ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
19class ilRbacReview
20{
21 const FILTER_ALL = 1;
22 const FILTER_ALL_GLOBAL = 2;
23 const FILTER_ALL_LOCAL = 3;
24 const FILTER_INTERNAL = 4;
25 const FILTER_NOT_INTERNAL = 5;
26 const FILTER_TEMPLATES = 6;
27
28 // Cache operation ids
29 private static $_opsCache = null;
30
34 protected static $assigned_users_cache = array();
35
39 protected static $is_assigned_cache = array();
40
44 protected $log;
45
50 public function __construct()
51 {
52 global $ilDB,$ilErr,$ilias;
53
54 $this->log = ilLoggerFactory::getLogger('ac');
55
56 // set db & error handler
57 (isset($ilDB)) ? $this->ilDB =&$ilDB : $this->ilDB =&$ilias->db;
58
59 if (!isset($ilErr)) {
60 $ilErr = new ilErrorHandling();
61 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
62 } else {
63 $this->ilErr =&$ilErr;
64 }
65 }
66
75 public function roleExists($a_title, $a_id = 0)
76 {
77 global $ilDB;
78
79 if (empty($a_title)) {
80 $message = get_class($this) . "::roleExists(): No title given!";
81 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
82 }
83
84 $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
85
86 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
87 "WHERE title =" . $ilDB->quote($a_title) . " " .
88 "AND type IN('role','rolt')" .
89 $clause . " ";
90 $r = $this->ilDB->query($q);
91
92 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
93 return $row->obj_id;
94 }
95 return false;
96 }
97
111 protected function __getParentRoles($a_path, $a_templates)
112 {
113 if (!isset($a_path) or !is_array($a_path)) {
114 $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
115 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
116 }
117
118 $parent_roles = array();
119 $role_hierarchy = array();
120
121 foreach ($a_path as $ref_id) {
122 $roles = $this->getRoleListByObject($ref_id, $a_templates);
123 foreach ($roles as $role) {
124 $id = $role["obj_id"];
125 $role["parent"] = $ref_id;
126 $parent_roles[$id] = $role;
127
128 if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
129 $role_hierarchy[$id] = $ref_id;
130 }
131 }
132 }
133 return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
134 }
135
145 public function getParentRoleIds($a_endnode_id, $a_templates = false)
146 {
147 global $tree;
148
149 if (!isset($a_endnode_id)) {
150 $GLOBALS['ilLog']->logStack();
151 $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
152 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
153 }
154
155 //var_dump($a_endnode_id);exit;
156 //$log->write("ilRBACreview::getParentRoleIds(), 0");
157 $pathIds = $tree->getPathId($a_endnode_id);
158
159 // add system folder since it may not in the path
160 //$pathIds[0] = SYSTEM_FOLDER_ID;
161 $pathIds[0] = ROLE_FOLDER_ID;
162 //$log->write("ilRBACreview::getParentRoleIds(), 1");
163 #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
164 return $this->__getParentRoles($pathIds, $a_templates);
165 }
166
175 public function getRoleListByObject($a_ref_id, $a_templates = false)
176 {
177 global $ilDB;
178
179 if (!isset($a_ref_id) or !isset($a_templates)) {
180 $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
181 "ref_id: " . $a_ref_id .
182 "tpl_flag: " . $a_templates;
183 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
184 }
185
186 $role_list = array();
187
188 $where = $this->__setTemplateFilter($a_templates);
189
190 $query = "SELECT * FROM object_data " .
191 "JOIN rbac_fa ON obj_id = rol_id " .
192 $where .
193 "AND object_data.obj_id = rbac_fa.rol_id " .
194 "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
195
196 $res = $ilDB->query($query);
197 while ($row = $ilDB->fetchAssoc($res)) {
198 $row["desc"] = $row["description"];
199 $row["user_id"] = $row["owner"];
200 $role_list[] = $row;
201 }
202
203 $role_list = $this->__setRoleType($role_list);
204
205 return $role_list;
206 }
207
215 public function getAssignableRoles($a_templates = false, $a_internal_roles = false, $title_filter = '')
216 {
217 global $ilDB;
218
219 $role_list = array();
220
221 $where = $this->__setTemplateFilter($a_templates);
222
223 $query = "SELECT * FROM object_data " .
224 "JOIN rbac_fa ON obj_id = rol_id " .
225 $where .
226 "AND rbac_fa.assign = 'y' ";
227
228 if (strlen($title_filter)) {
229 $query .= (' AND ' . $ilDB->like(
230 'title',
231 'text',
232 $title_filter . '%'
233 ));
234 }
235 $res = $ilDB->query($query);
236
237 while ($row = $ilDB->fetchAssoc($res)) {
238 $row["desc"] = $row["description"];
239 $row["user_id"] = $row["owner"];
240 $role_list[] = $row;
241 }
242
243 $role_list = $this->__setRoleType($role_list);
244
245 return $role_list;
246 }
247
255 public function getAssignableRolesInSubtree($ref_id)
256 {
257 global $ilDB;
258
259 $query = 'SELECT rol_id FROM rbac_fa fa ' .
260 'JOIN tree t1 ON t1.child = fa.parent ' .
261 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
262 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
263 'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
264 'AND t1.child IN (' .
265 $GLOBALS['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
266 ') ';
267
268
269 $res = $ilDB->query($query);
270
271 $role_list = array();
272 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
273 $role_list[] = $row->rol_id;
274 }
275 return $role_list;
276 }
277
285 public function getAssignableChildRoles($a_ref_id)
286 {
287 global $ilDB;
288
289 $query = "SELECT fa.*, rd.* " .
290 "FROM object_data rd " .
291 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
292 "WHERE fa.assign = 'y' " .
293 "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
294 ;
295
296 $res = $ilDB->query($query);
297 while ($row = $ilDB->fetchAssoc($res)) {
298 $roles_data[] = $row;
299 }
300 return $roles_data ? $roles_data : array();
301 }
302
310 protected function __setTemplateFilter($a_templates)
311 {
312 global $ilDB;
313
314 if ($a_templates === true) {
315 $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
316 } else {
317 $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
318 }
319
320 return $where;
321 }
322
335 protected function __setRoleType($a_role_list)
336 {
337 foreach ($a_role_list as $key => $val) {
338 // determine role type
339 if ($val["type"] == "rolt") {
340 $a_role_list[$key]["role_type"] = "template";
341 } else {
342 if ($val["assign"] == "y") {
343 if ($val["parent"] == ROLE_FOLDER_ID) {
344 $a_role_list[$key]["role_type"] = "global";
345 } else {
346 $a_role_list[$key]["role_type"] = "local";
347 }
348 } else {
349 $a_role_list[$key]["role_type"] = "linked";
350 }
351 }
352
353 if ($val["protected"] == "y") {
354 $a_role_list[$key]["protected"] = true;
355 } else {
356 $a_role_list[$key]["protected"] = false;
357 }
358 }
359
360 return $a_role_list;
361 }
362
370 public function getNumberOfAssignedUsers(array $a_roles)
371 {
372 global $ilDB;
373
374 $query = 'SELECT COUNT(DISTINCT(usr_id)) as num FROM rbac_ua ' .
375 'WHERE ' . $ilDB->in('rol_id', $a_roles, false, 'integer') . ' ';
376
377 $res = $ilDB->query($query);
378 $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
379 return $row->num ? $row->num : 0;
380 }
381
382
389 public function assignedUsers($a_rol_id)
390 {
391 global $ilBench,$ilDB;
392
393 if (!isset($a_rol_id)) {
394 $message = get_class($this) . "::assignedUsers(): No role_id given!";
395 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
396 }
397 if (isset(self::$assigned_users_cache[$a_rol_id])) {
398 return self::$assigned_users_cache[$a_rol_id];
399 }
400
401 $result_arr = array();
402
403 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
404 $res = $ilDB->query($query);
405 while ($row = $ilDB->fetchAssoc($res)) {
406 array_push($result_arr, $row["usr_id"]);
407 }
408
409 self::$assigned_users_cache[$a_rol_id] = $result_arr;
410
411 return $result_arr;
412 }
413
414
423 public function isAssigned($a_usr_id, $a_role_id)
424 {
425 if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
426 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
427 }
428 // Quickly determine if user is assigned to a role
429 global $ilDB;
430
431 $ilDB->setLimit(1, 0);
432 $query = "SELECT usr_id FROM rbac_ua WHERE " .
433 "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
434 "AND usr_id= " . $ilDB->quote($a_usr_id);
435 $res = $ilDB->query($query);
436
437 $is_assigned = $res->numRows() == 1;
438 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
439
440 return $is_assigned;
441 }
442
455 public function isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
456 {
457 global $ilDB;
458
459 $ilDB->setLimit(1, 0);
460 $query = "SELECT usr_id FROM rbac_ua WHERE " .
461 $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
462 " AND usr_id= " . $ilDB->quote($a_usr_id);
463 $res = $ilDB->query($query);
464
465 return $ilDB->numRows($res) == 1;
466 }
467
475 public function assignedRoles($a_usr_id)
476 {
477 global $ilDB;
478
479 $role_arr = array();
480
481 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
482
483 $res = $ilDB->query($query);
484 while ($row = $ilDB->fetchObject($res)) {
485 $role_arr[] = $row->rol_id;
486 }
487 return $role_arr ? $role_arr : array();
488 }
489
495 public function assignedGlobalRoles($a_usr_id)
496 {
497 global $ilDB;
498
499 $query = "SELECT ua.rol_id FROM rbac_ua ua " .
500 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
501 "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
502 "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
503 "AND assign = 'y' ";
504
505 $res = $ilDB->query($query);
506 while ($row = $ilDB->fetchObject($res)) {
507 $role_arr[] = $row->rol_id;
508 }
509 return $role_arr ? $role_arr : array();
510 }
511
520 public function isAssignable($a_rol_id, $a_ref_id)
521 {
522 global $ilBench,$ilDB;
523
524 $ilBench->start("RBAC", "review_isAssignable");
525
526 // exclude system role from rbac
527 if ($a_rol_id == SYSTEM_ROLE_ID) {
528 $ilBench->stop("RBAC", "review_isAssignable");
529 return true;
530 }
531
532 if (!isset($a_rol_id) or !isset($a_ref_id)) {
533 $message = get_class($this) . "::isAssignable(): Missing parameter!" .
534 " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
535 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
536 }
537 $query = "SELECT * FROM rbac_fa " .
538 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
539 "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
540 $res = $ilDB->query($query);
541 $row = $ilDB->fetchObject($res);
542
543 $ilBench->stop("RBAC", "review_isAssignable");
544 return $row->assign == 'y' ? true : false;
545 }
546
552 public function hasMultipleAssignments($a_role_id)
553 {
554 global $ilDB;
555
556 $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
557 "AND assign = " . $ilDB->quote('y', 'text');
558 $res = $ilDB->query($query);
559 return $res->numRows() > 1;
560 }
561
573 public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
574 {
575 global $ilDB;
576
577 if (!isset($a_rol_id)) {
578 $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
579 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
580 }
581
582 if ($a_assignable) {
583 $where = " AND assign ='y'";
584 }
585
586 $query = "SELECT DISTINCT parent FROM rbac_fa " .
587 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
588
589 $res = $ilDB->query($query);
590 while ($row = $ilDB->fetchObject($res)) {
591 $folders[] = $row->parent;
592 }
593 return $folders ? $folders : array();
594 }
595
603 public function getRolesOfObject($a_ref_id, $a_assignable_only = false)
604 {
605 global $ilDB;
606
607 if (!isset($a_ref_id)) {
608 $GLOBALS['ilLog']->logStack();
609 throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
610 }
611 if ($a_assignable_only === true) {
612 $and = 'AND assign = ' . $ilDB->quote('y', 'text');
613 }
614 $query = "SELECT rol_id FROM rbac_fa " .
615 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
616 $and;
617
618 $res = $ilDB->query($query);
619
620 $role_ids = array();
621 while ($row = $ilDB->fetchObject($res)) {
622 $role_ids[] = $row->rol_id;
623 }
624 return $role_ids;
625 }
626
627
628
629
640 public function getRolesOfRoleFolder($a_ref_id, $a_nonassignable = true)
641 {
642 global $ilBench,$ilDB,$ilLog;
643
644 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
645
646 if (!isset($a_ref_id)) {
647 $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
648 ilLoggerFactory::getLogger('ac')->logStack();
649 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
650 }
651
652 if ($a_nonassignable === false) {
653 $and = " AND assign='y'";
654 }
655
656 $query = "SELECT rol_id FROM rbac_fa " .
657 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
658 $and;
659
660 $res = $ilDB->query($query);
661 while ($row = $ilDB->fetchObject($res)) {
662 $rol_id[] = $row->rol_id;
663 }
664
665 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
666
667 return $rol_id ? $rol_id : array();
668 }
669
676 public function getGlobalRoles()
677 {
678 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
679 }
680
686 public function getLocalRoles($a_ref_id)
687 {
688 global $ilDB;
689
690 $lroles = array();
691 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
692 if ($this->isAssignable($role_id, $a_ref_id)) {
693 $lroles[] = $role_id;
694 }
695 }
696 return $lroles;
697 }
698
704 public function getLocalPolicies($a_ref_id)
705 {
706 $lroles = array();
707 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
708 $lroles[] = $role_id;
709 }
710 return $lroles;
711 }
712
719 public function getGlobalRolesArray()
720 {
721 foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
722 $ga[] = array('obj_id' => $role_id,
723 'role_type' => 'global');
724 }
725 return $ga ? $ga : array();
726 }
727
734 public function getGlobalAssignableRoles()
735 {
736 include_once './Services/AccessControl/classes/class.ilObjRole.php';
737
738 foreach ($this->getGlobalRoles() as $role_id) {
739 if (ilObjRole::_getAssignUsersStatus($role_id)) {
740 $ga[] = array('obj_id' => $role_id,
741 'role_type' => 'global');
742 }
743 }
744 return $ga ? $ga : array();
745 }
746
747
752 public function isRoleAssignedToObject($a_role_id, $a_parent_id)
753 {
754 global $rbacreview, $ilDB;
755
756 $query = 'SELECT * FROM rbac_fa ' .
757 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
758 'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
759 $res = $ilDB->query($query);
760 return $res->numRows() ? true : false;
761 }
762
769 public function getOperations()
770 {
771 global $ilDB;
772
773 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
774 $res = $this->ilDB->query($query);
775 while ($row = $ilDB->fetchObject($res)) {
776 $ops[] = array('ops_id' => $row->ops_id,
777 'operation' => $row->operation,
778 'description' => $row->description);
779 }
780
781 return $ops ? $ops : array();
782 }
783
790 public function getOperation($ops_id)
791 {
792 global $ilDB;
793
794 $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
795 $res = $this->ilDB->query($query);
796 while ($row = $ilDB->fetchObject($res)) {
797 $ops = array('ops_id' => $row->ops_id,
798 'operation' => $row->operation,
799 'description' => $row->description);
800 }
801
802 return $ops ? $ops : array();
803 }
804
814 public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
815 {
816 global $ilDB;
817
818 if (!$a_parent) {
819 $a_parent = ROLE_FOLDER_ID;
820 }
821
822 $query = "SELECT ops_id,type FROM rbac_templates " .
823 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
824 "AND parent = " . $ilDB->quote($a_parent, 'integer');
825 $res = $ilDB->query($query);
826
827 $ops_arr = array();
828 while ($row = $ilDB->fetchObject($res)) {
829 $ops_arr[$row->type][] = $row->ops_id;
830 }
831 return (array) $ops_arr;
832 }
833
841 public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
842 {
843 global $ilDB;
844
845 $query = 'SELECT * FROM rbac_pa ' .
846 'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
847 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
848
849 $res = $ilDB->query($query);
850 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
851 return unserialize($row['ops_id']);
852 }
853 return array();
854 }
855
856
867 public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
868 {
869 global $ilDB,$ilLog;
870
871 if (!isset($a_rol_id) or !isset($a_type)) {
872 $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
873 "role_id: " . $a_rol_id .
874 "type: " . $a_type .
875 "parent_id: " . $a_parent;
876 $ilLog->logStack("Missing parameter! ");
877 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
878 }
879
880 $ops_arr = array();
881
882 // if no rolefolder id is given, assume global role folder as target
883 if ($a_parent == 0) {
884 $a_parent = ROLE_FOLDER_ID;
885 }
886
887 $query = "SELECT ops_id FROM rbac_templates " .
888 "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
889 "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
890 "AND parent = " . $ilDB->quote($a_parent, 'integer');
891 $res = $ilDB->query($query);
892 while ($row = $ilDB->fetchObject($res)) {
893 $ops_arr[] = $row->ops_id;
894 }
895
896 return $ops_arr;
897 }
898
906 public function getRoleOperationsOnObject($a_role_id, $a_ref_id)
907 {
908 global $ilDB;
909
910 $query = "SELECT * FROM rbac_pa " .
911 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
912 "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
913
914 $res = $ilDB->query($query);
915 while ($row = $ilDB->fetchObject($res)) {
916 $ops = unserialize($row->ops_id);
917 }
918
919 return $ops ? $ops : array();
920 }
921
929 public function getOperationsOnType($a_typ_id)
930 {
931 global $ilDB;
932
933 if (!isset($a_typ_id)) {
934 $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
935 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
936 }
937
938 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
939
940 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
941 'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
942 'ORDER BY op_order';
943
944 $res = $ilDB->query($query);
945
946 while ($row = $ilDB->fetchObject($res)) {
947 $ops_id[] = $row->ops_id;
948 }
949
950 return $ops_id ? $ops_id : array();
951 }
952
961 public function getOperationsOnTypeString($a_type)
962 {
963 global $ilDB;
964
965 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
966
967
968 $res = $this->ilDB->query($query);
969 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
970 return $this->getOperationsOnType($row->obj_id);
971 }
972 return false;
973 }
974
982 public function getOperationsByTypeAndClass($a_type, $a_class)
983 {
984 global $ilDB;
985
986 if ($a_class != 'create') {
987 $condition = "AND class != " . $ilDB->quote('create', 'text');
988 } else {
989 $condition = "AND class = " . $ilDB->quote('create', 'text');
990 }
991
992 $query = "SELECT ro.ops_id FROM rbac_operations ro " .
993 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
994 "JOIN object_data od ON rt.typ_id = od.obj_id " .
995 "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
996 "AND title = " . $ilDB->quote($a_type, 'text') . " " .
997 $condition . " " .
998 "ORDER BY op_order ";
999
1000 $res = $ilDB->query($query);
1001
1002 $ops = array();
1003 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1004 $ops[] = $row->ops_id;
1005 }
1006 return $ops;
1007 }
1008
1009
1019 public function getObjectsWithStopedInheritance($a_rol_id, $a_filter = array())
1020 {
1021 global $ilDB;
1022
1023 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1024 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1025 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1026
1027 $query = 'SELECT parent p FROM rbac_fa ' .
1028 'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1029 'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1030
1031 if ($a_filter) {
1032 $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1033 }
1034
1035 $res = $ilDB->query($query);
1036 $parent = array();
1037 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1038 $parent[] = $row->p;
1039 }
1040 return $parent;
1041 }
1042
1050 public function isDeleted($a_node_id)
1051 {
1052 global $ilDB;
1053
1054 $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1055 $r = $this->ilDB->query($q);
1056
1057 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1058
1059 if (!$row) {
1060 $message = sprintf(
1061 '%s::isDeleted(): Role folder with ref_id %s not found!',
1062 get_class($this),
1063 $a_node_id
1064 );
1065 $this->log->write($message, $this->log->FATAL);
1066
1067 return true;
1068 }
1069
1070 // rolefolder is deleted
1071 if ($row->tree < 0) {
1072 return true;
1073 }
1074
1075 return false;
1076 }
1077
1084 public function isGlobalRole($a_role_id)
1085 {
1086 return in_array($a_role_id, $this->getGlobalRoles());
1087 }
1088
1098 public function getRolesByFilter($a_filter = 0, $a_user_id = 0, $title_filter = '')
1099 {
1100 global $ilDB;
1101
1102 $assign = "y";
1103
1104 switch ($a_filter) {
1105 // all (assignable) roles
1106 case self::FILTER_ALL:
1107 return $this->getAssignableRoles(true, true, $title_filter);
1108 break;
1109
1110 // all (assignable) global roles
1111 case self::FILTER_ALL_GLOBAL:
1112 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1113 break;
1114
1115 // all (assignable) local roles
1116 case self::FILTER_ALL_LOCAL:
1117 case self::FILTER_INTERNAL:
1118 case self::FILTER_NOT_INTERNAL:
1119 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1120 break;
1121
1122 // all role templates
1123 case self::FILTER_TEMPLATES:
1124 $where = "WHERE object_data.type = 'rolt'";
1125 $assign = "n";
1126 break;
1127
1128 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1129 case 0:
1130 default:
1131 if (!$a_user_id) {
1132 return array();
1133 }
1134
1135 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1136 break;
1137 }
1138
1139 $roles = array();
1140
1141 $query = "SELECT * FROM object_data " .
1142 "JOIN rbac_fa ON obj_id = rol_id " .
1143 $where .
1144 "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1145
1146 if (strlen($title_filter)) {
1147 $query .= (' AND ' . $ilDB->like(
1148 'title',
1149 'text',
1150 '%' . $title_filter . '%'
1151 ));
1152 }
1153
1154 $res = $ilDB->query($query);
1155 while ($row = $ilDB->fetchAssoc($res)) {
1156 $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1157
1158 // all (assignable) internal local roles only
1159 if ($a_filter == 4 and !$prefix) {
1160 continue;
1161 }
1162
1163 // all (assignable) non internal local roles only
1164 if ($a_filter == 5 and $prefix) {
1165 continue;
1166 }
1167
1168 $row["desc"] = $row["description"];
1169 $row["user_id"] = $row["owner"];
1170 $roles[] = $row;
1171 }
1172
1173 $roles = $this->__setRoleType($roles);
1174
1175 return $roles ? $roles : array();
1176 }
1177
1185 public function getTypeId($a_type)
1186 {
1187 global $ilDB;
1188
1189 $q = "SELECT obj_id FROM object_data " .
1190 "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1191 $r = $ilDB->query($q);
1192
1193 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1194 return $row->obj_id;
1195 }
1196
1207 public static function _getOperationIdsByName($operations)
1208 {
1209 global $ilDB;
1210
1211 if (!count($operations)) {
1212 return array();
1213 }
1214
1215 $query = 'SELECT ops_id FROM rbac_operations ' .
1216 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1217
1218 $res = $ilDB->query($query);
1219 while ($row = $ilDB->fetchObject($res)) {
1220 $ops_ids[] = $row->ops_id;
1221 }
1222 return $ops_ids ? $ops_ids : array();
1223 }
1224
1233 public static function _getOperationIdByName($a_operation)
1234 {
1235 global $ilDB,$ilErr;
1236
1237 if (!isset($a_operation)) {
1238 $message = "perm::getOperationId(): No operation given!";
1239 $ilErr->raiseError($message, $ilErr->WARNING);
1240 }
1241
1242 // Cache operation ids
1243 if (!is_array(self::$_opsCache)) {
1244 self::$_opsCache = array();
1245
1246 $q = "SELECT ops_id, operation FROM rbac_operations";
1247 $r = $ilDB->query($q);
1248 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1249 self::$_opsCache[$row->operation] = $row->ops_id;
1250 }
1251 }
1252
1253 // Get operation ID by name from cache
1254 if (array_key_exists($a_operation, self::$_opsCache)) {
1255 return self::$_opsCache[$a_operation];
1256 }
1257 return null;
1258 }
1259
1266 public static function lookupCreateOperationIds($a_type_arr)
1267 {
1268 global $ilDB;
1269
1270 $operations = array();
1271 foreach ($a_type_arr as $type) {
1272 $operations[] = ('create_' . $type);
1273 }
1274
1275 if (!count($operations)) {
1276 return array();
1277 }
1278
1279 $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1280 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1281
1282 $res = $ilDB->query($query);
1283
1284 $ops_ids = array();
1285 while ($row = $ilDB->fetchObject($res)) {
1286 $type_arr = explode('_', $row->operation);
1287 $type = $type_arr[1];
1288
1289 $ops_ids[$type] = $row->ops_id;
1290 }
1291 return $ops_ids;
1292 }
1293
1294
1295
1304 public function isProtected($a_ref_id, $a_role_id)
1305 {
1306 global $ilDB;
1307
1308 // ref_id not used yet. protected permission acts 'global' for each role,
1309 $query = "SELECT protected FROM rbac_fa " .
1310 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1311 $res = $ilDB->query($query);
1312 $row = $ilDB->fetchAssoc($res);
1313
1314 return ilUtil::yn2tf($row['protected']);
1315 }
1316
1324 public function isBlockedAtPosition($a_role_id, $a_ref_id)
1325 {
1326 global $ilDB;
1327
1328 $query = 'SELECT blocked from rbac_fa ' .
1329 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1330 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1331 $res = $ilDB->query($query);
1332 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1333 return (bool) $row->blocked;
1334 }
1335 return false;
1336 }
1337
1343 public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1344 {
1345 global $ilDB, $tree;
1346
1347 if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1348 return false;
1349 }
1350 $query = 'SELECT parent from rbac_fa ' .
1351 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1352 'AND blocked = ' . $ilDB->quote(1, 'integer');
1353 $res = $ilDB->query($query);
1354
1355 $parent_ids = array();
1356 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1357 $parent_ids[] = $row->parent;
1358 }
1359
1360 foreach ($parent_ids as $parent_id) {
1361 if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1362 return true;
1363 }
1364 }
1365 return false;
1366 }
1367
1368 // this method alters the protected status of role regarding the current user's role assignment
1369 // and current postion in the hierarchy.
1370
1382 protected function __setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
1383 {
1384 //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1385
1386 global $rbacsystem,$ilUser,$log;
1387
1388 if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1389 $leveladmin = true;
1390 } else {
1391 $leveladmin = false;
1392 }
1393 #vd("RoleHierarchy",$a_role_hierarchy);
1394 foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1395 //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1396 #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1397 //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1398
1399 if ($leveladmin == true) {
1400 $a_parent_roles[$role_id]['protected'] = false;
1401 continue;
1402 }
1403
1404 if ($a_parent_roles[$role_id]['protected'] == true) {
1405 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1406
1407 #vd("intersection",$arr_lvl_roles_user);
1408
1409 foreach ($arr_lvl_roles_user as $lvl_role_id) {
1410 #echo "<br/>level_role: ".$lvl_role_id;
1411 #echo "<br/>a_ref_id: ".$a_ref_id;
1412
1413 //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1414 // check if role grants 'edit_permission' to parent
1415 $rolf = $a_parent_roles[$role_id]['parent'];
1416 #$parent_obj = $GLOBALS['tree']->getParentId($rolf);
1417 if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1418 #echo "<br />Permission granted";
1419 //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1420 // user may change permissions of that higher-ranked role
1421 $a_parent_roles[$role_id]['protected'] = false;
1422
1423 // remember successful check
1424 //$leveladmin = true;
1425 }
1426 }
1427 }
1428 }
1429 return $a_parent_roles;
1430 }
1431
1442 public static function _getOperationList($a_type = null)
1443 {
1444 global $ilDB;
1445
1446 $arr = array();
1447
1448 if ($a_type) {
1449 $query = sprintf(
1450 'SELECT * FROM rbac_operations ' .
1451 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1452 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1453 'WHERE object_data.title = %s ' .
1454 'AND object_data.type = %s ' .
1455 'ORDER BY op_order ASC',
1456 $ilDB->quote($a_type, 'text'),
1457 $ilDB->quote('typ', 'text')
1458 );
1459 } else {
1460 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1461 }
1462 $res = $ilDB->query($query);
1463 while ($row = $ilDB->fetchAssoc($res)) {
1464 $arr[] = array(
1465 "ops_id" => $row['ops_id'],
1466 "operation" => $row['operation'],
1467 "desc" => $row['description'],
1468 "class" => $row['class'],
1469 "order" => $row['op_order']
1470 );
1471 }
1472 return $arr;
1473 }
1474
1481 public static function _groupOperationsByClass($a_ops_arr)
1482 {
1483 $arr = array();
1484
1485 foreach ($a_ops_arr as $ops) {
1486 $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1487 'name' => $ops['operation']
1488 );
1489 }
1490 return $arr;
1491 }
1492
1502 public function getObjectOfRole($a_role_id)
1503 {
1504 // internal cache
1505 static $obj_cache = array();
1506
1507 global $ilDB;
1508
1509
1510 if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1511 return $obj_cache[$a_role_id];
1512 }
1513
1514 $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1515 'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1516 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1517 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1518 'AND deleted IS NULL';
1519
1520 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1521 # "JOIN tree ON rfa.parent = tree.child ".
1522 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1523 # "WHERE tree.tree = 1 ".
1524 # "AND assign = 'y' ".
1525 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1526 $res = $ilDB->query($query);
1527
1528 $obj_cache[$a_role_id] = 0;
1529 while ($row = $ilDB->fetchObject($res)) {
1530 $obj_cache[$a_role_id] = $row->obj_id;
1531 }
1532 return $obj_cache[$a_role_id];
1533 }
1534
1541 public function getObjectReferenceOfRole($a_role_id)
1542 {
1543 global $ilDB;
1544
1545 $query = 'SELECT parent p_ref FROM rbac_fa ' .
1546 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1547 'AND assign = ' . $ilDB->quote('y', 'text');
1548
1549 $res = $ilDB->query($query);
1550 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1551 return $row->p_ref;
1552 }
1553 return 0;
1554 }
1555
1563 public function isRoleDeleted($a_role_id)
1564 {
1565 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1566 $deleted = true;
1567 if (count($rolf_list)) {
1568 foreach ($rolf_list as $rolf) {
1569 // only list roles that are not set to status "deleted"
1570 if (!$this->isDeleted($rolf)) {
1571 $deleted = false;
1572 break;
1573 }
1574 }
1575 }
1576 return $deleted;
1577 }
1578
1579
1587 public function getRolesForIDs($role_ids, $use_templates)
1588 {
1589 global $ilDB;
1590
1591 $role_list = array();
1592
1593 $where = $this->__setTemplateFilter($use_templates);
1594
1595 $query = "SELECT * FROM object_data " .
1596 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1597 $where .
1598 "AND rbac_fa.assign = 'y' " .
1599 'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1600
1601 $res = $ilDB->query($query);
1602 while ($row = $ilDB->fetchAssoc($res)) {
1603 $row["desc"] = $row["description"];
1604 $row["user_id"] = $row["owner"];
1605 $role_list[] = $row;
1606 }
1607
1608 $role_list = $this->__setRoleType($role_list);
1609 return $role_list;
1610 }
1611
1617 public function getOperationAssignment()
1618 {
1619 global $ilDB;
1620
1621 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1622 'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1623 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1624 $res = $ilDB->query($query);
1625
1626 $counter = 0;
1627 while ($row = $ilDB->fetchObject($res)) {
1628 $info[$counter]['typ_id'] = $row->typ_id;
1629 $info[$counter]['type'] = $row->title;
1630 $info[$counter]['ops_id'] = $row->ops_id;
1631 $info[$counter]['operation'] = $row->operation;
1632 $counter++;
1633 }
1634 return $info ? $info : array();
1635 }
1636
1644 public function isDeleteable($a_role_id, $a_rolf_id)
1645 {
1646 if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1647 return false;
1648 }
1649 if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1650 return false;
1651 }
1652 if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1653 return false;
1654 }
1655 return true;
1656 }
1657
1664 public function isSystemGeneratedRole($a_role_id)
1665 {
1666 $title = ilObject::_lookupTitle($a_role_id);
1667 return substr($title, 0, 3) == 'il_' ? true : false;
1668 }
1669
1670
1678 public function getRoleFolderOfRole($a_role_id)
1679 {
1680 global $ilDB;
1681
1682 if (ilObject::_lookupType($a_role_id) == 'role') {
1683 $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1684 } else {
1685 $and = '';
1686 }
1687
1688 $query = 'SELECT * FROM rbac_fa ' .
1689 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1690 $and;
1691 $res = $ilDB->query($query);
1692 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1693 return $row->parent;
1694 }
1695 return 0;
1696 }
1697
1705 public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1706 {
1707 global $ilDB;
1708
1709 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1710 "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1711 "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1712 "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1713
1714 $res = $ilDB->query($query);
1715 $all_ops = array();
1716 while ($row = $ilDB->fetchObject($res)) {
1717 $ops = unserialize($row->ops_id);
1718 $all_ops = array_merge($all_ops, $ops);
1719 }
1720 $all_ops = array_unique($all_ops);
1721
1722 $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1723 " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1724 $perms = array();
1725 while ($rec = $ilDB->fetchAssoc($set)) {
1726 $perms[] = $rec["operation"];
1727 }
1728
1729 return $perms;
1730 }
1731
1738 public function setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
1739 {
1740 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1741 }
1742
1749 public function getAssignedCacheEntry($a_role_id, $a_user_id)
1750 {
1751 return self::$is_assigned_cache[$a_role_id][$a_user_id];
1752 }
1753
1757 public function clearCaches()
1758 {
1759 self::$is_assigned_cache = array();
1760 self::$assigned_users_cache = array();
1761 }
1762} // END class.ilRbacReview
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
if
PHPExcel root directory.
Definition: PHPExcel.php:30
php
An exception for terminatinating execution or to throw for unit testing.
ilDB
Database Wrapper.
Definition: class.ilDB.php:30
ilDB\query
query($sql, $a_handle_error=true)
Query.
Definition: class.ilDB.php:1339
ilDB\quote
quote($a_query, $a_type=null)
Wrapper for quote method.
Definition: class.ilDB.php:2133
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:138
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:20
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node @access public.
Definition: class.ilRbacReview.php:285
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1098
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1185
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1481
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:704
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
Definition: class.ilRbacReview.php:475
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:867
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role @access public
Definition: class.ilRbacReview.php:389
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:686
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
Definition: class.ilRbacReview.php:1233
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
Definition: class.ilRbacReview.php:1050
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:75
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:982
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:335
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
Definition: class.ilRbacReview.php:1382
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:640
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:841
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:676
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1084
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:603
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:752
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:573
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:906
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1324
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:552
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:145
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1757
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1304
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:495
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:929
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
Definition: class.ilRbacReview.php:1442
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1664
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
Definition: class.ilRbacReview.php:175
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users') @access public
Definition: class.ilRbacReview.php:734
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1563
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles @global ilDB $ilDB.
Definition: class.ilRbacReview.php:370
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1343
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:111
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1678
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role @access public
Definition: class.ilRbacReview.php:423
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id's by name.
Definition: class.ilRbacReview.php:1207
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
Definition: class.ilRbacReview.php:520
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1749
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1541
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1019
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1266
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1738
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:719
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:961
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1705
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1587
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository @access public.
Definition: class.ilRbacReview.php:255
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1617
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id @access public
Definition: class.ilRbacReview.php:790
ilRbacReview\__construct
__construct()
Constructor @access public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1502
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
Definition: class.ilRbacReview.php:310
ilRbacReview\getOperations
getOperations()
get all possible operations @access public
Definition: class.ilRbacReview.php:769
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
Definition: class.ilRbacReview.php:215
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1644
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:455
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:814
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:3018
$counter
$counter
Definition: config-scanner.php:59
$key
$key
Definition: croninfo.php:18
$r
$r
Definition: example_031.php:79
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:129
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$info
$info
Definition: index.php:5
$query
$query
Definition: proxy_ylocal.php:13
$type
$type
Definition: proxy_ylocal.php:10
$ilErr
global $ilErr
Definition: raiseError.php:16
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18
$a_type
$a_type
Definition: workflow.php:92