 $local_part = substr($local_part, 1);
139
140 /* If role contains spaces, eg. 'foo role', double quotes are added which have to be
141 removed here.*/
142 if( $local_part{0} == '#' && $local_part{strlen($local_part) - 1} == '"' )
143 {
144 $local_part = substr($local_part, 1);
145 $local_part = substr($local_part, 0, strlen($local_part) - 1);
146 }
147
148 if (substr($local_part,0,8) == 'il_role_')
149 {
150 $role_id = substr($local_part,8);
151 $query = "SELECT t.tree ".
152 "FROM rbac_fa fa ".
153 "JOIN tree t ON t.child = fa.parent ".
154 "WHERE fa.rol_id = ".$this->ilDB->quote($role_id,'integer')." ".
155 "AND fa.assign = 'y' ".
156 "AND t.tree = 1";
157 $r = $ilDB->query($query);
158 if ($r->numRows() > 0)
159 {
160 $role_ids[] = $role_id;
161 }
162 continue;
163 }
164
165
166 $domain = $address->host;
167 if (strpos($domain,'[') == 0 && strrpos($domain,']'))
168 {
169 $domain = substr($domain,1,strlen($domain) - 2);
170 }
171 if (strlen($local_part) == 0)
172 {
173 $local_part = $domain;
174 $address->host = ilMail::ILIAS_HOST;
175 $domain = ilMail::ILIAS_HOST;
176 }
177
178 if (strtolower($address->host) == ilMail::ILIAS_HOST)
179 {
180 // Search for roles = local-part in the whole repository
181 $query = "SELECT dat.obj_id ".
182 "FROM object_data dat ".
183 "JOIN rbac_fa fa ON fa.rol_id = dat.obj_id ".
184 "JOIN tree t ON t.child = fa.parent ".
185 "WHERE dat.title =".$this->ilDB->quote($local_part,'text')." ".
186 "AND dat.type = 'role' ".
187 "AND fa.assign = 'y' ".
188 "AND t.tree = 1";
189 }
190 else
191 {
192 // Search for roles like local-part in objects = host
193 $query = "SELECT rdat.obj_id ".
194 "FROM object_data odat ".
195 "JOIN object_reference oref ON oref.obj_id = odat.obj_id ".
196 "JOIN tree otree ON otree.child = oref.ref_id ".
197 "JOIN rbac_fa rfa ON rfa.parent = otree.child ".
198 "JOIN object_data rdat ON rdat.obj_id = rfa.rol_id ".
199 "WHERE odat.title = ".$this->ilDB->quote($domain,'text')." ".
200 "AND otree.tree = 1 ".
201 "AND rfa.assign = 'y' ".
202 "AND rdat.title LIKE ".
203 $this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%','text');
204 }
205 $r = $ilDB->query($query);
206
207 $count = 0;
208 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
209 {
210 $role_ids[] = $row->obj_id;
211 $count++;
212 }
213
214 // Nothing found?
215 // In this case, we search for roles = host.
216 if ($count == 0 && strtolower($address->host) == ilMail::ILIAS_HOST)
217 {
218 $q = "SELECT dat.obj_id ".
219 "FROM object_data dat ".
220 "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
221 "JOIN tree t ON t.child = ref.ref_id ".
222 "WHERE dat.title = ".$this->ilDB->quote($domain ,'text')." ".
223 "AND dat.type = 'role' ".
224 "AND t.tree = 1 ";
225 $r = $this->ilDB->query($q);
226
227 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
228 {
229 $role_ids[] = $row->obj_id;
230 }
231 }
232 //echo '<br>ids='.var_export($role_ids,true);
233 }
234 }
235 else
236 {
237 // the following code is executed, when Pear Mail is
238 // not installed
239
240 $titles = explode(',', $a_address_list);
241
242 $titleList = '';
243 foreach ($titles as $title)
244 {
245 if (strlen($inList) > 0)
246 {
247 $titleList .= ',';
248 }
249 $title = trim($title);
250 if (strpos($title,'#') == 0)
251 {
252 $titleList .= $this->ilDB->quote(substr($title, 1));
253 }
254 }
255 if (strlen($titleList) > 0)
256 {
257 $q = "SELECT obj_id ".
258 "FROM object_data ".
259 "WHERE title IN (".$titleList.") ".
260 "AND type='role'";
261 $r = $this->ilDB->query($q);
262 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
263 {
264 $role_ids[] = $row->obj_id;
265 }
266 }
267 }
268
269 return $role_ids;
270 }
271
336 function getRoleMailboxAddress($a_role_id, $is_localize = true)
337 {
338 global $log, $lng,$ilDB;
339
340 include_once "Services/Mail/classes/class.ilMail.php";
341 if (ilMail::_usePearMail())
342 {
343 // Retrieve the role title and the object title.
344 $query = "SELECT rdat.title role_title,odat.title object_title, ".
345 " oref.ref_id object_ref ".
346 "FROM object_data rdat ".
347 "JOIN rbac_fa fa ON fa.rol_id = rdat.obj_id ".
348 "JOIN tree rtree ON rtree.child = fa.parent ".
349 "JOIN object_reference oref ON oref.ref_id = rtree.child ".
350 "JOIN object_data odat ON odat.obj_id = oref.obj_id ".
351 "WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id,'integer')." ".
352 "AND fa.assign = 'y' ";
353 $r = $ilDB->query($query);
354 if (!$row = $ilDB->fetchObject($r))
355 {
356 //$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
357 return null; // role does not exist
358 }
359 $object_title = $row->object_title;
360 $object_ref = $row->object_ref;
361 $role_title = $row->role_title;
362
363
364 // In a perfect world, we could use the object_title in the
365 // domain part of the mailbox address, and the role title
366 // with prefix '#' in the local part of the mailbox address.
367 $domain = $object_title;
368 $local_part = $role_title;
369
370
371 // Determine if the object title is unique
372 $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
373 "FROM object_data dat ".
374 "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
375 "JOIN tree ON tree.child = ref.ref_id ".
376 "WHERE title = ".$this->ilDB->quote($object_title,'text')." ".
377 "AND tree.tree = 1 ";
378 $r = $this->ilDB->query($q);
379 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
380
381 // If the object title is not unique, we get rid of the domain.
382 if ($row->count > 1)
383 {
384 $domain = null;
385 }
386
387 // If the domain contains illegal characters, we get rid of it.
388 //if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
389 // Fix for Mantis Bug: 7429 sending mail fails because of brakets
390 // Fix for Mantis Bug: 9978 sending mail fails because of semicolon
391 if ($domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]|[\x28-\x29]|[;]/',$domain))
392 {
393 $domain = null;
394 }
395
396 // If the domain contains special characters, we put square
397 // brackets around it.
398 if ($domain != null &&
399 (preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
400 preg_match('/[^\x21-\x8f]/',$domain))
401 )
402 {
403 $domain = '['.$domain.']';
404 }
405
406 // If the role title is one of the ILIAS reserved role titles,
407 // we can use a shorthand version of it for the local part
408 // of the mailbox address.
409 if (strpos($role_title, 'il_') === 0 && $domain != null)
410 {
411 $unambiguous_role_title = $role_title;
412
413 $pos = strpos($role_title, '_', 3) + 1;
414 $local_part = substr(
415 $role_title,
416 $pos,
417 strrpos($role_title, '_') - $pos
418 );
419 }
420 else
421 {
422 $unambiguous_role_title = 'il_role_'.$a_role_id;
423 }
424
425 // Determine if the local part is unique. If we don't have a
426 // domain, the local part must be unique within the whole repositry.
427 // If we do have a domain, the local part must be unique for that
428 // domain.
429 if ($domain == null)
430 {
431 $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
432 "FROM object_data dat ".
433 "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
434 "JOIN tree ON tree.child = ref.ref_id ".
435 "WHERE title = ".$this->ilDB->quote($local_part,'text')." ".
436 "AND tree.tree = 1 ";
437 }
438 else
439 {
440 $q = "SELECT COUNT(rd.obj_id) count ".
441 "FROM object_data rd ".
442 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
443 "JOIN tree t ON t.child = fa.parent ".
444 "WHERE fa.assign = 'y' ".
445 "AND t.child = ".$this->ilDB->quote($object_ref,'integer')." ".
446 "AND rd.title LIKE ".$this->ilDB->quote(
447 '%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%','text')." ";
448 }
449
450 $r = $this->ilDB->query($q);
451 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
452
453 // if the local_part is not unique, we use the unambiguous role title
454 // instead for the local part of the mailbox address
455 if ($row->count > 1)
456 {
457 $local_part = $unambiguous_role_title;
458 }
459
460 $use_phrase = true;
461
462 // If the local part contains illegal characters, we use
463 // the unambiguous role title instead.
464 if (preg_match('/[\\"\x00-\x1f]/',$local_part))
465 {
466 $local_part = $unambiguous_role_title;
467 }
468 else if(!preg_match('/^[\\x00-\\x7E]+$/i', $local_part))
469 {
470 // 2013-12-05: According to #12283, we do not accept umlauts in the local part
471 $local_part = $unambiguous_role_title;
472 $use_phrase = false;
473 }
474
475 // Add a "#" prefix to the local part
476 $local_part = '#'.$local_part;
477
478 // Put quotes around the role title, if needed
479 if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
480 {
481 $local_part = '"'.$local_part.'"';
482 }
483
484 $mailbox = ($domain == null) ?
485 $local_part :
486 $local_part.'@'.$domain;
487
488 if ($is_localize)
489 {
490 if (substr($role_title,0,3) == 'il_')
491 {
492 $phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
493 }
494 else
495 {
496 $phrase = $role_title;
497 }
498
499 if($use_phrase)
500 {
501 // make phrase RFC 822 conformant:
502 // - strip excessive whitespace
503 // - strip special characters
504 $phrase = preg_replace('/\s\s+/', ' ', $phrase);
505 $phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
506
507 $mailbox = $phrase.' <'.$mailbox.'>';
508 }
509 }
510
511 require_once './Services/PEAR/lib/Mail/RFC822.php';
512 $obj = new Mail_RFC822($mailbox, ilMail::ILIAS_HOST);
513 if(@$obj->parseAddressList() instanceof PEAR_Error)
514 {
515 $q = "SELECT title ".
516 "FROM object_data ".
517 "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
518 $r = $this->ilDB->query($q);
519
520 if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
521 {
522 return '#'.$row->title;
523 }
524 else
525 {
526 return null;
527 }
528 }
529
530 return $mailbox;
531 }
532 else
533 {
534 $q = "SELECT title ".
535 "FROM object_data ".
536 "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
537 $r = $this->ilDB->query($q);
538
539 if($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
540 {
541 $ids_for_role_title = ilObject::_getIdsForTitle($row->title, 'role');
542 if(count($ids_for_role_title) > 1)
543 {
544 return '#il_role_' . $a_role_id;
545 }
546 else
547 {
548 return '#' . $row->title;
549 }
550 }
551 else
552 {
553 return null;
554 }
555 }
556 }
557
558
567 public function roleExists($a_title,$a_id = 0)
568 {
569 global $ilDB;
570
571 if (empty($a_title))
572 {
573 $message = get_class($this)."::roleExists(): No title given!";
574 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
575 }
576
577 $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
578
579 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
580 "WHERE title =".$ilDB->quote($a_title)." ".
581 "AND type IN('role','rolt')".
582 $clause." ";
583 $r = $this->ilDB->query($q);
584
585 while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
586 {
587 return $row->obj_id;
588 }
589 return false;
590 }
591
605 protected function __getParentRoles($a_path,$a_templates)
606 {
607 if (!isset($a_path) or !is_array($a_path))
608 {
609 $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
610 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
611 }
612
613 $parent_roles = array();
614 $role_hierarchy = array();
615
616 foreach($a_path as $ref_id)
617 {
618 $roles = $this->getRoleListByObject($ref_id,$a_templates);
619 foreach($roles as $role)
620 {
621 $id = $role["obj_id"];
622 $role["parent"] = $ref_id;
623 $parent_roles[$id] = $role;
624
625 if (!array_key_exists($role['obj_id'],$role_hierarchy))
626 {
627 $role_hierarchy[$id] = $ref_id;
628 }
629 }
630 }
631 return $this->__setProtectedStatus($parent_roles,$role_hierarchy,reset($a_path));
632 }
633
643 public function getParentRoleIds($a_endnode_id,$a_templates = false)
644 {
645 global $tree;
646
647 if (!isset($a_endnode_id))
648 {
649 $GLOBALS['ilLog']->logStack();
650 $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
651 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
652 }
653
654 //var_dump($a_endnode_id);exit;
655 //$log->write("ilRBACreview::getParentRoleIds(), 0");
656 $pathIds = $tree->getPathId($a_endnode_id);
657
658 // add system folder since it may not in the path
659 //$pathIds[0] = SYSTEM_FOLDER_ID;
660 $pathIds[0] = ROLE_FOLDER_ID;
661 //$log->write("ilRBACreview::getParentRoleIds(), 1");
662 #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
663 return $this->__getParentRoles($pathIds,$a_templates);
664 }
665
674 public function getRoleListByObject($a_ref_id,$a_templates = false)
675 {
676 global $ilDB;
677
678 if (!isset($a_ref_id) or !isset($a_templates))
679 {
680 $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
681 "ref_id: ".$a_ref_id.
682 "tpl_flag: ".$a_templates;
683 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
684 }
685
686 $role_list = array();
687
688 $where = $this->__setTemplateFilter($a_templates);
689
690 $query = "SELECT * FROM object_data ".
691 "JOIN rbac_fa ON obj_id = rol_id ".
692 $where.
693 "AND object_data.obj_id = rbac_fa.rol_id ".
694 "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
695
696 $res = $ilDB->query($query);
697 while ($row = $ilDB->fetchAssoc($res))
698 {
699 $row["desc"] = $row["description"];
700 $row["user_id"] = $row["owner"];
701 $role_list[] = $row;
702 }
703
704 $role_list = $this->__setRoleType($role_list);
705
706 return $role_list;
707 }
708
716 function getAssignableRoles($a_templates = false,$a_internal_roles = false, $title_filter = '')
717 {
718 global $ilDB;
719
720 $role_list = array();
721
722 $where = $this->__setTemplateFilter($a_templates);
723
724 $query = "SELECT * FROM object_data ".
725 "JOIN rbac_fa ON obj_id = rol_id ".
726 $where.
727 "AND rbac_fa.assign = 'y' ";
728
729 if(strlen($title_filter))
730 {
731 $query .= (' AND '.$ilDB->like(
732 'title',
733 'text',
734 $title_filter.'%'
735 ));
736 }
737 $res = $ilDB->query($query);
738
739 while ($row = $ilDB->fetchAssoc($res))
740 {
741 $row["desc"] = $row["description"];
742 $row["user_id"] = $row["owner"];
743 $role_list[] = $row;
744 }
745
746 $role_list = $this->__setRoleType($role_list);
747
748 return $role_list;
749 }
750
759 {
760 global $ilDB;
761
762 $query = 'SELECT rol_id FROM rbac_fa fa '.
763 'JOIN tree t1 ON t1.child = fa.parent '.
764 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
765 'WHERE assign = '.$ilDB->quote('y','text').' '.
766 'AND obd.type = '.$ilDB->quote('role','text').' '.
767 'AND t1.child IN ('.
768 $GLOBALS['tree']->getSubTreeQuery($ref_id,array('child')).' '.
769 ') ';
770
771
772 $res = $ilDB->query($query);
773
774 $role_list = array();
775 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
776 {
777 $role_list[] = $row->rol_id;
778 }
779 return $role_list;
780 }
781
789 public function getAssignableChildRoles($a_ref_id)
790 {
791 global $ilDB;
792
793 $query = "SELECT fa.*, rd.* ".
794 "FROM object_data rd ".
795 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
796 "WHERE fa.assign = 'y' ".
797 "AND fa.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
798 ;
799
800 $res = $ilDB->query($query);
801 while($row = $ilDB->fetchAssoc($res))
802 {
803 $roles_data[] = $row;
804 }
805 return $roles_data ? $roles_data : array();
806 }
807
815 protected function __setTemplateFilter($a_templates)
816 {
817 global $ilDB;
818
819 if ($a_templates === true)
820 {
821 $where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
822 }
823 else
824 {
825 $where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
826 }
827
828 return $where;
829 }
830
843 protected function __setRoleType($a_role_list)
844 {
845 foreach ($a_role_list as $key => $val)
846 {
847 // determine role type
848 if ($val["type"] == "rolt")
849 {
850 $a_role_list[$key]["role_type"] = "template";
851 }
852 else
853 {
854 if ($val["assign"] == "y")
855 {
856 if ($val["parent"] == ROLE_FOLDER_ID)
857 {
858 $a_role_list[$key]["role_type"] = "global";
859 }
860 else
861 {
862 $a_role_list[$key]["role_type"] = "local";
863 }
864 }
865 else
866 {
867 $a_role_list[$key]["role_type"] = "linked";
868 }
869 }
870
871 if ($val["protected"] == "y")
872 {
873 $a_role_list[$key]["protected"] = true;
874 }
875 else
876 {
877 $a_role_list[$key]["protected"] = false;
878 }
879 }
880
881 return $a_role_list;
882 }
883
891 public function getNumberOfAssignedUsers(Array $a_roles)
892 {
893 global $ilDB;
894
895 $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua '.
896 'WHERE '.$ilDB->in('rol_id', $a_roles, false, 'integer').' ';
897
898 $res = $ilDB->query($query);
899 $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
900 return $row->num ? $row->num : 0;
901 }
902
903
912 public function assignedUsers($a_rol_id, $a_fields = NULL)
913 {
914 global $ilBench,$ilDB;
915
916 $ilBench->start("RBAC", "review_assignedUsers");
917
918 if (!isset($a_rol_id))
919 {
920 $message = get_class($this)."::assignedUsers(): No role_id given!";
921 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
922 }
923 if (! $a_fields AND isset(self::$assigned_users_cache[$a_rol_id])) {
924 return self::$assigned_users_cache[$a_rol_id];
925 }
926
927 $result_arr = array();
928
929 if ($a_fields !== NULL and is_array($a_fields))
930 {
931 if (count($a_fields) == 0)
932 {
933 $select = "*";
934 }
935 else
936 {
937 if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
938 unset($a_fields[$usr_id_field]);
939
940 $select = implode(",",$a_fields).",usr_data.usr_id";
941 $select = addslashes($select);
942 }
943
944 $ilDB->enableResultBuffering(false);
945 $query = "SELECT ".$select." FROM usr_data ".
946 "LEFT JOIN rbac_ua ON usr_data.usr_id = rbac_ua.usr_id ".
947 "WHERE rbac_ua.rol_id =".$ilDB->quote($a_rol_id,'integer');
948 $res = $ilDB->query($query);
949 while($row = $ilDB->fetchAssoc($res))
950 {
951 $result_arr[] = $row;
952 }
953 $ilDB->enableResultBuffering(true);
954 }
955 else
956 {
957 $ilDB->enableResultBuffering(false);
958 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
959
960 $res = $ilDB->query($query);
961 while($row = $ilDB->fetchAssoc($res))
962 {
963 array_push($result_arr,$row["usr_id"]);
964 }
965 $ilDB->enableResultBuffering(true);
966 }
967
968 $ilBench->stop("RBAC", "review_assignedUsers");
969
970 if (! $a_fields) {
971 self::$assigned_users_cache[$a_rol_id] = $result_arr;
972 }
973
974 return $result_arr;
975 }
976
977
986 public function isAssigned($a_usr_id,$a_role_id)
987 {
988 if(isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
989 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
990 }
991 // Quickly determine if user is assigned to a role
992 global $ilDB;
993
994 $ilDB->setLimit(1,0);
995 $query = "SELECT usr_id FROM rbac_ua WHERE ".
996 "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
997 "AND usr_id= ".$ilDB->quote($a_usr_id);
998 $res = $ilDB->query($query);
999
1000 $is_assigned = $res->numRows() == 1;
1001 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
1002
1003 return $is_assigned;
1004 }
1005
1018 public function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
1019 {
1020 global $ilDB;
1021
1022 $ilDB->setLimit(1,0);
1023 $query = "SELECT usr_id FROM rbac_ua WHERE ".
1024 $ilDB->in('rol_id',$a_role_ids,false,'integer').
1025 " AND usr_id= ".$ilDB->quote($a_usr_id);
1026 $res = $ilDB->query($query);
1027
1028 return $ilDB->numRows($res) == 1;
1029 }
1030
1038 public function assignedRoles($a_usr_id)
1039 {
1040 global $ilDB;
1041
1042 $role_arr = array();
1043
1044 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
1045
1046 $res = $ilDB->query($query);
1047 while($row = $ilDB->fetchObject($res))
1048 {
1049 $role_arr[] = $row->rol_id;
1050 }
1051 return $role_arr ? $role_arr : array();
1052 }
1053
1059 public function assignedGlobalRoles($a_usr_id)
1060 {
1061 global $ilDB;
1062
1063 $query = "SELECT ua.rol_id FROM rbac_ua ua ".
1064 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
1065 "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
1066 "AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
1067 "AND assign = 'y' ";
1068
1069 $res = $ilDB->query($query);
1070 while($row = $ilDB->fetchObject($res))
1071 {
1072 $role_arr[] = $row->rol_id;
1073 }
1074 return $role_arr ? $role_arr : array();
1075 }
1076
1085 public function isAssignable($a_rol_id, $a_ref_id)
1086 {
1087 global $ilBench,$ilDB;
1088
1089 $ilBench->start("RBAC", "review_isAssignable");
1090
1091 // exclude system role from rbac
1092 if ($a_rol_id == SYSTEM_ROLE_ID)
1093 {
1094 $ilBench->stop("RBAC", "review_isAssignable");
1095 return true;
1096 }
1097
1098 if (!isset($a_rol_id) or !isset($a_ref_id))
1099 {
1100 $message = get_class($this)."::isAssignable(): Missing parameter!".
1101 " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
1102 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1103 }
1104 $query = "SELECT * FROM rbac_fa ".
1105 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1106 "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
1107 $res = $ilDB->query($query);
1108 $row = $ilDB->fetchObject($res);
1109
1110 $ilBench->stop("RBAC", "review_isAssignable");
1111 return $row->assign == 'y' ? true : false;
1112 }
1113
1119 public function hasMultipleAssignments($a_role_id)
1120 {
1121 global $ilDB;
1122
1123 $query = "SELECT * FROM rbac_fa WHERE rol_id = ".$ilDB->quote($a_role_id,'integer').' '.
1124 "AND assign = ".$ilDB->quote('y','text');
1125 $res = $ilDB->query($query);
1126 return $res->numRows() > 1;
1127 }
1128
1140 public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
1141 {
1142 global $ilDB;
1143
1144 if (!isset($a_rol_id))
1145 {
1146 $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
1147 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1148 }
1149
1150 if ($a_assignable)
1151 {
1152 $where = " AND assign ='y'";
1153 }
1154
1155 $query = "SELECT DISTINCT parent FROM rbac_fa ".
1156 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
1157
1158 $res = $ilDB->query($query);
1159 while($row = $ilDB->fetchObject($res))
1160 {
1161 $folders[] = $row->parent;
1162 }
1163 return $folders ? $folders : array();
1164 }
1165
1173 public function getRolesOfObject($a_ref_id, $a_assignable_only = FALSE)
1174 {
1175 global $ilDB;
1176
1177 if(!isset($a_ref_id))
1178 {
1179 $GLOBALS['ilLog']->logStack();
1180 throw new InvalidArgumentException(__METHOD__.': No ref_id given!');
1181 }
1182 if($a_assignable_only === TRUE)
1183 {
1184 $and = 'AND assign = '.$ilDB->quote('y','text');
1185 }
1186 $query = "SELECT rol_id FROM rbac_fa ".
1187 "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1188 $and;
1189
1190 $res = $ilDB->query($query);
1191
1192 $role_ids = array();
1193 while($row = $ilDB->fetchObject($res))
1194 {
1195 $role_ids[] = $row->rol_id;
1196 }
1197 return $role_ids;
1198 }
1199
1200
1201
1202
1213 public function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
1214 {
1215 global $ilBench,$ilDB,$ilLog;
1216
1217 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
1218
1219 if (!isset($a_ref_id))
1220 {
1221 $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
1222 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1223
1224 }
1225
1226 if ($a_nonassignable === false)
1227 {
1228 $and = " AND assign='y'";
1229 }
1230
1231 $query = "SELECT rol_id FROM rbac_fa ".
1232 "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1233 $and;
1234
1235 $res = $ilDB->query($query);
1236 while($row = $ilDB->fetchObject($res))
1237 {
1238 $rol_id[] = $row->rol_id;
1239 }
1240
1241 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
1242
1243 return $rol_id ? $rol_id : array();
1244 }
1245
1252 public function getGlobalRoles()
1253 {
1254 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
1255 }
1256
1262 public function getLocalRoles($a_ref_id)
1263 {
1264 global $ilDB;
1265
1266 $lroles = array();
1267 foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
1268 {
1269 if($this->isAssignable($role_id, $a_ref_id))
1270 {
1271 $lroles[] = $role_id;
1272 }
1273 }
1274 return $lroles;
1275 }
1276
1282 public function getLocalPolicies($a_ref_id)
1283 {
1284 $lroles = array();
1285 foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
1286 {
1287 $lroles[] = $role_id;
1288 }
1289 return $lroles;
1290 }
1291
1298 public function getGlobalRolesArray()
1299 {
1300 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
1301 {
1302 $ga[] = array('obj_id' => $role_id,
1303 'role_type' => 'global');
1304 }
1305 return $ga ? $ga : array();
1306 }
1307
1315 {
1316 include_once './Services/AccessControl/classes/class.ilObjRole.php';
1317
1318 foreach($this->getGlobalRoles() as $role_id)
1319 {
1321 {
1322 $ga[] = array('obj_id' => $role_id,
1323 'role_type' => 'global');
1324 }
1325 }
1326 return $ga ? $ga : array();
1327 }
1328
1329
1334 public function isRoleAssignedToObject($a_role_id, $a_parent_id)
1335 {
1336 global $rbacreview, $ilDB;
1337
1338 $query = 'SELECT * FROM rbac_fa '.
1339 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1340 'AND parent = '.$ilDB->quote($a_parent_id,'integer');
1341 $res = $ilDB->query($query);
1342 return $res->numRows() ? true : false;
1343 }
1344
1351 public function getOperations()
1352 {
1353 global $ilDB;
1354
1355 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
1356 $res = $this->ilDB->query($query);
1357 while($row = $ilDB->fetchObject($res))
1358 {
1359 $ops[] = array('ops_id' => $row->ops_id,
1360 'operation' => $row->operation,
1361 'description' => $row->description);
1362 }
1363
1364 return $ops ? $ops : array();
1365 }
1366
1373 public function getOperation($ops_id)
1374 {
1375 global $ilDB;
1376
1377 $query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
1378 $res = $this->ilDB->query($query);
1379 while($row = $ilDB->fetchObject($res))
1380 {
1381 $ops = array('ops_id' => $row->ops_id,
1382 'operation' => $row->operation,
1383 'description' => $row->description);
1384 }
1385
1386 return $ops ? $ops : array();
1387 }
1388
1398 public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
1399 {
1400 global $ilDB;
1401
1402 if(!$a_parent)
1403 {
1404 $a_parent = ROLE_FOLDER_ID;
1405 }
1406
1407 $query = "SELECT ops_id,type FROM rbac_templates ".
1408 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1409 "AND parent = ".$ilDB->quote($a_parent,'integer');
1410 $res = $ilDB->query($query);
1411
1412 $ops_arr = array();
1413 while ($row = $ilDB->fetchObject($res))
1414 {
1415 $ops_arr[$row->type][] = $row->ops_id;
1416 }
1417 return (array) $ops_arr;
1418 }
1419
1427 public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
1428 {
1429 global $ilDB;
1430
1431 $query = 'SELECT * FROM rbac_pa '.
1432 'WHERE ref_id = '.$ilDB->quote($a_ref_id,'integer').' '.
1433 'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' ';
1434
1435 $res = $ilDB->query($query);
1436 while($row = $res->fetchRow(DB_FETCHMODE_ASSOC))
1437 {
1438 return unserialize($row['ops_id']);
1439 }
1440 return array();
1441 }
1442
1443
1454 public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
1455 {
1456 global $ilDB,$ilLog;
1457
1458 if (!isset($a_rol_id) or !isset($a_type))
1459 {
1460 $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
1461 "role_id: ".$a_rol_id.
1462 "type: ".$a_type.
1463 "parent_id: ".$a_parent;
1464 $ilLog->logStack("Missing parameter! ");
1465 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1466 }
1467
1468 $ops_arr = array();
1469
1470 // if no rolefolder id is given, assume global role folder as target
1471 if ($a_parent == 0)
1472 {
1473 $a_parent = ROLE_FOLDER_ID;
1474 }
1475
1476 $query = "SELECT ops_id FROM rbac_templates ".
1477 "WHERE type =".$ilDB->quote($a_type,'text')." ".
1478 "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1479 "AND parent = ".$ilDB->quote($a_parent,'integer');
1480 $res = $ilDB->query($query);
1481 while ($row = $ilDB->fetchObject($res))
1482 {
1483 $ops_arr[] = $row->ops_id;
1484 }
1485
1486 return $ops_arr;
1487 }
1488
1496 public function getRoleOperationsOnObject($a_role_id,$a_ref_id)
1497 {
1498 global $ilDB;
1499
1500 $query = "SELECT * FROM rbac_pa ".
1501 "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
1502 "AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
1503
1504 $res = $ilDB->query($query);
1505 while($row = $ilDB->fetchObject($res))
1506 {
1507 $ops = unserialize($row->ops_id);
1508 }
1509
1510 return $ops ? $ops : array();
1511 }
1512
1520 public function getOperationsOnType($a_typ_id)
1521 {
1522 global $ilDB;
1523
1524 if (!isset($a_typ_id))
1525 {
1526 $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1527 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1528 }
1529
1530 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1531
1532 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id '.
1533 'WHERE typ_id = '.$ilDB->quote($a_typ_id,'integer').' '.
1534 'ORDER BY op_order';
1535
1536 $res = $ilDB->query($query);
1537
1538 while($row = $ilDB->fetchObject($res))
1539 {
1540 $ops_id[] = $row->ops_id;
1541 }
1542
1543 return $ops_id ? $ops_id : array();
1544 }
1545
1554 public function getOperationsOnTypeString($a_type)
1555 {
1556 global $ilDB;
1557
1558 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
1559
1560
1561 $res = $this->ilDB->query($query);
1562 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1563 {
1564 return $this->getOperationsOnType($row->obj_id);
1565 }
1566 return false;
1567 }
1568
1576 public function getOperationsByTypeAndClass($a_type,$a_class)
1577 {
1578 global $ilDB;
1579
1580 if($a_class != 'create')
1581 {
1582 $condition = "AND class != ".$ilDB->quote('create','text');
1583 }
1584 else
1585 {
1586 $condition = "AND class = ".$ilDB->quote('create','text');
1587 }
1588
1589 $query = "SELECT ro.ops_id FROM rbac_operations ro ".
1590 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id ".
1591 "JOIN object_data od ON rt.typ_id = od.obj_id ".
1592 "WHERE type = ".$ilDB->quote('typ','text')." ".
1593 "AND title = ".$ilDB->quote($a_type,'text')." ".
1594 $condition." ".
1595 "ORDER BY op_order ";
1596
1597 $res = $ilDB->query($query);
1598
1599 $ops = array();
1600 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1601 {
1602 $ops[] = $row->ops_id;
1603 }
1604 return $ops;
1605 }
1606
1607
1617 public function getObjectsWithStopedInheritance($a_rol_id,$a_filter = array())
1618 {
1619 global $ilDB;
1620
1621 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1622 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1623 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1624
1625 $query = 'SELECT parent p FROM rbac_fa '.
1626 'WHERE assign = '.$ilDB->quote('n','text').' '.
1627 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1628
1629 if($a_filter)
1630 {
1631 $query .= ('AND '.$ilDB->in('parent',(array) $a_filter,false,'integer'));
1632 }
1633
1634 $res = $ilDB->query($query);
1635 $parent = array();
1636 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1637 {
1638 $parent[] = $row->p;
1639 }
1640 return $parent;
1641 }
1642
1650 public function isDeleted($a_node_id)
1651 {
1652 global $ilDB;
1653
1654 $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1655 $r = $this->ilDB->query($q);
1656
1657 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1658
1659 if (!$row)
1660 {
1661 $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1662 get_class($this),
1663 $a_node_id);
1664 $this->log->write($message,$this->log->FATAL);
1665
1666 return true;
1667 }
1668
1669 // rolefolder is deleted
1670 if ($row->tree < 0)
1671 {
1672 return true;
1673 }
1674
1675 return false;
1676 }
1677
1684 public function isGlobalRole($a_role_id)
1685 {
1686 return in_array($a_role_id,$this->getGlobalRoles());
1687 }
1688
1698 public function getRolesByFilter($a_filter = 0,$a_user_id = 0, $title_filter = '')
1699 {
1700 global $ilDB;
1701
1702 $assign = "y";
1703
1704 switch($a_filter)
1705 {
1706 // all (assignable) roles
1707 case self::FILTER_ALL:
1708 return $this->getAssignableRoles(true,true,$title_filter);
1709 break;
1710
1711 // all (assignable) global roles
1713 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
1714 break;
1715
1716 // all (assignable) local roles
1720 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
1721 break;
1722
1723 // all role templates
1725 $where = "WHERE object_data.type = 'rolt'";
1726 $assign = "n";
1727 break;
1728
1729 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1730 case 0:
1731 default:
1732 if(!$a_user_id)
1733 return array();
1734
1735 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
1736 break;
1737 }
1738
1739 $roles = array();
1740
1741 $query = "SELECT * FROM object_data ".
1742 "JOIN rbac_fa ON obj_id = rol_id ".
1743 $where.
1744 "AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
1745
1746 if(strlen($title_filter))
1747 {
1748 $query .= (' AND '.$ilDB->like(
1749 'title',
1750 'text',
1751 '%'.$title_filter.'%'
1752 ));
1753 }
1754
1755 $res = $ilDB->query($query);
1756 while($row = $ilDB->fetchAssoc($res))
1757 {
1758 $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1759
1760 // all (assignable) internal local roles only
1761 if ($a_filter == 4 and !$prefix)
1762 {
1763 continue;
1764 }
1765
1766 // all (assignable) non internal local roles only
1767 if ($a_filter == 5 and $prefix)
1768 {
1769 continue;
1770 }
1771
1772 $row["desc"] = $row["description"];
1773 $row["user_id"] = $row["owner"];
1774 $roles[] = $row;
1775 }
1776
1777 $roles = $this->__setRoleType($roles);
1778
1779 return $roles ? $roles : array();
1780 }
1781
1789 public function getTypeId($a_type)
1790 {
1791 global $ilDB;
1792
1793 $q = "SELECT obj_id FROM object_data ".
1794 "WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
1795 $r = $ilDB->query($q);
1796
1797 $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1798 return $row->obj_id;
1799 }
1800
1811 public static function _getOperationIdsByName($operations)
1812 {
1813 global $ilDB;
1814
1815 if(!count($operations))
1816 {
1817 return array();
1818 }
1819
1820 $query = 'SELECT ops_id FROM rbac_operations '.
1821 'WHERE '.$ilDB->in('operation',$operations,false,'text');
1822
1823 $res = $ilDB->query($query);
1824 while($row = $ilDB->fetchObject($res))
1825 {
1826 $ops_ids[] = $row->ops_id;
1827 }
1828 return $ops_ids ? $ops_ids : array();
1829 }
1830
1839 public static function _getOperationIdByName($a_operation)
1840 {
1841 global $ilDB,$ilErr;
1842
1843 if (!isset($a_operation))
1844 {
1845 $message = "perm::getOperationId(): No operation given!";
1846 $ilErr->raiseError($message,$ilErr->WARNING);
1847 }
1848
1849 // Cache operation ids
1850 if (! is_array(self::$_opsCache)) {
1851 self::$_opsCache = array();
1852
1853 $q = "SELECT ops_id, operation FROM rbac_operations";
1854 $r = $ilDB->query($q);
1855 while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1856 {
1857 self::$_opsCache[$row->operation] = $row->ops_id;
1858 }
1859 }
1860
1861 // Get operation ID by name from cache
1862 if (array_key_exists($a_operation, self::$_opsCache)) {
1863 return self::$_opsCache[$a_operation];
1864 }
1865 return null;
1866 }
1867
1874 public static function lookupCreateOperationIds($a_type_arr)
1875 {
1876 global $ilDB;
1877
1878 $operations = array();
1879 foreach($a_type_arr as $type)
1880 {
1881 $operations[] = ('create_'.$type);
1882 }
1883
1884 if(!count($operations))
1885 {
1886 return array();
1887 }
1888
1889 $query = 'SELECT ops_id, operation FROM rbac_operations '.
1890 'WHERE '.$ilDB->in('operation',$operations,false,'text');
1891
1892 $res = $ilDB->query($query);
1893
1894 $ops_ids = array();
1895 while($row = $ilDB->fetchObject($res))
1896 {
1897 $type_arr = explode('_', $row->operation);
1898 $type = $type_arr[1];
1899
1900 $ops_ids[$type] = $row->ops_id;
1901 }
1902 return $ops_ids;
1903 }
1904
1905
1906
1915 public function isProtected($a_ref_id,$a_role_id)
1916 {
1917 global $ilDB;
1918
1919 // ref_id not used yet. protected permission acts 'global' for each role,
1920 $query = "SELECT protected FROM rbac_fa ".
1921 "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1922 $res = $ilDB->query($query);
1923 $row = $ilDB->fetchAssoc($res);
1924
1925 return ilUtil::yn2tf($row['protected']);
1926 }
1927
1935 public function isBlockedAtPosition($a_role_id, $a_ref_id)
1936 {
1937 global $ilDB;
1938
1939 $query = 'SELECT blocked from rbac_fa '.
1940 'WHERE rol_id = '. $ilDB->quote($a_role_id,'integer').' '.
1941 'AND parent = '.$ilDB->quote($a_ref_id,'integer');
1942 $res = $ilDB->query($query);
1943 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1944 {
1945 return (bool) $row->blocked;
1946 }
1947 return FALSE;
1948 }
1949
1955 public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1956 {
1957 global $ilDB, $tree;
1958
1959 if($this->isBlockedAtPosition($a_role_id, $a_ref_id))
1960 {
1961 return FALSE;
1962 }
1963 $query = 'SELECT parent from rbac_fa '.
1964 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1965 'AND blocked = '.$ilDB->quote(1,'integer');
1966 $res = $ilDB->query($query);
1967
1968 $parent_ids = array();
1969 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1970 {
1971 $parent_ids[] = $row->parent;
1972 }
1973
1974 foreach($parent_ids as $parent_id)
1975 {
1976 if($tree->isGrandChild($parent_id, $a_ref_id))
1977 {
1978 return TRUE;
1979 }
1980 }
1981 return FALSE;
1982 }
1983
1984 // this method alters the protected status of role regarding the current user's role assignment
1985 // and current postion in the hierarchy.
1986
1998 protected function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1999 {
2000 //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
2001
2002 global $rbacsystem,$ilUser,$log;
2003
2004 if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
2005 {
2006 $leveladmin = true;
2007 }
2008 else
2009 {
2010 $leveladmin = false;
2011 }
2012 #vd("RoleHierarchy",$a_role_hierarchy);
2013 foreach ($a_role_hierarchy as $role_id => $rolf_id)
2014 {
2015 //$log->write("ilRBACreview::__setProtectedStatus(), 0");
2016 #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
2017 //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
2018
2019 if ($leveladmin == true)
2020 {
2021 $a_parent_roles[$role_id]['protected'] = false;
2022 continue;
2023 }
2024
2025 if ($a_parent_roles[$role_id]['protected'] == true)
2026 {
2027 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
2028
2029 #vd("intersection",$arr_lvl_roles_user);
2030
2031 foreach ($arr_lvl_roles_user as $lvl_role_id)
2032 {
2033 #echo "<br/>level_role: ".$lvl_role_id;
2034 #echo "<br/>a_ref_id: ".$a_ref_id;
2035
2036 //$log->write("ilRBACreview::__setProtectedStatus(), 1");
2037 // check if role grants 'edit_permission' to parent
2038 $rolf = $a_parent_roles[$role_id]['parent'];
2039 #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
2040 if ($rbacsystem->checkPermission($rolf,$lvl_role_id,'edit_permission'))
2041 {
2042 #echo "<br />Permission granted";
2043 //$log->write("ilRBACreview::__setProtectedStatus(), 2");
2044 // user may change permissions of that higher-ranked role
2045 $a_parent_roles[$role_id]['protected'] = false;
2046
2047 // remember successful check
2048 //$leveladmin = true;
2049 }
2050 }
2051 }
2052 }
2053 return $a_parent_roles;
2054 }
2055
2066 public static function _getOperationList($a_type = null)
2067 {
2068 global $ilDB;
2069
2070 $arr = array();
2071
2072 if ($a_type)
2073 {
2074 $query = sprintf('SELECT * FROM rbac_operations '.
2075 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
2076 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
2077 'WHERE object_data.title = %s '.
2078 'AND object_data.type = %s '.
2079 'ORDER BY op_order ASC',
2080 $ilDB->quote($a_type,'text'),
2081 $ilDB->quote('typ','text'));
2082 }
2083 else
2084 {
2085 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
2086 }
2087 $res = $ilDB->query($query);
2088 while ($row = $ilDB->fetchAssoc($res))
2089 {
2090 $arr[] = array(
2091 "ops_id" => $row['ops_id'],
2092 "operation" => $row['operation'],
2093 "desc" => $row['description'],
2094 "class" => $row['class'],
2095 "order" => $row['op_order']
2096 );
2097 }
2098 return $arr;
2099 }
2100
2107 public static function _groupOperationsByClass($a_ops_arr)
2108 {
2109 $arr = array();
2110
2111 foreach ($a_ops_arr as $ops)
2112 {
2113 $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
2114 'name' => $ops['operation']
2115 );
2116 }
2117 return $arr;
2118 }
2119
2129 public function getObjectOfRole($a_role_id)
2130 {
2131 // internal cache
2132 static $obj_cache = array();
2133
2134 global $ilDB;
2135
2136
2137 if(isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id])
2138 {
2139 return $obj_cache[$a_role_id];
2140 }
2141
2142 $query = 'SELECT obr.obj_id FROM rbac_fa rfa '.
2143 'JOIN object_reference obr ON rfa.parent = obr.ref_id '.
2144 'WHERE assign = '.$ilDB->quote('y','text'). ' '.
2145 'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2146 'AND deleted IS NULL';
2147
2148 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
2149 # "JOIN tree ON rfa.parent = tree.child ".
2150 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
2151 # "WHERE tree.tree = 1 ".
2152 # "AND assign = 'y' ".
2153 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
2154 $res = $ilDB->query($query);
2155
2156 $obj_cache[$a_role_id] = 0;
2157 while($row = $ilDB->fetchObject($res))
2158 {
2159 $obj_cache[$a_role_id] = $row->obj_id;
2160 }
2161 return $obj_cache[$a_role_id];
2162 }
2163
2170 public function getObjectReferenceOfRole($a_role_id)
2171 {
2172 global $ilDB;
2173
2174 $query = 'SELECT parent p_ref FROM rbac_fa '.
2175 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2176 'AND assign = '.$ilDB->quote('y','text');
2177
2178 $res = $ilDB->query($query);
2179 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
2180 {
2181 return $row->p_ref;
2182 }
2183 return 0;
2184 }
2185
2193 public function isRoleDeleted ($a_role_id)
2194 {
2195 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
2196 $deleted = true;
2197 if (count($rolf_list))
2198 {
2199 foreach ($rolf_list as $rolf) {
2200 // only list roles that are not set to status "deleted"
2201 if (!$this->isDeleted($rolf))
2202 {
2203 $deleted = false;
2204 break;
2205 }
2206 }
2207 }
2208 return $deleted;
2209 }
2210
2211
2219 public function getRolesForIDs($role_ids, $use_templates)
2220 {
2221 global $ilDB;
2222
2223 $role_list = array();
2224
2225 $where = $this->__setTemplateFilter($use_templates);
2226
2227 $query = "SELECT * FROM object_data ".
2228 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
2229 $where.
2230 "AND rbac_fa.assign = 'y' " .
2231 'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
2232
2233 $res = $ilDB->query($query);
2234 while($row = $ilDB->fetchAssoc($res))
2235 {
2236 $row["desc"] = $row["description"];
2237 $row["user_id"] = $row["owner"];
2238 $role_list[] = $row;
2239 }
2240
2241 $role_list = $this->__setRoleType($role_list);
2242 return $role_list;
2243 }
2244
2250 public function getOperationAssignment()
2251 {
2252 global $ilDB;
2253
2254 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
2255 'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
2256 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
2257 $res = $ilDB->query($query);
2258
2259 $counter = 0;
2260 while($row = $ilDB->fetchObject($res))
2261 {
2262 $info[$counter]['typ_id'] = $row->typ_id;
2263 $info[$counter]['type'] = $row->title;
2264 $info[$counter]['ops_id'] = $row->ops_id;
2265 $info[$counter]['operation'] = $row->operation;
2266 $counter++;
2267 }
2268 return $info ? $info : array();
2269
2270 }
2271
2279 public function isDeleteable($a_role_id, $a_rolf_id)
2280 {
2281 if(!$this->isAssignable($a_role_id, $a_rolf_id))
2282 {
2283 return false;
2284 }
2285 if($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID)
2286 {
2287 return false;
2288 }
2289 if(substr(ilObject::_lookupTitle($a_role_id),0,3) == 'il_')
2290 {
2291 return false;
2292 }
2293 return true;
2294 }
2295
2302 public function isSystemGeneratedRole($a_role_id)
2303 {
2304 $title = ilObject::_lookupTitle($a_role_id);
2305 return substr($title,0,3) == 'il_' ? true : false;
2306 }
2307
2308
2316 public function getRoleFolderOfRole($a_role_id)
2317 {
2318 global $ilDB;
2319
2320 if(ilObject::_lookupType($a_role_id) == 'role')
2321 {
2322 $and = ('AND assign = '.$ilDB->quote('y','text'));
2323 }
2324 else
2325 {
2326 $and = '';
2327 }
2328
2329 $query = 'SELECT * FROM rbac_fa '.
2330 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2331 $and;
2332 $res = $ilDB->query($query);
2333 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
2334 {
2335 return $row->parent;
2336 }
2337 return 0;
2338 }
2339
2347 public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
2348 {
2349 global $ilDB;
2350
2351 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua ".
2352 "ON (rbac_pa.rol_id = rbac_ua.rol_id) ".
2353 "WHERE rbac_ua.usr_id = ".$ilDB->quote($a_user_id,'integer')." ".
2354 "AND rbac_pa.ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
2355
2356 $res = $ilDB->query($query);
2357 $all_ops = array();
2358 while ($row = $ilDB->fetchObject($res))
2359 {
2360 $ops = unserialize($row->ops_id);
2361 $all_ops = array_merge($all_ops, $ops);
2362 }
2363 $all_ops = array_unique($all_ops);
2364
2365 $set = $ilDB->query("SELECT operation FROM rbac_operations ".
2366 " WHERE ".$ilDB->in("ops_id", $all_ops, false, "integer"));
2367 $perms = array();
2368 while ($rec = $ilDB->fetchAssoc($set))
2369 {
2370 $perms[] = $rec["operation"];
2371 }
2372
2373 return $perms;
2374 }
2375
2382 public function setAssignedCacheEntry($a_role_id,$a_user_id, $a_value)
2383 {
2384 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
2385 }
2386
2393 public function getAssignedCacheEntry($a_role_id,$a_user_id)
2394 {
2395 return self::$is_assigned_cache[$a_role_id][$a_user_id];
2396 }
2397
2401 public function clearCaches()
2402 {
2403 self::$is_assigned_cache = array();
2404 self::$assigned_users_cache = array();
2405 }
2406
2407} // END class.ilRbacReview
2408?>
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
Database Wrapper.
Definition: class.ilDB.php:29
query($sql, $a_handle_error=true)
Query.
quote($a_query, $a_type=null)
Wrapper for quote method.
const ILIAS_HOST
_getAssignUsersStatus($a_role_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
class ilRbacReview Contains Review functions of core Rbac.
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node @access public.
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
@global ilDB $ilDB
getTypeId($a_type)
Get type id of object @global ilDB $ilDB.
static _groupOperationsByClass($a_ops_arr)
getLocalPolicies($a_ref_id)
Get all roles with local policies.
getNumberOfAssignedUsers(Array $a_roles)
Get the number of assigned users to roles @global ilDB $ilDB.
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
getLocalRoles($a_ref_id)
Get local roles of object.
searchRolesByMailboxAddressList($a_address_list)
Finds all role ids that match the specified user friendly role mailbox address list.
getRolesOfObject($a_ref_id, $a_assignable_only=FALSE)
Get roles of object.
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
getRoleMailboxAddress($a_role_id, $is_localize=true)
roleExists($a_title, $a_id=0)
Checks if a role already exists.
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
getGlobalRoles()
get only 'global' roles @access public
isGlobalRole($a_role_id)
Check if role is a global role.
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
getRoleOperationsOnObject($a_role_id, $a_ref_id)
@global ilDB $ilDB
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position @global ilDB $ilDB.
hasMultipleAssignments($a_role_id)
Temporary bugfix.
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
clearCaches()
Clear assigned users caches.
isProtected($a_ref_id, $a_role_id)
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
static $assigned_users_cache
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users') @access public
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
assignedUsers($a_rol_id, $a_fields=NULL)
get all assigned users to a given role @access public
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
getRoleFolderOfRole($a_role_id)
Get role folder of role @global ilDB $ilDB.
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role @access public
static _getOperationIdsByName($operations)
get ops_id's by name.
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
getObjectReferenceOfRole($a_role_id)
Get reference of role.
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
getGlobalRolesArray()
get only 'global' roles @access public
getOperationsOnTypeString($a_type)
all possible operations of a type @access public
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
getRolesForIDs($role_ids, $use_templates)
@global ilDB $ilDB
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository @access public.
getOperationAssignment()
get operation assignments
getOperation($ops_id)
get one operation by operation id @access public
__construct()
Constructor @access public.
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
getOperations()
get all possible operations @access public
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
static yn2tf($a_yn)
convert "y"/"n" to true/false
if(!file_exists(getcwd().'/ilias.ini.php')) if(isset( $_GET["client_id"]))
registration confirmation script for ilias
Definition: confirmReg.php:20
$r
Definition: example_031.php:79
$info
Definition: example_052.php:80
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
global $ilBench
Definition: ilias.php:18
global $lng
Definition: privfeed.php:40
$ref_id
Definition: sahs_server.php:39
global $ilDB
global $ilUser
Definition: imgupload.php:15