ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
19 class ilRbacReview
20 {
21  const FILTER_ALL = 1;
22  const FILTER_ALL_GLOBAL = 2;
23  const FILTER_ALL_LOCAL = 3;
24  const FILTER_INTERNAL = 4;
25  const FILTER_NOT_INTERNAL = 5;
26  const FILTER_TEMPLATES = 6;
27 
28  // Cache operation ids
29  private static $_opsCache = null;
30 
34  protected static $assigned_users_cache = array();
35 
39  protected static $is_assigned_cache = array();
40 
44  protected $log;
45 
50  public function __construct()
51  {
52  global $ilDB,$ilErr,$ilias;
53 
54  $this->log = ilLoggerFactory::getLogger('ac');
55 
56  // set db & error handler
57  (isset($ilDB)) ? $this->ilDB =&$ilDB : $this->ilDB =&$ilias->db;
58 
59  if (!isset($ilErr)) {
60  $ilErr = new ilErrorHandling();
61  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
62  } else {
63  $this->ilErr =&$ilErr;
64  }
65  }
66 
75  public function roleExists($a_title, $a_id = 0)
76  {
77  global $ilDB;
78 
79  if (empty($a_title)) {
80  $message = get_class($this) . "::roleExists(): No title given!";
81  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
82  }
83 
84  $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
85 
86  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
87  "WHERE title =" . $ilDB->quote($a_title) . " " .
88  "AND type IN('role','rolt')" .
89  $clause . " ";
90  $r = $this->ilDB->query($q);
91 
92  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
93  return $row->obj_id;
94  }
95  return false;
96  }
97 
111  protected function __getParentRoles($a_path, $a_templates)
112  {
113  if (!isset($a_path) or !is_array($a_path)) {
114  $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
115  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
116  }
117 
118  $parent_roles = array();
119  $role_hierarchy = array();
120 
121  foreach ($a_path as $ref_id) {
122  $roles = $this->getRoleListByObject($ref_id, $a_templates);
123  foreach ($roles as $role) {
124  $id = $role["obj_id"];
125  $role["parent"] = $ref_id;
126  $parent_roles[$id] = $role;
127 
128  if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
129  $role_hierarchy[$id] = $ref_id;
130  }
131  }
132  }
133  return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
134  }
135 
145  public function getParentRoleIds($a_endnode_id, $a_templates = false)
146  {
147  global $tree;
148 
149  if (!isset($a_endnode_id)) {
150  $GLOBALS['ilLog']->logStack();
151  $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
152  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
153  }
154 
155  //var_dump($a_endnode_id);exit;
156  //$log->write("ilRBACreview::getParentRoleIds(), 0");
157  $pathIds = $tree->getPathId($a_endnode_id);
158 
159  // add system folder since it may not in the path
160  //$pathIds[0] = SYSTEM_FOLDER_ID;
161  $pathIds[0] = ROLE_FOLDER_ID;
162  //$log->write("ilRBACreview::getParentRoleIds(), 1");
163  #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
164  return $this->__getParentRoles($pathIds, $a_templates);
165  }
166 
175  public function getRoleListByObject($a_ref_id, $a_templates = false)
176  {
177  global $ilDB;
178 
179  if (!isset($a_ref_id) or !isset($a_templates)) {
180  $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
181  "ref_id: " . $a_ref_id .
182  "tpl_flag: " . $a_templates;
183  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
184  }
185 
186  $role_list = array();
187 
188  $where = $this->__setTemplateFilter($a_templates);
189 
190  $query = "SELECT * FROM object_data " .
191  "JOIN rbac_fa ON obj_id = rol_id " .
192  $where .
193  "AND object_data.obj_id = rbac_fa.rol_id " .
194  "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
195 
196  $res = $ilDB->query($query);
197  while ($row = $ilDB->fetchAssoc($res)) {
198  $row["desc"] = $row["description"];
199  $row["user_id"] = $row["owner"];
200  $role_list[] = $row;
201  }
202 
203  $role_list = $this->__setRoleType($role_list);
204 
205  return $role_list;
206  }
207 
215  public function getAssignableRoles($a_templates = false, $a_internal_roles = false, $title_filter = '')
216  {
217  global $ilDB;
218 
219  $role_list = array();
220 
221  $where = $this->__setTemplateFilter($a_templates);
222 
223  $query = "SELECT * FROM object_data " .
224  "JOIN rbac_fa ON obj_id = rol_id " .
225  $where .
226  "AND rbac_fa.assign = 'y' ";
227 
228  if (strlen($title_filter)) {
229  $query .= (' AND ' . $ilDB->like(
230  'title',
231  'text',
232  $title_filter . '%'
233  ));
234  }
235  $res = $ilDB->query($query);
236 
237  while ($row = $ilDB->fetchAssoc($res)) {
238  $row["desc"] = $row["description"];
239  $row["user_id"] = $row["owner"];
240  $role_list[] = $row;
241  }
242 
243  $role_list = $this->__setRoleType($role_list);
244 
245  return $role_list;
246  }
247 
255  public function getAssignableRolesInSubtree($ref_id)
256  {
257  global $ilDB;
258 
259  $query = 'SELECT rol_id FROM rbac_fa fa ' .
260  'JOIN tree t1 ON t1.child = fa.parent ' .
261  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
262  'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
263  'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
264  'AND t1.child IN (' .
265  $GLOBALS['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
266  ') ';
267 
268 
269  $res = $ilDB->query($query);
270 
271  $role_list = array();
272  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
273  $role_list[] = $row->rol_id;
274  }
275  return $role_list;
276  }
277 
285  public function getAssignableChildRoles($a_ref_id)
286  {
287  global $ilDB;
288 
289  $query = "SELECT fa.*, rd.* " .
290  "FROM object_data rd " .
291  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
292  "WHERE fa.assign = 'y' " .
293  "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
294  ;
295 
296  $res = $ilDB->query($query);
297  while ($row = $ilDB->fetchAssoc($res)) {
298  $roles_data[] = $row;
299  }
300  return $roles_data ? $roles_data : array();
301  }
302 
310  protected function __setTemplateFilter($a_templates)
311  {
312  global $ilDB;
313 
314  if ($a_templates === true) {
315  $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
316  } else {
317  $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
318  }
319 
320  return $where;
321  }
322 
335  protected function __setRoleType($a_role_list)
336  {
337  foreach ($a_role_list as $key => $val) {
338  // determine role type
339  if ($val["type"] == "rolt") {
340  $a_role_list[$key]["role_type"] = "template";
341  } else {
342  if ($val["assign"] == "y") {
343  if ($val["parent"] == ROLE_FOLDER_ID) {
344  $a_role_list[$key]["role_type"] = "global";
345  } else {
346  $a_role_list[$key]["role_type"] = "local";
347  }
348  } else {
349  $a_role_list[$key]["role_type"] = "linked";
350  }
351  }
352 
353  if ($val["protected"] == "y") {
354  $a_role_list[$key]["protected"] = true;
355  } else {
356  $a_role_list[$key]["protected"] = false;
357  }
358  }
359 
360  return $a_role_list;
361  }
362 
370  public function getNumberOfAssignedUsers(array $a_roles)
371  {
372  global $ilDB;
373 
374  $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua ' .
375  'WHERE ' . $ilDB->in('rol_id', $a_roles, false, 'integer') . ' ';
376 
377  $res = $ilDB->query($query);
378  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
379  return $row->num ? $row->num : 0;
380  }
381 
382 
389  public function assignedUsers($a_rol_id)
390  {
391  global $ilBench,$ilDB;
392 
393  if (!isset($a_rol_id)) {
394  $message = get_class($this) . "::assignedUsers(): No role_id given!";
395  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
396  }
397  if (isset(self::$assigned_users_cache[$a_rol_id])) {
398  return self::$assigned_users_cache[$a_rol_id];
399  }
400 
401  $result_arr = array();
402 
403  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
404  $res = $ilDB->query($query);
405  while ($row = $ilDB->fetchAssoc($res)) {
406  array_push($result_arr, $row["usr_id"]);
407  }
408 
409  self::$assigned_users_cache[$a_rol_id] = $result_arr;
410 
411  return $result_arr;
412  }
413 
414 
423  public function isAssigned($a_usr_id, $a_role_id)
424  {
425  if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
426  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
427  }
428  // Quickly determine if user is assigned to a role
429  global $ilDB;
430 
431  $ilDB->setLimit(1, 0);
432  $query = "SELECT usr_id FROM rbac_ua WHERE " .
433  "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
434  "AND usr_id= " . $ilDB->quote($a_usr_id);
435  $res = $ilDB->query($query);
436 
437  $is_assigned = $res->numRows() == 1;
438  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
439 
440  return $is_assigned;
441  }
442 
455  public function isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
456  {
457  global $ilDB;
458 
459  $ilDB->setLimit(1, 0);
460  $query = "SELECT usr_id FROM rbac_ua WHERE " .
461  $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
462  " AND usr_id= " . $ilDB->quote($a_usr_id);
463  $res = $ilDB->query($query);
464 
465  return $ilDB->numRows($res) == 1;
466  }
467 
475  public function assignedRoles($a_usr_id)
476  {
477  global $ilDB;
478 
479  $role_arr = array();
480 
481  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
482 
483  $res = $ilDB->query($query);
484  while ($row = $ilDB->fetchObject($res)) {
485  $role_arr[] = $row->rol_id;
486  }
487  return $role_arr ? $role_arr : array();
488  }
489 
495  public function assignedGlobalRoles($a_usr_id)
496  {
497  global $ilDB;
498 
499  $query = "SELECT ua.rol_id FROM rbac_ua ua " .
500  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
501  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
502  "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
503  "AND assign = 'y' ";
504 
505  $res = $ilDB->query($query);
506  while ($row = $ilDB->fetchObject($res)) {
507  $role_arr[] = $row->rol_id;
508  }
509  return $role_arr ? $role_arr : array();
510  }
511 
520  public function isAssignable($a_rol_id, $a_ref_id)
521  {
522  global $ilBench,$ilDB;
523 
524  $ilBench->start("RBAC", "review_isAssignable");
525 
526  // exclude system role from rbac
527  if ($a_rol_id == SYSTEM_ROLE_ID) {
528  $ilBench->stop("RBAC", "review_isAssignable");
529  return true;
530  }
531 
532  if (!isset($a_rol_id) or !isset($a_ref_id)) {
533  $message = get_class($this) . "::isAssignable(): Missing parameter!" .
534  " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
535  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
536  }
537  $query = "SELECT * FROM rbac_fa " .
538  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
539  "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
540  $res = $ilDB->query($query);
541  $row = $ilDB->fetchObject($res);
542 
543  $ilBench->stop("RBAC", "review_isAssignable");
544  return $row->assign == 'y' ? true : false;
545  }
546 
552  public function hasMultipleAssignments($a_role_id)
553  {
554  global $ilDB;
555 
556  $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
557  "AND assign = " . $ilDB->quote('y', 'text');
558  $res = $ilDB->query($query);
559  return $res->numRows() > 1;
560  }
561 
573  public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
574  {
575  global $ilDB;
576 
577  if (!isset($a_rol_id)) {
578  $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
579  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
580  }
581 
582  if ($a_assignable) {
583  $where = " AND assign ='y'";
584  }
585 
586  $query = "SELECT DISTINCT parent FROM rbac_fa " .
587  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
588 
589  $res = $ilDB->query($query);
590  while ($row = $ilDB->fetchObject($res)) {
591  $folders[] = $row->parent;
592  }
593  return $folders ? $folders : array();
594  }
595 
603  public function getRolesOfObject($a_ref_id, $a_assignable_only = false)
604  {
605  global $ilDB;
606 
607  if (!isset($a_ref_id)) {
608  $GLOBALS['ilLog']->logStack();
609  throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
610  }
611  if ($a_assignable_only === true) {
612  $and = 'AND assign = ' . $ilDB->quote('y', 'text');
613  }
614  $query = "SELECT rol_id FROM rbac_fa " .
615  "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
616  $and;
617 
618  $res = $ilDB->query($query);
619 
620  $role_ids = array();
621  while ($row = $ilDB->fetchObject($res)) {
622  $role_ids[] = $row->rol_id;
623  }
624  return $role_ids;
625  }
626 
627 
628 
629 
640  public function getRolesOfRoleFolder($a_ref_id, $a_nonassignable = true)
641  {
642  global $ilBench,$ilDB,$ilLog;
643 
644  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
645 
646  if (!isset($a_ref_id)) {
647  $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
648  ilLoggerFactory::getLogger('ac')->logStack();
649  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
650  }
651 
652  if ($a_nonassignable === false) {
653  $and = " AND assign='y'";
654  }
655 
656  $query = "SELECT rol_id FROM rbac_fa " .
657  "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
658  $and;
659 
660  $res = $ilDB->query($query);
661  while ($row = $ilDB->fetchObject($res)) {
662  $rol_id[] = $row->rol_id;
663  }
664 
665  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
666 
667  return $rol_id ? $rol_id : array();
668  }
669 
676  public function getGlobalRoles()
677  {
678  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
679  }
680 
686  public function getLocalRoles($a_ref_id)
687  {
688  global $ilDB;
689 
690  $lroles = array();
691  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
692  if ($this->isAssignable($role_id, $a_ref_id)) {
693  $lroles[] = $role_id;
694  }
695  }
696  return $lroles;
697  }
698 
704  public function getLocalPolicies($a_ref_id)
705  {
706  $lroles = array();
707  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
708  $lroles[] = $role_id;
709  }
710  return $lroles;
711  }
712 
719  public function getGlobalRolesArray()
720  {
721  foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
722  $ga[] = array('obj_id' => $role_id,
723  'role_type' => 'global');
724  }
725  return $ga ? $ga : array();
726  }
727 
734  public function getGlobalAssignableRoles()
735  {
736  include_once './Services/AccessControl/classes/class.ilObjRole.php';
737 
738  foreach ($this->getGlobalRoles() as $role_id) {
739  if (ilObjRole::_getAssignUsersStatus($role_id)) {
740  $ga[] = array('obj_id' => $role_id,
741  'role_type' => 'global');
742  }
743  }
744  return $ga ? $ga : array();
745  }
746 
747 
752  public function isRoleAssignedToObject($a_role_id, $a_parent_id)
753  {
754  global $rbacreview, $ilDB;
755 
756  $query = 'SELECT * FROM rbac_fa ' .
757  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
758  'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
759  $res = $ilDB->query($query);
760  return $res->numRows() ? true : false;
761  }
762 
769  public function getOperations()
770  {
771  global $ilDB;
772 
773  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
774  $res = $this->ilDB->query($query);
775  while ($row = $ilDB->fetchObject($res)) {
776  $ops[] = array('ops_id' => $row->ops_id,
777  'operation' => $row->operation,
778  'description' => $row->description);
779  }
780 
781  return $ops ? $ops : array();
782  }
783 
790  public function getOperation($ops_id)
791  {
792  global $ilDB;
793 
794  $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
795  $res = $this->ilDB->query($query);
796  while ($row = $ilDB->fetchObject($res)) {
797  $ops = array('ops_id' => $row->ops_id,
798  'operation' => $row->operation,
799  'description' => $row->description);
800  }
801 
802  return $ops ? $ops : array();
803  }
804 
814  public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
815  {
816  global $ilDB;
817 
818  if (!$a_parent) {
819  $a_parent = ROLE_FOLDER_ID;
820  }
821 
822  $query = "SELECT ops_id,type FROM rbac_templates " .
823  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
824  "AND parent = " . $ilDB->quote($a_parent, 'integer');
825  $res = $ilDB->query($query);
826 
827  $ops_arr = array();
828  while ($row = $ilDB->fetchObject($res)) {
829  $ops_arr[$row->type][] = $row->ops_id;
830  }
831  return (array) $ops_arr;
832  }
833 
841  public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
842  {
843  global $ilDB;
844 
845  $query = 'SELECT * FROM rbac_pa ' .
846  'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
847  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
848 
849  $res = $ilDB->query($query);
850  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
851  return unserialize($row['ops_id']);
852  }
853  return array();
854  }
855 
856 
867  public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
868  {
869  global $ilDB,$ilLog;
870 
871  if (!isset($a_rol_id) or !isset($a_type)) {
872  $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
873  "role_id: " . $a_rol_id .
874  "type: " . $a_type .
875  "parent_id: " . $a_parent;
876  $ilLog->logStack("Missing parameter! ");
877  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
878  }
879 
880  $ops_arr = array();
881 
882  // if no rolefolder id is given, assume global role folder as target
883  if ($a_parent == 0) {
884  $a_parent = ROLE_FOLDER_ID;
885  }
886 
887  $query = "SELECT ops_id FROM rbac_templates " .
888  "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
889  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
890  "AND parent = " . $ilDB->quote($a_parent, 'integer');
891  $res = $ilDB->query($query);
892  while ($row = $ilDB->fetchObject($res)) {
893  $ops_arr[] = $row->ops_id;
894  }
895 
896  return $ops_arr;
897  }
898 
906  public function getRoleOperationsOnObject($a_role_id, $a_ref_id)
907  {
908  global $ilDB;
909 
910  $query = "SELECT * FROM rbac_pa " .
911  "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
912  "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
913 
914  $res = $ilDB->query($query);
915  while ($row = $ilDB->fetchObject($res)) {
916  $ops = unserialize($row->ops_id);
917  }
918 
919  return $ops ? $ops : array();
920  }
921 
929  public function getOperationsOnType($a_typ_id)
930  {
931  global $ilDB;
932 
933  if (!isset($a_typ_id)) {
934  $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
935  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
936  }
937 
938  #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
939 
940  $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
941  'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
942  'ORDER BY op_order';
943 
944  $res = $ilDB->query($query);
945 
946  while ($row = $ilDB->fetchObject($res)) {
947  $ops_id[] = $row->ops_id;
948  }
949 
950  return $ops_id ? $ops_id : array();
951  }
952 
961  public function getOperationsOnTypeString($a_type)
962  {
963  global $ilDB;
964 
965  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
966 
967 
968  $res = $this->ilDB->query($query);
969  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
970  return $this->getOperationsOnType($row->obj_id);
971  }
972  return false;
973  }
974 
982  public function getOperationsByTypeAndClass($a_type, $a_class)
983  {
984  global $ilDB;
985 
986  if ($a_class != 'create') {
987  $condition = "AND class != " . $ilDB->quote('create', 'text');
988  } else {
989  $condition = "AND class = " . $ilDB->quote('create', 'text');
990  }
991 
992  $query = "SELECT ro.ops_id FROM rbac_operations ro " .
993  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
994  "JOIN object_data od ON rt.typ_id = od.obj_id " .
995  "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
996  "AND title = " . $ilDB->quote($a_type, 'text') . " " .
997  $condition . " " .
998  "ORDER BY op_order ";
999 
1000  $res = $ilDB->query($query);
1001 
1002  $ops = array();
1003  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1004  $ops[] = $row->ops_id;
1005  }
1006  return $ops;
1007  }
1008 
1009 
1019  public function getObjectsWithStopedInheritance($a_rol_id, $a_filter = array())
1020  {
1021  global $ilDB;
1022 
1023  #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1024  # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1025  # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1026 
1027  $query = 'SELECT parent p FROM rbac_fa ' .
1028  'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1029  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1030 
1031  if ($a_filter) {
1032  $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1033  }
1034 
1035  $res = $ilDB->query($query);
1036  $parent = array();
1037  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1038  $parent[] = $row->p;
1039  }
1040  return $parent;
1041  }
1042 
1050  public function isDeleted($a_node_id)
1051  {
1052  global $ilDB;
1053 
1054  $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1055  $r = $this->ilDB->query($q);
1056 
1057  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1058 
1059  if (!$row) {
1060  $message = sprintf(
1061  '%s::isDeleted(): Role folder with ref_id %s not found!',
1062  get_class($this),
1063  $a_node_id
1064  );
1065  $this->log->write($message, $this->log->FATAL);
1066 
1067  return true;
1068  }
1069 
1070  // rolefolder is deleted
1071  if ($row->tree < 0) {
1072  return true;
1073  }
1074 
1075  return false;
1076  }
1077 
1084  public function isGlobalRole($a_role_id)
1085  {
1086  return in_array($a_role_id, $this->getGlobalRoles());
1087  }
1088 
1098  public function getRolesByFilter($a_filter = 0, $a_user_id = 0, $title_filter = '')
1099  {
1100  global $ilDB;
1101 
1102  $assign = "y";
1103 
1104  switch ($a_filter) {
1105  // all (assignable) roles
1106  case self::FILTER_ALL:
1107  return $this->getAssignableRoles(true, true, $title_filter);
1108  break;
1109 
1110  // all (assignable) global roles
1111  case self::FILTER_ALL_GLOBAL:
1112  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1113  break;
1114 
1115  // all (assignable) local roles
1116  case self::FILTER_ALL_LOCAL:
1117  case self::FILTER_INTERNAL:
1118  case self::FILTER_NOT_INTERNAL:
1119  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1120  break;
1121 
1122  // all role templates
1123  case self::FILTER_TEMPLATES:
1124  $where = "WHERE object_data.type = 'rolt'";
1125  $assign = "n";
1126  break;
1127 
1128  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1129  case 0:
1130  default:
1131  if (!$a_user_id) {
1132  return array();
1133  }
1134 
1135  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1136  break;
1137  }
1138 
1139  $roles = array();
1140 
1141  $query = "SELECT * FROM object_data " .
1142  "JOIN rbac_fa ON obj_id = rol_id " .
1143  $where .
1144  "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1145 
1146  if (strlen($title_filter)) {
1147  $query .= (' AND ' . $ilDB->like(
1148  'title',
1149  'text',
1150  '%' . $title_filter . '%'
1151  ));
1152  }
1153 
1154  $res = $ilDB->query($query);
1155  while ($row = $ilDB->fetchAssoc($res)) {
1156  $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1157 
1158  // all (assignable) internal local roles only
1159  if ($a_filter == 4 and !$prefix) {
1160  continue;
1161  }
1162 
1163  // all (assignable) non internal local roles only
1164  if ($a_filter == 5 and $prefix) {
1165  continue;
1166  }
1167 
1168  $row["desc"] = $row["description"];
1169  $row["user_id"] = $row["owner"];
1170  $roles[] = $row;
1171  }
1172 
1173  $roles = $this->__setRoleType($roles);
1174 
1175  return $roles ? $roles : array();
1176  }
1177 
1185  public function getTypeId($a_type)
1186  {
1187  global $ilDB;
1188 
1189  $q = "SELECT obj_id FROM object_data " .
1190  "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1191  $r = $ilDB->query($q);
1192 
1193  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1194  return $row->obj_id;
1195  }
1196 
1207  public static function _getOperationIdsByName($operations)
1208  {
1209  global $ilDB;
1210 
1211  if (!count($operations)) {
1212  return array();
1213  }
1214 
1215  $query = 'SELECT ops_id FROM rbac_operations ' .
1216  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1217 
1218  $res = $ilDB->query($query);
1219  while ($row = $ilDB->fetchObject($res)) {
1220  $ops_ids[] = $row->ops_id;
1221  }
1222  return $ops_ids ? $ops_ids : array();
1223  }
1224 
1233  public static function _getOperationIdByName($a_operation)
1234  {
1235  global $ilDB,$ilErr;
1236 
1237  if (!isset($a_operation)) {
1238  $message = "perm::getOperationId(): No operation given!";
1239  $ilErr->raiseError($message, $ilErr->WARNING);
1240  }
1241 
1242  // Cache operation ids
1243  if (!is_array(self::$_opsCache)) {
1244  self::$_opsCache = array();
1245 
1246  $q = "SELECT ops_id, operation FROM rbac_operations";
1247  $r = $ilDB->query($q);
1248  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1249  self::$_opsCache[$row->operation] = $row->ops_id;
1250  }
1251  }
1252 
1253  // Get operation ID by name from cache
1254  if (array_key_exists($a_operation, self::$_opsCache)) {
1255  return self::$_opsCache[$a_operation];
1256  }
1257  return null;
1258  }
1259 
1266  public static function lookupCreateOperationIds($a_type_arr)
1267  {
1268  global $ilDB;
1269 
1270  $operations = array();
1271  foreach ($a_type_arr as $type) {
1272  $operations[] = ('create_' . $type);
1273  }
1274 
1275  if (!count($operations)) {
1276  return array();
1277  }
1278 
1279  $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1280  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1281 
1282  $res = $ilDB->query($query);
1283 
1284  $ops_ids = array();
1285  while ($row = $ilDB->fetchObject($res)) {
1286  $type_arr = explode('_', $row->operation);
1287  $type = $type_arr[1];
1288 
1289  $ops_ids[$type] = $row->ops_id;
1290  }
1291  return $ops_ids;
1292  }
1293 
1294 
1295 
1304  public function isProtected($a_ref_id, $a_role_id)
1305  {
1306  global $ilDB;
1307 
1308  // ref_id not used yet. protected permission acts 'global' for each role,
1309  $query = "SELECT protected FROM rbac_fa " .
1310  "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1311  $res = $ilDB->query($query);
1312  $row = $ilDB->fetchAssoc($res);
1313 
1314  return ilUtil::yn2tf($row['protected']);
1315  }
1316 
1324  public function isBlockedAtPosition($a_role_id, $a_ref_id)
1325  {
1326  global $ilDB;
1327 
1328  $query = 'SELECT blocked from rbac_fa ' .
1329  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1330  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1331  $res = $ilDB->query($query);
1332  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1333  return (bool) $row->blocked;
1334  }
1335  return false;
1336  }
1337 
1343  public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1344  {
1345  global $ilDB, $tree;
1346 
1347  if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1348  return false;
1349  }
1350  $query = 'SELECT parent from rbac_fa ' .
1351  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1352  'AND blocked = ' . $ilDB->quote(1, 'integer');
1353  $res = $ilDB->query($query);
1354 
1355  $parent_ids = array();
1356  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1357  $parent_ids[] = $row->parent;
1358  }
1359 
1360  foreach ($parent_ids as $parent_id) {
1361  if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1362  return true;
1363  }
1364  }
1365  return false;
1366  }
1367 
1368  // this method alters the protected status of role regarding the current user's role assignment
1369  // and current postion in the hierarchy.
1370 
1382  protected function __setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
1383  {
1384  //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1385 
1386  global $rbacsystem,$ilUser,$log;
1387 
1388  if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1389  $leveladmin = true;
1390  } else {
1391  $leveladmin = false;
1392  }
1393  #vd("RoleHierarchy",$a_role_hierarchy);
1394  foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1395  //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1396  #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1397  //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1398 
1399  if ($leveladmin == true) {
1400  $a_parent_roles[$role_id]['protected'] = false;
1401  continue;
1402  }
1403 
1404  if ($a_parent_roles[$role_id]['protected'] == true) {
1405  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1406 
1407  #vd("intersection",$arr_lvl_roles_user);
1408 
1409  foreach ($arr_lvl_roles_user as $lvl_role_id) {
1410  #echo "<br/>level_role: ".$lvl_role_id;
1411  #echo "<br/>a_ref_id: ".$a_ref_id;
1412 
1413  //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1414  // check if role grants 'edit_permission' to parent
1415  $rolf = $a_parent_roles[$role_id]['parent'];
1416  #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
1417  if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1418  #echo "<br />Permission granted";
1419  //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1420  // user may change permissions of that higher-ranked role
1421  $a_parent_roles[$role_id]['protected'] = false;
1422 
1423  // remember successful check
1424  //$leveladmin = true;
1425  }
1426  }
1427  }
1428  }
1429  return $a_parent_roles;
1430  }
1431 
1442  public static function _getOperationList($a_type = null)
1443  {
1444  global $ilDB;
1445 
1446  $arr = array();
1447 
1448  if ($a_type) {
1449  $query = sprintf(
1450  'SELECT * FROM rbac_operations ' .
1451  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1452  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1453  'WHERE object_data.title = %s ' .
1454  'AND object_data.type = %s ' .
1455  'ORDER BY op_order ASC',
1456  $ilDB->quote($a_type, 'text'),
1457  $ilDB->quote('typ', 'text')
1458  );
1459  } else {
1460  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1461  }
1462  $res = $ilDB->query($query);
1463  while ($row = $ilDB->fetchAssoc($res)) {
1464  $arr[] = array(
1465  "ops_id" => $row['ops_id'],
1466  "operation" => $row['operation'],
1467  "desc" => $row['description'],
1468  "class" => $row['class'],
1469  "order" => $row['op_order']
1470  );
1471  }
1472  return $arr;
1473  }
1474 
1481  public static function _groupOperationsByClass($a_ops_arr)
1482  {
1483  $arr = array();
1484 
1485  foreach ($a_ops_arr as $ops) {
1486  $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1487  'name' => $ops['operation']
1488  );
1489  }
1490  return $arr;
1491  }
1492 
1502  public function getObjectOfRole($a_role_id)
1503  {
1504  // internal cache
1505  static $obj_cache = array();
1506 
1507  global $ilDB;
1508 
1509 
1510  if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1511  return $obj_cache[$a_role_id];
1512  }
1513 
1514  $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1515  'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1516  'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1517  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1518  'AND deleted IS NULL';
1519 
1520  #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1521  # "JOIN tree ON rfa.parent = tree.child ".
1522  # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1523  # "WHERE tree.tree = 1 ".
1524  # "AND assign = 'y' ".
1525  # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1526  $res = $ilDB->query($query);
1527 
1528  $obj_cache[$a_role_id] = 0;
1529  while ($row = $ilDB->fetchObject($res)) {
1530  $obj_cache[$a_role_id] = $row->obj_id;
1531  }
1532  return $obj_cache[$a_role_id];
1533  }
1534 
1541  public function getObjectReferenceOfRole($a_role_id)
1542  {
1543  global $ilDB;
1544 
1545  $query = 'SELECT parent p_ref FROM rbac_fa ' .
1546  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1547  'AND assign = ' . $ilDB->quote('y', 'text');
1548 
1549  $res = $ilDB->query($query);
1550  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1551  return $row->p_ref;
1552  }
1553  return 0;
1554  }
1555 
1563  public function isRoleDeleted($a_role_id)
1564  {
1565  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1566  $deleted = true;
1567  if (count($rolf_list)) {
1568  foreach ($rolf_list as $rolf) {
1569  // only list roles that are not set to status "deleted"
1570  if (!$this->isDeleted($rolf)) {
1571  $deleted = false;
1572  break;
1573  }
1574  }
1575  }
1576  return $deleted;
1577  }
1578 
1579 
1587  public function getRolesForIDs($role_ids, $use_templates)
1588  {
1589  global $ilDB;
1590 
1591  $role_list = array();
1592 
1593  $where = $this->__setTemplateFilter($use_templates);
1594 
1595  $query = "SELECT * FROM object_data " .
1596  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1597  $where .
1598  "AND rbac_fa.assign = 'y' " .
1599  'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1600 
1601  $res = $ilDB->query($query);
1602  while ($row = $ilDB->fetchAssoc($res)) {
1603  $row["desc"] = $row["description"];
1604  $row["user_id"] = $row["owner"];
1605  $role_list[] = $row;
1606  }
1607 
1608  $role_list = $this->__setRoleType($role_list);
1609  return $role_list;
1610  }
1611 
1617  public function getOperationAssignment()
1618  {
1619  global $ilDB;
1620 
1621  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1622  'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1623  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1624  $res = $ilDB->query($query);
1625 
1626  $counter = 0;
1627  while ($row = $ilDB->fetchObject($res)) {
1628  $info[$counter]['typ_id'] = $row->typ_id;
1629  $info[$counter]['type'] = $row->title;
1630  $info[$counter]['ops_id'] = $row->ops_id;
1631  $info[$counter]['operation'] = $row->operation;
1632  $counter++;
1633  }
1634  return $info ? $info : array();
1635  }
1636 
1644  public function isDeleteable($a_role_id, $a_rolf_id)
1645  {
1646  if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1647  return false;
1648  }
1649  if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1650  return false;
1651  }
1652  if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1653  return false;
1654  }
1655  return true;
1656  }
1657 
1664  public function isSystemGeneratedRole($a_role_id)
1665  {
1666  $title = ilObject::_lookupTitle($a_role_id);
1667  return substr($title, 0, 3) == 'il_' ? true : false;
1668  }
1669 
1670 
1678  public function getRoleFolderOfRole($a_role_id)
1679  {
1680  global $ilDB;
1681 
1682  if (ilObject::_lookupType($a_role_id) == 'role') {
1683  $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1684  } else {
1685  $and = '';
1686  }
1687 
1688  $query = 'SELECT * FROM rbac_fa ' .
1689  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1690  $and;
1691  $res = $ilDB->query($query);
1692  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1693  return $row->parent;
1694  }
1695  return 0;
1696  }
1697 
1705  public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1706  {
1707  global $ilDB;
1708 
1709  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1710  "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1711  "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1712  "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1713 
1714  $res = $ilDB->query($query);
1715  $all_ops = array();
1716  while ($row = $ilDB->fetchObject($res)) {
1717  $ops = unserialize($row->ops_id);
1718  $all_ops = array_merge($all_ops, $ops);
1719  }
1720  $all_ops = array_unique($all_ops);
1721 
1722  $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1723  " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1724  $perms = array();
1725  while ($rec = $ilDB->fetchAssoc($set)) {
1726  $perms[] = $rec["operation"];
1727  }
1728 
1729  return $perms;
1730  }
1731 
1738  public function setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
1739  {
1740  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1741  }
1742 
1749  public function getAssignedCacheEntry($a_role_id, $a_user_id)
1750  {
1751  return self::$is_assigned_cache[$a_role_id][$a_user_id];
1752  }
1753 
1757  public function clearCaches()
1758  {
1759  self::$is_assigned_cache = array();
1760  self::$assigned_users_cache = array();
1761  }
1762 } // END class.ilRbacReview
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1757
$ilErr
global $ilErr
Definition: raiseError.php:16
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:75
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:704
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1541
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1644
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) public.
Definition: class.ilRbacReview.php:1050
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:867
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id&#39;s by name.
Definition: class.ilRbacReview.php:1207
$type
$type
Definition: proxy_ylocal.php:10
ilDB\query
query($sql, $a_handle_error=true)
Query.
Definition: class.ilDB.php:1339
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
ilDB $ilDB
Definition: class.ilRbacReview.php:1098
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container public.
Definition: class.ilRbacReview.php:175
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:640
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:495
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles public.
Definition: class.ilRbacReview.php:215
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:982
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1442
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1617
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1343
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1084
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause private
Definition: class.ilRbacReview.php:310
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status type $rbacsystem type $ilUser type $log.
Definition: class.ilRbacReview.php:1382
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
ilDB $ilDB
Definition: class.ilRbacReview.php:906
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:138
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node public.
Definition: class.ilRbacReview.php:285
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1266
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:111
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:841
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1304
$counter
$counter
Definition: config-scanner.php:59
$a_type
$a_type
Definition: workflow.php:92
ilDB\quote
quote($a_query, $a_type=null)
Wrapper for quote method.
Definition: class.ilDB.php:2133
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users public.
Definition: class.ilRbacReview.php:520
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:719
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position ilDB $ilDB.
Definition: class.ilRbacReview.php:1324
$r
$r
Definition: example_031.php:79
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1749
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
ilDB $ilDB
Definition: class.ilRbacReview.php:1587
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id public
Definition: class.ilRbacReview.php:790
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1738
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:752
$ilUser
$ilUser
Definition: imgupload.php:18
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:676
$query
$query
Definition: proxy_ylocal.php:13
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object ilDB $ilDB.
Definition: class.ilRbacReview.php:1185
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1563
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles ilDB $ilDB.
Definition: class.ilRbacReview.php:370
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1502
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:455
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:814
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:145
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:552
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:573
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation public static
Definition: class.ilRbacReview.php:1233
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role public
Definition: class.ilRbacReview.php:423
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only &#39;global&#39; roles (with flag &#39;assign_users&#39;) public
Definition: class.ilRbacReview.php:734
ilRbacReview\__construct
__construct()
Constructor public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getOperations
getOperations()
get all possible operations public
Definition: class.ilRbacReview.php:769
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role ilDB $ilDB.
Definition: class.ilRbacReview.php:1678
ilDB
Database Wrapper.
Definition: class.ilDB.php:29
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role public
Definition: class.ilRbacReview.php:389
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type public
Definition: class.ilRbacReview.php:961
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user public
Definition: class.ilRbacReview.php:475
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository public.
Definition: class.ilRbacReview.php:255
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1705
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:335
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:3018
$info
$info
Definition: index.php:5
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1481
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1664
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type public
Definition: class.ilRbacReview.php:929
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:603
$key
$key
Definition: croninfo.php:18
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:686
if
PHPExcel root directory.
Definition: Database.php:30
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1019
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:19