ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./Services/Object/classes/class.ilObject.php";
6 
15 class ilObjRole extends ilObject
16 {
17  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21 
29  var $parent;
30 
31  var $allow_register;
32  var $assign_users;
33 
35  var $disk_quota;
36  var $wsp_disk_quota;
37 
44  function ilObjRole($a_id = 0,$a_call_by_reference = false)
45  {
46  $this->type = "role";
47  $this->disk_quota = 0;
48  $this->wsp_disk_quota = 0;
49  $this->ilObject($a_id,$a_call_by_reference);
50  }
51 
60  public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
61  {
62  global $ilDB;
63 
64  // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
65  $res = $ilDB->query("SELECT obj_id FROM object_data ".
66  " WHERE type=".$ilDB->quote("rolt", "text").
67  " AND title=".$ilDB->quote($a_tpl_name, "text"));
68  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
69  {
70  $tpl_id = $row->obj_id;
71  }
72 
73  if(!$tpl_id)
74  {
75  return null;
76  }
77 
78  include_once './Services/AccessControl/classes/class.ilObjRole.php';
79  $role = new ilObjRole();
80  $role->setTitle($a_title);
81  $role->setDescription($a_description);
82  $role->create();
83 
84  $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$a_ref_id,'y');
85 
86  $GLOBALS['rbacadmin']->copyRoleTemplatePermissions(
87  $tpl_id,
88  ROLE_FOLDER_ID,
89  $a_ref_id,
90  $role->getId()
91  );
92 
93  $ops = $GLOBALS['rbacreview']->getOperationsOfRole(
94  $role->getId(),
95  ilObject::_lookupType($a_ref_id, TRUE),
96  $a_ref_id
97  );
98  $GLOBALS['rbacadmin']->grantPermission(
99  $role->getId(),
100  $ops,
101  $a_ref_id
102  );
103  return $role;
104  }
105 
106 
111  public function validate()
112  {
113  global $ilErr;
114 
115  if(substr($this->getTitle(),0,3) == 'il_')
116  {
117  $ilErr->setMessage('msg_role_reserved_prefix');
118  return false;
119  }
120  return true;
121  }
122 
127  public function getPresentationTitle()
128  {
129  return ilObjRole::_getTranslation($this->getTitle());
130  }
131 
132  function toggleAssignUsersStatus($a_assign_users)
133  {
134  $this->assign_users = (int) $a_assign_users;
135  }
136  function getAssignUsersStatus()
137  {
138  return $this->assign_users ? $this->assign_users : 0;
139  }
140  // Same method (static)
141  function _getAssignUsersStatus($a_role_id)
142  {
143  global $ilDB;
144 
145  $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
146  $res = $ilDB->query($query);
147  while($row = $ilDB->fetchObject($res))
148  {
149  return $row->assign_users ? true : false;
150  }
151  return false;
152  }
153 
158  function read ()
159  {
160  global $ilDB;
161 
162  $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
163 
164  $res = $ilDB->query($query);
165  if ($res->numRows() > 0)
166  {
167  $data = $ilDB->fetchAssoc($res);
168 
169  // fill member vars in one shot
170  $this->assignData($data);
171  }
172  else
173  {
174  $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
175  }
176 
177  parent::read();
178  }
179 
185  function assignData($a_data)
186  {
187  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
188  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
189  $this->setAllowRegister($a_data["allow_register"]);
190  $this->toggleAssignUsersStatus($a_data['assign_users']);
191  $this->setDiskQuota($a_data['disk_quota']);
192  $this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
193  }
194 
199  function update ()
200  {
201  global $ilDB;
202 
203  $query = "UPDATE role_data SET ".
204  "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
205  "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
206  "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer').", ".
207  "wsp_disk_quota = ".$ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer')." ".
208  "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
209  $res = $ilDB->manipulate($query);
210 
211  parent::update();
212 
213  $this->read();
214 
215  return true;
216  }
217 
225  function create()
226  {
227  global $ilDB;
228 
229  $this->id = parent::create();
230 
231  $query = "INSERT INTO role_data ".
232  "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) ".
233  "VALUES ".
234  "(".$ilDB->quote($this->id,'integer').",".
235  $ilDB->quote($this->getAllowRegister(),'integer').",".
236  $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
237  $ilDB->quote($this->getDiskQuota(),'integer').",".
238  $ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer').")"
239  ;
240  $res = $ilDB->query($query);
241 
242  return $this->id;
243  }
244 
251  function setAllowRegister($a_allow_register)
252  {
253  if (empty($a_allow_register))
254  {
255  $a_allow_register = 0;
256  }
257 
258  $this->allow_register = (int) $a_allow_register;
259  }
260 
267  function getAllowRegister()
268  {
269  return $this->allow_register ? $this->allow_register : false;
270  }
271 
280  function setDiskQuota($a_disk_quota)
281  {
282  $this->disk_quota = $a_disk_quota;
283  }
284 
294  function getDiskQuota()
295  {
296  return $this->disk_quota;
297  }
298 
299 
308  function setPersonalWorkspaceDiskQuota($a_disk_quota)
309  {
310  $this->wsp_disk_quota = $a_disk_quota;
311  }
312 
322  function getPersonalWorkspaceDiskQuota()
323  {
324  return $this->wsp_disk_quota;
325  }
326 
333  function _lookupRegisterAllowed()
334  {
335  global $ilDB;
336 
337  $query = "SELECT * FROM role_data ".
338  "JOIN object_data ON object_data.obj_id = role_data.role_id ".
339  "WHERE allow_register = 1";
340  $res = $ilDB->query($query);
341 
342  $roles = array();
343  while($role = $ilDB->fetchAssoc($res))
344  {
345  $roles[] = array("id" => $role["obj_id"],
346  "title" => $role["title"],
347  "auth_mode" => $role['auth_mode']);
348  }
349 
350  return $roles;
351  }
352 
359  function _lookupAllowRegister($a_role_id)
360  {
361  global $ilDB;
362 
363  $query = "SELECT * FROM role_data ".
364  " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
365 
366  $res = $ilDB->query($query);
367  if ($role_rec = $ilDB->fetchAssoc($res))
368  {
369  if ($role_rec["allow_register"])
370  {
371  return true;
372  }
373  }
374  return false;
375  }
376 
384  function setParent($a_parent_ref)
385  {
386  $this->parent = $a_parent_ref;
387  }
388 
395  function getParent()
396  {
397  return $this->parent;
398  }
399 
400 
407  function delete()
408  {
409  global $rbacadmin, $rbacreview,$ilDB;
410 
411  // Temporary bugfix
412  if($rbacreview->hasMultipleAssignments($this->getId()))
413  {
414  ilLoggerFactory::getLogger('ac')->warning('Found role with multiple assignments: role_id: ' . $this->getId());
415  ilLoggerFactory::getLogger('ac')->warning('Aborted deletion of role.');
416  return false;
417  }
418 
419  if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
420  {
421  ilLoggerFactory::getLogger('ac')->debug('Handling assignable role...');
422  // do not delete a global role, if the role is the last
423  // role a user is assigned to.
424  //
425  // Performance improvement: In the code section below, we
426  // only need to consider _global_ roles. We don't need
427  // to check for _local_ roles, because a user who has
428  // a local role _always_ has a global role too.
429  $last_role_user_ids = array();
430  if ($this->getParent() == ROLE_FOLDER_ID)
431  {
432  ilLoggerFactory::getLogger('ac')->debug('Handling global role...');
433  // The role is a global role: check if
434  // we find users who aren't assigned to any
435  // other global role than this one.
436  $user_ids = $rbacreview->assignedUsers($this->getId());
437 
438  foreach ($user_ids as $user_id)
439  {
440  // get all roles each user has
441  $role_ids = $rbacreview->assignedRoles($user_id);
442 
443  // is last role?
444  if (count($role_ids) == 1)
445  {
446  $last_role_user_ids[] = $user_id;
447  }
448  }
449  }
450 
451  // users with last role found?
452  if (count($last_role_user_ids) > 0)
453  {
454  foreach ($last_role_user_ids as $user_id)
455  {
456  // GET OBJECT TITLE
457  $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
458  $user_names[] = $tmp_obj->getFullname();
459  unset($tmp_obj);
460  }
461 
462  // TODO: This check must be done in rolefolder object because if multiple
463  // roles were selected the other roles are still deleted and the system does not
464  // give any feedback about this.
465  $users = implode(', ',$user_names);
466  ilLoggerFactory::getLogger('ac')->info('Cannot delete last global role of users.');
467  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
468  $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
469  }
470  else
471  {
472  ilLoggerFactory::getLogger('ac')->debug('Starting deletion of assignable role: role_id: ' . $this->getId());
473  $rbacadmin->deleteRole($this->getId(),$this->getParent());
474 
475  // Delete ldap role group mappings
476  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
477  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
478 
479  // delete object_data entry
480  parent::delete();
481 
482  // delete role_data entry
483  $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
484  $res = $ilDB->manipulate($query);
485 
486  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
487  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
488  $role_desk_item_obj->deleteAll();
489 
490  }
491  }
492  else
493  {
494  ilLoggerFactory::getLogger('ac')->debug('Starting deletion of linked role: role_id ' . $this->getId());
495  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
496  $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
497  }
498  return true;
499  }
500 
501  function getCountMembers()
502  {
503  global $rbacreview;
504 
505  return count($rbacreview->assignedUsers($this->getId()));
506  }
507 
508  function _getTranslation($a_role_title)
509  {
510  global $lng;
511 
512  $test_str = explode('_',$a_role_title);
513 
514  if ($test_str[0] == 'il')
515  {
516  $test2 = (int) $test_str[3];
517  if ($test2 > 0)
518  {
519  unset($test_str[3]);
520  }
521 
522  return $lng->txt(implode('_',$test_str));
523  }
524 
525  return $a_role_title;
526  }
527 
528 
529 
530  function _updateAuthMode($a_roles)
531  {
532  global $ilDB;
533 
534  foreach ($a_roles as $role_id => $auth_mode)
535  {
536  $query = "UPDATE role_data SET ".
537  "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
538  "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
539  $res = $ilDB->manipulate($query);
540  }
541  }
542 
543  function _getAuthMode($a_role_id)
544  {
545  global $ilDB;
546 
547  $query = "SELECT auth_mode FROM role_data ".
548  "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
549  $res = $ilDB->query($query);
550  $row = $ilDB->fetchAssoc($res);
551 
552  return $row['auth_mode'];
553  }
554 
562  public static function _getRolesByAuthMode($a_auth_mode)
563  {
564  global $ilDB;
565 
566  $query = "SELECT * FROM role_data ".
567  "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
568  $res = $ilDB->query($query);
569  $roles = array();
570  while($row = $ilDB->fetchObject($res))
571  {
572  $roles[] = $row->role_id;
573  }
574  return $roles;
575  }
576 
585  public static function _resetAuthMode($a_auth_mode)
586  {
587  global $ilDB;
588 
589  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
590  $res = $ilDB->manipulate($query);
591  }
592 
593  // returns array of operation/objecttype definitions
594  // private
595  function __getPermissionDefinitions()
596  {
597  global $ilDB, $lng, $objDefinition,$rbacreview;
598 
599  $operation_info = $rbacreview->getOperationAssignment();
600  foreach($operation_info as $info)
601  {
602  if($objDefinition->getDevMode($info['type']))
603  {
604  continue;
605  }
606  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
607  "type" => $info['type']);
608 
609  // handle plugin permission texts
610  $txt = $objDefinition->isPlugin($info['type'])
611  ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
612  : $lng->txt($info['type']."_".$info['operation']);
613  if (substr($info['operation'], 0, 7) == "create_" &&
614  $objDefinition->isPlugin(substr($info['operation'], 7)))
615  {
616  $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
617  }
618  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
619  "ops_id" => $info['ops_id'],
620  "title" => $info['operation'],
621  "name" => $txt);
622 
623  }
624  return array($rbac_objects,$rbac_operations);
625  }
626 
627 
628  public static function isAutoGenerated($a_role_id)
629  {
630  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
631  }
632 
640  public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
641  {
642  global $tree,$rbacreview;
643 
644  // Get node info of subtree
645  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
646 
647  // get local policies
648  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
649 
650  // filter relevant roles
651  $local_policies = array();
652  foreach($all_local_policies as $lp)
653  {
654  if(isset($nodes[$lp]))
655  {
656  $local_policies[] = $lp;
657  }
658  }
659 
660  // Delete deprecated policies
661  switch($a_mode)
662  {
663  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
664  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
665  $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
666  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
667  break;
668  }
669  $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
670 
671  #var_dump(memory_get_peak_usage());
672  #var_dump(memory_get_usage());
673  }
674 
680  protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
681  {
682  global $rbacreview,$rbacadmin;
683 
684  $local_policies = array();
685  foreach($a_policies as $policy)
686  {
687  if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
688  {
689  $local_policies[] = $policy;
690  continue;
691  }
692  if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
693  {
694  $local_policies[] = $policy;
695  continue;
696  }
697  $rbacadmin->deleteLocalRole($this->getId(),$policy);
698  }
699  return $local_policies;
700  }
701 
710  protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
711  {
712  global $rbacadmin, $rbacreview, $tree;
713 
714  $operation_stack = array();
715  $policy_stack = array();
716  $node_stack = array();
717 
718  $start_node = current($a_nodes);
719  array_push($node_stack,$start_node);
720  $this->updatePolicyStack($policy_stack, $start_node['child']);
721  $this->updateOperationStack($operation_stack, $start_node['child'],true);
722 
723  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
724  $rbac_log_active = ilRbacLog::isActive();
725 
726  $local_policy = false;
727  foreach($a_nodes as $node)
728  {
729  $cmp_node = end($node_stack);
730  while($relation = $tree->getRelationOfNodes($node,$cmp_node))
731  {
732  switch($relation)
733  {
734  case ilTree::RELATION_NONE:
735  case ilTree::RELATION_SIBLING:
736  $GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none relation.');
737  array_pop($operation_stack);
738  array_pop($policy_stack);
739  array_pop($node_stack);
740  $cmp_node = end($node_stack);
741  $local_policy = false;
742  break;
743 
744  case ilTree::RELATION_CHILD:
745  case ilTree::RELATION_EQUALS:
746  case ilTree::RELATION_PARENT:
747  default:
748  $GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
749  break 2;
750  }
751 
752  }
753 
754  if($local_policy)
755  {
756  continue;
757  }
758 
759  // Start node => set permissions and continue
760  if($node['child'] == $start_node['child'])
761  {
762  if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
763  {
764  if($rbac_log_active)
765  {
766  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
767  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
768  }
769 
770  // Set permissions
771  $perms = end($operation_stack);
772  $rbacadmin->grantPermission(
773  $this->getId(),
774  (array) $perms[$node['type']],
775  $node['child']
776  );
777 
778  if($rbac_log_active)
779  {
780  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
781  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
782  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
783  }
784  }
785  continue;
786  }
787 
788  // Node has local policies => update permission stack and continue
789  if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
790  {
791  $local_policy = true;
792  $this->updatePolicyStack($policy_stack, $node['child']);
793  $this->updateOperationStack($operation_stack, $node['child']);
794  array_push($node_stack, $node);
795  continue;
796  }
797 
798  // Continue if this object type is not in filter
799  if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
800  {
801  continue;
802  }
803 
804  if($rbac_log_active)
805  {
806  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
807  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
808  }
809 
810  // Node is course => create course permission intersection
811  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
812  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
813 
814  {
815  // Copy role permission intersection
816  $perms = end($operation_stack);
817  $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
818  if($this->updateOperationStack($operation_stack,$node['child']))
819  {
820  $this->updatePolicyStack($policy_stack, $node['child']);
821  array_push($node_stack, $node);
822  }
823  }
824 
825  // Node is group => create group permission intersection
826  if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
827  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
828  {
829  // Copy role permission intersection
830  $perms = end($operation_stack);
831  $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
832  if($this->updateOperationStack($operation_stack,$node['child']))
833  {
834  $this->updatePolicyStack($policy_stack, $node['child']);
835  array_push($node_stack, $node);
836  }
837  }
838 
839  // Set permission
840  $perms = end($operation_stack);
841  $rbacadmin->grantPermission(
842  $this->getId(),
843  (array) $perms[$node['type']],
844  $node['child']
845  );
846 
847  if($rbac_log_active)
848  {
849  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
850  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
851  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
852  }
853  }
854  }
855 
862  protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
863  {
864  if(in_array($a_type,$a_exclusion_filter))
865  {
866  return false;
867  }
868 
869  if(in_array('all',$a_filter))
870  {
871  return true;
872  }
873  return in_array($a_type,$a_filter);
874  }
875 
882  protected function updateOperationStack(&$a_stack,$a_node, $a_init = false)
883  {
884  global $rbacreview;
885 
886  $has_policies = null;
887  $policy_origin = null;
888 
889  if($a_node == ROOT_FOLDER_ID)
890  {
891  $has_policies = TRUE;
892  $policy_origin = ROLE_FOLDER_ID;
893  }
894  else
895  {
896  $has_policies = $rbacreview->getLocalPolicies($a_node);
897  $policy_origin = $a_node;
898 
899  if($a_init)
900  {
901  $parent_roles = $rbacreview->getParentRoleIds($a_node,false);
902  if($parent_roles[$this->getId()])
903  {
904  $a_stack[] = $rbacreview->getAllOperationsOfRole(
905  $this->getId(),
906  $parent_roles[$this->getId()]['parent']
907  );
908  }
909  return true;
910  }
911 
912  }
913 
914  if(!$has_policies)
915  {
916  return false;
917  }
918 
919  $a_stack[] = $rbacreview->getAllOperationsOfRole(
920  $this->getId(),
921  $policy_origin
922  );
923  return true;
924  }
925 
931  protected function updatePolicyStack(&$a_stack,$a_node)
932  {
933  global $rbacreview;
934 
935  $has_policies = null;
936  $policy_origin = null;
937 
938  if($a_node == ROOT_FOLDER_ID)
939  {
940  $has_policies = TRUE;
941  $policy_origin = ROLE_FOLDER_ID;
942  }
943  else
944  {
945  $has_policies = $rbacreview->getLocalPolicies($a_node);
946  $policy_origin = $a_node;
947  }
948 
949  if(!$has_policies)
950  {
951  return false;
952  }
953 
954  $a_stack[] = $policy_origin;
955  return true;
956  }
957 
965  protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
966  {
967  global $ilDB, $rbacreview,$rbacadmin;
968 
969  static $course_non_member_id = null;
970  static $group_non_member_id = null;
971  static $group_open_id = null;
972  static $group_closed_id = null;
973 
974  // Get template id
975  switch($a_type)
976  {
977  case 'grp':
978 
979  include_once './Modules/Group/classes/class.ilObjGroup.php';
980  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
981  #var_dump("GROUP TYPE",$type);
982  switch($type)
983  {
984  case GRP_TYPE_CLOSED:
985  if(!$group_closed_id)
986  {
987  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
988  $res = $ilDB->query($query);
989  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
990  {
991  $group_closed_id = $row->obj_id;
992  }
993  }
994  $template_id = $group_closed_id;
995  #var_dump("GROUP CLOSED id:" . $template_id);
996  break;
997 
998  case GRP_TYPE_OPEN:
999  default:
1000  if(!$group_open_id)
1001  {
1002  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
1003  $res = $ilDB->query($query);
1004  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1005  {
1006  $group_open_id = $row->obj_id;
1007  }
1008  }
1009  $template_id = $group_open_id;
1010  #var_dump("GROUP OPEN id:" . $template_id);
1011  break;
1012  }
1013  break;
1014 
1015  case 'crs':
1016  if(!$course_non_member_id)
1017  {
1018  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
1019  $res = $ilDB->query($query);
1020  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1021  {
1022  $course_non_member_id = $row->obj_id;
1023  }
1024  }
1025  $template_id = $course_non_member_id;
1026  break;
1027  }
1028 
1029  $current_ops = $a_current_ops[$a_type];
1030 
1031  // Create intersection template permissions
1032  if($template_id)
1033  {
1034  //$rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
1035 
1036  $rbacadmin->copyRolePermissionIntersection(
1037  $template_id, ROLE_FOLDER_ID,
1038  $this->getId(), end($policy_stack),
1039  $a_id,$this->getId()
1040  );
1041  }
1042  else
1043  {
1044  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1045  }
1046  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1047  if($a_id and !$GLOBALS['rbacreview']->isRoleAssignedToObject($this->getId(),$a_id))
1048  {
1049  $rbacadmin->assignRoleToFolder($this->getId(),$a_id,"n");
1050  }
1051  return true;
1052  }
1053 
1054 } // END class.ilObjRole
1055 ?>
GRP_TYPE_OPEN
const GRP_TYPE_OPEN
Definition: class.ilObjGroup.php:20
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:15
ilObjRole\$disk_quota
$disk_quota
The disk quota in bytes.
Definition: class.ilObjRole.php:35
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilObjRole\ilObjRole
ilObjRole($a_id=0, $a_call_by_reference=false)
Constructor public.
Definition: class.ilObjRole.php:44
$template_id
$template_id
Definition: example_062.php:89
ilObjRole\getPresentationTitle
getPresentationTitle()
return translated title for autogenerated roles
Definition: class.ilObjRole.php:127
ilObjRole\getPersonalWorkspaceDiskQuota
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:322
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:17
ilObjRole\createPermissionIntersection
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
Definition: class.ilObjRole.php:965
ilObject
Class ilObject Basic functions for all objects.
Definition: class.ilObject.php:14
ilObjRole\_getTranslation
_getTranslation($a_role_title)
Definition: class.ilObjRole.php:508
ilObjRole\setParent
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!!! ...
Definition: class.ilObjRole.php:384
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus($a_assign_users)
Definition: class.ilObjRole.php:132
ilTree\RELATION_PARENT
const RELATION_PARENT
Definition: class.ilTree.php:31
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
ilObjRole\setAllowRegister
setAllowRegister($a_allow_register)
set allow_register of role
Definition: class.ilObjRole.php:251
ilObjRole\update
update()
updates a record "role" and write it into database public
Definition: class.ilObjRole.php:199
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilObjRole\updatePolicyStack
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
Definition: class.ilObjRole.php:931
ilObjRole\_resetAuthMode
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
Definition: class.ilObjRole.php:585
ilObjRole\deleteLocalPolicies
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
Definition: class.ilObjRole.php:680
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilObjRole\getAllowRegister
getAllowRegister()
get allow_register
Definition: class.ilObjRole.php:267
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilObject\ilObject
ilObject($a_id=0, $a_reference=true)
Constructor public.
Definition: class.ilObject.php:100
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
ilObjRole\getDiskQuota
getDiskQuota()
Gets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:294
ilObject\setTitle
setTitle($a_title)
set object title
Definition: class.ilObject.php:395
ilObjRole\createDefaultRole
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
Definition: class.ilObjRole.php:60
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObjRole\_lookupAllowRegister
_lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
Definition: class.ilObjRole.php:359
ilObjRole\create
create()
create
Definition: class.ilObjRole.php:225
$info
$info
Definition: example_052.php:80
ilPlugin\lookupTxt
static lookupTxt($a_mod_prefix, $a_pl_id, $a_lang_var)
Lookup language text.
Definition: class.ilPlugin.php:529
ilObjRole\isAutoGenerated
static isAutoGenerated($a_role_id)
Definition: class.ilObjRole.php:628
ilObjRole\_updateAuthMode
_updateAuthMode($a_roles)
Definition: class.ilObjRole.php:530
$data
$data
Definition: example_011.php:126
ilObject\getId
getId()
get object id public
Definition: class.ilObject.php:297
GRP_TYPE_CLOSED
const GRP_TYPE_CLOSED
Definition: class.ilObjGroup.php:19
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1041
ilObjRole\isHandledObjectType
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
Definition: class.ilObjRole.php:862
ilObject\getTitle
getTitle()
get object title public
Definition: class.ilObject.php:373
ilObjRole\_getAuthMode
_getAuthMode($a_role_id)
Definition: class.ilObjRole.php:543
ilObjRole\_getRolesByAuthMode
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
Definition: class.ilObjRole.php:562
ilias
redirection script todo: (a better solution should control the processing via a xml file) ...
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2691
ilTree\RELATION_EQUALS
const RELATION_EQUALS
Definition: class.ilTree.php:33
ilObjRole\setPersonalWorkspaceDiskQuota
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:308
$txt
$txt
Definition: error.php:12
ilTree\RELATION_CHILD
const RELATION_CHILD
Definition: class.ilTree.php:30
ilObjRole\_lookupRegisterAllowed
_lookupRegisterAllowed()
get all roles that are activated in user registration
Definition: class.ilObjRole.php:333
ilTree\RELATION_NONE
const RELATION_NONE
Definition: class.ilTree.php:34
ilObjRole\validate
validate()
Validate role data.
Definition: class.ilObjRole.php:111
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1196
ilObjRole\adjustPermissions
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
Definition: class.ilObjRole.php:710
ilObjRole\getParent
getParent()
get reference id of parent object
Definition: class.ilObjRole.php:395
ilObjRole\__getPermissionDefinitions
__getPermissionDefinitions()
Definition: class.ilObjRole.php:595
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjRole\_getAssignUsersStatus
_getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:141
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObjRole\changeExistingObjects
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
Definition: class.ilObjRole.php:640
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilObjGroup\lookupGroupTye
static lookupGroupTye($a_id)
Lookup group type.
Definition: class.ilObjGroup.php:118
ilRbacLog\EDIT_TEMPLATE_EXISTING
const EDIT_TEMPLATE_EXISTING
Definition: class.ilRbacLog.php:22
ilObjRole\updateOperationStack
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
Definition: class.ilObjRole.php:882
ilTree\RELATION_SIBLING
const RELATION_SIBLING
Definition: class.ilTree.php:32
ilObject\setDescription
setDescription($a_desc)
set object description
Definition: class.ilObject.php:420
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjRole\read
read()
loads "role" from database private
Definition: class.ilObjRole.php:158
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilObjRole\setDiskQuota
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:280
$ilErr
$ilErr
Definition: inc.setup_header.php:67
ilObjRole\assignData
assignData($a_data)
loads a record "role" from array public
Definition: class.ilObjRole.php:185