ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
19 class ilRbacReview
20 {
21  const FILTER_ALL = 1;
22  const FILTER_ALL_GLOBAL = 2;
23  const FILTER_ALL_LOCAL = 3;
24  const FILTER_INTERNAL = 4;
25  const FILTER_NOT_INTERNAL = 5;
26  const FILTER_TEMPLATES = 6;
27 
28  // Cache operation ids
29  private static $_opsCache = null;
30 
34  protected static $assigned_users_cache = array();
35 
39  protected static $is_assigned_cache = array();
40 
44  protected $log;
45 
50  public function __construct()
51  {
52  global $ilDB,$ilErr,$ilias;
53 
54  $this->log = ilLoggerFactory::getLogger('ac');
55 
56  // set db & error handler
57  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
58 
59  if (!isset($ilErr))
60  {
61  $ilErr = new ilErrorHandling();
62  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
63  }
64  else
65  {
66  $this->ilErr =& $ilErr;
67  }
68  }
69 
78  public function roleExists($a_title,$a_id = 0)
79  {
80  global $ilDB;
81 
82  if (empty($a_title))
83  {
84  $message = get_class($this)."::roleExists(): No title given!";
85  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
86  }
87 
88  $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
89 
90  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
91  "WHERE title =".$ilDB->quote($a_title)." ".
92  "AND type IN('role','rolt')".
93  $clause." ";
94  $r = $this->ilDB->query($q);
95 
96  while($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
97  {
98  return $row->obj_id;
99  }
100  return false;
101  }
102 
116  protected function __getParentRoles($a_path,$a_templates)
117  {
118  if (!isset($a_path) or !is_array($a_path))
119  {
120  $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
121  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
122  }
123 
124  $parent_roles = array();
125  $role_hierarchy = array();
126 
127  foreach($a_path as $ref_id)
128  {
129  $roles = $this->getRoleListByObject($ref_id,$a_templates);
130  foreach($roles as $role)
131  {
132  $id = $role["obj_id"];
133  $role["parent"] = $ref_id;
134  $parent_roles[$id] = $role;
135 
136  if (!array_key_exists($role['obj_id'],$role_hierarchy))
137  {
138  $role_hierarchy[$id] = $ref_id;
139  }
140  }
141  }
142  return $this->__setProtectedStatus($parent_roles,$role_hierarchy,reset($a_path));
143  }
144 
154  public function getParentRoleIds($a_endnode_id,$a_templates = false)
155  {
156  global $tree;
157 
158  if (!isset($a_endnode_id))
159  {
160  $GLOBALS['ilLog']->logStack();
161  $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
162  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
163  }
164 
165  //var_dump($a_endnode_id);exit;
166  //$log->write("ilRBACreview::getParentRoleIds(), 0");
167  $pathIds = $tree->getPathId($a_endnode_id);
168 
169  // add system folder since it may not in the path
170  //$pathIds[0] = SYSTEM_FOLDER_ID;
171  $pathIds[0] = ROLE_FOLDER_ID;
172  //$log->write("ilRBACreview::getParentRoleIds(), 1");
173  #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
174  return $this->__getParentRoles($pathIds,$a_templates);
175  }
176 
185  public function getRoleListByObject($a_ref_id,$a_templates = false)
186  {
187  global $ilDB;
188 
189  if (!isset($a_ref_id) or !isset($a_templates))
190  {
191  $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
192  "ref_id: ".$a_ref_id.
193  "tpl_flag: ".$a_templates;
194  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
195  }
196 
197  $role_list = array();
198 
199  $where = $this->__setTemplateFilter($a_templates);
200 
201  $query = "SELECT * FROM object_data ".
202  "JOIN rbac_fa ON obj_id = rol_id ".
203  $where.
204  "AND object_data.obj_id = rbac_fa.rol_id ".
205  "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
206 
207  $res = $ilDB->query($query);
208  while ($row = $ilDB->fetchAssoc($res))
209  {
210  $row["desc"] = $row["description"];
211  $row["user_id"] = $row["owner"];
212  $role_list[] = $row;
213  }
214 
215  $role_list = $this->__setRoleType($role_list);
216 
217  return $role_list;
218  }
219 
227  function getAssignableRoles($a_templates = false,$a_internal_roles = false, $title_filter = '')
228  {
229  global $ilDB;
230 
231  $role_list = array();
232 
233  $where = $this->__setTemplateFilter($a_templates);
234 
235  $query = "SELECT * FROM object_data ".
236  "JOIN rbac_fa ON obj_id = rol_id ".
237  $where.
238  "AND rbac_fa.assign = 'y' ";
239 
240  if(strlen($title_filter))
241  {
242  $query .= (' AND '.$ilDB->like(
243  'title',
244  'text',
245  $title_filter.'%'
246  ));
247  }
248  $res = $ilDB->query($query);
249 
250  while ($row = $ilDB->fetchAssoc($res))
251  {
252  $row["desc"] = $row["description"];
253  $row["user_id"] = $row["owner"];
254  $role_list[] = $row;
255  }
256 
257  $role_list = $this->__setRoleType($role_list);
258 
259  return $role_list;
260  }
261 
269  public function getAssignableRolesInSubtree($ref_id)
270  {
271  global $ilDB;
272 
273  $query = 'SELECT rol_id FROM rbac_fa fa '.
274  'JOIN tree t1 ON t1.child = fa.parent '.
275  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
276  'WHERE assign = '.$ilDB->quote('y','text').' '.
277  'AND obd.type = '.$ilDB->quote('role','text').' '.
278  'AND t1.child IN ('.
279  $GLOBALS['tree']->getSubTreeQuery($ref_id,array('child')).' '.
280  ') ';
281 
282 
283  $res = $ilDB->query($query);
284 
285  $role_list = array();
286  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
287  {
288  $role_list[] = $row->rol_id;
289  }
290  return $role_list;
291  }
292 
300  public function getAssignableChildRoles($a_ref_id)
301  {
302  global $ilDB;
303 
304  $query = "SELECT fa.*, rd.* ".
305  "FROM object_data rd ".
306  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
307  "WHERE fa.assign = 'y' ".
308  "AND fa.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
309  ;
310 
311  $res = $ilDB->query($query);
312  while($row = $ilDB->fetchAssoc($res))
313  {
314  $roles_data[] = $row;
315  }
316  return $roles_data ? $roles_data : array();
317  }
318 
326  protected function __setTemplateFilter($a_templates)
327  {
328  global $ilDB;
329 
330  if ($a_templates === true)
331  {
332  $where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
333  }
334  else
335  {
336  $where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
337  }
338 
339  return $where;
340  }
341 
354  protected function __setRoleType($a_role_list)
355  {
356  foreach ($a_role_list as $key => $val)
357  {
358  // determine role type
359  if ($val["type"] == "rolt")
360  {
361  $a_role_list[$key]["role_type"] = "template";
362  }
363  else
364  {
365  if ($val["assign"] == "y")
366  {
367  if ($val["parent"] == ROLE_FOLDER_ID)
368  {
369  $a_role_list[$key]["role_type"] = "global";
370  }
371  else
372  {
373  $a_role_list[$key]["role_type"] = "local";
374  }
375  }
376  else
377  {
378  $a_role_list[$key]["role_type"] = "linked";
379  }
380  }
381 
382  if ($val["protected"] == "y")
383  {
384  $a_role_list[$key]["protected"] = true;
385  }
386  else
387  {
388  $a_role_list[$key]["protected"] = false;
389  }
390  }
391 
392  return $a_role_list;
393  }
394 
402  public function getNumberOfAssignedUsers(Array $a_roles)
403  {
404  global $ilDB;
405 
406  $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua '.
407  'WHERE '.$ilDB->in('rol_id', $a_roles, false, 'integer').' ';
408 
409  $res = $ilDB->query($query);
410  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
411  return $row->num ? $row->num : 0;
412  }
413 
414 
421  public function assignedUsers($a_rol_id)
422  {
423  global $ilBench,$ilDB;
424 
425  if (!isset($a_rol_id))
426  {
427  $message = get_class($this)."::assignedUsers(): No role_id given!";
428  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
429  }
430  if(isset(self::$assigned_users_cache[$a_rol_id]))
431  {
432  return self::$assigned_users_cache[$a_rol_id];
433  }
434 
435  $result_arr = array();
436 
437  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
438  $res = $ilDB->query($query);
439  while($row = $ilDB->fetchAssoc($res))
440  {
441  array_push($result_arr, $row["usr_id"]);
442  }
443 
444  self::$assigned_users_cache[$a_rol_id] = $result_arr;
445 
446  return $result_arr;
447  }
448 
449 
458  public function isAssigned($a_usr_id,$a_role_id)
459  {
460  if(isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
461  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
462  }
463  // Quickly determine if user is assigned to a role
464  global $ilDB;
465 
466  $ilDB->setLimit(1,0);
467  $query = "SELECT usr_id FROM rbac_ua WHERE ".
468  "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
469  "AND usr_id= ".$ilDB->quote($a_usr_id);
470  $res = $ilDB->query($query);
471 
472  $is_assigned = $res->numRows() == 1;
473  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
474 
475  return $is_assigned;
476  }
477 
490  public function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
491  {
492  global $ilDB;
493 
494  $ilDB->setLimit(1,0);
495  $query = "SELECT usr_id FROM rbac_ua WHERE ".
496  $ilDB->in('rol_id',$a_role_ids,false,'integer').
497  " AND usr_id= ".$ilDB->quote($a_usr_id);
498  $res = $ilDB->query($query);
499 
500  return $ilDB->numRows($res) == 1;
501  }
502 
510  public function assignedRoles($a_usr_id)
511  {
512  global $ilDB;
513 
514  $role_arr = array();
515 
516  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
517 
518  $res = $ilDB->query($query);
519  while($row = $ilDB->fetchObject($res))
520  {
521  $role_arr[] = $row->rol_id;
522  }
523  return $role_arr ? $role_arr : array();
524  }
525 
531  public function assignedGlobalRoles($a_usr_id)
532  {
533  global $ilDB;
534 
535  $query = "SELECT ua.rol_id FROM rbac_ua ua ".
536  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
537  "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
538  "AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
539  "AND assign = 'y' ";
540 
541  $res = $ilDB->query($query);
542  while($row = $ilDB->fetchObject($res))
543  {
544  $role_arr[] = $row->rol_id;
545  }
546  return $role_arr ? $role_arr : array();
547  }
548 
557  public function isAssignable($a_rol_id, $a_ref_id)
558  {
559  global $ilBench,$ilDB;
560 
561  $ilBench->start("RBAC", "review_isAssignable");
562 
563  // exclude system role from rbac
564  if ($a_rol_id == SYSTEM_ROLE_ID)
565  {
566  $ilBench->stop("RBAC", "review_isAssignable");
567  return true;
568  }
569 
570  if (!isset($a_rol_id) or !isset($a_ref_id))
571  {
572  $message = get_class($this)."::isAssignable(): Missing parameter!".
573  " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
574  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
575  }
576  $query = "SELECT * FROM rbac_fa ".
577  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
578  "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
579  $res = $ilDB->query($query);
580  $row = $ilDB->fetchObject($res);
581 
582  $ilBench->stop("RBAC", "review_isAssignable");
583  return $row->assign == 'y' ? true : false;
584  }
585 
591  public function hasMultipleAssignments($a_role_id)
592  {
593  global $ilDB;
594 
595  $query = "SELECT * FROM rbac_fa WHERE rol_id = ".$ilDB->quote($a_role_id,'integer').' '.
596  "AND assign = ".$ilDB->quote('y','text');
597  $res = $ilDB->query($query);
598  return $res->numRows() > 1;
599  }
600 
612  public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
613  {
614  global $ilDB;
615 
616  if (!isset($a_rol_id))
617  {
618  $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
619  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
620  }
621 
622  if ($a_assignable)
623  {
624  $where = " AND assign ='y'";
625  }
626 
627  $query = "SELECT DISTINCT parent FROM rbac_fa ".
628  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
629 
630  $res = $ilDB->query($query);
631  while($row = $ilDB->fetchObject($res))
632  {
633  $folders[] = $row->parent;
634  }
635  return $folders ? $folders : array();
636  }
637 
645  public function getRolesOfObject($a_ref_id, $a_assignable_only = FALSE)
646  {
647  global $ilDB;
648 
649  if(!isset($a_ref_id))
650  {
651  $GLOBALS['ilLog']->logStack();
652  throw new InvalidArgumentException(__METHOD__.': No ref_id given!');
653  }
654  if($a_assignable_only === TRUE)
655  {
656  $and = 'AND assign = '.$ilDB->quote('y','text');
657  }
658  $query = "SELECT rol_id FROM rbac_fa ".
659  "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
660  $and;
661 
662  $res = $ilDB->query($query);
663 
664  $role_ids = array();
665  while($row = $ilDB->fetchObject($res))
666  {
667  $role_ids[] = $row->rol_id;
668  }
669  return $role_ids;
670  }
671 
672 
673 
674 
685  public function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
686  {
687  global $ilBench,$ilDB,$ilLog;
688 
689  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
690 
691  if (!isset($a_ref_id))
692  {
693  $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
694  ilLoggerFactory::getLogger('ac')->logStack();
695  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
696 
697  }
698 
699  if ($a_nonassignable === false)
700  {
701  $and = " AND assign='y'";
702  }
703 
704  $query = "SELECT rol_id FROM rbac_fa ".
705  "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
706  $and;
707 
708  $res = $ilDB->query($query);
709  while($row = $ilDB->fetchObject($res))
710  {
711  $rol_id[] = $row->rol_id;
712  }
713 
714  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
715 
716  return $rol_id ? $rol_id : array();
717  }
718 
725  public function getGlobalRoles()
726  {
727  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
728  }
729 
735  public function getLocalRoles($a_ref_id)
736  {
737  global $ilDB;
738 
739  $lroles = array();
740  foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
741  {
742  if($this->isAssignable($role_id, $a_ref_id))
743  {
744  $lroles[] = $role_id;
745  }
746  }
747  return $lroles;
748  }
749 
755  public function getLocalPolicies($a_ref_id)
756  {
757  $lroles = array();
758  foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
759  {
760  $lroles[] = $role_id;
761  }
762  return $lroles;
763  }
764 
771  public function getGlobalRolesArray()
772  {
773  foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
774  {
775  $ga[] = array('obj_id' => $role_id,
776  'role_type' => 'global');
777  }
778  return $ga ? $ga : array();
779  }
780 
787  public function getGlobalAssignableRoles()
788  {
789  include_once './Services/AccessControl/classes/class.ilObjRole.php';
790 
791  foreach($this->getGlobalRoles() as $role_id)
792  {
793  if(ilObjRole::_getAssignUsersStatus($role_id))
794  {
795  $ga[] = array('obj_id' => $role_id,
796  'role_type' => 'global');
797  }
798  }
799  return $ga ? $ga : array();
800  }
801 
802 
807  public function isRoleAssignedToObject($a_role_id, $a_parent_id)
808  {
809  global $rbacreview, $ilDB;
810 
811  $query = 'SELECT * FROM rbac_fa '.
812  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
813  'AND parent = '.$ilDB->quote($a_parent_id,'integer');
814  $res = $ilDB->query($query);
815  return $res->numRows() ? true : false;
816  }
817 
824  public function getOperations()
825  {
826  global $ilDB;
827 
828  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
829  $res = $this->ilDB->query($query);
830  while($row = $ilDB->fetchObject($res))
831  {
832  $ops[] = array('ops_id' => $row->ops_id,
833  'operation' => $row->operation,
834  'description' => $row->description);
835  }
836 
837  return $ops ? $ops : array();
838  }
839 
846  public function getOperation($ops_id)
847  {
848  global $ilDB;
849 
850  $query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
851  $res = $this->ilDB->query($query);
852  while($row = $ilDB->fetchObject($res))
853  {
854  $ops = array('ops_id' => $row->ops_id,
855  'operation' => $row->operation,
856  'description' => $row->description);
857  }
858 
859  return $ops ? $ops : array();
860  }
861 
871  public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
872  {
873  global $ilDB;
874 
875  if(!$a_parent)
876  {
877  $a_parent = ROLE_FOLDER_ID;
878  }
879 
880  $query = "SELECT ops_id,type FROM rbac_templates ".
881  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
882  "AND parent = ".$ilDB->quote($a_parent,'integer');
883  $res = $ilDB->query($query);
884 
885  $ops_arr = array();
886  while ($row = $ilDB->fetchObject($res))
887  {
888  $ops_arr[$row->type][] = $row->ops_id;
889  }
890  return (array) $ops_arr;
891  }
892 
900  public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
901  {
902  global $ilDB;
903 
904  $query = 'SELECT * FROM rbac_pa '.
905  'WHERE ref_id = '.$ilDB->quote($a_ref_id,'integer').' '.
906  'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' ';
907 
908  $res = $ilDB->query($query);
909  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC))
910  {
911  return unserialize($row['ops_id']);
912  }
913  return array();
914  }
915 
916 
927  public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
928  {
929  global $ilDB,$ilLog;
930 
931  if (!isset($a_rol_id) or !isset($a_type))
932  {
933  $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
934  "role_id: ".$a_rol_id.
935  "type: ".$a_type.
936  "parent_id: ".$a_parent;
937  $ilLog->logStack("Missing parameter! ");
938  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
939  }
940 
941  $ops_arr = array();
942 
943  // if no rolefolder id is given, assume global role folder as target
944  if ($a_parent == 0)
945  {
946  $a_parent = ROLE_FOLDER_ID;
947  }
948 
949  $query = "SELECT ops_id FROM rbac_templates ".
950  "WHERE type =".$ilDB->quote($a_type,'text')." ".
951  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
952  "AND parent = ".$ilDB->quote($a_parent,'integer');
953  $res = $ilDB->query($query);
954  while ($row = $ilDB->fetchObject($res))
955  {
956  $ops_arr[] = $row->ops_id;
957  }
958 
959  return $ops_arr;
960  }
961 
969  public function getRoleOperationsOnObject($a_role_id,$a_ref_id)
970  {
971  global $ilDB;
972 
973  $query = "SELECT * FROM rbac_pa ".
974  "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
975  "AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
976 
977  $res = $ilDB->query($query);
978  while($row = $ilDB->fetchObject($res))
979  {
980  $ops = unserialize($row->ops_id);
981  }
982 
983  return $ops ? $ops : array();
984  }
985 
993  public function getOperationsOnType($a_typ_id)
994  {
995  global $ilDB;
996 
997  if (!isset($a_typ_id))
998  {
999  $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1000  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1001  }
1002 
1003  #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1004 
1005  $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id '.
1006  'WHERE typ_id = '.$ilDB->quote($a_typ_id,'integer').' '.
1007  'ORDER BY op_order';
1008 
1009  $res = $ilDB->query($query);
1010 
1011  while($row = $ilDB->fetchObject($res))
1012  {
1013  $ops_id[] = $row->ops_id;
1014  }
1015 
1016  return $ops_id ? $ops_id : array();
1017  }
1018 
1027  public function getOperationsOnTypeString($a_type)
1028  {
1029  global $ilDB;
1030 
1031  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
1032 
1033 
1034  $res = $this->ilDB->query($query);
1035  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1036  {
1037  return $this->getOperationsOnType($row->obj_id);
1038  }
1039  return false;
1040  }
1041 
1049  public function getOperationsByTypeAndClass($a_type,$a_class)
1050  {
1051  global $ilDB;
1052 
1053  if($a_class != 'create')
1054  {
1055  $condition = "AND class != ".$ilDB->quote('create','text');
1056  }
1057  else
1058  {
1059  $condition = "AND class = ".$ilDB->quote('create','text');
1060  }
1061 
1062  $query = "SELECT ro.ops_id FROM rbac_operations ro ".
1063  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id ".
1064  "JOIN object_data od ON rt.typ_id = od.obj_id ".
1065  "WHERE type = ".$ilDB->quote('typ','text')." ".
1066  "AND title = ".$ilDB->quote($a_type,'text')." ".
1067  $condition." ".
1068  "ORDER BY op_order ";
1069 
1070  $res = $ilDB->query($query);
1071 
1072  $ops = array();
1073  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1074  {
1075  $ops[] = $row->ops_id;
1076  }
1077  return $ops;
1078  }
1079 
1080 
1090  public function getObjectsWithStopedInheritance($a_rol_id,$a_filter = array())
1091  {
1092  global $ilDB;
1093 
1094  #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1095  # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1096  # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1097 
1098  $query = 'SELECT parent p FROM rbac_fa '.
1099  'WHERE assign = '.$ilDB->quote('n','text').' '.
1100  'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1101 
1102  if($a_filter)
1103  {
1104  $query .= ('AND '.$ilDB->in('parent',(array) $a_filter,false,'integer'));
1105  }
1106 
1107  $res = $ilDB->query($query);
1108  $parent = array();
1109  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1110  {
1111  $parent[] = $row->p;
1112  }
1113  return $parent;
1114  }
1115 
1123  public function isDeleted($a_node_id)
1124  {
1125  global $ilDB;
1126 
1127  $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1128  $r = $this->ilDB->query($q);
1129 
1130  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1131 
1132  if (!$row)
1133  {
1134  $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1135  get_class($this),
1136  $a_node_id);
1137  $this->log->write($message,$this->log->FATAL);
1138 
1139  return true;
1140  }
1141 
1142  // rolefolder is deleted
1143  if ($row->tree < 0)
1144  {
1145  return true;
1146  }
1147 
1148  return false;
1149  }
1150 
1157  public function isGlobalRole($a_role_id)
1158  {
1159  return in_array($a_role_id,$this->getGlobalRoles());
1160  }
1161 
1171  public function getRolesByFilter($a_filter = 0,$a_user_id = 0, $title_filter = '')
1172  {
1173  global $ilDB;
1174 
1175  $assign = "y";
1176 
1177  switch($a_filter)
1178  {
1179  // all (assignable) roles
1180  case self::FILTER_ALL:
1181  return $this->getAssignableRoles(true,true,$title_filter);
1182  break;
1183 
1184  // all (assignable) global roles
1185  case self::FILTER_ALL_GLOBAL:
1186  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
1187  break;
1188 
1189  // all (assignable) local roles
1190  case self::FILTER_ALL_LOCAL:
1191  case self::FILTER_INTERNAL:
1192  case self::FILTER_NOT_INTERNAL:
1193  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
1194  break;
1195 
1196  // all role templates
1197  case self::FILTER_TEMPLATES:
1198  $where = "WHERE object_data.type = 'rolt'";
1199  $assign = "n";
1200  break;
1201 
1202  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1203  case 0:
1204  default:
1205  if(!$a_user_id)
1206  return array();
1207 
1208  $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
1209  break;
1210  }
1211 
1212  $roles = array();
1213 
1214  $query = "SELECT * FROM object_data ".
1215  "JOIN rbac_fa ON obj_id = rol_id ".
1216  $where.
1217  "AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
1218 
1219  if(strlen($title_filter))
1220  {
1221  $query .= (' AND '.$ilDB->like(
1222  'title',
1223  'text',
1224  '%'.$title_filter.'%'
1225  ));
1226  }
1227 
1228  $res = $ilDB->query($query);
1229  while($row = $ilDB->fetchAssoc($res))
1230  {
1231  $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1232 
1233  // all (assignable) internal local roles only
1234  if ($a_filter == 4 and !$prefix)
1235  {
1236  continue;
1237  }
1238 
1239  // all (assignable) non internal local roles only
1240  if ($a_filter == 5 and $prefix)
1241  {
1242  continue;
1243  }
1244 
1245  $row["desc"] = $row["description"];
1246  $row["user_id"] = $row["owner"];
1247  $roles[] = $row;
1248  }
1249 
1250  $roles = $this->__setRoleType($roles);
1251 
1252  return $roles ? $roles : array();
1253  }
1254 
1262  public function getTypeId($a_type)
1263  {
1264  global $ilDB;
1265 
1266  $q = "SELECT obj_id FROM object_data ".
1267  "WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
1268  $r = $ilDB->query($q);
1269 
1270  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1271  return $row->obj_id;
1272  }
1273 
1284  public static function _getOperationIdsByName($operations)
1285  {
1286  global $ilDB;
1287 
1288  if(!count($operations))
1289  {
1290  return array();
1291  }
1292 
1293  $query = 'SELECT ops_id FROM rbac_operations '.
1294  'WHERE '.$ilDB->in('operation',$operations,false,'text');
1295 
1296  $res = $ilDB->query($query);
1297  while($row = $ilDB->fetchObject($res))
1298  {
1299  $ops_ids[] = $row->ops_id;
1300  }
1301  return $ops_ids ? $ops_ids : array();
1302  }
1303 
1312  public static function _getOperationIdByName($a_operation)
1313  {
1314  global $ilDB,$ilErr;
1315 
1316  if (!isset($a_operation))
1317  {
1318  $message = "perm::getOperationId(): No operation given!";
1319  $ilErr->raiseError($message,$ilErr->WARNING);
1320  }
1321 
1322  // Cache operation ids
1323  if (! is_array(self::$_opsCache)) {
1324  self::$_opsCache = array();
1325 
1326  $q = "SELECT ops_id, operation FROM rbac_operations";
1327  $r = $ilDB->query($q);
1328  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1329  {
1330  self::$_opsCache[$row->operation] = $row->ops_id;
1331  }
1332  }
1333 
1334  // Get operation ID by name from cache
1335  if (array_key_exists($a_operation, self::$_opsCache)) {
1336  return self::$_opsCache[$a_operation];
1337  }
1338  return null;
1339  }
1340 
1347  public static function lookupCreateOperationIds($a_type_arr)
1348  {
1349  global $ilDB;
1350 
1351  $operations = array();
1352  foreach($a_type_arr as $type)
1353  {
1354  $operations[] = ('create_'.$type);
1355  }
1356 
1357  if(!count($operations))
1358  {
1359  return array();
1360  }
1361 
1362  $query = 'SELECT ops_id, operation FROM rbac_operations '.
1363  'WHERE '.$ilDB->in('operation',$operations,false,'text');
1364 
1365  $res = $ilDB->query($query);
1366 
1367  $ops_ids = array();
1368  while($row = $ilDB->fetchObject($res))
1369  {
1370  $type_arr = explode('_', $row->operation);
1371  $type = $type_arr[1];
1372 
1373  $ops_ids[$type] = $row->ops_id;
1374  }
1375  return $ops_ids;
1376  }
1377 
1378 
1379 
1388  public function isProtected($a_ref_id,$a_role_id)
1389  {
1390  global $ilDB;
1391 
1392  // ref_id not used yet. protected permission acts 'global' for each role,
1393  $query = "SELECT protected FROM rbac_fa ".
1394  "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1395  $res = $ilDB->query($query);
1396  $row = $ilDB->fetchAssoc($res);
1397 
1398  return ilUtil::yn2tf($row['protected']);
1399  }
1400 
1408  public function isBlockedAtPosition($a_role_id, $a_ref_id)
1409  {
1410  global $ilDB;
1411 
1412  $query = 'SELECT blocked from rbac_fa '.
1413  'WHERE rol_id = '. $ilDB->quote($a_role_id,'integer').' '.
1414  'AND parent = '.$ilDB->quote($a_ref_id,'integer');
1415  $res = $ilDB->query($query);
1416  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1417  {
1418  return (bool) $row->blocked;
1419  }
1420  return FALSE;
1421  }
1422 
1428  public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1429  {
1430  global $ilDB, $tree;
1431 
1432  if($this->isBlockedAtPosition($a_role_id, $a_ref_id))
1433  {
1434  return FALSE;
1435  }
1436  $query = 'SELECT parent from rbac_fa '.
1437  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1438  'AND blocked = '.$ilDB->quote(1,'integer');
1439  $res = $ilDB->query($query);
1440 
1441  $parent_ids = array();
1442  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1443  {
1444  $parent_ids[] = $row->parent;
1445  }
1446 
1447  foreach($parent_ids as $parent_id)
1448  {
1449  if($tree->isGrandChild($parent_id, $a_ref_id))
1450  {
1451  return TRUE;
1452  }
1453  }
1454  return FALSE;
1455  }
1456 
1457  // this method alters the protected status of role regarding the current user's role assignment
1458  // and current postion in the hierarchy.
1459 
1471  protected function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1472  {
1473  //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1474 
1475  global $rbacsystem,$ilUser,$log;
1476 
1477  if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
1478  {
1479  $leveladmin = true;
1480  }
1481  else
1482  {
1483  $leveladmin = false;
1484  }
1485  #vd("RoleHierarchy",$a_role_hierarchy);
1486  foreach ($a_role_hierarchy as $role_id => $rolf_id)
1487  {
1488  //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1489  #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1490  //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1491 
1492  if ($leveladmin == true)
1493  {
1494  $a_parent_roles[$role_id]['protected'] = false;
1495  continue;
1496  }
1497 
1498  if ($a_parent_roles[$role_id]['protected'] == true)
1499  {
1500  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
1501 
1502  #vd("intersection",$arr_lvl_roles_user);
1503 
1504  foreach ($arr_lvl_roles_user as $lvl_role_id)
1505  {
1506  #echo "<br/>level_role: ".$lvl_role_id;
1507  #echo "<br/>a_ref_id: ".$a_ref_id;
1508 
1509  //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1510  // check if role grants 'edit_permission' to parent
1511  $rolf = $a_parent_roles[$role_id]['parent'];
1512  #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
1513  if ($rbacsystem->checkPermission($rolf,$lvl_role_id,'edit_permission'))
1514  {
1515  #echo "<br />Permission granted";
1516  //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1517  // user may change permissions of that higher-ranked role
1518  $a_parent_roles[$role_id]['protected'] = false;
1519 
1520  // remember successful check
1521  //$leveladmin = true;
1522  }
1523  }
1524  }
1525  }
1526  return $a_parent_roles;
1527  }
1528 
1539  public static function _getOperationList($a_type = null)
1540  {
1541  global $ilDB;
1542 
1543  $arr = array();
1544 
1545  if ($a_type)
1546  {
1547  $query = sprintf('SELECT * FROM rbac_operations '.
1548  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
1549  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
1550  'WHERE object_data.title = %s '.
1551  'AND object_data.type = %s '.
1552  'ORDER BY op_order ASC',
1553  $ilDB->quote($a_type,'text'),
1554  $ilDB->quote('typ','text'));
1555  }
1556  else
1557  {
1558  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1559  }
1560  $res = $ilDB->query($query);
1561  while ($row = $ilDB->fetchAssoc($res))
1562  {
1563  $arr[] = array(
1564  "ops_id" => $row['ops_id'],
1565  "operation" => $row['operation'],
1566  "desc" => $row['description'],
1567  "class" => $row['class'],
1568  "order" => $row['op_order']
1569  );
1570  }
1571  return $arr;
1572  }
1573 
1580  public static function _groupOperationsByClass($a_ops_arr)
1581  {
1582  $arr = array();
1583 
1584  foreach ($a_ops_arr as $ops)
1585  {
1586  $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
1587  'name' => $ops['operation']
1588  );
1589  }
1590  return $arr;
1591  }
1592 
1602  public function getObjectOfRole($a_role_id)
1603  {
1604  // internal cache
1605  static $obj_cache = array();
1606 
1607  global $ilDB;
1608 
1609 
1610  if(isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id])
1611  {
1612  return $obj_cache[$a_role_id];
1613  }
1614 
1615  $query = 'SELECT obr.obj_id FROM rbac_fa rfa '.
1616  'JOIN object_reference obr ON rfa.parent = obr.ref_id '.
1617  'WHERE assign = '.$ilDB->quote('y','text'). ' '.
1618  'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1619  'AND deleted IS NULL';
1620 
1621  #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1622  # "JOIN tree ON rfa.parent = tree.child ".
1623  # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1624  # "WHERE tree.tree = 1 ".
1625  # "AND assign = 'y' ".
1626  # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1627  $res = $ilDB->query($query);
1628 
1629  $obj_cache[$a_role_id] = 0;
1630  while($row = $ilDB->fetchObject($res))
1631  {
1632  $obj_cache[$a_role_id] = $row->obj_id;
1633  }
1634  return $obj_cache[$a_role_id];
1635  }
1636 
1643  public function getObjectReferenceOfRole($a_role_id)
1644  {
1645  global $ilDB;
1646 
1647  $query = 'SELECT parent p_ref FROM rbac_fa '.
1648  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1649  'AND assign = '.$ilDB->quote('y','text');
1650 
1651  $res = $ilDB->query($query);
1652  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1653  {
1654  return $row->p_ref;
1655  }
1656  return 0;
1657  }
1658 
1666  public function isRoleDeleted ($a_role_id)
1667  {
1668  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1669  $deleted = true;
1670  if (count($rolf_list))
1671  {
1672  foreach ($rolf_list as $rolf) {
1673  // only list roles that are not set to status "deleted"
1674  if (!$this->isDeleted($rolf))
1675  {
1676  $deleted = false;
1677  break;
1678  }
1679  }
1680  }
1681  return $deleted;
1682  }
1683 
1684 
1692  public function getRolesForIDs($role_ids, $use_templates)
1693  {
1694  global $ilDB;
1695 
1696  $role_list = array();
1697 
1698  $where = $this->__setTemplateFilter($use_templates);
1699 
1700  $query = "SELECT * FROM object_data ".
1701  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
1702  $where.
1703  "AND rbac_fa.assign = 'y' " .
1704  'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
1705 
1706  $res = $ilDB->query($query);
1707  while($row = $ilDB->fetchAssoc($res))
1708  {
1709  $row["desc"] = $row["description"];
1710  $row["user_id"] = $row["owner"];
1711  $role_list[] = $row;
1712  }
1713 
1714  $role_list = $this->__setRoleType($role_list);
1715  return $role_list;
1716  }
1717 
1723  public function getOperationAssignment()
1724  {
1725  global $ilDB;
1726 
1727  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
1728  'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
1729  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1730  $res = $ilDB->query($query);
1731 
1732  $counter = 0;
1733  while($row = $ilDB->fetchObject($res))
1734  {
1735  $info[$counter]['typ_id'] = $row->typ_id;
1736  $info[$counter]['type'] = $row->title;
1737  $info[$counter]['ops_id'] = $row->ops_id;
1738  $info[$counter]['operation'] = $row->operation;
1739  $counter++;
1740  }
1741  return $info ? $info : array();
1742 
1743  }
1744 
1752  public function isDeleteable($a_role_id, $a_rolf_id)
1753  {
1754  if(!$this->isAssignable($a_role_id, $a_rolf_id))
1755  {
1756  return false;
1757  }
1758  if($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID)
1759  {
1760  return false;
1761  }
1762  if(substr(ilObject::_lookupTitle($a_role_id),0,3) == 'il_')
1763  {
1764  return false;
1765  }
1766  return true;
1767  }
1768 
1775  public function isSystemGeneratedRole($a_role_id)
1776  {
1777  $title = ilObject::_lookupTitle($a_role_id);
1778  return substr($title,0,3) == 'il_' ? true : false;
1779  }
1780 
1781 
1789  public function getRoleFolderOfRole($a_role_id)
1790  {
1791  global $ilDB;
1792 
1793  if(ilObject::_lookupType($a_role_id) == 'role')
1794  {
1795  $and = ('AND assign = '.$ilDB->quote('y','text'));
1796  }
1797  else
1798  {
1799  $and = '';
1800  }
1801 
1802  $query = 'SELECT * FROM rbac_fa '.
1803  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1804  $and;
1805  $res = $ilDB->query($query);
1806  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1807  {
1808  return $row->parent;
1809  }
1810  return 0;
1811  }
1812 
1820  public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1821  {
1822  global $ilDB;
1823 
1824  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua ".
1825  "ON (rbac_pa.rol_id = rbac_ua.rol_id) ".
1826  "WHERE rbac_ua.usr_id = ".$ilDB->quote($a_user_id,'integer')." ".
1827  "AND rbac_pa.ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
1828 
1829  $res = $ilDB->query($query);
1830  $all_ops = array();
1831  while ($row = $ilDB->fetchObject($res))
1832  {
1833  $ops = unserialize($row->ops_id);
1834  $all_ops = array_merge($all_ops, $ops);
1835  }
1836  $all_ops = array_unique($all_ops);
1837 
1838  $set = $ilDB->query("SELECT operation FROM rbac_operations ".
1839  " WHERE ".$ilDB->in("ops_id", $all_ops, false, "integer"));
1840  $perms = array();
1841  while ($rec = $ilDB->fetchAssoc($set))
1842  {
1843  $perms[] = $rec["operation"];
1844  }
1845 
1846  return $perms;
1847  }
1848 
1855  public function setAssignedCacheEntry($a_role_id,$a_user_id, $a_value)
1856  {
1857  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1858  }
1859 
1866  public function getAssignedCacheEntry($a_role_id,$a_user_id)
1867  {
1868  return self::$is_assigned_cache[$a_role_id][$a_user_id];
1869  }
1870 
1874  public function clearCaches()
1875  {
1876  self::$is_assigned_cache = array();
1877  self::$assigned_users_cache = array();
1878  }
1879 } // END class.ilRbacReview
1880 ?>
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1874
$ilErr
global $ilErr
Definition: raiseError.php:16
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:78
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:755
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1643
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1752
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) public.
Definition: class.ilRbacReview.php:1123
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:927
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id&#39;s by name.
Definition: class.ilRbacReview.php:1284
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(Array $a_roles)
Get the number of assigned users to roles ilDB $ilDB.
Definition: class.ilRbacReview.php:402
ilDB\query
query($sql, $a_handle_error=true)
Query.
Definition: class.ilDB.php:1415
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
ilDB $ilDB
Definition: class.ilRbacReview.php:1171
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container public.
Definition: class.ilRbacReview.php:185
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:685
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:531
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles public.
Definition: class.ilRbacReview.php:227
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:1049
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1539
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1723
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1428
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1157
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause private
Definition: class.ilRbacReview.php:326
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status type $rbacsystem type $ilUser type $log.
Definition: class.ilRbacReview.php:1471
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
ilDB $ilDB
Definition: class.ilRbacReview.php:969
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:142
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node public.
Definition: class.ilRbacReview.php:300
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1347
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:116
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:900
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1388
$counter
$counter
Definition: config-scanner.php:59
$a_type
$a_type
Definition: workflow.php:93
$info
$info
Definition: example_052.php:80
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users public.
Definition: class.ilRbacReview.php:557
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:771
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position ilDB $ilDB.
Definition: class.ilRbacReview.php:1408
$r
$r
Definition: example_031.php:79
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=FALSE)
Get roles of object.
Definition: class.ilRbacReview.php:645
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1866
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
ilDB $ilDB
Definition: class.ilRbacReview.php:1692
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id public
Definition: class.ilRbacReview.php:846
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1855
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:807
$ilUser
$ilUser
Definition: imgupload.php:18
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:725
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object ilDB $ilDB.
Definition: class.ilRbacReview.php:1262
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1666
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1602
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:490
$ilLog
$ilLog
Definition: inc.setup_header.php:130
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:871
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:154
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:591
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:612
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation public static
Definition: class.ilRbacReview.php:1312
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role public
Definition: class.ilRbacReview.php:458
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only &#39;global&#39; roles (with flag &#39;assign_users&#39;) public
Definition: class.ilRbacReview.php:787
ilRbacReview\__construct
__construct()
Constructor public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getOperations
getOperations()
get all possible operations public
Definition: class.ilRbacReview.php:824
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role ilDB $ilDB.
Definition: class.ilRbacReview.php:1789
ilDB
Database Wrapper.
Definition: class.ilDB.php:29
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role public
Definition: class.ilRbacReview.php:421
$ref_id
$ref_id
Definition: sahs_server.php:39
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type public
Definition: class.ilRbacReview.php:1027
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user public
Definition: class.ilRbacReview.php:510
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository public.
Definition: class.ilRbacReview.php:269
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1820
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:354
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:3228
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1580
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1775
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type public
Definition: class.ilRbacReview.php:993
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:735
if
PHPExcel root directory.
Definition: Database.php:30
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1090
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:19