ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilRbacAdmin.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
18 class ilRbacAdmin
19 {
24  public function __construct()
25  {
26  global $ilDB,$ilErr,$ilias;
27 
28  // set db & error handler
29  (isset($ilDB)) ? $this->ilDB =& $ilDB : $this->ilDB =& $ilias->db;
30 
31  if (!isset($ilErr))
32  {
33  $ilErr = new ilErrorHandling();
34  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
35  }
36  else
37  {
38  $this->ilErr =& $ilErr;
39  }
40  }
41 
48  public function setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
49  {
50  global $ilDB;
51 
52  ilLoggerFactory::getLogger('crs')->logStack();
53  $query = 'UPDATE rbac_fa set blocked = '. $ilDB->quote($a_blocked_status,'integer').' '.
54  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer').' '.
55  'AND parent = '.$ilDB->quote($a_ref_id,'integer');
56  $ilDB->manipulate($query);
57  }
58 
66  public function removeUser($a_usr_id)
67  {
68  global $ilDB;
69 
70  if (!isset($a_usr_id))
71  {
72  $message = get_class($this)."::removeUser(): No usr_id given!";
73  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
74  }
75 
76  $query = "DELETE FROM rbac_ua WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer');
77  $res = $ilDB->manipulate($query);
78 
79  return true;
80  }
81 
89  public function deleteRole($a_rol_id,$a_ref_id)
90  {
91  global $lng,$ilDB;
92 
93  if (!isset($a_rol_id) or !isset($a_ref_id))
94  {
95  $message = get_class($this)."::deleteRole(): Missing parameter! role_id: ".$a_rol_id." ref_id of role folder: ".$a_ref_id;
96  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
97  }
98 
99  // exclude system role from rbac
100  if ($a_rol_id == SYSTEM_ROLE_ID)
101  {
102  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"),$this->ilErr->MESSAGE);
103  }
104 
105  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
106  $mapping = ilLDAPRoleGroupMapping::_getInstance();
107  $mapping->deleteRole($a_rol_id);
108 
109 
110  // TODO: check assigned users before deletion
111  // This is done in ilObjRole. Should be better moved to this place?
112 
113  // delete user assignements
114  $query = "DELETE FROM rbac_ua ".
115  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer');
116  $res = $ilDB->manipulate($query);
117 
118  // delete permission assignments
119  $query = "DELETE FROM rbac_pa ".
120  "WHERE rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
121  $res = $ilDB->manipulate($query);
122 
123  //delete rbac_templates and rbac_fa
124  $this->deleteLocalRole($a_rol_id);
125 
126  return true;
127  }
128 
135  public function deleteTemplate($a_obj_id)
136  {
137  global $ilDB;
138 
139  if (!isset($a_obj_id))
140  {
141  $message = get_class($this)."::deleteTemplate(): No obj_id given!";
142  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
143  }
144 
145  $query = 'DELETE FROM rbac_templates '.
146  'WHERE rol_id = '.$ilDB->quote($a_obj_id,'integer');
147  $res = $ilDB->manipulate($query);
148 
149  $query = 'DELETE FROM rbac_fa '.
150  'WHERE rol_id = '.$ilDB->quote($a_obj_id,'integer');
151  $res = $ilDB->manipulate($query);
152 
153  return true;
154  }
155 
163  public function deleteLocalRole($a_rol_id,$a_ref_id = 0)
164  {
165  global $ilDB;
166 
167  if (!isset($a_rol_id))
168  {
169  $message = get_class($this)."::deleteLocalRole(): Missing parameter! role_id: '".$a_rol_id."'";
170  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
171  }
172 
173  // exclude system role from rbac
174  if ($a_rol_id == SYSTEM_ROLE_ID)
175  {
176  return true;
177  }
178 
179  if ($a_ref_id != 0)
180  {
181  $clause = 'AND parent = '.$ilDB->quote($a_ref_id,'integer').' ';
182  }
183 
184  $query = 'DELETE FROM rbac_fa '.
185  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
186  $clause;
187  $res = $ilDB->manipulate($query);
188 
189  $query = 'DELETE FROM rbac_templates '.
190  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
191  $clause;
192  $res = $ilDB->manipulate($query);
193  return true;
194  }
195 
202  public function assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles = array())
203  {
204  global $ilDB;
205 
206  $ilAtomQuery = $ilDB->buildAtomQuery();
207  $ilAtomQuery->addTableLock('rbac_ua');
208 
209  $ilAtomQuery->addQueryCallable(
210  function(ilDBInterface $ilDB) use(&$ret, $a_role_id, $a_usr_id,$a_limit, $a_limited_roles)
211  {
212  $ret = true;
213  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua '.
214  'WHERE '.$ilDB->in('rol_id',(array) $a_limited_roles,FALSE,'integer');
215  $res = $ilDB->query($limit_query);
216  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
217  if($row->num >= $a_limit)
218  {
219  $ret = false;
220  return;
221  }
222 
223  $query = "INSERT INTO rbac_ua (usr_id, rol_id) ".
224  "VALUES (".
225  $ilDB->quote($a_usr_id,'integer').",".$ilDB->quote($a_role_id,'integer').
226  ")";
227  $res = $ilDB->manipulate($query);
228  });
229 
230  $ilAtomQuery->run();
231 
232  if(!$ret)
233  {
234  return false;
235  }
236 
237  $GLOBALS['rbacreview']->setAssignedCacheEntry($a_role_id,$a_usr_id,TRUE);
238 
239  $this->addDesktopItem($a_role_id,$a_usr_id);
240 
241  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
242  $mapping = ilLDAPRoleGroupMapping::_getInstance();
243  $mapping->assign($a_role_id,$a_usr_id);
244  return TRUE;
245  }
246 
252  protected function addDesktopItem($a_rol_id, $a_usr_id)
253  {
254  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
255  $role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
256  foreach($role_desk_item_obj->getAll() as $item_data)
257  {
258  include_once './Services/User/classes/class.ilObjUser.php';
259  ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
260  }
261  }
262 
263 
273  public function assignUser($a_rol_id,$a_usr_id)
274  {
275  global $ilDB,$rbacreview;
276 
277  if (!isset($a_rol_id) or !isset($a_usr_id))
278  {
279  $message = get_class($this)."::assignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
280  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
281  }
282 
283  // check if already assigned user id and role_id
284  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id,$a_rol_id);
285 
286  // enhanced: only if we haven't had this role for this user
287  if (!$alreadyAssigned)
288  {
289  $query = "INSERT INTO rbac_ua (usr_id, rol_id) ".
290  "VALUES (".$ilDB->quote($a_usr_id,'integer').",".$ilDB->quote($a_rol_id,'integer').")";
291  $res = $ilDB->manipulate($query);
292 
293  $this->addDesktopItem($a_rol_id, $a_usr_id);
294 
295  $rbacreview->setAssignedCacheEntry($a_rol_id,$a_usr_id,true);
296  }
297 
298  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
299  $mapping = ilLDAPRoleGroupMapping::_getInstance();
300  $mapping->assign($a_rol_id,$a_usr_id);
301 
302 
303  $ref_id = $GLOBALS['rbacreview']->getObjectReferenceOfRole($a_rol_id);
304  $obj_id = ilObject::_lookupObjId($ref_id);
305  $type = ilObject::_lookupType($obj_id);
306 
307  if(!$alreadyAssigned)
308  {
309  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
310  $GLOBALS['ilAppEventHandler']->raise(
311  'Services/AccessControl',
312  'assignUser',
313  array(
314  'obj_id' => $obj_id,
315  'usr_id' => $a_usr_id,
316  'role_id' => $a_rol_id,
317  'type' => $type
318  )
319  );
320  }
321  return TRUE;
322  }
323 
331  public function deassignUser($a_rol_id,$a_usr_id)
332  {
333  global $ilDB, $rbacreview;
334 
335  if (!isset($a_rol_id) or !isset($a_usr_id))
336  {
337  $message = get_class($this)."::deassignUser(): Missing parameter! role_id: ".$a_rol_id." usr_id: ".$a_usr_id;
338  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
339  }
340 
341  $query = "DELETE FROM rbac_ua ".
342  "WHERE usr_id = ".$ilDB->quote($a_usr_id,'integer')." ".
343  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
344  $res = $ilDB->manipulate($query);
345 
346  $rbacreview->setAssignedCacheEntry($a_rol_id,$a_usr_id,false);
347 
348  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
349  $mapping = ilLDAPRoleGroupMapping::_getInstance();
350  $mapping->deassign($a_rol_id,$a_usr_id);
351 
352  $ref_id = $GLOBALS['rbacreview']->getObjectReferenceOfRole($a_rol_id);
353  $obj_id = ilObject::_lookupObjId($ref_id);
354  $type = ilObject::_lookupType($obj_id);
355 
356  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
357  $GLOBALS['ilAppEventHandler']->raise(
358  'Services/AccessControl',
359  'deassignUser',
360  array(
361  'obj_id' => $obj_id,
362  'usr_id' => $a_usr_id,
363  'role_id' => $a_rol_id,
364  'type' => $type
365  )
366  );
367  return TRUE;
368  }
369 
378  public function grantPermission($a_rol_id,$a_ops,$a_ref_id)
379  {
380  global $ilDB;
381 
382  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id))
383  {
384  $this->ilErr->raiseError(get_class($this)."::grantPermission(): Missing parameter! ".
385  "role_id: ".$a_rol_id." ref_id: ".$a_ref_id." operations: ",$this->ilErr->WARNING);
386  }
387 
388  if (!is_array($a_ops))
389  {
390  $this->ilErr->raiseError(get_class($this)."::grantPermission(): Wrong datatype for operations!",
391  $this->ilErr->WARNING);
392  }
393 
394  /*
395  if (count($a_ops) == 0)
396  {
397  return false;
398  }
399  */
400  // exclude system role from rbac
401  if ($a_rol_id == SYSTEM_ROLE_ID)
402  {
403  return true;
404  }
405 
406  // convert all values to integer
407  foreach ($a_ops as $key => $operation)
408  {
409  $a_ops[$key] = (int) $operation;
410  }
411 
412  // Serialization des ops_id Arrays
413  $ops_ids = serialize($a_ops);
414 
415  $query = 'DELETE FROM rbac_pa '.
416  'WHERE rol_id = %s '.
417  'AND ref_id = %s';
418  $res = $ilDB->queryF($query,array('integer','integer'),
419  array($a_rol_id,$a_ref_id));
420 
421  if(!count($a_ops))
422  {
423  return false;
424  }
425 
426  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) ".
427  "VALUES ".
428  "(".$ilDB->quote($a_rol_id,'integer').",".$ilDB->quote($ops_ids,'text').",".$ilDB->quote($a_ref_id,'integer').")";
429  $res = $ilDB->manipulate($query);
430 
431  return true;
432  }
433 
443  public function revokePermission($a_ref_id,$a_rol_id = 0,$a_keep_protected = true)
444  {
445  global $rbacreview,$log,$ilDB,$ilLog;
446 
447  if (!isset($a_ref_id))
448  {
449  $ilLog->logStack();
450  $message = get_class($this)."::revokePermission(): Missing parameter! ref_id: ".$a_ref_id;
451  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
452  }
453 #$log->write("ilRBACadmin::revokePermission(), 0");
454 
455  // bypass protected status of roles
456  if ($a_keep_protected != true)
457  {
458  // exclude system role from rbac
459  if ($a_rol_id == SYSTEM_ROLE_ID)
460  {
461  return true;
462  }
463 
464  if ($a_rol_id)
465  {
466  $and1 = " AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
467  }
468  else
469  {
470  $and1 = "";
471  }
472 
473  $query = "DELETE FROM rbac_pa ".
474  "WHERE ref_id = ".$ilDB->quote($a_ref_id,'integer').
475  $and1;
476 
477  $res = $ilDB->manipulate($query);
478 
479  return true;
480  }
481 
482  // consider protected status of roles
483 
484  // in any case, get all roles in scope first
485  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
486 
487  if (!$a_rol_id)
488  {
489 #$log->write("ilRBACadmin::revokePermission(), 1");
490 
491  $role_ids = array();
492 
493  foreach ($roles_in_scope as $role)
494  {
495  if ($role['protected'] == true)
496  {
497  continue;
498  }
499 
500  $role_ids[] = $role['obj_id'];
501  }
502 
503  // return if no role in array
504  if (!$role_ids)
505  {
506  return true;
507  }
508 
509  $query = 'DELETE FROM rbac_pa '.
510  'WHERE '.$ilDB->in('rol_id',$role_ids,false,'integer').' '.
511  'AND ref_id = '.$ilDB->quote($a_ref_id,'integer');
512  $res = $ilDB->manipulate($query);
513  }
514  else
515  {
516 #$log->write("ilRBACadmin::revokePermission(), 2");
517  // exclude system role from rbac
518  if ($a_rol_id == SYSTEM_ROLE_ID)
519  {
520  return true;
521  }
522 
523  // exclude protected permission settings from revoking
524  if ($roles_in_scope[$a_rol_id]['protected'] == true)
525  {
526  return true;
527  }
528 
529  $query = "DELETE FROM rbac_pa ".
530  "WHERE ref_id = ".$ilDB->quote($a_ref_id,'integer')." ".
531  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer')." ";
532  $res = $ilDB->manipulate($query);
533  }
534 
535  return true;
536  }
537 
544  public function revokeSubtreePermissions($a_ref_id,$a_role_id)
545  {
546  global $ilDB;
547 
548  $query = 'DELETE FROM rbac_pa '.
549  'WHERE ref_id IN '.
550  '( '.$GLOBALS['tree']->getSubTreeQuery($a_ref_id,array('child')).' ) '.
551  'AND rol_id = '.$ilDB->quote($a_role_id,'integer');
552 
553  $ilDB->manipulate($query);
554  return true;
555  }
556 
563  public function deleteSubtreeTemplates($a_ref_id,$a_rol_id)
564  {
565  global $ilDB;
566 
567  $query = 'DELETE FROM rbac_templates '.
568  'WHERE parent IN ( '.
569  $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')).' ) '.
570  'AND rol_id = '.$ilDB->quote($a_rol_id,'integer');
571 
572  $ilDB->manipulate($query);
573 
574  $query = 'DELETE FROM rbac_fa '.
575  'WHERE parent IN ( '.
576  $GLOBALS['tree']->getSubTreeQuery($a_ref_id,array('child')).' ) '.
577  'AND rol_id = '.$ilDB->quote($a_rol_id,'integer');
578 
579  $ilDB->manipulate($query);
580 
581  return true;
582  }
583 
591  public function revokePermissionList($a_ref_ids,$a_rol_id)
592  {
593  global $ilDB;
594 
595  if (!isset($a_ref_ids) or !is_array($a_ref_ids))
596  {
597  $message = get_class($this)."::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: ".var_dump($a_ref_ids);
598  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
599  }
600 
601  if (!isset($a_rol_id))
602  {
603  $message = get_class($this)."::revokePermissionList(): Missing parameter! rol_id: ".$a_rol_id;
604  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
605  }
606 
607  // exclude system role from rbac
608  if ($a_rol_id == SYSTEM_ROLE_ID)
609  {
610  return true;
611  }
612 
613  $query = "DELETE FROM rbac_pa ".
614  "WHERE ".$ilDB->in('ref_id',$a_ref_ids,false,'integer').' '.
615  "AND rol_id = ".$ilDB->quote($a_rol_id,'integer');
616  $res = $ilDB->manipulate($query);
617 
618  return true;
619  }
620 
631  public function copyRolePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
632  {
633  global $tree,$rbacreview;
634 
635  // Copy template permissions
636  $this->copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected);
637 
638  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id,$a_source_parent);
639 
640  $this->revokePermission($a_dest_parent,$a_dest_id);
641  $this->grantPermission($a_dest_id,$ops,$a_dest_parent);
642  return true;
643  }
644 
655  public function copyRoleTemplatePermissions($a_source_id,$a_source_parent,$a_dest_parent,$a_dest_id,$a_consider_protected = true)
656  {
657  global $rbacreview,$ilDB;
658 
659  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent))
660  {
661  $message = __METHOD__.": Missing parameter! source_id: ".$a_source_id.
662  " source_parent_id: ".$a_source_parent.
663  " dest_id : ".$a_dest_id.
664  " dest_parent_id: ".$a_dest_parent;
665  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
666  }
667 
668  // exclude system role from rbac
669  if ($a_dest_id == SYSTEM_ROLE_ID)
670  {
671  return true;
672  }
673 
674  // Read operations
675  $query = 'SELECT * FROM rbac_templates '.
676  'WHERE rol_id = '.$ilDB->quote($a_source_id,'integer').' '.
677  'AND parent = '.$ilDB->quote($a_source_parent,'integer');
678  $res = $ilDB->query($query);
679  $operations = array();
680  $rownum = 0;
681  while ($row = $ilDB->fetchObject($res))
682  {
683  $operations[$rownum]['type'] = $row->type;
684  $operations[$rownum]['ops_id'] = $row->ops_id;
685  $rownum++;
686  }
687 
688  // Delete target permissions
689  $query = 'DELETE FROM rbac_templates WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
690  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
691  $res = $ilDB->manipulate($query);
692 
693  foreach($operations as $row => $op)
694  {
695  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
696  'VALUES ('.
697  $ilDB->quote($a_dest_id,'integer').",".
698  $ilDB->quote($op['type'],'text').",".
699  $ilDB->quote($op['ops_id'],'integer').",".
700  $ilDB->quote($a_dest_parent,'integer').")";
701  $ilDB->manipulate($query);
702  }
703 
704  // copy also protection status if applicable
705  if ($a_consider_protected == true)
706  {
707  if ($rbacreview->isProtected($a_source_parent,$a_source_id))
708  {
709  $this->setProtected($a_dest_parent,$a_dest_id,'y');
710  }
711  }
712 
713  return true;
714  }
728  public function copyRolePermissionIntersection($a_source1_id,$a_source1_parent,$a_source2_id,$a_source2_parent,$a_dest_parent,$a_dest_id)
729  {
730  global $rbacreview,$ilDB;
731 
732  if (!isset($a_source1_id) or !isset($a_source1_parent)
733  or !isset($a_source2_id) or !isset($a_source2_parent)
734  or !isset($a_dest_id) or !isset($a_dest_parent))
735  {
736  $message = get_class($this)."::copyRolePermissionIntersection(): Missing parameter! source1_id: ".$a_source1_id.
737  " source1_parent: ".$a_source1_parent.
738  " source2_id: ".$a_source2_id.
739  " source2_parent: ".$a_source2_parent.
740  " dest_id: ".$a_dest_id.
741  " dest_parent_id: ".$a_dest_parent;
742  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
743  }
744 
745  // exclude system role from rbac
746  if ($a_dest_id == SYSTEM_ROLE_ID)
747  {
748  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
749  return true;
750  }
751 
752  if ($rbacreview->isProtected($a_source2_parent,$a_source2_id))
753  {
754  $GLOBALS['ilLog']->write(__METHOD__.': Role is protected');
755  return true;
756  }
757 
758  $query = "SELECT s1.type, s1.ops_id ".
759  "FROM rbac_templates s1, rbac_templates s2 ".
760  "WHERE s1.rol_id = ".$ilDB->quote($a_source1_id,'integer')." ".
761  "AND s1.parent = ".$ilDB->quote($a_source1_parent,'integer')." ".
762  "AND s2.rol_id = ".$ilDB->quote($a_source2_id,'integer')." ".
763  "AND s2.parent = ".$ilDB->quote($a_source2_parent,'integer')." ".
764  "AND s1.type = s2.type ".
765  "AND s1.ops_id = s2.ops_id";
766 
767  ilLoggerFactory::getLogger('ac')->dump($query);
768 
769  $res = $ilDB->query($query);
770  $operations = array();
771  $rowNum = 0;
772  while($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT))
773  {
774  $operations[$rowNum]['type'] = $row->type;
775  $operations[$rowNum]['ops_id'] = $row->ops_id;
776 
777  $rowNum++;
778  }
779 
780  // Delete template permissions of target
781  $query = 'DELETE FROM rbac_templates WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
782  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
783  $res = $ilDB->manipulate($query);
784 
785  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
786  'VALUES (?,?,?,?)';
787  $sta = $ilDB->prepareManip($query,array('integer','text','integer','integer'));
788  foreach($operations as $key => $set)
789  {
790  $ilDB->execute($sta,array(
791  $a_dest_id,
792  $set['type'],
793  $set['ops_id'],
794  $a_dest_parent));
795  }
796  return true;
797  }
798 
810  public function copyRolePermissionUnion(
811  $a_source1_id,
812  $a_source1_parent,
813  $a_source2_id,
814  $a_source2_parent,
815  $a_dest_id,
816  $a_dest_parent)
817  {
818  global $ilDB, $rbacreview;
819 
820 
821  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id,$a_source1_parent);
822  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id,$a_source2_parent);
823 
824  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
825 
826  $GLOBALS['ilLog']->write(__METHOD__.': '.print_r($s1_ops,TRUE));
827  $GLOBALS['ilLog']->write(__METHOD__.': '.print_r($s2_ops,TRUE));
828 
829  foreach($s1_ops as $type => $ops)
830  {
831  foreach($ops as $op)
832  {
833  // insert all permission of source 1
834  // #15469
835  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
836  'VALUES( '.
837  $ilDB->quote($a_dest_id,'integer').', '.
838  $ilDB->quote($type,'text').', '.
839  $ilDB->quote($op,'integer').', '.
840  $ilDB->quote($a_dest_parent,'integer').' '.
841  ')';
842  $ilDB->manipulate($query);
843  }
844  }
845 
846  // and the other direction...
847  foreach($s2_ops as $type => $ops)
848  {
849  foreach($ops as $op)
850  {
851  if(!isset($s1_ops[$type]) or !in_array($op, $s1_ops[$type]))
852  {
853  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) '.
854  'VALUES( '.
855  $ilDB->quote($a_dest_id,'integer').', '.
856  $ilDB->quote($type,'text').', '.
857  $ilDB->quote($op,'integer').', '.
858  $ilDB->quote($a_dest_parent,'integer').' '.
859  ')';
860  $ilDB->manipulate($query);
861  }
862  }
863  }
864 
865  return true;
866  }
867 
875  public function copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
876  {
877  global $rbacreview, $ilDB;
878 
879  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id,$a_source_parent);
880  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id,$a_dest_parent);
881 
882  foreach($s1_ops as $type => $ops)
883  {
884  foreach($ops as $op)
885  {
886  if(isset($d_ops[$type]) and in_array($op, $d_ops[$type]))
887  {
888  $query = 'DELETE FROM rbac_templates '.
889  'WHERE rol_id = '.$ilDB->quote($a_dest_id,'integer').' '.
890  'AND type = '.$ilDB->quote($type,'text').' '.
891  'AND ops_id = '.$ilDB->quote($op,'integer').' '.
892  'AND parent = '.$ilDB->quote($a_dest_parent,'integer');
893  $ilDB->manipulate($query);
894  }
895  }
896  }
897  return true;
898  }
899 
900 
911  public function deleteRolePermission($a_rol_id,$a_ref_id,$a_type = false)
912  {
913  global $ilDB;
914 
915  if (!isset($a_rol_id) or !isset($a_ref_id))
916  {
917  $message = get_class($this)."::deleteRolePermission(): Missing parameter! role_id: ".$a_rol_id." ref_id: ".$a_ref_id;
918  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
919  }
920 
921  // exclude system role from rbac
922  if ($a_rol_id == SYSTEM_ROLE_ID)
923  {
924  return true;
925  }
926 
927  if ($a_type !== false)
928  {
929  $and_type = " AND type=".$ilDB->quote($a_type,'text')." ";
930  }
931 
932  $query = 'DELETE FROM rbac_templates '.
933  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer').' '.
934  'AND parent = '.$ilDB->quote($a_ref_id,'integer').' '.
935  $and_type;
936 
937  $res = $ilDB->manipulate($query);
938 
939  return true;
940  }
941 
952  public function setRolePermission($a_rol_id,$a_type,$a_ops,$a_ref_id)
953  {
954  global $ilDB;
955 
956  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id))
957  {
958  $message = get_class($this)."::setRolePermission(): Missing parameter!".
959  " role_id: ".$a_rol_id.
960  " type: ".$a_type.
961  " operations: ".$a_ops.
962  " ref_id: ".$a_ref_id;
963  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
964  }
965 
966  if (!is_string($a_type) or empty($a_type))
967  {
968  $message = get_class($this)."::setRolePermission(): a_type is no string or empty!";
969  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
970  }
971 
972  if (!is_array($a_ops) or empty($a_ops))
973  {
974  $message = get_class($this)."::setRolePermission(): a_ops is no array or empty!";
975  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
976  }
977 
978  // exclude system role from rbac
979  if ($a_rol_id == SYSTEM_ROLE_ID)
980  {
981  return true;
982  }
983 
984  foreach($a_ops as $op)
985  {
986  $ilDB->replace(
987  'rbac_templates',
988  [
989  'rol_id' => ['integer', $a_rol_id],
990  'type' => ['text', $a_type],
991  'ops_id' => ['integer', $op],
992  'parent' => ['integer', $a_ref_id]
993  ],
994  []
995  );
996  }
997  return true;
998  }
999 
1013  public function assignRoleToFolder($a_rol_id,$a_parent,$a_assign = "y")
1014  {
1015  global $ilDB,$rbacreview;
1016 
1017  if (!isset($a_rol_id) or !isset($a_parent))
1018  {
1019  $message = get_class($this)."::assignRoleToFolder(): Missing Parameter!".
1020  " role_id: ".$a_rol_id.
1021  " parent_id: ".$a_parent.
1022  " assign: ".$a_assign;
1023  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1024  }
1025 
1026  // exclude system role from rbac
1027  if ($a_rol_id == SYSTEM_ROLE_ID)
1028  {
1029  return true;
1030  }
1031 
1032  // if a wrong value is passed, always set assign to "n"
1033  if ($a_assign != "y")
1034  {
1035  $a_assign = "n";
1036  }
1037 
1038  // check if already assigned
1039  $query = 'SELECT rol_id FROM rbac_fa '.
1040  'WHERE rol_id = '.$ilDB->quote($a_rol_id,'integer'). ' '.
1041  'AND parent = '. $ilDB->quote($a_parent,'integer');
1042  $res = $ilDB->query($query);
1043  if($res->numRows())
1044  {
1045  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
1046  return false;
1047  }
1048 
1049  $query = sprintf('INSERT INTO rbac_fa (rol_id, parent, assign, protected) '.
1050  'VALUES (%s,%s,%s,%s)',
1051  $ilDB->quote($a_rol_id,'integer'),
1052  $ilDB->quote($a_parent,'integer'),
1053  $ilDB->quote($a_assign,'text'),
1054  $ilDB->quote('n','text'));
1055  $res = $ilDB->manipulate($query);
1056 
1057  return true;
1058  }
1059 
1068  public function assignOperationToObject($a_type_id,$a_ops_id)
1069  {
1070  global $ilDB;
1071 
1072  if (!isset($a_type_id) or !isset($a_ops_id))
1073  {
1074  $message = get_class($this)."::assignOperationToObject(): Missing parameter!".
1075  "type_id: ".$a_type_id.
1076  "ops_id: ".$a_ops_id;
1077  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1078  }
1079 
1080  $query = "INSERT INTO rbac_ta (typ_id, ops_id) ".
1081  "VALUES(".$ilDB->quote($a_type_id,'integer').",".$ilDB->quote($a_ops_id,'integer').")";
1082  $res = $ilDB->manipulate($query);
1083  return true;
1084  }
1085 
1094  function deassignOperationFromObject($a_type_id,$a_ops_id)
1095  {
1096  global $ilDB;
1097 
1098  if (!isset($a_type_id) or !isset($a_ops_id))
1099  {
1100  $message = get_class($this)."::deassignPermissionFromObject(): Missing parameter!".
1101  "type_id: ".$a_type_id.
1102  "ops_id: ".$a_ops_id;
1103  $this->ilErr->raiseError($message,$this->ilErr->WARNING);
1104  }
1105 
1106  $query = "DELETE FROM rbac_ta ".
1107  "WHERE typ_id = ".$ilDB->quote($a_type_id,'integer')." ".
1108  "AND ops_id = ".$ilDB->quote($a_ops_id,'integer');
1109  $res = $ilDB->manipulate($query);
1110 
1111  return true;
1112  }
1113 
1122  public function setProtected($a_ref_id,$a_role_id,$a_value)
1123  {
1124  global $ilDB;
1125 
1126  // ref_id not used yet. protected permission acts 'global' for each role,
1127  // regardless of any broken inheritance before
1128  $query = 'UPDATE rbac_fa '.
1129  'SET protected = '.$ilDB->quote($a_value,'text').' '.
1130  'WHERE rol_id = '.$ilDB->quote($a_role_id,'integer');
1131  $res = $ilDB->manipulate($query);
1132  return true;
1133  }
1134 
1145  public function copyLocalRoles($a_source_id,$a_target_id)
1146  {
1147  global $rbacreview,$ilLog,$ilObjDataCache;
1148 
1149  $real_local = array();
1150  foreach($rbacreview->getRolesOfRoleFolder($a_source_id,false) as $role_data)
1151  {
1152  $title = $ilObjDataCache->lookupTitle($role_data);
1153  if(substr($title,0,3) == 'il_')
1154  {
1155  continue;
1156  }
1157  $real_local[] = $role_data;
1158  }
1159  if(!count($real_local))
1160  {
1161  return true;
1162  }
1163  // Create role folder
1164  foreach($real_local as $role)
1165  {
1166  include_once ("./Services/AccessControl/classes/class.ilObjRole.php");
1167  $orig = new ilObjRole($role);
1168  $orig->read();
1169 
1170  $ilLog->write(__METHOD__.': Start copying of role '.$orig->getTitle());
1171  $roleObj = new ilObjRole();
1172  $roleObj->setTitle($orig->getTitle());
1173  $roleObj->setDescription($orig->getDescription());
1174  $roleObj->setImportId($orig->getImportId());
1175  $roleObj->create();
1176 
1177  $this->assignRoleToFolder($roleObj->getId(),$a_target_id,"y");
1178  $this->copyRolePermissions($role,$a_source_id,$a_target_id,$roleObj->getId(),true);
1179  $ilLog->write(__METHOD__.': Added new local role, id '.$roleObj->getId());
1180  }
1181 
1182  }
1183 
1194  public function initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
1195  {
1196  global $rbacreview;
1197 
1198  if($rbacreview->isProtected($a_role_parent, $a_role_id))
1199  {
1200  // Assign object permissions
1201  $new_ops = $rbacreview->getOperationsOfRole(
1202  $a_role_id,
1203  ilObject::_lookupType($a_ref_id, true),
1204  $a_role_parent
1205  );
1206 
1207  // set new permissions for object
1208  $this->grantPermission(
1209  $a_role_id,
1210  (array) $new_ops,
1211  $a_ref_id
1212  );
1213  return;
1214  }
1215  if(!$a_template_id)
1216  {
1217  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1218  return;
1219  }
1220  // create template permission intersection
1221  $this->copyRolePermissionIntersection(
1222  $a_template_id,
1223  $a_template_parent,
1224  $a_role_id,
1225  $a_role_parent,
1226  $a_ref_id,
1227  $a_role_id
1228  );
1229 
1230  // assign role to folder
1231  $this->assignRoleToFolder(
1232  $a_role_id,
1233  $a_ref_id,
1234  'n'
1235  );
1236 
1237  // Assign object permissions
1238  $new_ops = $rbacreview->getOperationsOfRole(
1239  $a_role_id,
1240  ilObject::_lookupType($a_ref_id, true),
1241  $a_ref_id
1242  );
1243 
1244  // revoke existing permissions
1245  $this->revokePermission($a_ref_id, $a_role_id);
1246 
1247  // set new permissions for object
1248  $this->grantPermission(
1249  $a_role_id,
1250  (array) $new_ops,
1251  $a_ref_id
1252  );
1253 
1254  return;
1255  }
1256 
1264  protected function applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
1265  {
1266  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1267  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1268  if(!$tpl_id) {
1269  return;
1270  }
1271  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1272  foreach(ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1273  if($action instanceof ilDidacticTemplateLocalRoleAction) {
1274  continue;
1275  }
1276  $action->setRefId($a_ref_id);
1277  $action->apply();
1278  }
1279  return;
1280  }
1281 
1282 
1294  public function adjustMovedObjectPermissions($a_ref_id,$a_old_parent)
1295  {
1296  global $rbacreview,$tree,$ilLog;
1297 
1298  $new_parent = $tree->getParentId($a_ref_id);
1299  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent,false);
1300  $new_context_roles = $rbacreview->getParentRoleIds($new_parent,false);
1301 
1302  $for_addition = $for_deletion = array();
1303  foreach($new_context_roles as $new_role_id => $new_role)
1304  {
1305  if(!isset($old_context_roles[$new_role_id]))
1306  {
1307  $for_addition[$new_role_id] = $new_role;
1308  }
1309  elseif($new_role['parent'] != $old_context_roles[$new_role_id]['parent'])
1310  {
1311  // handle stopped inheritance
1312  $for_deletion[$new_role_id] = $new_role;
1313  $for_addition[$new_role_id] = $new_role;
1314  }
1315  }
1316  foreach($old_context_roles as $old_role_id => $old_role)
1317  {
1318  if(!isset($new_context_roles[$old_role_id]))
1319  {
1320  $for_deletion[$old_role_id] = $old_role;
1321  }
1322  }
1323 
1324  if(!count($for_deletion) and !count($for_addition))
1325  {
1326  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1327  return true;
1328  }
1329 
1330  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1331  $rbac_log_active = ilRbacLog::isActive();
1332  if($rbac_log_active)
1333  {
1334  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1335  }
1336 
1337  foreach($nodes = $tree->getSubTree($tree->getNodeData($a_ref_id),true) as $node_data)
1338  {
1339  $node_id = $node_data['child'];
1340 
1341  if($rbac_log_active)
1342  {
1343  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1344  }
1345 
1346  // If $node_data['type'] is not set, this means there is a tree entry without
1347  // object_reference and/or object_data entry
1348  // Continue in this case
1349  if(!$node_data['type'])
1350  {
1351  $ilLog->write(__METHOD__.': No type give. Choosing next tree entry.');
1352  continue;
1353  }
1354 
1355  if(!$node_id)
1356  {
1357  $ilLog->write(__METHOD__.': Missing subtree node_id');
1358  continue;
1359  }
1360 
1361  foreach($for_deletion as $role_id => $role_data)
1362  {
1363  $this->deleteLocalRole($role_id,$node_id);
1364  $this->revokePermission($node_id,$role_id,false);
1365 //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
1366  }
1367  foreach($for_addition as $role_id => $role_data)
1368  {
1369  switch($node_data['type'])
1370  {
1371  case 'grp':
1372  include_once './Modules/Group/classes/class.ilObjGroup.php';
1373  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1374  $this->initIntersectionPermissions(
1375  $node_data['child'],
1376  $role_id,
1377  $role_data['parent'],
1378  $tpl_id,
1379  ROLE_FOLDER_ID
1380  );
1381  break;
1382 
1383  case 'crs':
1384  include_once './Modules/Course/classes/class.ilObjCourse.php';
1385  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1386  $this->initIntersectionPermissions(
1387  $node_data['child'],
1388  $role_id,
1389  $role_data['parent'],
1390  $tpl_id,
1391  ROLE_FOLDER_ID
1392  );
1393  break;
1394 
1395 
1396  default:
1397  $this->grantPermission(
1398  $role_id,
1399  $ops = $rbacreview->getOperationsOfRole($role_id,$node_data['type'],$role_data['parent']),
1400  $node_id);
1401  break;
1402 
1403 
1404  }
1405 
1406 
1407 //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
1408  }
1409 
1410  if($rbac_log_active)
1411  {
1412  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1413  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1414  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1415  }
1416  }
1417 
1418  $this->applyMovedObjectDidacticTemplates($a_ref_id,$a_old_parent);
1419 
1420  }
1421 
1422 
1429  public function copyEffectiveRolePermissions($a_source_ref_id, $target_ref_id, $a_subtree_id)
1430  {
1431  global $rbacreview;
1432 
1433  $parent_roles = $rbacreview->getParentRoleIds($a_source_ref_id, FALSE);
1434  $GLOBALS['ilLog']->write(__METHOD__.': '. print_r($parent_roles,TRUE));
1435 
1436 
1437 
1438  }
1439 
1440 
1441 
1442 
1443 } // END class.ilRbacAdmin
1444 ?>
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1275
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$ilErr
global $ilErr
Definition: raiseError.php:16
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1264
ilRbacAdmin\removeUser
removeUser($a_usr_id)
deletes a user from rbac_ua all user <-> role relations are deleted public
Definition: class.ilRbacAdmin.php:66
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:911
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
ilRbacAdmin\deassignOperationFromObject
deassignOperationFromObject($a_type_id, $a_ops_id)
Deassign an existing operation from an object Update of rbac_ta public.
Definition: class.ilRbacAdmin.php:1094
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1644
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilRbacAdmin\revokeSubtreePermissions
revokeSubtreePermissions($a_ref_id, $a_role_id)
Revoke subtree permissions.
Definition: class.ilRbacAdmin.php:544
ilRbacAdmin\setBlockedStatus
setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
Set blocked status.
Definition: class.ilRbacAdmin.php:48
ilRbacAdmin\adjustMovedObjectPermissions
adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
Adjust permissions of moved objects.
Definition: class.ilRbacAdmin.php:1294
ilRbacAdmin\copyRolePermissionUnion
copyRolePermissionUnion( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
<type> $ilDB
Definition: class.ilRbacAdmin.php:810
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRbacAdmin\deleteSubtreeTemplates
deleteSubtreeTemplates($a_ref_id, $a_rol_id)
Delete all template permissions of subtree nodes.
Definition: class.ilRbacAdmin.php:563
ilRbacAdmin\assignUser
assignUser($a_rol_id, $a_usr_id)
Assigns an user to a role.
Definition: class.ilRbacAdmin.php:273
ilRbacAdmin\setRolePermission
setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
Inserts template permissions in rbac_templates for an specific object type.
Definition: class.ilRbacAdmin.php:952
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:655
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacAdmin\deassignUser
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
Definition: class.ilRbacAdmin.php:331
ilRbacAdmin\copyEffectiveRolePermissions
copyEffectiveRolePermissions($a_source_ref_id, $target_ref_id, $a_subtree_id)
Copies all permission from source to target for all roles.
Definition: class.ilRbacAdmin.php:1429
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:163
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:9
$a_type
$a_type
Definition: workflow.php:93
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1194
ilDBInterface\quote
quote($value, $type)
ilRbacAdmin\assignUserLimited
assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
Assign user limited.
Definition: class.ilRbacAdmin.php:202
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:252
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1122
ilRbacAdmin\copyLocalRoles
copyLocalRoles($a_source_id, $a_target_id)
Copy local roles This method creates a copy of all local role.
Definition: class.ilRbacAdmin.php:1145
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1021
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:728
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:378
ilRbacAdmin\revokePermissionList
revokePermissionList($a_ref_ids, $a_rol_id)
Revokes permissions of a LIST of objects of ONE role.
Definition: class.ilRbacAdmin.php:591
$ilLog
$ilLog
Definition: inc.setup_header.php:130
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
ilRbacAdmin\copyRolePermissionSubtract
copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
Subtract role permissions.
Definition: class.ilRbacAdmin.php:875
ilRbacAdmin\__construct
__construct()
Constructor public.
Definition: class.ilRbacAdmin.php:24
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:631
ilRbacAdmin\deleteRole
deleteRole($a_rol_id, $a_ref_id)
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
Definition: class.ilRbacAdmin.php:89
ilObjUser\_addDesktopItem
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user&#39;s personal desktop
Definition: class.ilObjUser.php:2991
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilDB
Database Wrapper.
Definition: class.ilDB.php:29
$ref_id
$ref_id
Definition: sahs_server.php:39
$lng
global $lng
Definition: privfeed.php:17
ilRbacAdmin\assignOperationToObject
assignOperationToObject($a_type_id, $a_ops_id)
Assign an existing operation to an object Update of rbac_ta.
Definition: class.ilRbacAdmin.php:1068
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:443
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
ilRbacAdmin\deleteTemplate
deleteTemplate($a_obj_id)
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public...
Definition: class.ilRbacAdmin.php:135
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:18
ilDBInterface\manipulate
manipulate($query)
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:1013
$log
$log
Definition: inc.setup_header.php:129
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:68
if
PHPExcel root directory.
Definition: Database.php:30