ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
20 {
21  const FILTER_ALL = 1;
22  const FILTER_ALL_GLOBAL = 2;
23  const FILTER_ALL_LOCAL = 3;
24  const FILTER_INTERNAL = 4;
26  const FILTER_TEMPLATES = 6;
27 
28  protected $assigned_roles = array();
29  var $log = null;
30 
31  // Cache operation ids
32  private static $_opsCache = null;
33 
37  protected static $assigned_users_cache = array();
38 
42  protected static $is_assigned_cache = array();
43 
48  public function __construct()
49  {
50  global $ilDB,$ilErr,$ilias,$ilLog;
51 
52  $this->log =& $ilLog;
53 
54  // set db & error handler
55  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
56 
57  if (!isset($ilErr))
58  {
59  $ilErr = new ilErrorHandling();
60  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
61  }
62  else
63  {
64  $this->ilErr =& $ilErr;
65  }
66  }
67 
115  function searchRolesByMailboxAddressList($a_address_list)
116  {
117  global $ilDB;
118 
119  $role_ids = array();
120 
121  include_once "Services/Mail/classes/class.ilMail.php";
122  if(ilMail::_usePearMail())
123  {
124  require_once './Services/PEAR/lib/Mail/RFC822.php';
125  $parser = new Mail_RFC822();
126  $parsedList = $parser->parseAddressList($a_address_list, ilMail::ILIAS_HOST, false, true);
127  foreach ($parsedList as $address)
128  {
129  $local_part = $address->mailbox;
130  if (strpos($local_part,'#') !== 0 &&
131  !($local_part{0} == '"' && $local_part{1} == "#"))
132  {
133  // A local-part which doesn't start with a '#' doesn't denote a role.
134  // Therefore we can skip it.
135  continue;
136  }
137 
138  $local_part = substr($local_part, 1);
139 
140  /* If role contains spaces, eg. 'foo role', double quotes are added which have to be
141  removed here.*/
142  if( $local_part{0} == '#' && $local_part{strlen($local_part) - 1} == '"' )
143  {
144  $local_part = substr($local_part, 1);
145  $local_part = substr($local_part, 0, strlen($local_part) - 1);
146  }
147 
148  if (substr($local_part,0,8) == 'il_role_')
149  {
150  $role_id = substr($local_part,8);
151  $query = "SELECT t.tree ".
152  "FROM rbac_fa fa ".
153  "JOIN tree t ON t.child = fa.parent ".
154  "WHERE fa.rol_id = ".$this->ilDB->quote($role_id,'integer')." ".
155  "AND fa.assign = 'y' ".
156  "AND t.tree = 1";
157  $r = $ilDB->query($query);
158  if ($r->numRows() > 0)
159  {
160  $role_ids[] = $role_id;
161  }
162  continue;
163  }
164 
165 
166  $domain = $address->host;
167  if (strpos($domain,'[') == 0 && strrpos($domain,']'))
168  {
169  $domain = substr($domain,1,strlen($domain) - 2);
170  }
171  if (strlen($local_part) == 0)
172  {
173  $local_part = $domain;
174  $address->host = ilMail::ILIAS_HOST;
175  $domain = ilMail::ILIAS_HOST;
176  }
177 
178  if (strtolower($address->host) == ilMail::ILIAS_HOST)
179  {
180  // Search for roles = local-part in the whole repository
181  $query = "SELECT dat.obj_id ".
182  "FROM object_data dat ".
183  "JOIN rbac_fa fa ON fa.rol_id = dat.obj_id ".
184  "JOIN tree t ON t.child = fa.parent ".
185  "WHERE dat.title =".$this->ilDB->quote($local_part,'text')." ".
186  "AND dat.type = 'role' ".
187  "AND fa.assign = 'y' ".
188  "AND t.tree = 1";
189  }
190  else
191  {
192  // Search for roles like local-part in objects = host
193  $query = "SELECT rdat.obj_id ".
194  "FROM object_data odat ".
195  "JOIN object_reference oref ON oref.obj_id = odat.obj_id ".
196  "JOIN tree otree ON otree.child = oref.ref_id ".
197  "JOIN rbac_fa rfa ON rfa.parent = otree.child ".
198  "JOIN object_data rdat ON rdat.obj_id = rfa.rol_id ".
199  "WHERE odat.title = ".$this->ilDB->quote($domain,'text')." ".
200  "AND otree.tree = 1 ".
201  "AND rfa.assign = 'y' ".
202  "AND rdat.title LIKE ".
203  $this->ilDB->quote('%'.preg_replace('/([_%])/','\\\\$1',$local_part).'%','text');
204  }
205  $r = $ilDB->query($query);
206 
207  $count = 0;
208  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
209  {
210  $role_ids[] = $row->obj_id;
211  $count++;
212  }
213 
214  // Nothing found?
215  // In this case, we search for roles = host.
216  if ($count == 0 && strtolower($address->host) == ilMail::ILIAS_HOST)
217  {
218  $q = "SELECT dat.obj_id ".
219  "FROM object_data dat ".
220  "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
221  "JOIN tree t ON t.child = ref.ref_id ".
222  "WHERE dat.title = ".$this->ilDB->quote($domain ,'text')." ".
223  "AND dat.type = 'role' ".
224  "AND t.tree = 1 ";
225  $r = $this->ilDB->query($q);
226 
227  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
228  {
229  $role_ids[] = $row->obj_id;
230  }
231  }
232  //echo '<br>ids='.var_export($role_ids,true);
233  }
234  }
235  else
236  {
237  // the following code is executed, when Pear Mail is
238  // not installed
239 
240  $titles = explode(',', $a_address_list);
241 
242  $titleList = '';
243  foreach ($titles as $title)
244  {
245  if (strlen($inList) > 0)
246  {
247  $titleList .= ',';
248  }
249  $title = trim($title);
250  if (strpos($title,'#') == 0)
251  {
252  $titleList .= $this->ilDB->quote(substr($title, 1));
253  }
254  }
255  if (strlen($titleList) > 0)
256  {
257  $q = "SELECT obj_id ".
258  "FROM object_data ".
259  "WHERE title IN (".$titleList.") ".
260  "AND type='role'";
261  $r = $this->ilDB->query($q);
262  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
263  {
264  $role_ids[] = $row->obj_id;
265  }
266  }
267  }
268 
269  return $role_ids;
270  }
271 
336  function getRoleMailboxAddress($a_role_id, $is_localize = true)
337  {
338  global $log, $lng,$ilDB;
339 
340  include_once "Services/Mail/classes/class.ilMail.php";
341  if (ilMail::_usePearMail())
342  {
343  // Retrieve the role title and the object title.
344  $query = "SELECT rdat.title role_title,odat.title object_title, ".
345  " oref.ref_id object_ref ".
346  "FROM object_data rdat ".
347  "JOIN rbac_fa fa ON fa.rol_id = rdat.obj_id ".
348  "JOIN tree rtree ON rtree.child = fa.parent ".
349  "JOIN object_reference oref ON oref.ref_id = rtree.child ".
350  "JOIN object_data odat ON odat.obj_id = oref.obj_id ".
351  "WHERE rdat.obj_id = ".$this->ilDB->quote($a_role_id,'integer')." ".
352  "AND fa.assign = 'y' ";
353  $r = $ilDB->query($query);
354  if (!$row = $ilDB->fetchObject($r))
355  {
356  //$log->write('class.ilRbacReview->getMailboxAddress('.$a_role_id.'): error role does not exist');
357  return null; // role does not exist
358  }
359  $object_title = $row->object_title;
360  $object_ref = $row->object_ref;
361  $role_title = $row->role_title;
362 
363 
364  // In a perfect world, we could use the object_title in the
365  // domain part of the mailbox address, and the role title
366  // with prefix '#' in the local part of the mailbox address.
367  $domain = $object_title;
368  $local_part = $role_title;
369 
370 
371  // Determine if the object title is unique
372  $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
373  "FROM object_data dat ".
374  "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
375  "JOIN tree ON tree.child = ref.ref_id ".
376  "WHERE title = ".$this->ilDB->quote($object_title,'text')." ".
377  "AND tree.tree = 1 ";
378  $r = $this->ilDB->query($q);
379  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
380 
381  // If the object title is not unique, we get rid of the domain.
382  if ($row->count > 1)
383  {
384  $domain = null;
385  }
386 
387  // If the domain contains illegal characters, we get rid of it.
388  //if (domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]/',$domain))
389  // Fix for Mantis Bug: 7429 sending mail fails because of brakets
390  // Fix for Mantis Bug: 9978 sending mail fails because of semicolon
391  if ($domain != null && preg_match('/[\[\]\\]|[\x00-\x1f]|[\x28-\x29]|[;]/',$domain))
392  {
393  $domain = null;
394  }
395 
396  // If the domain contains special characters, we put square
397  // brackets around it.
398  if ($domain != null &&
399  (preg_match('/[()<>@,;:\\".\[\]]/',$domain) ||
400  preg_match('/[^\x21-\x8f]/',$domain))
401  )
402  {
403  $domain = '['.$domain.']';
404  }
405 
406  // If the role title is one of the ILIAS reserved role titles,
407  // we can use a shorthand version of it for the local part
408  // of the mailbox address.
409  if (strpos($role_title, 'il_') === 0 && $domain != null)
410  {
411  $unambiguous_role_title = $role_title;
412 
413  $pos = strpos($role_title, '_', 3) + 1;
414  $local_part = substr(
415  $role_title,
416  $pos,
417  strrpos($role_title, '_') - $pos
418  );
419  }
420  else
421  {
422  $unambiguous_role_title = 'il_role_'.$a_role_id;
423  }
424 
425  // Determine if the local part is unique. If we don't have a
426  // domain, the local part must be unique within the whole repositry.
427  // If we do have a domain, the local part must be unique for that
428  // domain.
429  if ($domain == null)
430  {
431  $q = "SELECT COUNT(DISTINCT dat.obj_id) count ".
432  "FROM object_data dat ".
433  "JOIN object_reference ref ON ref.obj_id = dat.obj_id ".
434  "JOIN tree ON tree.child = ref.ref_id ".
435  "WHERE title = ".$this->ilDB->quote($local_part,'text')." ".
436  "AND tree.tree = 1 ";
437  }
438  else
439  {
440  $q = "SELECT COUNT(rd.obj_id) count ".
441  "FROM object_data rd ".
442  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
443  "JOIN tree t ON t.child = fa.parent ".
444  "WHERE fa.assign = 'y' ".
445  "AND t.child = ".$this->ilDB->quote($object_ref,'integer')." ".
446  "AND rd.title LIKE ".$this->ilDB->quote(
447  '%'.preg_replace('/([_%])/','\\\\$1', $local_part).'%','text')." ";
448  }
449 
450  $r = $this->ilDB->query($q);
451  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
452 
453  // if the local_part is not unique, we use the unambiguous role title
454  // instead for the local part of the mailbox address
455  if ($row->count > 1)
456  {
457  $local_part = $unambiguous_role_title;
458  }
459 
460  $use_phrase = true;
461 
462  // If the local part contains illegal characters, we use
463  // the unambiguous role title instead.
464  if (preg_match('/[\\"\x00-\x1f]/',$local_part))
465  {
466  $local_part = $unambiguous_role_title;
467  }
468  else if(!preg_match('/^[\\x00-\\x7E]+$/i', $local_part))
469  {
470  // 2013-12-05: According to #12283, we do not accept umlauts in the local part
471  $local_part = $unambiguous_role_title;
472  $use_phrase = false;
473  }
474 
475  // Add a "#" prefix to the local part
476  $local_part = '#'.$local_part;
477 
478  // Put quotes around the role title, if needed
479  if (preg_match('/[()<>@,;:.\[\]\x20]/',$local_part))
480  {
481  $local_part = '"'.$local_part.'"';
482  }
483 
484  $mailbox = ($domain == null) ?
485  $local_part :
486  $local_part.'@'.$domain;
487 
488  if ($is_localize)
489  {
490  if (substr($role_title,0,3) == 'il_')
491  {
492  $phrase = $lng->txt(substr($role_title, 0, strrpos($role_title,'_')));
493  }
494  else
495  {
496  $phrase = $role_title;
497  }
498 
499  if($use_phrase)
500  {
501  // make phrase RFC 822 conformant:
502  // - strip excessive whitespace
503  // - strip special characters
504  $phrase = preg_replace('/\s\s+/', ' ', $phrase);
505  $phrase = preg_replace('/[()<>@,;:\\".\[\]]/', '', $phrase);
506 
507  $mailbox = $phrase.' <'.$mailbox.'>';
508  }
509  }
510 
511  require_once './Services/PEAR/lib/Mail/RFC822.php';
512  $obj = new Mail_RFC822($mailbox, ilMail::ILIAS_HOST);
513  if(@$obj->parseAddressList() instanceof PEAR_Error)
514  {
515  $q = "SELECT title ".
516  "FROM object_data ".
517  "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
518  $r = $this->ilDB->query($q);
519 
520  if ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
521  {
522  return '#'.$row->title;
523  }
524  else
525  {
526  return null;
527  }
528  }
529 
530  return $mailbox;
531  }
532  else
533  {
534  $q = "SELECT title ".
535  "FROM object_data ".
536  "WHERE obj_id = ".$this->ilDB->quote($a_role_id ,'integer');
537  $r = $this->ilDB->query($q);
538 
539  if($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
540  {
541  $ids_for_role_title = ilObject::_getIdsForTitle($row->title, 'role');
542  if(count($ids_for_role_title) > 1)
543  {
544  return '#il_role_' . $a_role_id;
545  }
546  else
547  {
548  return '#' . $row->title;
549  }
550  }
551  else
552  {
553  return null;
554  }
555  }
556  }
557 
558 
567  public function roleExists($a_title,$a_id = 0)
568  {
569  global $ilDB;
570 
571  if (empty($a_title))
572  {
573  $message = get_class($this)."::roleExists(): No title given!";
574  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
575  }
576 
577  $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
578 
579  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
580  "WHERE title =".$ilDB->quote($a_title)." ".
581  "AND type IN('role','rolt')".
582  $clause." ";
583  $r = $this->ilDB->query($q);
584 
585  while($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
586  {
587  return $row->obj_id;
588  }
589  return false;
590  }
591 
605  protected function __getParentRoles($a_path,$a_templates)
606  {
607  if (!isset($a_path) or !is_array($a_path))
608  {
609  $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
610  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
611  }
612 
613  $parent_roles = array();
614  $role_hierarchy = array();
615 
616  foreach($a_path as $ref_id)
617  {
618  $roles = $this->getRoleListByObject($ref_id,$a_templates);
619  foreach($roles as $role)
620  {
621  $id = $role["obj_id"];
622  $role["parent"] = $ref_id;
623  $parent_roles[$id] = $role;
624 
625  if (!array_key_exists($role['obj_id'],$role_hierarchy))
626  {
627  $role_hierarchy[$id] = $ref_id;
628  }
629  }
630  }
631  return $this->__setProtectedStatus($parent_roles,$role_hierarchy,reset($a_path));
632  }
633 
643  public function getParentRoleIds($a_endnode_id,$a_templates = false)
644  {
645  global $tree;
646 
647  if (!isset($a_endnode_id))
648  {
649  $GLOBALS['ilLog']->logStack();
650  $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
651  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
652  }
653 
654  //var_dump($a_endnode_id);exit;
655  //$log->write("ilRBACreview::getParentRoleIds(), 0");
656  $pathIds = $tree->getPathId($a_endnode_id);
657 
658  // add system folder since it may not in the path
659  //$pathIds[0] = SYSTEM_FOLDER_ID;
660  $pathIds[0] = ROLE_FOLDER_ID;
661  //$log->write("ilRBACreview::getParentRoleIds(), 1");
662  #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
663  return $this->__getParentRoles($pathIds,$a_templates);
664  }
665 
674  public function getRoleListByObject($a_ref_id,$a_templates = false)
675  {
676  global $ilDB;
677 
678  if (!isset($a_ref_id) or !isset($a_templates))
679  {
680  $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
681  "ref_id: ".$a_ref_id.
682  "tpl_flag: ".$a_templates;
683  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
684  }
685 
686  $role_list = array();
687 
688  $where = $this->__setTemplateFilter($a_templates);
689 
690  $query = "SELECT * FROM object_data ".
691  "JOIN rbac_fa ON obj_id = rol_id ".
692  $where.
693  "AND object_data.obj_id = rbac_fa.rol_id ".
694  "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
695 
696  $res = $ilDB->query($query);
697  while ($row = $ilDB->fetchAssoc($res))
698  {
699  $row["desc"] = $row["description"];
700  $row["user_id"] = $row["owner"];
701  $role_list[] = $row;
702  }
703 
704  $role_list = $this->__setRoleType($role_list);
705 
706  return $role_list;
707  }
708 
716  function getAssignableRoles($a_templates = false,$a_internal_roles = false, $title_filter = '')
717  {
718  global $ilDB;
719 
720  $role_list = array();
721 
722  $where = $this->__setTemplateFilter($a_templates);
723 
724  $query = "SELECT * FROM object_data ".
725  "JOIN rbac_fa ON obj_id = rol_id ".
726  $where.
727  "AND rbac_fa.assign = 'y' ";
728 
729  if(strlen($title_filter))
730  {
731  $query .= (' AND '.$ilDB->like(
732  'title',
733  'text',
734  $title_filter.'%'
735  ));
736  }
737  $res = $ilDB->query($query);
738 
739  while ($row = $ilDB->fetchAssoc($res))
740  {
741  $row["desc"] = $row["description"];
742  $row["user_id"] = $row["owner"];
743  $role_list[] = $row;
744  }
745 
746  $role_list = $this->__setRoleType($role_list);
747 
748  return $role_list;
749  }
750 
759  {
760  global $ilDB;
761 
762  $query = 'SELECT rol_id FROM rbac_fa fa '.
763  'JOIN tree t1 ON t1.child = fa.parent '.
764  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
765  'WHERE assign = '.$ilDB->quote('y','text').' '.
766  'AND obd.type = '.$ilDB->quote('role','text').' '.
767  'AND t1.child IN ('.
768  $GLOBALS['tree']->getSubTreeQuery($ref_id,array('child')).' '.
769  ') ';
770 
771 
772  $res = $ilDB->query($query);
773 
774  $role_list = array();
775  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
776  {
777  $role_list[] = $row->rol_id;
778  }
779  return $role_list;
780  }
781 
789  public function getAssignableChildRoles($a_ref_id)
790  {
791  global $ilDB;
792 
793  $query = "SELECT fa.*, rd.* ".
794  "FROM object_data rd ".
795  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
796  "WHERE fa.assign = 'y' ".
797  "AND fa.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
798  ;
799 
800  $res = $ilDB->query($query);
801  while($row = $ilDB->fetchAssoc($res))
802  {
803  $roles_data[] = $row;
804  }
805  return $roles_data ? $roles_data : array();
806  }
807 
815  protected function __setTemplateFilter($a_templates)
816  {
817  global $ilDB;
818 
819  if ($a_templates === true)
820  {
821  $where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
822  }
823  else
824  {
825  $where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
826  }
827 
828  return $where;
829  }
830 
843  protected function __setRoleType($a_role_list)
844  {
845  foreach ($a_role_list as $key => $val)
846  {
847  // determine role type
848  if ($val["type"] == "rolt")
849  {
850  $a_role_list[$key]["role_type"] = "template";
851  }
852  else
853  {
854  if ($val["assign"] == "y")
855  {
856  if ($val["parent"] == ROLE_FOLDER_ID)
857  {
858  $a_role_list[$key]["role_type"] = "global";
859  }
860  else
861  {
862  $a_role_list[$key]["role_type"] = "local";
863  }
864  }
865  else
866  {
867  $a_role_list[$key]["role_type"] = "linked";
868  }
869  }
870 
871  if ($val["protected"] == "y")
872  {
873  $a_role_list[$key]["protected"] = true;
874  }
875  else
876  {
877  $a_role_list[$key]["protected"] = false;
878  }
879  }
880 
881  return $a_role_list;
882  }
883 
891  public function getNumberOfAssignedUsers(Array $a_roles)
892  {
893  global $ilDB;
894 
895  $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua '.
896  'WHERE '.$ilDB->in('rol_id', $a_roles, false, 'integer').' ';
897 
898  $res = $ilDB->query($query);
899  $row = $res->fetchRow(DB_FETCHMODE_OBJECT);
900  return $row->num ? $row->num : 0;
901  }
902 
903 
912  public function assignedUsers($a_rol_id, $a_fields = NULL)
913  {
914  global $ilBench,$ilDB;
915 
916  $ilBench->start("RBAC", "review_assignedUsers");
917 
918  if (!isset($a_rol_id))
919  {
920  $message = get_class($this)."::assignedUsers(): No role_id given!";
921  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
922  }
923  if (! $a_fields AND isset(self::$assigned_users_cache[$a_rol_id])) {
924  return self::$assigned_users_cache[$a_rol_id];
925  }
926 
927  $result_arr = array();
928 
929  if ($a_fields !== NULL and is_array($a_fields))
930  {
931  if (count($a_fields) == 0)
932  {
933  $select = "*";
934  }
935  else
936  {
937  if (($usr_id_field = array_search("usr_id",$a_fields)) !== false)
938  unset($a_fields[$usr_id_field]);
939 
940  $select = implode(",",$a_fields).",usr_data.usr_id";
941  $select = addslashes($select);
942  }
943 
944  $ilDB->enableResultBuffering(false);
945  $query = "SELECT ".$select." FROM usr_data ".
946  "LEFT JOIN rbac_ua ON usr_data.usr_id = rbac_ua.usr_id ".
947  "WHERE rbac_ua.rol_id =".$ilDB->quote($a_rol_id,'integer');
948  $res = $ilDB->query($query);
949  while($row = $ilDB->fetchAssoc($res))
950  {
951  $result_arr[] = $row;
952  }
953  $ilDB->enableResultBuffering(true);
954  }
955  else
956  {
957  $ilDB->enableResultBuffering(false);
958  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
959 
960  $res = $ilDB->query($query);
961  while($row = $ilDB->fetchAssoc($res))
962  {
963  array_push($result_arr,$row["usr_id"]);
964  }
965  $ilDB->enableResultBuffering(true);
966  }
967 
968  $ilBench->stop("RBAC", "review_assignedUsers");
969 
970  if (! $a_fields) {
971  self::$assigned_users_cache[$a_rol_id] = $result_arr;
972  }
973 
974  return $result_arr;
975  }
976 
977 
986  public function isAssigned($a_usr_id,$a_role_id)
987  {
988  if(isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
989  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
990  }
991  // Quickly determine if user is assigned to a role
992  global $ilDB;
993 
994  $ilDB->setLimit(1,0);
995  $query = "SELECT usr_id FROM rbac_ua WHERE ".
996  "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
997  "AND usr_id= ".$ilDB->quote($a_usr_id);
998  $res = $ilDB->query($query);
999 
1000  $is_assigned = $res->numRows() == 1;
1001  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
1002 
1003  return $is_assigned;
1004  }
1005 
1018  public function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
1019  {
1020  global $ilDB;
1021 
1022  $ilDB->setLimit(1,0);
1023  $query = "SELECT usr_id FROM rbac_ua WHERE ".
1024  $ilDB->in('rol_id',$a_role_ids,false,'integer').
1025  " AND usr_id= ".$ilDB->quote($a_usr_id);
1026  $res = $ilDB->query($query);
1027 
1028  return $ilDB->numRows($res) == 1;
1029  }
1030 
1038  public function assignedRoles($a_usr_id)
1039  {
1040  global $ilDB;
1041 
1042  $role_arr = array();
1043 
1044  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
1045 
1046  $res = $ilDB->query($query);
1047  while($row = $ilDB->fetchObject($res))
1048  {
1049  $role_arr[] = $row->rol_id;
1050  }
1051  return $role_arr ? $role_arr : array();
1052  }
1053 
1059  public function assignedGlobalRoles($a_usr_id)
1060  {
1061  global $ilDB;
1062 
1063  $query = "SELECT ua.rol_id FROM rbac_ua ua ".
1064  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
1065  "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
1066  "AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
1067  "AND assign = 'y' ";
1068 
1069  $res = $ilDB->query($query);
1070  while($row = $ilDB->fetchObject($res))
1071  {
1072  $role_arr[] = $row->rol_id;
1073  }
1074  return $role_arr ? $role_arr : array();
1075  }
1076 
1085  public function isAssignable($a_rol_id, $a_ref_id)
1086  {
1087  global $ilBench,$ilDB;
1088 
1089  $ilBench->start("RBAC", "review_isAssignable");
1090 
1091  // exclude system role from rbac
1092  if ($a_rol_id == SYSTEM_ROLE_ID)
1093  {
1094  $ilBench->stop("RBAC", "review_isAssignable");
1095  return true;
1096  }
1097 
1098  if (!isset($a_rol_id) or !isset($a_ref_id))
1099  {
1100  $message = get_class($this)."::isAssignable(): Missing parameter!".
1101  " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
1102  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1103  }
1104  $query = "SELECT * FROM rbac_fa ".
1105  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1106  "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
1107  $res = $ilDB->query($query);
1108  $row = $ilDB->fetchObject($res);
1109 
1110  $ilBench->stop("RBAC", "review_isAssignable");
1111  return $row->assign == 'y' ? true : false;
1112  }
1113 
1119  public function hasMultipleAssignments($a_role_id)
1120  {
1121  global $ilDB;
1122 
1123  $query = "SELECT * FROM rbac_fa WHERE rol_id = ".$ilDB->quote($a_role_id,'integer').' '.
1124  "AND assign = ".$ilDB->quote('y','text');
1125  $res = $ilDB->query($query);
1126  return $res->numRows() > 1;
1127  }
1128 
1140  public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
1141  {
1142  global $ilDB;
1143 
1144  if (!isset($a_rol_id))
1145  {
1146  $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
1147  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1148  }
1149 
1150  if ($a_assignable)
1151  {
1152  $where = " AND assign ='y'";
1153  }
1154 
1155  $query = "SELECT DISTINCT parent FROM rbac_fa ".
1156  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
1157 
1158  $res = $ilDB->query($query);
1159  while($row = $ilDB->fetchObject($res))
1160  {
1161  $folders[] = $row->parent;
1162  }
1163  return $folders ? $folders : array();
1164  }
1165 
1173  public function getRolesOfObject($a_ref_id, $a_assignable_only = FALSE)
1174  {
1175  global $ilDB;
1176 
1177  if(!isset($a_ref_id))
1178  {
1179  $GLOBALS['ilLog']->logStack();
1180  throw new InvalidArgumentException(__METHOD__.': No ref_id given!');
1181  }
1182  if($a_assignable_only === TRUE)
1183  {
1184  $and = 'AND assign = '.$ilDB->quote('y','text');
1185  }
1186  $query = "SELECT rol_id FROM rbac_fa ".
1187  "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1188  $and;
1189 
1190  $res = $ilDB->query($query);
1191 
1192  $role_ids = array();
1193  while($row = $ilDB->fetchObject($res))
1194  {
1195  $role_ids[] = $row->rol_id;
1196  }
1197  return $role_ids;
1198  }
1199 
1200 
1201 
1202 
1213  public function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
1214  {
1215  global $ilBench,$ilDB,$ilLog;
1216 
1217  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
1218 
1219  if (!isset($a_ref_id))
1220  {
1221  $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
1222  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1223 
1224  }
1225 
1226  if ($a_nonassignable === false)
1227  {
1228  $and = " AND assign='y'";
1229  }
1230 
1231  $query = "SELECT rol_id FROM rbac_fa ".
1232  "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
1233  $and;
1234 
1235  $res = $ilDB->query($query);
1236  while($row = $ilDB->fetchObject($res))
1237  {
1238  $rol_id[] = $row->rol_id;
1239  }
1240 
1241  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
1242 
1243  return $rol_id ? $rol_id : array();
1244  }
1245 
1252  public function getGlobalRoles()
1253  {
1254  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
1255  }
1256 
1262  public function getLocalRoles($a_ref_id)
1263  {
1264  global $ilDB;
1265 
1266  $lroles = array();
1267  foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
1268  {
1269  if($this->isAssignable($role_id, $a_ref_id))
1270  {
1271  $lroles[] = $role_id;
1272  }
1273  }
1274  return $lroles;
1275  }
1276 
1282  public function getLocalPolicies($a_ref_id)
1283  {
1284  $lroles = array();
1285  foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
1286  {
1287  $lroles[] = $role_id;
1288  }
1289  return $lroles;
1290  }
1291 
1298  public function getGlobalRolesArray()
1299  {
1300  foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
1301  {
1302  $ga[] = array('obj_id' => $role_id,
1303  'role_type' => 'global');
1304  }
1305  return $ga ? $ga : array();
1306  }
1307 
1314  public function getGlobalAssignableRoles()
1315  {
1316  include_once './Services/AccessControl/classes/class.ilObjRole.php';
1317 
1318  foreach($this->getGlobalRoles() as $role_id)
1319  {
1320  if(ilObjRole::_getAssignUsersStatus($role_id))
1321  {
1322  $ga[] = array('obj_id' => $role_id,
1323  'role_type' => 'global');
1324  }
1325  }
1326  return $ga ? $ga : array();
1327  }
1328 
1329 
1334  public function isRoleAssignedToObject($a_role_id, $a_parent_id)
1335  {
1336  global $rbacreview, $ilDB;
1337 
1338  $query = 'SELECT * FROM rbac_fa '.
1339  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1340  'AND parent = '.$ilDB->quote($a_parent_id,'integer');
1341  $res = $ilDB->query($query);
1342  return $res->numRows() ? true : false;
1343  }
1344 
1351  public function getOperations()
1352  {
1353  global $ilDB;
1354 
1355  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
1356  $res = $this->ilDB->query($query);
1357  while($row = $ilDB->fetchObject($res))
1358  {
1359  $ops[] = array('ops_id' => $row->ops_id,
1360  'operation' => $row->operation,
1361  'description' => $row->description);
1362  }
1363 
1364  return $ops ? $ops : array();
1365  }
1366 
1373  public function getOperation($ops_id)
1374  {
1375  global $ilDB;
1376 
1377  $query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
1378  $res = $this->ilDB->query($query);
1379  while($row = $ilDB->fetchObject($res))
1380  {
1381  $ops = array('ops_id' => $row->ops_id,
1382  'operation' => $row->operation,
1383  'description' => $row->description);
1384  }
1385 
1386  return $ops ? $ops : array();
1387  }
1388 
1398  public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
1399  {
1400  global $ilDB;
1401 
1402  if(!$a_parent)
1403  {
1404  $a_parent = ROLE_FOLDER_ID;
1405  }
1406 
1407  $query = "SELECT ops_id,type FROM rbac_templates ".
1408  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1409  "AND parent = ".$ilDB->quote($a_parent,'integer');
1410  $res = $ilDB->query($query);
1411 
1412  $ops_arr = array();
1413  while ($row = $ilDB->fetchObject($res))
1414  {
1415  $ops_arr[$row->type][] = $row->ops_id;
1416  }
1417  return (array) $ops_arr;
1418  }
1419 
1427  public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
1428  {
1429  global $ilDB;
1430 
1431  $query = 'SELECT * FROM rbac_pa '.
1432  'WHERE ref_id = '.$ilDB->quote($a_ref_id,'integer').' '.
1433  'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' ';
1434 
1435  $res = $ilDB->query($query);
1436  while($row = $res->fetchRow(DB_FETCHMODE_ASSOC))
1437  {
1438  return unserialize($row['ops_id']);
1439  }
1440  return array();
1441  }
1442 
1443 
1454  public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
1455  {
1456  global $ilDB,$ilLog;
1457 
1458  if (!isset($a_rol_id) or !isset($a_type))
1459  {
1460  $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
1461  "role_id: ".$a_rol_id.
1462  "type: ".$a_type.
1463  "parent_id: ".$a_parent;
1464  $ilLog->logStack("Missing parameter! ");
1465  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1466  }
1467 
1468  $ops_arr = array();
1469 
1470  // if no rolefolder id is given, assume global role folder as target
1471  if ($a_parent == 0)
1472  {
1473  $a_parent = ROLE_FOLDER_ID;
1474  }
1475 
1476  $query = "SELECT ops_id FROM rbac_templates ".
1477  "WHERE type =".$ilDB->quote($a_type,'text')." ".
1478  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
1479  "AND parent = ".$ilDB->quote($a_parent,'integer');
1480  $res = $ilDB->query($query);
1481  while ($row = $ilDB->fetchObject($res))
1482  {
1483  $ops_arr[] = $row->ops_id;
1484  }
1485 
1486  return $ops_arr;
1487  }
1488 
1496  public function getRoleOperationsOnObject($a_role_id,$a_ref_id)
1497  {
1498  global $ilDB;
1499 
1500  $query = "SELECT * FROM rbac_pa ".
1501  "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
1502  "AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
1503 
1504  $res = $ilDB->query($query);
1505  while($row = $ilDB->fetchObject($res))
1506  {
1507  $ops = unserialize($row->ops_id);
1508  }
1509 
1510  return $ops ? $ops : array();
1511  }
1512 
1520  public function getOperationsOnType($a_typ_id)
1521  {
1522  global $ilDB;
1523 
1524  if (!isset($a_typ_id))
1525  {
1526  $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1527  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1528  }
1529 
1530  #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1531 
1532  $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id '.
1533  'WHERE typ_id = '.$ilDB->quote($a_typ_id,'integer').' '.
1534  'ORDER BY op_order';
1535 
1536  $res = $ilDB->query($query);
1537 
1538  while($row = $ilDB->fetchObject($res))
1539  {
1540  $ops_id[] = $row->ops_id;
1541  }
1542 
1543  return $ops_id ? $ops_id : array();
1544  }
1545 
1554  public function getOperationsOnTypeString($a_type)
1555  {
1556  global $ilDB;
1557 
1558  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
1559 
1560 
1561  $res = $this->ilDB->query($query);
1562  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1563  {
1564  return $this->getOperationsOnType($row->obj_id);
1565  }
1566  return false;
1567  }
1568 
1576  public function getOperationsByTypeAndClass($a_type,$a_class)
1577  {
1578  global $ilDB;
1579 
1580  if($a_class != 'create')
1581  {
1582  $condition = "AND class != ".$ilDB->quote('create','text');
1583  }
1584  else
1585  {
1586  $condition = "AND class = ".$ilDB->quote('create','text');
1587  }
1588 
1589  $query = "SELECT ro.ops_id FROM rbac_operations ro ".
1590  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id ".
1591  "JOIN object_data od ON rt.typ_id = od.obj_id ".
1592  "WHERE type = ".$ilDB->quote('typ','text')." ".
1593  "AND title = ".$ilDB->quote($a_type,'text')." ".
1594  $condition." ".
1595  "ORDER BY op_order ";
1596 
1597  $res = $ilDB->query($query);
1598 
1599  $ops = array();
1600  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1601  {
1602  $ops[] = $row->ops_id;
1603  }
1604  return $ops;
1605  }
1606 
1607 
1617  public function getObjectsWithStopedInheritance($a_rol_id,$a_filter = array())
1618  {
1619  global $ilDB;
1620 
1621  #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1622  # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1623  # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1624 
1625  $query = 'SELECT parent p FROM rbac_fa '.
1626  'WHERE assign = '.$ilDB->quote('n','text').' '.
1627  'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1628 
1629  if($a_filter)
1630  {
1631  $query .= ('AND '.$ilDB->in('parent',(array) $a_filter,false,'integer'));
1632  }
1633 
1634  $res = $ilDB->query($query);
1635  $parent = array();
1636  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1637  {
1638  $parent[] = $row->p;
1639  }
1640  return $parent;
1641  }
1642 
1650  public function isDeleted($a_node_id)
1651  {
1652  global $ilDB;
1653 
1654  $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1655  $r = $this->ilDB->query($q);
1656 
1657  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1658 
1659  if (!$row)
1660  {
1661  $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1662  get_class($this),
1663  $a_node_id);
1664  $this->log->write($message,$this->log->FATAL);
1665 
1666  return true;
1667  }
1668 
1669  // rolefolder is deleted
1670  if ($row->tree < 0)
1671  {
1672  return true;
1673  }
1674 
1675  return false;
1676  }
1677 
1684  public function isGlobalRole($a_role_id)
1685  {
1686  return in_array($a_role_id,$this->getGlobalRoles());
1687  }
1688 
1698  public function getRolesByFilter($a_filter = 0,$a_user_id = 0, $title_filter = '')
1699  {
1700  global $ilDB;
1701 
1702  $assign = "y";
1703 
1704  switch($a_filter)
1705  {
1706  // all (assignable) roles
1707  case self::FILTER_ALL:
1708  return $this->getAssignableRoles(true,true,$title_filter);
1709  break;
1710 
1711  // all (assignable) global roles
1712  case self::FILTER_ALL_GLOBAL:
1713  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
1714  break;
1715 
1716  // all (assignable) local roles
1717  case self::FILTER_ALL_LOCAL:
1718  case self::FILTER_INTERNAL:
1719  case self::FILTER_NOT_INTERNAL:
1720  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
1721  break;
1722 
1723  // all role templates
1724  case self::FILTER_TEMPLATES:
1725  $where = "WHERE object_data.type = 'rolt'";
1726  $assign = "n";
1727  break;
1728 
1729  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1730  case 0:
1731  default:
1732  if(!$a_user_id)
1733  return array();
1734 
1735  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
1736  break;
1737  }
1738 
1739  $roles = array();
1740 
1741  $query = "SELECT * FROM object_data ".
1742  "JOIN rbac_fa ON obj_id = rol_id ".
1743  $where.
1744  "AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
1745 
1746  if(strlen($title_filter))
1747  {
1748  $query .= (' AND '.$ilDB->like(
1749  'title',
1750  'text',
1751  '%'.$title_filter.'%'
1752  ));
1753  }
1754 
1755  $res = $ilDB->query($query);
1756  while($row = $ilDB->fetchAssoc($res))
1757  {
1758  $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1759 
1760  // all (assignable) internal local roles only
1761  if ($a_filter == 4 and !$prefix)
1762  {
1763  continue;
1764  }
1765 
1766  // all (assignable) non internal local roles only
1767  if ($a_filter == 5 and $prefix)
1768  {
1769  continue;
1770  }
1771 
1772  $row["desc"] = $row["description"];
1773  $row["user_id"] = $row["owner"];
1774  $roles[] = $row;
1775  }
1776 
1777  $roles = $this->__setRoleType($roles);
1778 
1779  return $roles ? $roles : array();
1780  }
1781 
1789  public function getTypeId($a_type)
1790  {
1791  global $ilDB;
1792 
1793  $q = "SELECT obj_id FROM object_data ".
1794  "WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
1795  $r = $ilDB->query($q);
1796 
1797  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
1798  return $row->obj_id;
1799  }
1800 
1811  public static function _getOperationIdsByName($operations)
1812  {
1813  global $ilDB;
1814 
1815  if(!count($operations))
1816  {
1817  return array();
1818  }
1819 
1820  $query = 'SELECT ops_id FROM rbac_operations '.
1821  'WHERE '.$ilDB->in('operation',$operations,false,'text');
1822 
1823  $res = $ilDB->query($query);
1824  while($row = $ilDB->fetchObject($res))
1825  {
1826  $ops_ids[] = $row->ops_id;
1827  }
1828  return $ops_ids ? $ops_ids : array();
1829  }
1830 
1839  public static function _getOperationIdByName($a_operation)
1840  {
1841  global $ilDB,$ilErr;
1842 
1843  if (!isset($a_operation))
1844  {
1845  $message = "perm::getOperationId(): No operation given!";
1846  $ilErr->raiseError($message,$ilErr->WARNING);
1847  }
1848 
1849  // Cache operation ids
1850  if (! is_array(self::$_opsCache)) {
1851  self::$_opsCache = array();
1852 
1853  $q = "SELECT ops_id, operation FROM rbac_operations";
1854  $r = $ilDB->query($q);
1855  while ($row = $r->fetchRow(DB_FETCHMODE_OBJECT))
1856  {
1857  self::$_opsCache[$row->operation] = $row->ops_id;
1858  }
1859  }
1860 
1861  // Get operation ID by name from cache
1862  if (array_key_exists($a_operation, self::$_opsCache)) {
1863  return self::$_opsCache[$a_operation];
1864  }
1865  return null;
1866  }
1867 
1874  public static function lookupCreateOperationIds($a_type_arr)
1875  {
1876  global $ilDB;
1877 
1878  $operations = array();
1879  foreach($a_type_arr as $type)
1880  {
1881  $operations[] = ('create_'.$type);
1882  }
1883 
1884  if(!count($operations))
1885  {
1886  return array();
1887  }
1888 
1889  $query = 'SELECT ops_id, operation FROM rbac_operations '.
1890  'WHERE '.$ilDB->in('operation',$operations,false,'text');
1891 
1892  $res = $ilDB->query($query);
1893 
1894  $ops_ids = array();
1895  while($row = $ilDB->fetchObject($res))
1896  {
1897  $type_arr = explode('_', $row->operation);
1898  $type = $type_arr[1];
1899 
1900  $ops_ids[$type] = $row->ops_id;
1901  }
1902  return $ops_ids;
1903  }
1904 
1905 
1906 
1915  public function isProtected($a_ref_id,$a_role_id)
1916  {
1917  global $ilDB;
1918 
1919  // ref_id not used yet. protected permission acts 'global' for each role,
1920  $query = "SELECT protected FROM rbac_fa ".
1921  "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1922  $res = $ilDB->query($query);
1923  $row = $ilDB->fetchAssoc($res);
1924 
1925  return ilUtil::yn2tf($row['protected']);
1926  }
1927 
1935  public function isBlockedAtPosition($a_role_id, $a_ref_id)
1936  {
1937  global $ilDB;
1938 
1939  $query = 'SELECT blocked from rbac_fa '.
1940  'WHERE rol_id = '. $ilDB->quote($a_role_id,'integer').' '.
1941  'AND parent = '.$ilDB->quote($a_ref_id,'integer');
1942  $res = $ilDB->query($query);
1943  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1944  {
1945  return (bool) $row->blocked;
1946  }
1947  return FALSE;
1948  }
1949 
1955  public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1956  {
1957  global $ilDB, $tree;
1958 
1959  if($this->isBlockedAtPosition($a_role_id, $a_ref_id))
1960  {
1961  return FALSE;
1962  }
1963  $query = 'SELECT parent from rbac_fa '.
1964  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1965  'AND blocked = '.$ilDB->quote(1,'integer');
1966  $res = $ilDB->query($query);
1967 
1968  $parent_ids = array();
1969  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1970  {
1971  $parent_ids[] = $row->parent;
1972  }
1973 
1974  foreach($parent_ids as $parent_id)
1975  {
1976  if($tree->isGrandChild($parent_id, $a_ref_id))
1977  {
1978  return TRUE;
1979  }
1980  }
1981  return FALSE;
1982  }
1983 
1984  // this method alters the protected status of role regarding the current user's role assignment
1985  // and current postion in the hierarchy.
1986 
1998  protected function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1999  {
2000  //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
2001 
2002  global $rbacsystem,$ilUser,$log;
2003 
2004  if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
2005  {
2006  $leveladmin = true;
2007  }
2008  else
2009  {
2010  $leveladmin = false;
2011  }
2012  #vd("RoleHierarchy",$a_role_hierarchy);
2013  foreach ($a_role_hierarchy as $role_id => $rolf_id)
2014  {
2015  //$log->write("ilRBACreview::__setProtectedStatus(), 0");
2016  #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
2017  //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
2018 
2019  if ($leveladmin == true)
2020  {
2021  $a_parent_roles[$role_id]['protected'] = false;
2022  continue;
2023  }
2024 
2025  if ($a_parent_roles[$role_id]['protected'] == true)
2026  {
2027  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
2028 
2029  #vd("intersection",$arr_lvl_roles_user);
2030 
2031  foreach ($arr_lvl_roles_user as $lvl_role_id)
2032  {
2033  #echo "<br/>level_role: ".$lvl_role_id;
2034  #echo "<br/>a_ref_id: ".$a_ref_id;
2035 
2036  //$log->write("ilRBACreview::__setProtectedStatus(), 1");
2037  // check if role grants 'edit_permission' to parent
2038  $rolf = $a_parent_roles[$role_id]['parent'];
2039  #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
2040  if ($rbacsystem->checkPermission($rolf,$lvl_role_id,'edit_permission'))
2041  {
2042  #echo "<br />Permission granted";
2043  //$log->write("ilRBACreview::__setProtectedStatus(), 2");
2044  // user may change permissions of that higher-ranked role
2045  $a_parent_roles[$role_id]['protected'] = false;
2046 
2047  // remember successful check
2048  //$leveladmin = true;
2049  }
2050  }
2051  }
2052  }
2053  return $a_parent_roles;
2054  }
2055 
2066  public static function _getOperationList($a_type = null)
2067  {
2068  global $ilDB;
2069 
2070  $arr = array();
2071 
2072  if ($a_type)
2073  {
2074  $query = sprintf('SELECT * FROM rbac_operations '.
2075  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
2076  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
2077  'WHERE object_data.title = %s '.
2078  'AND object_data.type = %s '.
2079  'ORDER BY op_order ASC',
2080  $ilDB->quote($a_type,'text'),
2081  $ilDB->quote('typ','text'));
2082  }
2083  else
2084  {
2085  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
2086  }
2087  $res = $ilDB->query($query);
2088  while ($row = $ilDB->fetchAssoc($res))
2089  {
2090  $arr[] = array(
2091  "ops_id" => $row['ops_id'],
2092  "operation" => $row['operation'],
2093  "desc" => $row['description'],
2094  "class" => $row['class'],
2095  "order" => $row['op_order']
2096  );
2097  }
2098  return $arr;
2099  }
2100 
2107  public static function _groupOperationsByClass($a_ops_arr)
2108  {
2109  $arr = array();
2110 
2111  foreach ($a_ops_arr as $ops)
2112  {
2113  $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
2114  'name' => $ops['operation']
2115  );
2116  }
2117  return $arr;
2118  }
2119 
2129  public function getObjectOfRole($a_role_id)
2130  {
2131  // internal cache
2132  static $obj_cache = array();
2133 
2134  global $ilDB;
2135 
2136 
2137  if(isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id])
2138  {
2139  return $obj_cache[$a_role_id];
2140  }
2141 
2142  $query = 'SELECT obr.obj_id FROM rbac_fa rfa '.
2143  'JOIN object_reference obr ON rfa.parent = obr.ref_id '.
2144  'WHERE assign = '.$ilDB->quote('y','text'). ' '.
2145  'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2146  'AND deleted IS NULL';
2147 
2148  #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
2149  # "JOIN tree ON rfa.parent = tree.child ".
2150  # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
2151  # "WHERE tree.tree = 1 ".
2152  # "AND assign = 'y' ".
2153  # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
2154  $res = $ilDB->query($query);
2155 
2156  $obj_cache[$a_role_id] = 0;
2157  while($row = $ilDB->fetchObject($res))
2158  {
2159  $obj_cache[$a_role_id] = $row->obj_id;
2160  }
2161  return $obj_cache[$a_role_id];
2162  }
2163 
2170  public function getObjectReferenceOfRole($a_role_id)
2171  {
2172  global $ilDB;
2173 
2174  $query = 'SELECT parent p_ref FROM rbac_fa '.
2175  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2176  'AND assign = '.$ilDB->quote('y','text');
2177 
2178  $res = $ilDB->query($query);
2179  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
2180  {
2181  return $row->p_ref;
2182  }
2183  return 0;
2184  }
2185 
2193  public function isRoleDeleted ($a_role_id)
2194  {
2195  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
2196  $deleted = true;
2197  if (count($rolf_list))
2198  {
2199  foreach ($rolf_list as $rolf) {
2200  // only list roles that are not set to status "deleted"
2201  if (!$this->isDeleted($rolf))
2202  {
2203  $deleted = false;
2204  break;
2205  }
2206  }
2207  }
2208  return $deleted;
2209  }
2210 
2211 
2219  public function getRolesForIDs($role_ids, $use_templates)
2220  {
2221  global $ilDB;
2222 
2223  $role_list = array();
2224 
2225  $where = $this->__setTemplateFilter($use_templates);
2226 
2227  $query = "SELECT * FROM object_data ".
2228  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
2229  $where.
2230  "AND rbac_fa.assign = 'y' " .
2231  'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
2232 
2233  $res = $ilDB->query($query);
2234  while($row = $ilDB->fetchAssoc($res))
2235  {
2236  $row["desc"] = $row["description"];
2237  $row["user_id"] = $row["owner"];
2238  $role_list[] = $row;
2239  }
2240 
2241  $role_list = $this->__setRoleType($role_list);
2242  return $role_list;
2243  }
2244 
2250  public function getOperationAssignment()
2251  {
2252  global $ilDB;
2253 
2254  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
2255  'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
2256  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
2257  $res = $ilDB->query($query);
2258 
2259  $counter = 0;
2260  while($row = $ilDB->fetchObject($res))
2261  {
2262  $info[$counter]['typ_id'] = $row->typ_id;
2263  $info[$counter]['type'] = $row->title;
2264  $info[$counter]['ops_id'] = $row->ops_id;
2265  $info[$counter]['operation'] = $row->operation;
2266  $counter++;
2267  }
2268  return $info ? $info : array();
2269 
2270  }
2271 
2279  public function isDeleteable($a_role_id, $a_rolf_id)
2280  {
2281  if(!$this->isAssignable($a_role_id, $a_rolf_id))
2282  {
2283  return false;
2284  }
2285  if($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID)
2286  {
2287  return false;
2288  }
2289  if(substr(ilObject::_lookupTitle($a_role_id),0,3) == 'il_')
2290  {
2291  return false;
2292  }
2293  return true;
2294  }
2295 
2302  public function isSystemGeneratedRole($a_role_id)
2303  {
2304  $title = ilObject::_lookupTitle($a_role_id);
2305  return substr($title,0,3) == 'il_' ? true : false;
2306  }
2307 
2308 
2316  public function getRoleFolderOfRole($a_role_id)
2317  {
2318  global $ilDB;
2319 
2320  if(ilObject::_lookupType($a_role_id) == 'role')
2321  {
2322  $and = ('AND assign = '.$ilDB->quote('y','text'));
2323  }
2324  else
2325  {
2326  $and = '';
2327  }
2328 
2329  $query = 'SELECT * FROM rbac_fa '.
2330  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
2331  $and;
2332  $res = $ilDB->query($query);
2333  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
2334  {
2335  return $row->parent;
2336  }
2337  return 0;
2338  }
2339 
2347  public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
2348  {
2349  global $ilDB;
2350 
2351  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua ".
2352  "ON (rbac_pa.rol_id = rbac_ua.rol_id) ".
2353  "WHERE rbac_ua.usr_id = ".$ilDB->quote($a_user_id,'integer')." ".
2354  "AND rbac_pa.ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
2355 
2356  $res = $ilDB->query($query);
2357  $all_ops = array();
2358  while ($row = $ilDB->fetchObject($res))
2359  {
2360  $ops = unserialize($row->ops_id);
2361  $all_ops = array_merge($all_ops, $ops);
2362  }
2363  $all_ops = array_unique($all_ops);
2364 
2365  $set = $ilDB->query("SELECT operation FROM rbac_operations ".
2366  " WHERE ".$ilDB->in("ops_id", $all_ops, false, "integer"));
2367  $perms = array();
2368  while ($rec = $ilDB->fetchAssoc($set))
2369  {
2370  $perms[] = $rec["operation"];
2371  }
2372 
2373  return $perms;
2374  }
2375 
2382  public function setAssignedCacheEntry($a_role_id,$a_user_id, $a_value)
2383  {
2384  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
2385  }
2386 
2393  public function getAssignedCacheEntry($a_role_id,$a_user_id)
2394  {
2395  return self::$is_assigned_cache[$a_role_id][$a_user_id];
2396  }
2397 
2401  public function clearCaches()
2402  {
2403  self::$is_assigned_cache = array();
2404  self::$assigned_users_cache = array();
2405  }
2406 
2407 } // END class.ilRbacReview
2408 ?>
clearCaches()
Clear assigned users caches.
roleExists($a_title, $a_id=0)
Checks if a role already exists.
getLocalPolicies($a_ref_id)
Get all roles with local policies.
getObjectReferenceOfRole($a_role_id)
Get reference of role.
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
static $assigned_users_cache
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) public.
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
static _getOperationIdsByName($operations)
get ops_id&#39;s by name.
const ILIAS_HOST
getNumberOfAssignedUsers(Array $a_roles)
Get the number of assigned users to roles ilDB $ilDB.
query($sql, $a_handle_error=true)
Query.
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
ilDB $ilDB
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container public.
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles public.
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
static _getOperationList($a_type=null)
get operation list by object type public static
static _lookupTitle($a_id)
lookup object title
getOperationAssignment()
get operation assignments
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
isGlobalRole($a_role_id)
Check if role is a global role.
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause private
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status type $rbacsystem type $ilUser type $log.
getRoleOperationsOnObject($a_role_id, $a_ref_id)
ilDB $ilDB
assignedUsers($a_rol_id, $a_fields=NULL)
get all assigned users to a given role public
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node public.
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
isProtected($a_ref_id, $a_role_id)
searchRolesByMailboxAddressList($a_address_list)
Finds all role ids that match the specified user friendly role mailbox address list.
quote($a_query, $a_type=null)
Wrapper for quote method.
$info
Definition: example_052.php:80
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users public.
getGlobalRolesArray()
get only &#39;global&#39; roles public
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position ilDB $ilDB.
$r
Definition: example_031.php:79
getRolesOfObject($a_ref_id, $a_assignable_only=FALSE)
Get roles of object.
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
getRolesForIDs($role_ids, $use_templates)
ilDB $ilDB
getOperation($ops_id)
get one operation by operation id public
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
getRoleMailboxAddress($a_role_id, $is_localize=true)
Returns the mailbox address of a role.
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
getGlobalRoles()
get only &#39;global&#39; roles public
getTypeId($a_type)
Get type id of object ilDB $ilDB.
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
static _lookupType($a_id, $a_reference=false)
lookup object type
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
hasMultipleAssignments($a_role_id)
Temporary bugfix.
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
if(!file_exists(getcwd().'/ilias.ini.php')) if(isset( $_GET["client_id"]))
registration confirmation script for ilias
Definition: confirmReg.php:20
static _getOperationIdByName($a_operation)
get operation id by name of operation public static
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role public
getGlobalAssignableRoles()
get only &#39;global&#39; roles (with flag &#39;assign_users&#39;) public
__construct()
Constructor public.
getOperations()
get all possible operations public
getRoleFolderOfRole($a_role_id)
Get role folder of role ilDB $ilDB.
Database Wrapper.
Definition: class.ilDB.php:28
global $ilUser
Definition: imgupload.php:15
$ref_id
Definition: sahs_server.php:39
_getAssignUsersStatus($a_role_id)
getOperationsOnTypeString($a_type)
all possible operations of a type public
global $lng
Definition: privfeed.php:40
assignedRoles($a_usr_id)
get all assigned roles to a given user public
global $ilBench
Definition: ilias.php:18
global $ilDB
static _getIdsForTitle($title, $type='', $partialmatch=false)
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository public.
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
static yn2tf($a_yn)
convert "y"/"n" to true/false
static _groupOperationsByClass($a_ops_arr)
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
getOperationsOnType($a_typ_id)
all possible operations of a type public
getLocalRoles($a_ref_id)
Get local roles of object.
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
class ilRbacReview Contains Review functions of core Rbac.