ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilObjRole.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5require_once "./Services/Object/classes/class.ilObject.php";
6
15class ilObjRole extends ilObject
16{
17 const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
18 const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
19 const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
20 const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
21
29 var $parent;
30
31 var $allow_register;
32 var $assign_users;
33
35 var $disk_quota;
36 var $wsp_disk_quota;
37
44 function ilObjRole($a_id = 0,$a_call_by_reference = false)
45 {
46 $this->type = "role";
47 $this->disk_quota = 0;
48 $this->wsp_disk_quota = 0;
49 $this->ilObject($a_id,$a_call_by_reference);
50 }
51
60 public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
61 {
62 global $ilDB;
63
64 // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
65 $res = $ilDB->query("SELECT obj_id FROM object_data ".
66 " WHERE type=".$ilDB->quote("rolt", "text").
67 " AND title=".$ilDB->quote($a_tpl_name, "text"));
68 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
69 {
70 $tpl_id = $row->obj_id;
71 }
72
73 if(!$tpl_id)
74 {
75 return null;
76 }
77
78 include_once './Services/AccessControl/classes/class.ilObjRole.php';
79 $role = new ilObjRole();
80 $role->setTitle($a_title);
81 $role->setDescription($a_description);
82 $role->create();
83
84 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$a_ref_id,'y');
85
86 $GLOBALS['rbacadmin']->copyRoleTemplatePermissions(
87 $tpl_id,
88 ROLE_FOLDER_ID,
89 $a_ref_id,
90 $role->getId()
91 );
92
93 $ops = $GLOBALS['rbacreview']->getOperationsOfRole(
94 $role->getId(),
95 ilObject::_lookupType($a_ref_id, TRUE),
96 $a_ref_id
97 );
98 $GLOBALS['rbacadmin']->grantPermission(
99 $role->getId(),
100 $ops,
101 $a_ref_id
102 );
103 return $role;
104 }
105
106
111 public function validate()
112 {
113 global $ilErr;
114
115 if(substr($this->getTitle(),0,3) == 'il_')
116 {
117 $ilErr->setMessage('msg_role_reserved_prefix');
118 return false;
119 }
120 return true;
121 }
122
127 public function getPresentationTitle()
128 {
129 return ilObjRole::_getTranslation($this->getTitle());
130 }
131
132 function toggleAssignUsersStatus($a_assign_users)
133 {
134 $this->assign_users = (int) $a_assign_users;
135 }
136 function getAssignUsersStatus()
137 {
138 return $this->assign_users ? $this->assign_users : 0;
139 }
140 // Same method (static)
141 function _getAssignUsersStatus($a_role_id)
142 {
143 global $ilDB;
144
145 $query = "SELECT assign_users FROM role_data WHERE role_id = ".$ilDB->quote($a_role_id,'integer')." ";
146 $res = $ilDB->query($query);
147 while($row = $ilDB->fetchObject($res))
148 {
149 return $row->assign_users ? true : false;
150 }
151 return false;
152 }
153
158 function read ()
159 {
160 global $ilDB;
161
162 $query = "SELECT * FROM role_data WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
163
164 $res = $ilDB->query($query);
165 if ($res->numRows() > 0)
166 {
167 $data = $ilDB->fetchAssoc($res);
168
169 // fill member vars in one shot
170 $this->assignData($data);
171 }
172 else
173 {
174 $this->ilias->raiseError("<b>Error: There is no dataset with id ".$this->id."!</b><br />class: ".get_class($this)."<br />Script: ".__FILE__."<br />Line: ".__LINE__, $this->ilias->FATAL);
175 }
176
177 parent::read();
178 }
179
185 function assignData($a_data)
186 {
187 $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
188 $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
189 $this->setAllowRegister($a_data["allow_register"]);
190 $this->toggleAssignUsersStatus($a_data['assign_users']);
191 $this->setDiskQuota($a_data['disk_quota']);
192 $this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
193 }
194
199 function update ()
200 {
201 global $ilDB;
202
203 $query = "UPDATE role_data SET ".
204 "allow_register= ".$ilDB->quote($this->allow_register,'integer').", ".
205 "assign_users = ".$ilDB->quote($this->getAssignUsersStatus(),'integer').", ".
206 "disk_quota = ".$ilDB->quote($this->getDiskQuota(),'integer').", ".
207 "wsp_disk_quota = ".$ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer')." ".
208 "WHERE role_id= ".$ilDB->quote($this->id,'integer')." ";
209 $res = $ilDB->manipulate($query);
210
211 parent::update();
212
213 $this->read();
214
215 return true;
216 }
217
225 function create()
226 {
227 global $ilDB;
228
229 $this->id = parent::create();
230
231 $query = "INSERT INTO role_data ".
232 "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) ".
233 "VALUES ".
234 "(".$ilDB->quote($this->id,'integer').",".
235 $ilDB->quote($this->getAllowRegister(),'integer').",".
236 $ilDB->quote($this->getAssignUsersStatus(),'integer').",".
237 $ilDB->quote($this->getDiskQuota(),'integer').",".
238 $ilDB->quote($this->getPersonalWorkspaceDiskQuota(),'integer').")"
239 ;
240 $res = $ilDB->query($query);
241
242 return $this->id;
243 }
244
251 function setAllowRegister($a_allow_register)
252 {
253 if (empty($a_allow_register))
254 {
255 $a_allow_register = 0;
256 }
257
258 $this->allow_register = (int) $a_allow_register;
259 }
260
267 function getAllowRegister()
268 {
269 return $this->allow_register ? $this->allow_register : false;
270 }
271
280 function setDiskQuota($a_disk_quota)
281 {
282 $this->disk_quota = $a_disk_quota;
283 }
284
294 function getDiskQuota()
295 {
296 return $this->disk_quota;
297 }
298
299
308 function setPersonalWorkspaceDiskQuota($a_disk_quota)
309 {
310 $this->wsp_disk_quota = $a_disk_quota;
311 }
312
322 function getPersonalWorkspaceDiskQuota()
323 {
324 return $this->wsp_disk_quota;
325 }
326
333 function _lookupRegisterAllowed()
334 {
335 global $ilDB;
336
337 $query = "SELECT * FROM role_data ".
338 "JOIN object_data ON object_data.obj_id = role_data.role_id ".
339 "WHERE allow_register = 1";
340 $res = $ilDB->query($query);
341
342 $roles = array();
343 while($role = $ilDB->fetchAssoc($res))
344 {
345 $roles[] = array("id" => $role["obj_id"],
346 "title" => $role["title"],
347 "auth_mode" => $role['auth_mode']);
348 }
349
350 return $roles;
351 }
352
359 function _lookupAllowRegister($a_role_id)
360 {
361 global $ilDB;
362
363 $query = "SELECT * FROM role_data ".
364 " WHERE role_id =".$ilDB->quote($a_role_id,'integer');
365
366 $res = $ilDB->query($query);
367 if ($role_rec = $ilDB->fetchAssoc($res))
368 {
369 if ($role_rec["allow_register"])
370 {
371 return true;
372 }
373 }
374 return false;
375 }
376
384 function setParent($a_parent_ref)
385 {
386 $this->parent = $a_parent_ref;
387 }
388
395 function getParent()
396 {
397 return $this->parent;
398 }
399
400
407 function delete()
408 {
409 global $rbacadmin, $rbacreview,$ilDB;
410
411 // Temporary bugfix
412 if($rbacreview->hasMultipleAssignments($this->getId()))
413 {
414 ilLoggerFactory::getLogger('ac')->warning('Found role with multiple assignments: role_id: ' . $this->getId());
415 ilLoggerFactory::getLogger('ac')->warning('Aborted deletion of role.');
416 return false;
417 }
418
419 if ($rbacreview->isAssignable($this->getId(),$this->getParent()))
420 {
421 ilLoggerFactory::getLogger('ac')->debug('Handling assignable role...');
422 // do not delete a global role, if the role is the last
423 // role a user is assigned to.
424 //
425 // Performance improvement: In the code section below, we
426 // only need to consider _global_ roles. We don't need
427 // to check for _local_ roles, because a user who has
428 // a local role _always_ has a global role too.
429 $last_role_user_ids = array();
430 if ($this->getParent() == ROLE_FOLDER_ID)
431 {
432 ilLoggerFactory::getLogger('ac')->debug('Handling global role...');
433 // The role is a global role: check if
434 // we find users who aren't assigned to any
435 // other global role than this one.
436 $user_ids = $rbacreview->assignedUsers($this->getId());
437
438 foreach ($user_ids as $user_id)
439 {
440 // get all roles each user has
441 $role_ids = $rbacreview->assignedRoles($user_id);
442
443 // is last role?
444 if (count($role_ids) == 1)
445 {
446 $last_role_user_ids[] = $user_id;
447 }
448 }
449 }
450
451 // users with last role found?
452 if (count($last_role_user_ids) > 0)
453 {
454 foreach ($last_role_user_ids as $user_id)
455 {
456 // GET OBJECT TITLE
457 $tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
458 $user_names[] = $tmp_obj->getFullname();
459 unset($tmp_obj);
460 }
461
462 // TODO: This check must be done in rolefolder object because if multiple
463 // roles were selected the other roles are still deleted and the system does not
464 // give any feedback about this.
465 $users = implode(', ',$user_names);
466 ilLoggerFactory::getLogger('ac')->info('Cannot delete last global role of users.');
467 $this->ilias->raiseError($this->lng->txt("msg_user_last_role1")." ".
468 $users."<br/>".$this->lng->txt("msg_user_last_role2"),$this->ilias->error_obj->WARNING);
469 }
470 else
471 {
472 ilLoggerFactory::getLogger('ac')->debug('Starting deletion of assignable role: role_id: ' . $this->getId());
473 $rbacadmin->deleteRole($this->getId(),$this->getParent());
474
475 // Delete ldap role group mappings
476 include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
477 ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
478
479 // delete object_data entry
480 parent::delete();
481
482 // delete role_data entry
483 $query = "DELETE FROM role_data WHERE role_id = ".$ilDB->quote($this->getId(),'integer');
484 $res = $ilDB->manipulate($query);
485
486 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
487 $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
488 $role_desk_item_obj->deleteAll();
489
490 }
491 }
492 else
493 {
494 ilLoggerFactory::getLogger('ac')->debug('Starting deletion of linked role: role_id ' . $this->getId());
495 // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
496 $rbacadmin->deleteLocalRole($this->getId(),$this->getParent());
497 }
498 return true;
499 }
500
501 function getCountMembers()
502 {
503 global $rbacreview;
504
505 return count($rbacreview->assignedUsers($this->getId()));
506 }
507
508 function _getTranslation($a_role_title)
509 {
510 global $lng;
511
512 $test_str = explode('_',$a_role_title);
513
514 if ($test_str[0] == 'il')
515 {
516 $test2 = (int) $test_str[3];
517 if ($test2 > 0)
518 {
519 unset($test_str[3]);
520 }
521
522 return $lng->txt(implode('_',$test_str));
523 }
524
525 return $a_role_title;
526 }
527
528
529
530 function _updateAuthMode($a_roles)
531 {
532 global $ilDB;
533
534 foreach ($a_roles as $role_id => $auth_mode)
535 {
536 $query = "UPDATE role_data SET ".
537 "auth_mode= ".$ilDB->quote($auth_mode,'text')." ".
538 "WHERE role_id= ".$ilDB->quote($role_id,'integer')." ";
539 $res = $ilDB->manipulate($query);
540 }
541 }
542
543 function _getAuthMode($a_role_id)
544 {
545 global $ilDB;
546
547 $query = "SELECT auth_mode FROM role_data ".
548 "WHERE role_id= ".$ilDB->quote($a_role_id,'integer')." ";
549 $res = $ilDB->query($query);
550 $row = $ilDB->fetchAssoc($res);
551
552 return $row['auth_mode'];
553 }
554
562 public static function _getRolesByAuthMode($a_auth_mode)
563 {
564 global $ilDB;
565
566 $query = "SELECT * FROM role_data ".
567 "WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
568 $res = $ilDB->query($query);
569 $roles = array();
570 while($row = $ilDB->fetchObject($res))
571 {
572 $roles[] = $row->role_id;
573 }
574 return $roles;
575 }
576
585 public static function _resetAuthMode($a_auth_mode)
586 {
587 global $ilDB;
588
589 $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = ".$ilDB->quote($a_auth_mode,'text');
590 $res = $ilDB->manipulate($query);
591 }
592
593 // returns array of operation/objecttype definitions
594 // private
595 function __getPermissionDefinitions()
596 {
597 global $ilDB, $lng, $objDefinition,$rbacreview;
598
599 $operation_info = $rbacreview->getOperationAssignment();
600 foreach($operation_info as $info)
601 {
602 if($objDefinition->getDevMode($info['type']))
603 {
604 continue;
605 }
606 $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
607 "type" => $info['type']);
608
609 // handle plugin permission texts
610 $txt = $objDefinition->isPlugin($info['type'])
611 ? ilPlugin::lookupTxt("rep_robj", $info['type'], $info['type']."_".$info['operation'])
612 : $lng->txt($info['type']."_".$info['operation']);
613 if (substr($info['operation'], 0, 7) == "create_" &&
614 $objDefinition->isPlugin(substr($info['operation'], 7)))
615 {
616 $txt = ilPlugin::lookupTxt("rep_robj", substr($info['operation'], 7), $info['type']."_".$info['operation']);
617 }
618 $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
619 "ops_id" => $info['ops_id'],
620 "title" => $info['operation'],
621 "name" => $txt);
622
623 }
624 return array($rbac_objects,$rbac_operations);
625 }
626
627
628 public static function isAutoGenerated($a_role_id)
629 {
630 return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
631 }
632
640 public function changeExistingObjects($a_start_node,$a_mode,$a_filter,$a_exclusion_filter = array())
641 {
642 global $tree,$rbacreview;
643
644 // Get node info of subtree
645 $nodes = $tree->getRbacSubtreeInfo($a_start_node);
646
647 // get local policies
648 $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
649
650 // filter relevant roles
651 $local_policies = array();
652 foreach($all_local_policies as $lp)
653 {
654 if(isset($nodes[$lp]))
655 {
656 $local_policies[] = $lp;
657 }
658 }
659
660 // Delete deprecated policies
661 switch($a_mode)
662 {
663 case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
664 case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
665 $local_policies = $this->deleteLocalPolicies($a_start_node,$local_policies,$a_filter);
666 #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
667 break;
668 }
669 $this->adjustPermissions($a_mode,$nodes,$local_policies,$a_filter,$a_exclusion_filter);
670
671 #var_dump(memory_get_peak_usage());
672 #var_dump(memory_get_usage());
673 }
674
680 protected function deleteLocalPolicies($a_start,$a_policies,$a_filter)
681 {
682 global $rbacreview,$rbacadmin;
683
684 $local_policies = array();
685 foreach($a_policies as $policy)
686 {
687 if($policy == $a_start or $policy == SYSTEM_FOLDER_ID)
688 {
689 $local_policies[] = $policy;
690 continue;
691 }
692 if(!in_array('all',$a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)),$a_filter))
693 {
694 $local_policies[] = $policy;
695 continue;
696 }
697 $rbacadmin->deleteLocalRole($this->getId(),$policy);
698 }
699 return $local_policies;
700 }
701
710 protected function adjustPermissions($a_mode,$a_nodes,$a_policies,$a_filter,$a_exclusion_filter = array())
711 {
712 global $rbacadmin, $rbacreview, $tree;
713
714 $operation_stack = array();
715 $policy_stack = array();
716 $node_stack = array();
717
718 $start_node = current($a_nodes);
719 array_push($node_stack,$start_node);
720 $this->updatePolicyStack($policy_stack, $start_node['child']);
721 $this->updateOperationStack($operation_stack, $start_node['child'],true);
722
723 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
724 $rbac_log_active = ilRbacLog::isActive();
725
726 $local_policy = false;
727 foreach($a_nodes as $node)
728 {
729 $cmp_node = end($node_stack);
730 while($relation = $tree->getRelationOfNodes($node,$cmp_node))
731 {
732 switch($relation)
733 {
734 case ilTree::RELATION_NONE:
735 case ilTree::RELATION_SIBLING:
736 $GLOBALS['ilLog']->write(__METHOD__.': Handling sibling/none relation.');
737 array_pop($operation_stack);
738 array_pop($policy_stack);
739 array_pop($node_stack);
740 $cmp_node = end($node_stack);
741 $local_policy = false;
742 break;
743
744 case ilTree::RELATION_CHILD:
745 case ilTree::RELATION_EQUALS:
746 case ilTree::RELATION_PARENT:
747 default:
748 $GLOBALS['ilLog']->write(__METHOD__.': Handling child/equals/parent '. $relation);
749 break 2;
750 }
751
752 }
753
754 if($local_policy)
755 {
756 continue;
757 }
758
759 // Start node => set permissions and continue
760 if($node['child'] == $start_node['child'])
761 {
762 if($this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
763 {
764 if($rbac_log_active)
765 {
766 $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
767 $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
768 }
769
770 // Set permissions
771 $perms = end($operation_stack);
772 $rbacadmin->grantPermission(
773 $this->getId(),
774 (array) $perms[$node['type']],
775 $node['child']
776 );
777
778 if($rbac_log_active)
779 {
780 $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
781 $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
782 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
783 }
784 }
785 continue;
786 }
787
788 // Node has local policies => update permission stack and continue
789 if(in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID))
790 {
791 $local_policy = true;
792 $this->updatePolicyStack($policy_stack, $node['child']);
793 $this->updateOperationStack($operation_stack, $node['child']);
794 array_push($node_stack, $node);
795 continue;
796 }
797
798 // Continue if this object type is not in filter
799 if(!$this->isHandledObjectType($a_filter,$a_exclusion_filter,$node['type']))
800 {
801 continue;
802 }
803
804 if($rbac_log_active)
805 {
806 $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
807 $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
808 }
809
810 // Node is course => create course permission intersection
811 if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
812 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs'))
813
814 {
815 // Copy role permission intersection
816 $perms = end($operation_stack);
817 $this->createPermissionIntersection($policy_stack,$perms['crs'],$node['child'],$node['type']);
818 if($this->updateOperationStack($operation_stack,$node['child']))
819 {
820 $this->updatePolicyStack($policy_stack, $node['child']);
821 array_push($node_stack, $node);
822 }
823 }
824
825 // Node is group => create group permission intersection
826 if(($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
827 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp'))
828 {
829 // Copy role permission intersection
830 $perms = end($operation_stack);
831 $this->createPermissionIntersection($policy_stack,$perms['grp'],$node['child'],$node['type']);
832 if($this->updateOperationStack($operation_stack,$node['child']))
833 {
834 $this->updatePolicyStack($policy_stack, $node['child']);
835 array_push($node_stack, $node);
836 }
837 }
838
839 // Set permission
840 $perms = end($operation_stack);
841 $rbacadmin->grantPermission(
842 $this->getId(),
843 (array) $perms[$node['type']],
844 $node['child']
845 );
846
847 if($rbac_log_active)
848 {
849 $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
850 $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
851 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
852 }
853 }
854 }
855
862 protected function isHandledObjectType($a_filter,$a_exclusion_filter,$a_type)
863 {
864 if(in_array($a_type,$a_exclusion_filter))
865 {
866 return false;
867 }
868
869 if(in_array('all',$a_filter))
870 {
871 return true;
872 }
873 return in_array($a_type,$a_filter);
874 }
875
882 protected function updateOperationStack(&$a_stack,$a_node, $a_init = false)
883 {
884 global $rbacreview;
885
886 $has_policies = null;
887 $policy_origin = null;
888
889 if($a_node == ROOT_FOLDER_ID)
890 {
891 $has_policies = TRUE;
892 $policy_origin = ROLE_FOLDER_ID;
893 }
894 else
895 {
896 $has_policies = $rbacreview->getLocalPolicies($a_node);
897 $policy_origin = $a_node;
898
899 if($a_init)
900 {
901 $parent_roles = $rbacreview->getParentRoleIds($a_node,false);
902 if($parent_roles[$this->getId()])
903 {
904 $a_stack[] = $rbacreview->getAllOperationsOfRole(
905 $this->getId(),
906 $parent_roles[$this->getId()]['parent']
907 );
908 }
909 return true;
910 }
911
912 }
913
914 if(!$has_policies)
915 {
916 return false;
917 }
918
919 $a_stack[] = $rbacreview->getAllOperationsOfRole(
920 $this->getId(),
921 $policy_origin
922 );
923 return true;
924 }
925
931 protected function updatePolicyStack(&$a_stack,$a_node)
932 {
933 global $rbacreview;
934
935 $has_policies = null;
936 $policy_origin = null;
937
938 if($a_node == ROOT_FOLDER_ID)
939 {
940 $has_policies = TRUE;
941 $policy_origin = ROLE_FOLDER_ID;
942 }
943 else
944 {
945 $has_policies = $rbacreview->getLocalPolicies($a_node);
946 $policy_origin = $a_node;
947 }
948
949 if(!$has_policies)
950 {
951 return false;
952 }
953
954 $a_stack[] = $policy_origin;
955 return true;
956 }
957
965 protected function createPermissionIntersection($policy_stack,$a_current_ops,$a_id,$a_type)
966 {
967 global $ilDB, $rbacreview,$rbacadmin;
968
969 static $course_non_member_id = null;
970 static $group_non_member_id = null;
971 static $group_open_id = null;
972 static $group_closed_id = null;
973
974 // Get template id
975 switch($a_type)
976 {
977 case 'grp':
978
979 include_once './Modules/Group/classes/class.ilObjGroup.php';
980 $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
981 #var_dump("GROUP TYPE",$type);
982 switch($type)
983 {
984 case GRP_TYPE_CLOSED:
985 if(!$group_closed_id)
986 {
987 $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
988 $res = $ilDB->query($query);
989 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
990 {
991 $group_closed_id = $row->obj_id;
992 }
993 }
994 $template_id = $group_closed_id;
995 #var_dump("GROUP CLOSED id:" . $template_id);
996 break;
997
998 case GRP_TYPE_OPEN:
999 default:
1000 if(!$group_open_id)
1001 {
1002 $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
1003 $res = $ilDB->query($query);
1004 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1005 {
1006 $group_open_id = $row->obj_id;
1007 }
1008 }
1009 $template_id = $group_open_id;
1010 #var_dump("GROUP OPEN id:" . $template_id);
1011 break;
1012 }
1013 break;
1014
1015 case 'crs':
1016 if(!$course_non_member_id)
1017 {
1018 $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
1019 $res = $ilDB->query($query);
1020 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
1021 {
1022 $course_non_member_id = $row->obj_id;
1023 }
1024 }
1025 $template_id = $course_non_member_id;
1026 break;
1027 }
1028
1029 $current_ops = $a_current_ops[$a_type];
1030
1031 // Create intersection template permissions
1032 if($template_id)
1033 {
1034 //$rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
1035
1036 $rbacadmin->copyRolePermissionIntersection(
1037 $template_id, ROLE_FOLDER_ID,
1038 $this->getId(), end($policy_stack),
1039 $a_id,$this->getId()
1040 );
1041 }
1042 else
1043 {
1044 #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
1045 }
1046 #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
1047 if($a_id and !$GLOBALS['rbacreview']->isRoleAssignedToObject($this->getId(),$a_id))
1048 {
1049 $rbacadmin->assignRoleToFolder($this->getId(),$a_id,"n");
1050 }
1051 return true;
1052 }
1053
1054} // END class.ilObjRole
1055?>
DB_FETCHMODE_OBJECT
const DB_FETCHMODE_OBJECT
Definition: class.ilDB.php:11
GRP_TYPE_OPEN
const GRP_TYPE_OPEN
Definition: class.ilObjGroup.php:20
GRP_TYPE_CLOSED
const GRP_TYPE_CLOSED
Definition: class.ilObjGroup.php:19
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjGroup\lookupGroupTye
static lookupGroupTye($a_id)
Lookup group type.
Definition: class.ilObjGroup.php:118
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilObjRole\setAllowRegister
setAllowRegister($a_allow_register)
set allow_register of role
Definition: class.ilObjRole.php:251
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:17
ilObjRole\createPermissionIntersection
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
Definition: class.ilObjRole.php:965
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjRole\__getPermissionDefinitions
__getPermissionDefinitions()
Definition: class.ilObjRole.php:595
ilObjRole\create
create()
create
Definition: class.ilObjRole.php:225
ilObjRole\updatePolicyStack
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
Definition: class.ilObjRole.php:931
ilObjRole\_getRolesByAuthMode
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
Definition: class.ilObjRole.php:562
ilObjRole\getPersonalWorkspaceDiskQuota
getPersonalWorkspaceDiskQuota()
Definition: class.ilObjRole.php:322
ilObjRole\_getAssignUsersStatus
_getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:141
ilObjRole\isHandledObjectType
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
Definition: class.ilObjRole.php:862
ilObjRole\setParent
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
Definition: class.ilObjRole.php:384
ilObjRole\getAllowRegister
getAllowRegister()
get allow_register
Definition: class.ilObjRole.php:267
ilObjRole\_updateAuthMode
_updateAuthMode($a_roles)
Definition: class.ilObjRole.php:530
ilObjRole\ilObjRole
ilObjRole($a_id=0, $a_call_by_reference=false)
Constructor @access public.
Definition: class.ilObjRole.php:44
ilObjRole\deleteLocalPolicies
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
Definition: class.ilObjRole.php:680
ilObjRole\changeExistingObjects
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
Definition: class.ilObjRole.php:640
ilObjRole\_lookupAllowRegister
_lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
Definition: class.ilObjRole.php:359
ilObjRole\updateOperationStack
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
Definition: class.ilObjRole.php:882
ilObjRole\update
update()
updates a record "role" and write it into database @access public
Definition: class.ilObjRole.php:199
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObjRole\read
read()
loads "role" from database @access private
Definition: class.ilObjRole.php:158
ilObjRole\$disk_quota
$disk_quota
The disk quota in bytes.
Definition: class.ilObjRole.php:35
ilObjRole\isAutoGenerated
static isAutoGenerated($a_role_id)
Definition: class.ilObjRole.php:628
ilObjRole\_lookupRegisterAllowed
_lookupRegisterAllowed()
get all roles that are activated in user registration
Definition: class.ilObjRole.php:333
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus($a_assign_users)
Definition: class.ilObjRole.php:132
ilObjRole\_resetAuthMode
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
Definition: class.ilObjRole.php:585
ilObjRole\getPresentationTitle
getPresentationTitle()
return translated title for autogenerated roles
Definition: class.ilObjRole.php:127
ilObjRole\validate
validate()
Validate role data.
Definition: class.ilObjRole.php:111
ilObjRole\_getAuthMode
_getAuthMode($a_role_id)
Definition: class.ilObjRole.php:543
ilObjRole\assignData
assignData($a_data)
loads a record "role" from array @access public
Definition: class.ilObjRole.php:185
ilObjRole\setDiskQuota
setDiskQuota($a_disk_quota)
Definition: class.ilObjRole.php:280
ilObjRole\getParent
getParent()
get reference id of parent object
Definition: class.ilObjRole.php:395
ilObjRole\createDefaultRole
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
Definition: class.ilObjRole.php:60
ilObjRole\_getTranslation
_getTranslation($a_role_title)
Definition: class.ilObjRole.php:508
ilObjRole\adjustPermissions
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
Definition: class.ilObjRole.php:710
ilObjRole\setPersonalWorkspaceDiskQuota
setPersonalWorkspaceDiskQuota($a_disk_quota)
Definition: class.ilObjRole.php:308
ilObject
Class ilObject Basic functions for all objects.
Definition: class.ilObject.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1041
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
ilObject\setTitle
setTitle($a_title)
set object title
Definition: class.ilObject.php:395
ilObject\ilObject
ilObject($a_id=0, $a_reference=true)
Constructor @access public.
Definition: class.ilObject.php:100
ilObject\setDescription
setDescription($a_desc)
set object description
Definition: class.ilObject.php:420
ilObject\getId
getId()
get object id @access public
Definition: class.ilObject.php:297
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1196
ilObject\getTitle
getTitle()
get object title @access public
Definition: class.ilObject.php:373
ilPlugin\lookupTxt
static lookupTxt($a_mod_prefix, $a_pl_id, $a_lang_var)
Lookup language text.
Definition: class.ilPlugin.php:529
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilRbacLog\EDIT_TEMPLATE_EXISTING
const EDIT_TEMPLATE_EXISTING
Definition: class.ilRbacLog.php:22
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilTree\RELATION_EQUALS
const RELATION_EQUALS
Definition: class.ilTree.php:33
ilTree\RELATION_PARENT
const RELATION_PARENT
Definition: class.ilTree.php:31
ilTree\RELATION_NONE
const RELATION_NONE
Definition: class.ilTree.php:34
ilTree\RELATION_SIBLING
const RELATION_SIBLING
Definition: class.ilTree.php:32
ilTree\RELATION_CHILD
const RELATION_CHILD
Definition: class.ilTree.php:30
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2691
$txt
$txt
Definition: error.php:12
$data
$data
Definition: example_011.php:126
$info
$info
Definition: example_052.php:80
$template_id
$template_id
Definition: example_062.php:89
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
$ilErr
$ilErr
Definition: inc.setup_header.php:67
ilias
redirection script todo: (a better solution should control the processing via a xml file)
$ilDB
global $ilDB
Definition: storeScorm2004.php:19