ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
19class ilRbacReview
20{
21 const FILTER_ALL = 1;
22 const FILTER_ALL_GLOBAL = 2;
23 const FILTER_ALL_LOCAL = 3;
24 const FILTER_INTERNAL = 4;
25 const FILTER_NOT_INTERNAL = 5;
26 const FILTER_TEMPLATES = 6;
27
28 // Cache operation ids
29 private static $_opsCache = null;
30
34 protected static $assigned_users_cache = array();
35
39 protected static $is_assigned_cache = array();
40
44 protected $log;
45
50 public function __construct()
51 {
52 global $ilDB,$ilErr,$ilias;
53
54 $this->log = ilLoggerFactory::getLogger('ac');
55
56 // set db & error handler
57 (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
58
59 if (!isset($ilErr))
60 {
61 $ilErr = new ilErrorHandling();
62 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
63 }
64 else
65 {
66 $this->ilErr =& $ilErr;
67 }
68 }
69
78 public function roleExists($a_title,$a_id = 0)
79 {
80 global $ilDB;
81
82 if (empty($a_title))
83 {
84 $message = get_class($this)."::roleExists(): No title given!";
85 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
86 }
87
88 $clause = ($a_id) ? " AND obj_id != ".$ilDB->quote($a_id)." " : "";
89
90 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data ".
91 "WHERE title =".$ilDB->quote($a_title)." ".
92 "AND type IN('role','rolt')".
93 $clause." ";
94 $r = $this->ilDB->query($q);
95
96 while($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
97 {
98 return $row->obj_id;
99 }
100 return false;
101 }
102
116 protected function __getParentRoles($a_path,$a_templates)
117 {
118 if (!isset($a_path) or !is_array($a_path))
119 {
120 $message = get_class($this)."::getParentRoles(): No path given or wrong datatype!";
121 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
122 }
123
124 $parent_roles = array();
125 $role_hierarchy = array();
126
127 foreach($a_path as $ref_id)
128 {
129 $roles = $this->getRoleListByObject($ref_id,$a_templates);
130 foreach($roles as $role)
131 {
132 $id = $role["obj_id"];
133 $role["parent"] = $ref_id;
134 $parent_roles[$id] = $role;
135
136 if (!array_key_exists($role['obj_id'],$role_hierarchy))
137 {
138 $role_hierarchy[$id] = $ref_id;
139 }
140 }
141 }
142 return $this->__setProtectedStatus($parent_roles,$role_hierarchy,reset($a_path));
143 }
144
154 public function getParentRoleIds($a_endnode_id,$a_templates = false)
155 {
156 global $tree;
157
158 if (!isset($a_endnode_id))
159 {
160 $GLOBALS['ilLog']->logStack();
161 $message = get_class($this)."::getParentRoleIds(): No node_id (ref_id) given!";
162 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
163 }
164
165 //var_dump($a_endnode_id);exit;
166 //$log->write("ilRBACreview::getParentRoleIds(), 0");
167 $pathIds = $tree->getPathId($a_endnode_id);
168
169 // add system folder since it may not in the path
170 //$pathIds[0] = SYSTEM_FOLDER_ID;
171 $pathIds[0] = ROLE_FOLDER_ID;
172 //$log->write("ilRBACreview::getParentRoleIds(), 1");
173 #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
174 return $this->__getParentRoles($pathIds,$a_templates);
175 }
176
185 public function getRoleListByObject($a_ref_id,$a_templates = false)
186 {
187 global $ilDB;
188
189 if (!isset($a_ref_id) or !isset($a_templates))
190 {
191 $message = get_class($this)."::getRoleListByObject(): Missing parameter!".
192 "ref_id: ".$a_ref_id.
193 "tpl_flag: ".$a_templates;
194 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
195 }
196
197 $role_list = array();
198
199 $where = $this->__setTemplateFilter($a_templates);
200
201 $query = "SELECT * FROM object_data ".
202 "JOIN rbac_fa ON obj_id = rol_id ".
203 $where.
204 "AND object_data.obj_id = rbac_fa.rol_id ".
205 "AND rbac_fa.parent = ".$ilDB->quote($a_ref_id,'integer')." ";
206
207 $res = $ilDB->query($query);
208 while ($row = $ilDB->fetchAssoc($res))
209 {
210 $row["desc"] = $row["description"];
211 $row["user_id"] = $row["owner"];
212 $role_list[] = $row;
213 }
214
215 $role_list = $this->__setRoleType($role_list);
216
217 return $role_list;
218 }
219
227 function getAssignableRoles($a_templates = false,$a_internal_roles = false, $title_filter = '')
228 {
229 global $ilDB;
230
231 $role_list = array();
232
233 $where = $this->__setTemplateFilter($a_templates);
234
235 $query = "SELECT * FROM object_data ".
236 "JOIN rbac_fa ON obj_id = rol_id ".
237 $where.
238 "AND rbac_fa.assign = 'y' ";
239
240 if(strlen($title_filter))
241 {
242 $query .= (' AND '.$ilDB->like(
243 'title',
244 'text',
245 $title_filter.'%'
246 ));
247 }
248 $res = $ilDB->query($query);
249
250 while ($row = $ilDB->fetchAssoc($res))
251 {
252 $row["desc"] = $row["description"];
253 $row["user_id"] = $row["owner"];
254 $role_list[] = $row;
255 }
256
257 $role_list = $this->__setRoleType($role_list);
258
259 return $role_list;
260 }
261
269 public function getAssignableRolesInSubtree($ref_id)
270 {
271 global $ilDB;
272
273 $query = 'SELECT rol_id FROM rbac_fa fa '.
274 'JOIN tree t1 ON t1.child = fa.parent '.
275 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
276 'WHERE assign = '.$ilDB->quote('y','text').' '.
277 'AND obd.type = '.$ilDB->quote('role','text').' '.
278 'AND t1.child IN ('.
279 $GLOBALS['tree']->getSubTreeQuery($ref_id,array('child')).' '.
280 ') ';
281
282
283 $res = $ilDB->query($query);
284
285 $role_list = array();
286 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
287 {
288 $role_list[] = $row->rol_id;
289 }
290 return $role_list;
291 }
292
300 public function getAssignableChildRoles($a_ref_id)
301 {
302 global $ilDB;
303
304 $query = "SELECT fa.*, rd.* ".
305 "FROM object_data rd ".
306 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id ".
307 "WHERE fa.assign = 'y' ".
308 "AND fa.parent = ".$this->ilDB->quote($a_ref_id,'integer')." "
309 ;
310
311 $res = $ilDB->query($query);
312 while($row = $ilDB->fetchAssoc($res))
313 {
314 $roles_data[] = $row;
315 }
316 return $roles_data ? $roles_data : array();
317 }
318
326 protected function __setTemplateFilter($a_templates)
327 {
328 global $ilDB;
329
330 if ($a_templates === true)
331 {
332 $where = "WHERE ".$ilDB->in('object_data.type',array('role','rolt'),false,'text')." ";
333 }
334 else
335 {
336 $where = "WHERE ".$ilDB->in('object_data.type',array('role'),false,'text')." ";
337 }
338
339 return $where;
340 }
341
354 protected function __setRoleType($a_role_list)
355 {
356 foreach ($a_role_list as $key => $val)
357 {
358 // determine role type
359 if ($val["type"] == "rolt")
360 {
361 $a_role_list[$key]["role_type"] = "template";
362 }
363 else
364 {
365 if ($val["assign"] == "y")
366 {
367 if ($val["parent"] == ROLE_FOLDER_ID)
368 {
369 $a_role_list[$key]["role_type"] = "global";
370 }
371 else
372 {
373 $a_role_list[$key]["role_type"] = "local";
374 }
375 }
376 else
377 {
378 $a_role_list[$key]["role_type"] = "linked";
379 }
380 }
381
382 if ($val["protected"] == "y")
383 {
384 $a_role_list[$key]["protected"] = true;
385 }
386 else
387 {
388 $a_role_list[$key]["protected"] = false;
389 }
390 }
391
392 return $a_role_list;
393 }
394
402 public function getNumberOfAssignedUsers(Array $a_roles)
403 {
404 global $ilDB;
405
406 $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua '.
407 'WHERE '.$ilDB->in('rol_id', $a_roles, false, 'integer').' ';
408
409 $res = $ilDB->query($query);
410 $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
411 return $row->num ? $row->num : 0;
412 }
413
414
421 public function assignedUsers($a_rol_id)
422 {
423 global $ilBench,$ilDB;
424
425 if (!isset($a_rol_id))
426 {
427 $message = get_class($this)."::assignedUsers(): No role_id given!";
428 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
429 }
430 if(isset(self::$assigned_users_cache[$a_rol_id]))
431 {
432 return self::$assigned_users_cache[$a_rol_id];
433 }
434
435 $result_arr = array();
436
437 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= ".$ilDB->quote($a_rol_id,'integer');
438 $res = $ilDB->query($query);
439 while($row = $ilDB->fetchAssoc($res))
440 {
441 array_push($result_arr, $row["usr_id"]);
442 }
443
444 self::$assigned_users_cache[$a_rol_id] = $result_arr;
445
446 return $result_arr;
447 }
448
449
458 public function isAssigned($a_usr_id,$a_role_id)
459 {
460 if(isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
461 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
462 }
463 // Quickly determine if user is assigned to a role
464 global $ilDB;
465
466 $ilDB->setLimit(1,0);
467 $query = "SELECT usr_id FROM rbac_ua WHERE ".
468 "rol_id= ".$ilDB->quote($a_role_id,'integer')." ".
469 "AND usr_id= ".$ilDB->quote($a_usr_id);
470 $res = $ilDB->query($query);
471
472 $is_assigned = $res->numRows() == 1;
473 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
474
475 return $is_assigned;
476 }
477
490 public function isAssignedToAtLeastOneGivenRole($a_usr_id,$a_role_ids)
491 {
492 global $ilDB;
493
494 $ilDB->setLimit(1,0);
495 $query = "SELECT usr_id FROM rbac_ua WHERE ".
496 $ilDB->in('rol_id',$a_role_ids,false,'integer').
497 " AND usr_id= ".$ilDB->quote($a_usr_id);
498 $res = $ilDB->query($query);
499
500 return $ilDB->numRows($res) == 1;
501 }
502
510 public function assignedRoles($a_usr_id)
511 {
512 global $ilDB;
513
514 $role_arr = array();
515
516 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
517
518 $res = $ilDB->query($query);
519 while($row = $ilDB->fetchObject($res))
520 {
521 $role_arr[] = $row->rol_id;
522 }
523 return $role_arr ? $role_arr : array();
524 }
525
531 public function assignedGlobalRoles($a_usr_id)
532 {
533 global $ilDB;
534
535 $query = "SELECT ua.rol_id FROM rbac_ua ua ".
536 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id ".
537 "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer').' '.
538 "AND parent = ".$ilDB->quote(ROLE_FOLDER_ID)." ".
539 "AND assign = 'y' ";
540
541 $res = $ilDB->query($query);
542 while($row = $ilDB->fetchObject($res))
543 {
544 $role_arr[] = $row->rol_id;
545 }
546 return $role_arr ? $role_arr : array();
547 }
548
557 public function isAssignable($a_rol_id, $a_ref_id)
558 {
559 global $ilBench,$ilDB;
560
561 $ilBench->start("RBAC", "review_isAssignable");
562
563 // exclude system role from rbac
564 if ($a_rol_id == SYSTEM_ROLE_ID)
565 {
566 $ilBench->stop("RBAC", "review_isAssignable");
567 return true;
568 }
569
570 if (!isset($a_rol_id) or !isset($a_ref_id))
571 {
572 $message = get_class($this)."::isAssignable(): Missing parameter!".
573 " role_id: ".$a_rol_id." ,ref_id: ".$a_ref_id;
574 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
575 }
576 $query = "SELECT * FROM rbac_fa ".
577 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
578 "AND parent = ".$ilDB->quote($a_ref_id,'integer')." ";
579 $res = $ilDB->query($query);
580 $row = $ilDB->fetchObject($res);
581
582 $ilBench->stop("RBAC", "review_isAssignable");
583 return $row->assign == 'y' ? true : false;
584 }
585
591 public function hasMultipleAssignments($a_role_id)
592 {
593 global $ilDB;
594
595 $query = "SELECT * FROM rbac_fa WHERE rol_id = ".$ilDB->quote($a_role_id,'integer').' '.
596 "AND assign = ".$ilDB->quote('y','text');
597 $res = $ilDB->query($query);
598 return $res->numRows() > 1;
599 }
600
612 public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
613 {
614 global $ilDB;
615
616 if (!isset($a_rol_id))
617 {
618 $message = get_class($this)."::getFoldersAssignedToRole(): No role_id given!";
619 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
620 }
621
622 if ($a_assignable)
623 {
624 $where = " AND assign ='y'";
625 }
626
627 $query = "SELECT DISTINCT parent FROM rbac_fa ".
628 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".$where." ";
629
630 $res = $ilDB->query($query);
631 while($row = $ilDB->fetchObject($res))
632 {
633 $folders[] = $row->parent;
634 }
635 return $folders ? $folders : array();
636 }
637
645 public function getRolesOfObject($a_ref_id, $a_assignable_only = FALSE)
646 {
647 global $ilDB;
648
649 if(!isset($a_ref_id))
650 {
651 $GLOBALS['ilLog']->logStack();
652 throw new InvalidArgumentException(__METHOD__.': No ref_id given!');
653 }
654 if($a_assignable_only === TRUE)
655 {
656 $and = 'AND assign = '.$ilDB->quote('y','text');
657 }
658 $query = "SELECT rol_id FROM rbac_fa ".
659 "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
660 $and;
661
662 $res = $ilDB->query($query);
663
664 $role_ids = array();
665 while($row = $ilDB->fetchObject($res))
666 {
667 $role_ids[] = $row->rol_id;
668 }
669 return $role_ids;
670 }
671
672
673
674
685 public function getRolesOfRoleFolder($a_ref_id,$a_nonassignable = true)
686 {
687 global $ilBench,$ilDB,$ilLog;
688
689 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
690
691 if (!isset($a_ref_id))
692 {
693 $message = get_class($this)."::getRolesOfRoleFolder(): No ref_id given!";
694 ilLoggerFactory::getLogger('ac')->logStack();
695 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
696
697 }
698
699 if ($a_nonassignable === false)
700 {
701 $and = " AND assign='y'";
702 }
703
704 $query = "SELECT rol_id FROM rbac_fa ".
705 "WHERE parent = ".$ilDB->quote($a_ref_id,'integer')." ".
706 $and;
707
708 $res = $ilDB->query($query);
709 while($row = $ilDB->fetchObject($res))
710 {
711 $rol_id[] = $row->rol_id;
712 }
713
714 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
715
716 return $rol_id ? $rol_id : array();
717 }
718
725 public function getGlobalRoles()
726 {
727 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false);
728 }
729
735 public function getLocalRoles($a_ref_id)
736 {
737 global $ilDB;
738
739 $lroles = array();
740 foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
741 {
742 if($this->isAssignable($role_id, $a_ref_id))
743 {
744 $lroles[] = $role_id;
745 }
746 }
747 return $lroles;
748 }
749
755 public function getLocalPolicies($a_ref_id)
756 {
757 $lroles = array();
758 foreach($this->getRolesOfRoleFolder($a_ref_id) as $role_id)
759 {
760 $lroles[] = $role_id;
761 }
762 return $lroles;
763 }
764
771 public function getGlobalRolesArray()
772 {
773 foreach($this->getRolesOfRoleFolder(ROLE_FOLDER_ID,false) as $role_id)
774 {
775 $ga[] = array('obj_id' => $role_id,
776 'role_type' => 'global');
777 }
778 return $ga ? $ga : array();
779 }
780
787 public function getGlobalAssignableRoles()
788 {
789 include_once './Services/AccessControl/classes/class.ilObjRole.php';
790
791 foreach($this->getGlobalRoles() as $role_id)
792 {
793 if(ilObjRole::_getAssignUsersStatus($role_id))
794 {
795 $ga[] = array('obj_id' => $role_id,
796 'role_type' => 'global');
797 }
798 }
799 return $ga ? $ga : array();
800 }
801
802
807 public function isRoleAssignedToObject($a_role_id, $a_parent_id)
808 {
809 global $rbacreview, $ilDB;
810
811 $query = 'SELECT * FROM rbac_fa '.
812 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
813 'AND parent = '.$ilDB->quote($a_parent_id,'integer');
814 $res = $ilDB->query($query);
815 return $res->numRows() ? true : false;
816 }
817
824 public function getOperations()
825 {
826 global $ilDB;
827
828 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
829 $res = $this->ilDB->query($query);
830 while($row = $ilDB->fetchObject($res))
831 {
832 $ops[] = array('ops_id' => $row->ops_id,
833 'operation' => $row->operation,
834 'description' => $row->description);
835 }
836
837 return $ops ? $ops : array();
838 }
839
846 public function getOperation($ops_id)
847 {
848 global $ilDB;
849
850 $query = 'SELECT * FROM rbac_operations WHERE ops_id = '.$ilDB->quote($ops_id,'integer');
851 $res = $this->ilDB->query($query);
852 while($row = $ilDB->fetchObject($res))
853 {
854 $ops = array('ops_id' => $row->ops_id,
855 'operation' => $row->operation,
856 'description' => $row->description);
857 }
858
859 return $ops ? $ops : array();
860 }
861
871 public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
872 {
873 global $ilDB;
874
875 if(!$a_parent)
876 {
877 $a_parent = ROLE_FOLDER_ID;
878 }
879
880 $query = "SELECT ops_id,type FROM rbac_templates ".
881 "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
882 "AND parent = ".$ilDB->quote($a_parent,'integer');
883 $res = $ilDB->query($query);
884
885 $ops_arr = array();
886 while ($row = $ilDB->fetchObject($res))
887 {
888 $ops_arr[$row->type][] = $row->ops_id;
889 }
890 return (array) $ops_arr;
891 }
892
900 public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
901 {
902 global $ilDB;
903
904 $query = 'SELECT * FROM rbac_pa '.
905 'WHERE ref_id = '.$ilDB->quote($a_ref_id,'integer').' '.
906 'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' ';
907
908 $res = $ilDB->query($query);
909 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC))
910 {
911 return unserialize($row['ops_id']);
912 }
913 return array();
914 }
915
916
927 public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
928 {
929 global $ilDB,$ilLog;
930
931 if (!isset($a_rol_id) or !isset($a_type))
932 {
933 $message = get_class($this)."::getOperationsOfRole(): Missing Parameter!".
934 "role_id: ".$a_rol_id.
935 "type: ".$a_type.
936 "parent_id: ".$a_parent;
937 $ilLog->logStack("Missing parameter! ");
938 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
939 }
940
941 $ops_arr = array();
942
943 // if no rolefolder id is given, assume global role folder as target
944 if ($a_parent == 0)
945 {
946 $a_parent = ROLE_FOLDER_ID;
947 }
948
949 $query = "SELECT ops_id FROM rbac_templates ".
950 "WHERE type =".$ilDB->quote($a_type,'text')." ".
951 "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ".
952 "AND parent = ".$ilDB->quote($a_parent,'integer');
953 $res = $ilDB->query($query);
954 while ($row = $ilDB->fetchObject($res))
955 {
956 $ops_arr[] = $row->ops_id;
957 }
958
959 return $ops_arr;
960 }
961
969 public function getRoleOperationsOnObject($a_role_id,$a_ref_id)
970 {
971 global $ilDB;
972
973 $query = "SELECT * FROM rbac_pa ".
974 "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ".
975 "AND ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
976
977 $res = $ilDB->query($query);
978 while($row = $ilDB->fetchObject($res))
979 {
980 $ops = unserialize($row->ops_id);
981 }
982
983 return $ops ? $ops : array();
984 }
985
993 public function getOperationsOnType($a_typ_id)
994 {
995 global $ilDB;
996
997 if (!isset($a_typ_id))
998 {
999 $message = get_class($this)."::getOperationsOnType(): No type_id given!";
1000 $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1001 }
1002
1003 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1004
1005 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id '.
1006 'WHERE typ_id = '.$ilDB->quote($a_typ_id,'integer').' '.
1007 'ORDER BY op_order';
1008
1009 $res = $ilDB->query($query);
1010
1011 while($row = $ilDB->fetchObject($res))
1012 {
1013 $ops_id[] = $row->ops_id;
1014 }
1015
1016 return $ops_id ? $ops_id : array();
1017 }
1018
1027 public function getOperationsOnTypeString($a_type)
1028 {
1029 global $ilDB;
1030
1031 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = ".$ilDB->quote($a_type ,'text')." ";
1032
1033
1034 $res = $this->ilDB->query($query);
1035 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1036 {
1037 return $this->getOperationsOnType($row->obj_id);
1038 }
1039 return false;
1040 }
1041
1049 public function getOperationsByTypeAndClass($a_type,$a_class)
1050 {
1051 global $ilDB;
1052
1053 if($a_class != 'create')
1054 {
1055 $condition = "AND class != ".$ilDB->quote('create','text');
1056 }
1057 else
1058 {
1059 $condition = "AND class = ".$ilDB->quote('create','text');
1060 }
1061
1062 $query = "SELECT ro.ops_id FROM rbac_operations ro ".
1063 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id ".
1064 "JOIN object_data od ON rt.typ_id = od.obj_id ".
1065 "WHERE type = ".$ilDB->quote('typ','text')." ".
1066 "AND title = ".$ilDB->quote($a_type,'text')." ".
1067 $condition." ".
1068 "ORDER BY op_order ";
1069
1070 $res = $ilDB->query($query);
1071
1072 $ops = array();
1073 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1074 {
1075 $ops[] = $row->ops_id;
1076 }
1077 return $ops;
1078 }
1079
1080
1090 public function getObjectsWithStopedInheritance($a_rol_id,$a_filter = array())
1091 {
1092 global $ilDB;
1093
1094 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1095 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1096 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1097
1098 $query = 'SELECT parent p FROM rbac_fa '.
1099 'WHERE assign = '.$ilDB->quote('n','text').' '.
1100 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1101
1102 if($a_filter)
1103 {
1104 $query .= ('AND '.$ilDB->in('parent',(array) $a_filter,false,'integer'));
1105 }
1106
1107 $res = $ilDB->query($query);
1108 $parent = array();
1109 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1110 {
1111 $parent[] = $row->p;
1112 }
1113 return $parent;
1114 }
1115
1123 public function isDeleted($a_node_id)
1124 {
1125 global $ilDB;
1126
1127 $q = "SELECT tree FROM tree WHERE child =".$ilDB->quote($a_node_id)." ";
1128 $r = $this->ilDB->query($q);
1129
1130 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1131
1132 if (!$row)
1133 {
1134 $message = sprintf('%s::isDeleted(): Role folder with ref_id %s not found!',
1135 get_class($this),
1136 $a_node_id);
1137 $this->log->write($message,$this->log->FATAL);
1138
1139 return true;
1140 }
1141
1142 // rolefolder is deleted
1143 if ($row->tree < 0)
1144 {
1145 return true;
1146 }
1147
1148 return false;
1149 }
1150
1157 public function isGlobalRole($a_role_id)
1158 {
1159 return in_array($a_role_id,$this->getGlobalRoles());
1160 }
1161
1171 public function getRolesByFilter($a_filter = 0,$a_user_id = 0, $title_filter = '')
1172 {
1173 global $ilDB;
1174
1175 $assign = "y";
1176
1177 switch($a_filter)
1178 {
1179 // all (assignable) roles
1180 case self::FILTER_ALL:
1181 return $this->getAssignableRoles(true,true,$title_filter);
1182 break;
1183
1184 // all (assignable) global roles
1185 case self::FILTER_ALL_GLOBAL:
1186 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),false,'integer').' ';
1187 break;
1188
1189 // all (assignable) local roles
1190 case self::FILTER_ALL_LOCAL:
1191 case self::FILTER_INTERNAL:
1192 case self::FILTER_NOT_INTERNAL:
1193 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->getGlobalRoles(),true,'integer');
1194 break;
1195
1196 // all role templates
1197 case self::FILTER_TEMPLATES:
1198 $where = "WHERE object_data.type = 'rolt'";
1199 $assign = "n";
1200 break;
1201
1202 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1203 case 0:
1204 default:
1205 if(!$a_user_id)
1206 return array();
1207
1208 $where = 'WHERE '.$ilDB->in('rbac_fa.rol_id',$this->assignedRoles($a_user_id),false,'integer').' ';
1209 break;
1210 }
1211
1212 $roles = array();
1213
1214 $query = "SELECT * FROM object_data ".
1215 "JOIN rbac_fa ON obj_id = rol_id ".
1216 $where.
1217 "AND rbac_fa.assign = ".$ilDB->quote($assign,'text')." ";
1218
1219 if(strlen($title_filter))
1220 {
1221 $query .= (' AND '.$ilDB->like(
1222 'title',
1223 'text',
1224 '%'.$title_filter.'%'
1225 ));
1226 }
1227
1228 $res = $ilDB->query($query);
1229 while($row = $ilDB->fetchAssoc($res))
1230 {
1231 $prefix = (substr($row["title"],0,3) == "il_") ? true : false;
1232
1233 // all (assignable) internal local roles only
1234 if ($a_filter == 4 and !$prefix)
1235 {
1236 continue;
1237 }
1238
1239 // all (assignable) non internal local roles only
1240 if ($a_filter == 5 and $prefix)
1241 {
1242 continue;
1243 }
1244
1245 $row["desc"] = $row["description"];
1246 $row["user_id"] = $row["owner"];
1247 $roles[] = $row;
1248 }
1249
1250 $roles = $this->__setRoleType($roles);
1251
1252 return $roles ? $roles : array();
1253 }
1254
1262 public function getTypeId($a_type)
1263 {
1264 global $ilDB;
1265
1266 $q = "SELECT obj_id FROM object_data ".
1267 "WHERE title=".$ilDB->quote($a_type ,'text')." AND type='typ'";
1268 $r = $ilDB->query($q);
1269
1270 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1271 return $row->obj_id;
1272 }
1273
1284 public static function _getOperationIdsByName($operations)
1285 {
1286 global $ilDB;
1287
1288 if(!count($operations))
1289 {
1290 return array();
1291 }
1292
1293 $query = 'SELECT ops_id FROM rbac_operations '.
1294 'WHERE '.$ilDB->in('operation',$operations,false,'text');
1295
1296 $res = $ilDB->query($query);
1297 while($row = $ilDB->fetchObject($res))
1298 {
1299 $ops_ids[] = $row->ops_id;
1300 }
1301 return $ops_ids ? $ops_ids : array();
1302 }
1303
1312 public static function _getOperationIdByName($a_operation)
1313 {
1314 global $ilDB,$ilErr;
1315
1316 if (!isset($a_operation))
1317 {
1318 $message = "perm::getOperationId(): No operation given!";
1319 $ilErr->raiseError($message,$ilErr->WARNING);
1320 }
1321
1322 // Cache operation ids
1323 if (! is_array(self::$_opsCache)) {
1324 self::$_opsCache = array();
1325
1326 $q = "SELECT ops_id, operation FROM rbac_operations";
1327 $r = $ilDB->query($q);
1328 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1329 {
1330 self::$_opsCache[$row->operation] = $row->ops_id;
1331 }
1332 }
1333
1334 // Get operation ID by name from cache
1335 if (array_key_exists($a_operation, self::$_opsCache)) {
1336 return self::$_opsCache[$a_operation];
1337 }
1338 return null;
1339 }
1340
1347 public static function lookupCreateOperationIds($a_type_arr)
1348 {
1349 global $ilDB;
1350
1351 $operations = array();
1352 foreach($a_type_arr as $type)
1353 {
1354 $operations[] = ('create_'.$type);
1355 }
1356
1357 if(!count($operations))
1358 {
1359 return array();
1360 }
1361
1362 $query = 'SELECT ops_id, operation FROM rbac_operations '.
1363 'WHERE '.$ilDB->in('operation',$operations,false,'text');
1364
1365 $res = $ilDB->query($query);
1366
1367 $ops_ids = array();
1368 while($row = $ilDB->fetchObject($res))
1369 {
1370 $type_arr = explode('_', $row->operation);
1371 $type = $type_arr[1];
1372
1373 $ops_ids[$type] = $row->ops_id;
1374 }
1375 return $ops_ids;
1376 }
1377
1378
1379
1388 public function isProtected($a_ref_id,$a_role_id)
1389 {
1390 global $ilDB;
1391
1392 // ref_id not used yet. protected permission acts 'global' for each role,
1393 $query = "SELECT protected FROM rbac_fa ".
1394 "WHERE rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1395 $res = $ilDB->query($query);
1396 $row = $ilDB->fetchAssoc($res);
1397
1398 return ilUtil::yn2tf($row['protected']);
1399 }
1400
1408 public function isBlockedAtPosition($a_role_id, $a_ref_id)
1409 {
1410 global $ilDB;
1411
1412 $query = 'SELECT blocked from rbac_fa '.
1413 'WHERE rol_id = '. $ilDB->quote($a_role_id,'integer').' '.
1414 'AND parent = '.$ilDB->quote($a_ref_id,'integer');
1415 $res = $ilDB->query($query);
1416 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1417 {
1418 return (bool) $row->blocked;
1419 }
1420 return FALSE;
1421 }
1422
1428 public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1429 {
1430 global $ilDB, $tree;
1431
1432 if($this->isBlockedAtPosition($a_role_id, $a_ref_id))
1433 {
1434 return FALSE;
1435 }
1436 $query = 'SELECT parent from rbac_fa '.
1437 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1438 'AND blocked = '.$ilDB->quote(1,'integer');
1439 $res = $ilDB->query($query);
1440
1441 $parent_ids = array();
1442 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1443 {
1444 $parent_ids[] = $row->parent;
1445 }
1446
1447 foreach($parent_ids as $parent_id)
1448 {
1449 if($tree->isGrandChild($parent_id, $a_ref_id))
1450 {
1451 return TRUE;
1452 }
1453 }
1454 return FALSE;
1455 }
1456
1457 // this method alters the protected status of role regarding the current user's role assignment
1458 // and current postion in the hierarchy.
1459
1471 protected function __setProtectedStatus($a_parent_roles,$a_role_hierarchy,$a_ref_id)
1472 {
1473 //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1474
1475 global $rbacsystem,$ilUser,$log;
1476
1477 if (in_array(SYSTEM_ROLE_ID,$this->assignedRoles($ilUser->getId())))
1478 {
1479 $leveladmin = true;
1480 }
1481 else
1482 {
1483 $leveladmin = false;
1484 }
1485 #vd("RoleHierarchy",$a_role_hierarchy);
1486 foreach ($a_role_hierarchy as $role_id => $rolf_id)
1487 {
1488 //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1489 #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1490 //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1491
1492 if ($leveladmin == true)
1493 {
1494 $a_parent_roles[$role_id]['protected'] = false;
1495 continue;
1496 }
1497
1498 if ($a_parent_roles[$role_id]['protected'] == true)
1499 {
1500 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()),array_keys($a_role_hierarchy,$rolf_id));
1501
1502 #vd("intersection",$arr_lvl_roles_user);
1503
1504 foreach ($arr_lvl_roles_user as $lvl_role_id)
1505 {
1506 #echo "<br/>level_role: ".$lvl_role_id;
1507 #echo "<br/>a_ref_id: ".$a_ref_id;
1508
1509 //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1510 // check if role grants 'edit_permission' to parent
1511 $rolf = $a_parent_roles[$role_id]['parent'];
1512 #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
1513 if ($rbacsystem->checkPermission($rolf,$lvl_role_id,'edit_permission'))
1514 {
1515 #echo "<br />Permission granted";
1516 //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1517 // user may change permissions of that higher-ranked role
1518 $a_parent_roles[$role_id]['protected'] = false;
1519
1520 // remember successful check
1521 //$leveladmin = true;
1522 }
1523 }
1524 }
1525 }
1526 return $a_parent_roles;
1527 }
1528
1539 public static function _getOperationList($a_type = null)
1540 {
1541 global $ilDB;
1542
1543 $arr = array();
1544
1545 if ($a_type)
1546 {
1547 $query = sprintf('SELECT * FROM rbac_operations '.
1548 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id '.
1549 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id '.
1550 'WHERE object_data.title = %s '.
1551 'AND object_data.type = %s '.
1552 'ORDER BY op_order ASC',
1553 $ilDB->quote($a_type,'text'),
1554 $ilDB->quote('typ','text'));
1555 }
1556 else
1557 {
1558 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1559 }
1560 $res = $ilDB->query($query);
1561 while ($row = $ilDB->fetchAssoc($res))
1562 {
1563 $arr[] = array(
1564 "ops_id" => $row['ops_id'],
1565 "operation" => $row['operation'],
1566 "desc" => $row['description'],
1567 "class" => $row['class'],
1568 "order" => $row['op_order']
1569 );
1570 }
1571 return $arr;
1572 }
1573
1580 public static function _groupOperationsByClass($a_ops_arr)
1581 {
1582 $arr = array();
1583
1584 foreach ($a_ops_arr as $ops)
1585 {
1586 $arr[$ops['class']][] = array ('ops_id' => $ops['ops_id'],
1587 'name' => $ops['operation']
1588 );
1589 }
1590 return $arr;
1591 }
1592
1602 public function getObjectOfRole($a_role_id)
1603 {
1604 // internal cache
1605 static $obj_cache = array();
1606
1607 global $ilDB;
1608
1609
1610 if(isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id])
1611 {
1612 return $obj_cache[$a_role_id];
1613 }
1614
1615 $query = 'SELECT obr.obj_id FROM rbac_fa rfa '.
1616 'JOIN object_reference obr ON rfa.parent = obr.ref_id '.
1617 'WHERE assign = '.$ilDB->quote('y','text'). ' '.
1618 'AND rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1619 'AND deleted IS NULL';
1620
1621 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1622 # "JOIN tree ON rfa.parent = tree.child ".
1623 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1624 # "WHERE tree.tree = 1 ".
1625 # "AND assign = 'y' ".
1626 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1627 $res = $ilDB->query($query);
1628
1629 $obj_cache[$a_role_id] = 0;
1630 while($row = $ilDB->fetchObject($res))
1631 {
1632 $obj_cache[$a_role_id] = $row->obj_id;
1633 }
1634 return $obj_cache[$a_role_id];
1635 }
1636
1643 public function getObjectReferenceOfRole($a_role_id)
1644 {
1645 global $ilDB;
1646
1647 $query = 'SELECT parent p_ref FROM rbac_fa '.
1648 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1649 'AND assign = '.$ilDB->quote('y','text');
1650
1651 $res = $ilDB->query($query);
1652 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1653 {
1654 return $row->p_ref;
1655 }
1656 return 0;
1657 }
1658
1666 public function isRoleDeleted ($a_role_id)
1667 {
1668 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1669 $deleted = true;
1670 if (count($rolf_list))
1671 {
1672 foreach ($rolf_list as $rolf) {
1673 // only list roles that are not set to status "deleted"
1674 if (!$this->isDeleted($rolf))
1675 {
1676 $deleted = false;
1677 break;
1678 }
1679 }
1680 }
1681 return $deleted;
1682 }
1683
1684
1692 public function getRolesForIDs($role_ids, $use_templates)
1693 {
1694 global $ilDB;
1695
1696 $role_list = array();
1697
1698 $where = $this->__setTemplateFilter($use_templates);
1699
1700 $query = "SELECT * FROM object_data ".
1701 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id ".
1702 $where.
1703 "AND rbac_fa.assign = 'y' " .
1704 'AND '.$ilDB->in('object_data.obj_id',$role_ids,false,'integer');
1705
1706 $res = $ilDB->query($query);
1707 while($row = $ilDB->fetchAssoc($res))
1708 {
1709 $row["desc"] = $row["description"];
1710 $row["user_id"] = $row["owner"];
1711 $role_list[] = $row;
1712 }
1713
1714 $role_list = $this->__setRoleType($role_list);
1715 return $role_list;
1716 }
1717
1723 public function getOperationAssignment()
1724 {
1725 global $ilDB;
1726
1727 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta '.
1728 'JOIN object_data obj ON obj.obj_id = ta.typ_id '.
1729 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1730 $res = $ilDB->query($query);
1731
1732 $counter = 0;
1733 while($row = $ilDB->fetchObject($res))
1734 {
1735 $info[$counter]['typ_id'] = $row->typ_id;
1736 $info[$counter]['type'] = $row->title;
1737 $info[$counter]['ops_id'] = $row->ops_id;
1738 $info[$counter]['operation'] = $row->operation;
1739 $counter++;
1740 }
1741 return $info ? $info : array();
1742
1743 }
1744
1752 public function isDeleteable($a_role_id, $a_rolf_id)
1753 {
1754 if(!$this->isAssignable($a_role_id, $a_rolf_id))
1755 {
1756 return false;
1757 }
1758 if($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID)
1759 {
1760 return false;
1761 }
1762 if(substr(ilObject::_lookupTitle($a_role_id),0,3) == 'il_')
1763 {
1764 return false;
1765 }
1766 return true;
1767 }
1768
1775 public function isSystemGeneratedRole($a_role_id)
1776 {
1777 $title = ilObject::_lookupTitle($a_role_id);
1778 return substr($title,0,3) == 'il_' ? true : false;
1779 }
1780
1781
1789 public function getRoleFolderOfRole($a_role_id)
1790 {
1791 global $ilDB;
1792
1793 if(ilObject::_lookupType($a_role_id) == 'role')
1794 {
1795 $and = ('AND assign = '.$ilDB->quote('y','text'));
1796 }
1797 else
1798 {
1799 $and = '';
1800 }
1801
1802 $query = 'SELECT * FROM rbac_fa '.
1803 'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
1804 $and;
1805 $res = $ilDB->query($query);
1806 while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
1807 {
1808 return $row->parent;
1809 }
1810 return 0;
1811 }
1812
1820 public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1821 {
1822 global $ilDB;
1823
1824 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua ".
1825 "ON (rbac_pa.rol_id = rbac_ua.rol_id) ".
1826 "WHERE rbac_ua.usr_id = ".$ilDB->quote($a_user_id,'integer')." ".
1827 "AND rbac_pa.ref_id = ".$ilDB->quote($a_ref_id,'integer')." ";
1828
1829 $res = $ilDB->query($query);
1830 $all_ops = array();
1831 while ($row = $ilDB->fetchObject($res))
1832 {
1833 $ops = unserialize($row->ops_id);
1834 $all_ops = array_merge($all_ops, $ops);
1835 }
1836 $all_ops = array_unique($all_ops);
1837
1838 $set = $ilDB->query("SELECT operation FROM rbac_operations ".
1839 " WHERE ".$ilDB->in("ops_id", $all_ops, false, "integer"));
1840 $perms = array();
1841 while ($rec = $ilDB->fetchAssoc($set))
1842 {
1843 $perms[] = $rec["operation"];
1844 }
1845
1846 return $perms;
1847 }
1848
1855 public function setAssignedCacheEntry($a_role_id,$a_user_id, $a_value)
1856 {
1857 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1858 }
1859
1866 public function getAssignedCacheEntry($a_role_id,$a_user_id)
1867 {
1868 return self::$is_assigned_cache[$a_role_id][$a_user_id];
1869 }
1870
1874 public function clearCaches()
1875 {
1876 self::$is_assigned_cache = array();
1877 self::$assigned_users_cache = array();
1878 }
1879} // END class.ilRbacReview
1880?>
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
if
PHPExcel root directory.
Definition: PHPExcel.php:30
php
An exception for terminatinating execution or to throw for unit testing.
ilDB
Database Wrapper.
Definition: class.ilDB.php:30
ilDB\query
query($sql, $a_handle_error=true)
Query.
Definition: class.ilDB.php:1415
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:142
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:20
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node @access public.
Definition: class.ilRbacReview.php:300
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1171
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1262
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1580
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:755
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(Array $a_roles)
Get the number of assigned users to roles @global ilDB $ilDB.
Definition: class.ilRbacReview.php:402
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
Definition: class.ilRbacReview.php:510
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:927
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role @access public
Definition: class.ilRbacReview.php:421
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:735
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=FALSE)
Get roles of object.
Definition: class.ilRbacReview.php:645
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
Definition: class.ilRbacReview.php:1312
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
Definition: class.ilRbacReview.php:1123
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:78
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:1049
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:354
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
Definition: class.ilRbacReview.php:1471
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:685
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:900
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:725
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1157
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:807
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:612
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:969
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1408
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:591
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:154
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1874
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1388
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:531
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:993
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
Definition: class.ilRbacReview.php:1539
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1775
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
Definition: class.ilRbacReview.php:185
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users') @access public
Definition: class.ilRbacReview.php:787
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1666
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1428
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:116
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1789
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role @access public
Definition: class.ilRbacReview.php:458
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id's by name.
Definition: class.ilRbacReview.php:1284
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
Definition: class.ilRbacReview.php:557
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1866
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1643
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1090
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1347
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1855
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:771
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:1027
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1820
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1692
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository @access public.
Definition: class.ilRbacReview.php:269
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1723
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id @access public
Definition: class.ilRbacReview.php:846
ilRbacReview\__construct
__construct()
Constructor @access public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1602
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
Definition: class.ilRbacReview.php:326
ilRbacReview\getOperations
getOperations()
get all possible operations @access public
Definition: class.ilRbacReview.php:824
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
Definition: class.ilRbacReview.php:227
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1752
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:490
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:871
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:3228
$counter
$counter
Definition: config-scanner.php:59
$r
$r
Definition: example_031.php:79
$info
$info
Definition: example_052.php:80
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:130
$ilErr
global $ilErr
Definition: raiseError.php:16
$ref_id
$ref_id
Definition: sahs_server.php:39
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18
$a_type
$a_type
Definition: workflow.php:93