ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilObjRole.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5require_once "./Services/Object/classes/class.ilObject.php";
6require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7
16class ilObjRole extends ilObject
17{
18 const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
19 const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
20 const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
21 const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
22
30 public $parent;
31
32 public $allow_register;
33 public $assign_users;
34
36 public $disk_quota;
37 public $wsp_disk_quota;
44 public function __construct($a_id = 0, $a_call_by_reference = false)
45 {
46 $this->type = "role";
47 $this->disk_quota = 0;
48 $this->wsp_disk_quota = 0;
49 parent::__construct($a_id, $a_call_by_reference);
50 }
51
60 public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
61 {
62 global $ilDB;
63
64 // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
65 $res = $ilDB->query("SELECT obj_id FROM object_data " .
66 " WHERE type=" . $ilDB->quote("rolt", "text") .
67 " AND title=" . $ilDB->quote($a_tpl_name, "text"));
68 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
69 $tpl_id = $row->obj_id;
70 }
71
72 if (!$tpl_id) {
73 return null;
74 }
75
76 include_once './Services/AccessControl/classes/class.ilObjRole.php';
77 $role = new ilObjRole();
78 $role->setTitle($a_title);
79 $role->setDescription($a_description);
80 $role->create();
81
82 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 'y');
83
84 $GLOBALS['rbacadmin']->copyRoleTemplatePermissions(
85 $tpl_id,
86 ROLE_FOLDER_ID,
87 $a_ref_id,
88 $role->getId()
89 );
90
91 $ops = $GLOBALS['rbacreview']->getOperationsOfRole(
92 $role->getId(),
93 ilObject::_lookupType($a_ref_id, true),
94 $a_ref_id
95 );
96 $GLOBALS['rbacadmin']->grantPermission(
97 $role->getId(),
98 $ops,
99 $a_ref_id
100 );
101 return $role;
102 }
103
104
109 public function validate()
110 {
111 global $ilErr;
112
113 if (substr($this->getTitle(), 0, 3) == 'il_') {
114 $ilErr->setMessage('msg_role_reserved_prefix');
115 return false;
116 }
117 return true;
118 }
119
124 public function getPresentationTitle()
125 {
126 return ilObjRole::_getTranslation($this->getTitle());
127 }
128
129 public function toggleAssignUsersStatus($a_assign_users)
130 {
131 $this->assign_users = (int) $a_assign_users;
132 }
133 public function getAssignUsersStatus()
134 {
135 return $this->assign_users ? $this->assign_users : 0;
136 }
137 // Same method (static)
138 public static function _getAssignUsersStatus($a_role_id)
139 {
140 global $ilDB;
141
142 $query = "SELECT assign_users FROM role_data WHERE role_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
143 $res = $ilDB->query($query);
144 while ($row = $ilDB->fetchObject($res)) {
145 return $row->assign_users ? true : false;
146 }
147 return false;
148 }
149
154 public function read()
155 {
156 global $ilDB;
157
158 $query = "SELECT * FROM role_data WHERE role_id= " . $ilDB->quote($this->id, 'integer') . " ";
159
160 $res = $ilDB->query($query);
161 if ($res->numRows() > 0) {
162 $data = $ilDB->fetchAssoc($res);
163
164 // fill member vars in one shot
165 $this->assignData($data);
166 } else {
167 $this->ilias->raiseError("<b>Error: There is no dataset with id " . $this->id . "!</b><br />class: " . get_class($this) . "<br />Script: " . __FILE__ . "<br />Line: " . __LINE__, $this->ilias->FATAL);
168 }
169
170 parent::read();
171 }
172
178 public function assignData($a_data)
179 {
180 $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
181 $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
182 $this->setAllowRegister($a_data["allow_register"]);
183 $this->toggleAssignUsersStatus($a_data['assign_users']);
184 $this->setDiskQuota($a_data['disk_quota']);
185 $this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
186 }
187
192 public function update()
193 {
194 global $ilDB;
195
196 $query = "UPDATE role_data SET " .
197 "allow_register= " . $ilDB->quote($this->allow_register, 'integer') . ", " .
198 "assign_users = " . $ilDB->quote($this->getAssignUsersStatus(), 'integer') . ", " .
199 "disk_quota = " . $ilDB->quote($this->getDiskQuota(), 'integer') . ", " .
200 "wsp_disk_quota = " . $ilDB->quote($this->getPersonalWorkspaceDiskQuota(), 'integer') . " " .
201 "WHERE role_id= " . $ilDB->quote($this->id, 'integer') . " ";
202 $res = $ilDB->manipulate($query);
203
204 parent::update();
205
206 $this->read();
207
208 return true;
209 }
210
218 public function create()
219 {
220 global $ilDB;
221
222 $this->id = parent::create();
223
224 $query = "INSERT INTO role_data " .
225 "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) " .
226 "VALUES " .
227 "(" . $ilDB->quote($this->id, 'integer') . "," .
228 $ilDB->quote($this->getAllowRegister(), 'integer') . "," .
229 $ilDB->quote($this->getAssignUsersStatus(), 'integer') . "," .
230 $ilDB->quote($this->getDiskQuota(), 'integer') . "," .
231 $ilDB->quote($this->getPersonalWorkspaceDiskQuota(), 'integer') . ")"
232 ;
233 $res = $ilDB->query($query);
234
235 return $this->id;
236 }
237
244 public function setAllowRegister($a_allow_register)
245 {
246 if (empty($a_allow_register)) {
247 $a_allow_register == 0;
248 }
249
250 $this->allow_register = (int) $a_allow_register;
251 }
252
259 public function getAllowRegister()
260 {
261 return $this->allow_register ? $this->allow_register : false;
262 }
263
272 public function setDiskQuota($a_disk_quota)
273 {
274 $this->disk_quota = $a_disk_quota;
275 }
276
286 public function getDiskQuota()
287 {
288 return $this->disk_quota;
289 }
290
291
300 public function setPersonalWorkspaceDiskQuota($a_disk_quota)
301 {
302 $this->wsp_disk_quota = $a_disk_quota;
303 }
304
314 public function getPersonalWorkspaceDiskQuota()
315 {
316 return $this->wsp_disk_quota;
317 }
318
325 public static function _lookupRegisterAllowed()
326 {
327 global $ilDB;
328
329 $query = "SELECT * FROM role_data " .
330 "JOIN object_data ON object_data.obj_id = role_data.role_id " .
331 "WHERE allow_register = 1";
332 $res = $ilDB->query($query);
333
334 $roles = array();
335 while ($role = $ilDB->fetchAssoc($res)) {
336 $roles[] = array("id" => $role["obj_id"],
337 "title" => $role["title"],
338 "auth_mode" => $role['auth_mode']);
339 }
340
341 return $roles;
342 }
343
350 public static function _lookupAllowRegister($a_role_id)
351 {
352 global $ilDB;
353
354 $query = "SELECT * FROM role_data " .
355 " WHERE role_id =" . $ilDB->quote($a_role_id, 'integer');
356
357 $res = $ilDB->query($query);
358 if ($role_rec = $ilDB->fetchAssoc($res)) {
359 if ($role_rec["allow_register"]) {
360 return true;
361 }
362 }
363 return false;
364 }
365
373 public function setParent($a_parent_ref)
374 {
375 $this->parent = $a_parent_ref;
376 }
377
384 public function getParent()
385 {
386 return $this->parent;
387 }
388
389
396 public function delete()
397 {
398 global $rbacadmin, $rbacreview,$ilDB;
399
400 // Temporary bugfix
401 if ($rbacreview->hasMultipleAssignments($this->getId())) {
402 ilLoggerFactory::getLogger('ac')->warning('Found role with multiple assignments: role_id: ' . $this->getId());
403 ilLoggerFactory::getLogger('ac')->warning('Aborted deletion of role.');
404 return false;
405 }
406
407 if ($rbacreview->isAssignable($this->getId(), $this->getParent())) {
408 ilLoggerFactory::getLogger('ac')->debug('Handling assignable role...');
409 // do not delete a global role, if the role is the last
410 // role a user is assigned to.
411 //
412 // Performance improvement: In the code section below, we
413 // only need to consider _global_ roles. We don't need
414 // to check for _local_ roles, because a user who has
415 // a local role _always_ has a global role too.
416 $last_role_user_ids = array();
417 if ($this->getParent() == ROLE_FOLDER_ID) {
418 ilLoggerFactory::getLogger('ac')->debug('Handling global role...');
419 // The role is a global role: check if
420 // we find users who aren't assigned to any
421 // other global role than this one.
422 $user_ids = $rbacreview->assignedUsers($this->getId());
423
424 foreach ($user_ids as $user_id) {
425 // get all roles each user has
426 $role_ids = $rbacreview->assignedRoles($user_id);
427
428 // is last role?
429 if (count($role_ids) == 1) {
430 $last_role_user_ids[] = $user_id;
431 }
432 }
433 }
434
435 // users with last role found?
436 if (count($last_role_user_ids) > 0) {
437 $user_names = array();
438 foreach ($last_role_user_ids as $user_id) {
439 // GET OBJECT TITLE
440 $user_names[] = ilObjUser::_lookupLogin($user_id);
441 }
442
443 // TODO: This check must be done in rolefolder object because if multiple
444 // roles were selected the other roles are still deleted and the system does not
445 // give any feedback about this.
446 $users = implode(', ', $user_names);
447 ilLoggerFactory::getLogger('ac')->info('Cannot delete last global role of users.');
448 $this->ilias->raiseError($this->lng->txt("msg_user_last_role1") . " " .
449 $users . "<br/>" . $this->lng->txt("msg_user_last_role2"), $this->ilias->error_obj->WARNING);
450 } else {
451 ilLoggerFactory::getLogger('ac')->debug('Starting deletion of assignable role: role_id: ' . $this->getId());
452 $rbacadmin->deleteRole($this->getId(), $this->getParent());
453
454 // Delete ldap role group mappings
455 include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
456 ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
457
458 // delete object_data entry
459 parent::delete();
460
461 // delete role_data entry
462 $query = "DELETE FROM role_data WHERE role_id = " . $ilDB->quote($this->getId(), 'integer');
463 $res = $ilDB->manipulate($query);
464
465 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
466 $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
467 $role_desk_item_obj->deleteAll();
468 }
469 } else {
470 ilLoggerFactory::getLogger('ac')->debug('Starting deletion of linked role: role_id ' . $this->getId());
471 // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
472 $rbacadmin->deleteLocalRole($this->getId(), $this->getParent());
473 }
474 return true;
475 }
476
477 public function getCountMembers()
478 {
479 global $rbacreview;
480
481 return count($rbacreview->assignedUsers($this->getId()));
482 }
483
484 public static function _getTranslation($a_role_title)
485 {
486 global $lng;
487
488 $role_title = self::_removeObjectId($a_role_title);
489
490 if (preg_match("/^il_./", $role_title)) {
491 return $lng->txt($role_title);
492 }
493
494 return $a_role_title;
495 }
496
497 public static function _removeObjectId($a_role_title)
498 {
499 $role_title_parts = explode('_', $a_role_title);
500
501 $test2 = (int) $role_title_parts[3];
502 if ($test2 > 0) {
503 unset($role_title_parts[3]);
504 }
505
506 return implode('_', $role_title_parts);
507 }
508
509 public static function _updateAuthMode($a_roles)
510 {
511 global $ilDB;
512
513 foreach ($a_roles as $role_id => $auth_mode) {
514 $query = "UPDATE role_data SET " .
515 "auth_mode= " . $ilDB->quote($auth_mode, 'text') . " " .
516 "WHERE role_id= " . $ilDB->quote($role_id, 'integer') . " ";
517 $res = $ilDB->manipulate($query);
518 }
519 }
520
521 public static function _getAuthMode($a_role_id)
522 {
523 global $ilDB;
524
525 $query = "SELECT auth_mode FROM role_data " .
526 "WHERE role_id= " . $ilDB->quote($a_role_id, 'integer') . " ";
527 $res = $ilDB->query($query);
528 $row = $ilDB->fetchAssoc($res);
529
530 return $row['auth_mode'];
531 }
532
540 public static function _getRolesByAuthMode($a_auth_mode)
541 {
542 global $ilDB;
543
544 $query = "SELECT * FROM role_data " .
545 "WHERE auth_mode = " . $ilDB->quote($a_auth_mode, 'text');
546 $res = $ilDB->query($query);
547 $roles = array();
548 while ($row = $ilDB->fetchObject($res)) {
549 $roles[] = $row->role_id;
550 }
551 return $roles;
552 }
553
562 public static function _resetAuthMode($a_auth_mode)
563 {
564 global $ilDB;
565
566 $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " . $ilDB->quote($a_auth_mode, 'text');
567 $res = $ilDB->manipulate($query);
568 }
569
570 // returns array of operation/objecttype definitions
571 // private
572 public function __getPermissionDefinitions()
573 {
574 global $ilDB, $lng, $objDefinition,$rbacreview;
575
576 $operation_info = $rbacreview->getOperationAssignment();
577 foreach ($operation_info as $info) {
578 if ($objDefinition->getDevMode($info['type'])) {
579 continue;
580 }
581 $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
582 "type" => $info['type']);
583
584 // handle plugin permission texts
585 $txt = $objDefinition->isPlugin($info['type'])
586 ? ilObjectPlugin::lookupTxtById($info['type'], $info['type'] . "_" . $info['operation'])
587 : $lng->txt($info['type'] . "_" . $info['operation']);
588 if (substr($info['operation'], 0, 7) == "create_" &&
589 $objDefinition->isPlugin(substr($info['operation'], 7))) {
590 $txt = ilObjectPlugin::lookupTxtById(substr($info['operation'], 7), $info['type'] . "_" . $info['operation']);
591 }
592 $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
593 "ops_id" => $info['ops_id'],
594 "title" => $info['operation'],
595 "name" => $txt);
596 }
597 return array($rbac_objects,$rbac_operations);
598 }
599
600
601 public static function isAutoGenerated($a_role_id)
602 {
603 return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
604 }
605
613 public function changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter = array())
614 {
615 global $tree,$rbacreview;
616
617 // Get node info of subtree
618 $nodes = $tree->getRbacSubtreeInfo($a_start_node);
619
620 // get local policies
621 $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
622
623 // filter relevant roles
624 $local_policies = array();
625 foreach ($all_local_policies as $lp) {
626 if (isset($nodes[$lp])) {
627 $local_policies[] = $lp;
628 }
629 }
630
631 // Delete deprecated policies
632 switch ($a_mode) {
633 case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
634 case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
635 $local_policies = $this->deleteLocalPolicies($a_start_node, $local_policies, $a_filter);
636 #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
637 break;
638 }
639 $this->adjustPermissions($a_mode, $nodes, $local_policies, $a_filter, $a_exclusion_filter);
640
641 #var_dump(memory_get_peak_usage());
642 #var_dump(memory_get_usage());
643 }
644
650 protected function deleteLocalPolicies($a_start, $a_policies, $a_filter)
651 {
652 global $rbacreview,$rbacadmin;
653
654 $local_policies = array();
655 foreach ($a_policies as $policy) {
656 if ($policy == $a_start or $policy == SYSTEM_FOLDER_ID) {
657 $local_policies[] = $policy;
658 continue;
659 }
660 if (!in_array('all', $a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)), $a_filter)) {
661 $local_policies[] = $policy;
662 continue;
663 }
664 $rbacadmin->deleteLocalRole($this->getId(), $policy);
665 }
666 return $local_policies;
667 }
668
677 protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
678 {
679 global $rbacadmin, $rbacreview, $tree;
680
681 $operation_stack = array();
682 $policy_stack = array();
683 $node_stack = array();
684
685 $start_node = current($a_nodes);
686 array_push($node_stack, $start_node);
687 $this->updatePolicyStack($policy_stack, $start_node['child']);
688 $this->updateOperationStack($operation_stack, $start_node['child'], true);
689
690 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
691 $rbac_log_active = ilRbacLog::isActive();
692
693 $local_policy = false;
694 foreach ($a_nodes as $node) {
695 $cmp_node = end($node_stack);
696 while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) {
697 switch ($relation) {
698 case ilTree::RELATION_NONE:
699 case ilTree::RELATION_SIBLING:
700 $GLOBALS['ilLog']->write(__METHOD__ . ': Handling sibling/none relation.');
701 array_pop($operation_stack);
702 array_pop($policy_stack);
703 array_pop($node_stack);
704 $cmp_node = end($node_stack);
705 $local_policy = false;
706 break;
707
708 case ilTree::RELATION_CHILD:
709 case ilTree::RELATION_EQUALS:
710 case ilTree::RELATION_PARENT:
711 default:
712 $GLOBALS['ilLog']->write(__METHOD__ . ': Handling child/equals/parent ' . $relation);
713 break 2;
714 }
715 }
716
717 if ($local_policy) {
718 continue;
719 }
720
721 // Start node => set permissions and continue
722 if ($node['child'] == $start_node['child']) {
723 if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
724 if ($rbac_log_active) {
725 $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
726 $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
727 }
728
729 // Set permissions
730 $perms = end($operation_stack);
731 $rbacadmin->grantPermission(
732 $this->getId(),
733 (array) $perms[$node['type']],
734 $node['child']
735 );
736
737 if ($rbac_log_active) {
738 $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
739 $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
740 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
741 }
742 }
743 continue;
744 }
745
746 // Node has local policies => update permission stack and continue
747 if (in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID)) {
748 $local_policy = true;
749 $this->updatePolicyStack($policy_stack, $node['child']);
750 $this->updateOperationStack($operation_stack, $node['child']);
751 array_push($node_stack, $node);
752 continue;
753 }
754
755 // Continue if this object type is not in filter
756 if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
757 continue;
758 }
759
760 if ($rbac_log_active) {
761 $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
762 $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
763 }
764
765 // Node is course => create course permission intersection
766 if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
767 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs')) {
768 // Copy role permission intersection
769 $perms = end($operation_stack);
770 $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
771 if ($this->updateOperationStack($operation_stack, $node['child'])) {
772 $this->updatePolicyStack($policy_stack, $node['child']);
773 array_push($node_stack, $node);
774 }
775 }
776
777 // Node is group => create group permission intersection
778 if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
779 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp')) {
780 // Copy role permission intersection
781 $perms = end($operation_stack);
782 $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
783 if ($this->updateOperationStack($operation_stack, $node['child'])) {
784 $this->updatePolicyStack($policy_stack, $node['child']);
785 array_push($node_stack, $node);
786 }
787 }
788
789 // Set permission
790 $perms = end($operation_stack);
791 $rbacadmin->grantPermission(
792 $this->getId(),
793 (array) $perms[$node['type']],
794 $node['child']
795 );
796
797 if ($rbac_log_active) {
798 $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
799 $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
800 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
801 }
802 }
803 }
804
811 protected function isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
812 {
813 if (in_array($a_type, $a_exclusion_filter)) {
814 return false;
815 }
816
817 if (in_array('all', $a_filter)) {
818 return true;
819 }
820 return in_array($a_type, $a_filter);
821 }
822
829 protected function updateOperationStack(&$a_stack, $a_node, $a_init = false)
830 {
831 global $rbacreview;
832
833 $has_policies = null;
834 $policy_origin = null;
835
836 if ($a_node == ROOT_FOLDER_ID) {
837 $has_policies = true;
838 $policy_origin = ROLE_FOLDER_ID;
839 } else {
840 $has_policies = $rbacreview->getLocalPolicies($a_node);
841 $policy_origin = $a_node;
842
843 if ($a_init) {
844 $parent_roles = $rbacreview->getParentRoleIds($a_node, false);
845 if ($parent_roles[$this->getId()]) {
846 $a_stack[] = $rbacreview->getAllOperationsOfRole(
847 $this->getId(),
848 $parent_roles[$this->getId()]['parent']
849 );
850 }
851 return true;
852 }
853 }
854
855 if (!$has_policies) {
856 return false;
857 }
858
859 $a_stack[] = $rbacreview->getAllOperationsOfRole(
860 $this->getId(),
861 $policy_origin
862 );
863 return true;
864 }
865
871 protected function updatePolicyStack(&$a_stack, $a_node)
872 {
873 global $rbacreview;
874
875 $has_policies = null;
876 $policy_origin = null;
877
878 if ($a_node == ROOT_FOLDER_ID) {
879 $has_policies = true;
880 $policy_origin = ROLE_FOLDER_ID;
881 } else {
882 $has_policies = $rbacreview->getLocalPolicies($a_node);
883 $policy_origin = $a_node;
884 }
885
886 if (!$has_policies) {
887 return false;
888 }
889
890 $a_stack[] = $policy_origin;
891 return true;
892 }
893
901 protected function createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
902 {
903 global $ilDB, $rbacreview,$rbacadmin;
904
905 static $course_non_member_id = null;
906 static $group_non_member_id = null;
907 static $group_open_id = null;
908 static $group_closed_id = null;
909
910 // Get template id
911 switch ($a_type) {
912 case 'grp':
913
914 include_once './Modules/Group/classes/class.ilObjGroup.php';
915 $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
916 #var_dump("GROUP TYPE",$type);
917 switch ($type) {
918 case GRP_TYPE_CLOSED:
919 if (!$group_closed_id) {
920 $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
921 $res = $ilDB->query($query);
922 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
923 $group_closed_id = $row->obj_id;
924 }
925 }
926 $template_id = $group_closed_id;
927 #var_dump("GROUP CLOSED id:" . $template_id);
928 break;
929
930 case GRP_TYPE_OPEN:
931 default:
932 if (!$group_open_id) {
933 $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
934 $res = $ilDB->query($query);
935 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
936 $group_open_id = $row->obj_id;
937 }
938 }
939 $template_id = $group_open_id;
940 #var_dump("GROUP OPEN id:" . $template_id);
941 break;
942 }
943 break;
944
945 case 'crs':
946 if (!$course_non_member_id) {
947 $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
948 $res = $ilDB->query($query);
949 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
950 $course_non_member_id = $row->obj_id;
951 }
952 }
953 $template_id = $course_non_member_id;
954 break;
955 }
956
957 $current_ops = $a_current_ops[$a_type];
958
959 // Create intersection template permissions
960 if ($template_id) {
961 //$rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
962
963 $rbacadmin->copyRolePermissionIntersection(
964 $template_id,
965 ROLE_FOLDER_ID,
966 $this->getId(),
967 end($policy_stack),
968 $a_id,
969 $this->getId()
970 );
971 } else {
972 #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
973 }
974 #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
975 if ($a_id and !$GLOBALS['rbacreview']->isRoleAssignedToObject($this->getId(), $a_id)) {
976 $rbacadmin->assignRoleToFolder($this->getId(), $a_id, "n");
977 }
978 return true;
979 }
980} // END class.ilObjRole
$users
$users
Definition: authpage.php:44
php
An exception for terminatinating execution or to throw for unit testing.
GRP_TYPE_OPEN
const GRP_TYPE_OPEN
Definition: class.ilObjGroup.php:20
GRP_TYPE_CLOSED
const GRP_TYPE_CLOSED
Definition: class.ilObjGroup.php:19
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilObjGroup\lookupGroupTye
static lookupGroupTye($a_id)
Lookup group type.
Definition: class.ilObjGroup.php:129
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\setAllowRegister
setAllowRegister($a_allow_register)
set allow_register of role
Definition: class.ilObjRole.php:244
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObjRole\createPermissionIntersection
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
Definition: class.ilObjRole.php:901
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObjRole\__getPermissionDefinitions
__getPermissionDefinitions()
Definition: class.ilObjRole.php:572
ilObjRole\create
create()
create
Definition: class.ilObjRole.php:218
ilObjRole\updatePolicyStack
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
Definition: class.ilObjRole.php:871
ilObjRole\_getRolesByAuthMode
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
Definition: class.ilObjRole.php:540
ilObjRole\getPersonalWorkspaceDiskQuota
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:314
ilObjRole\_lookupAllowRegister
static _lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
Definition: class.ilObjRole.php:350
ilObjRole\isHandledObjectType
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
Definition: class.ilObjRole.php:811
ilObjRole\setParent
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
Definition: class.ilObjRole.php:373
ilObjRole\_getAuthMode
static _getAuthMode($a_role_id)
Definition: class.ilObjRole.php:521
ilObjRole\getAllowRegister
getAllowRegister()
get allow_register
Definition: class.ilObjRole.php:259
ilObjRole\deleteLocalPolicies
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
Definition: class.ilObjRole.php:650
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:484
ilObjRole\changeExistingObjects
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
Definition: class.ilObjRole.php:613
ilObjRole\updateOperationStack
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
Definition: class.ilObjRole.php:829
ilObjRole\update
update()
updates a record "role" and write it into database @access public
Definition: class.ilObjRole.php:192
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjRole\_removeObjectId
static _removeObjectId($a_role_title)
Definition: class.ilObjRole.php:497
ilObjRole\read
read()
loads "role" from database @access private
Definition: class.ilObjRole.php:154
ilObjRole\$disk_quota
$disk_quota
The disk quota in bytes.
Definition: class.ilObjRole.php:36
ilObjRole\isAutoGenerated
static isAutoGenerated($a_role_id)
Definition: class.ilObjRole.php:601
ilObjRole\getDiskQuota
getDiskQuota()
Gets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:286
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus($a_assign_users)
Definition: class.ilObjRole.php:129
ilObjRole\_resetAuthMode
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
Definition: class.ilObjRole.php:562
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:138
ilObjRole\_lookupRegisterAllowed
static _lookupRegisterAllowed()
get all roles that are activated in user registration
Definition: class.ilObjRole.php:325
ilObjRole\getPresentationTitle
getPresentationTitle()
return translated title for autogenerated roles
Definition: class.ilObjRole.php:124
ilObjRole\_updateAuthMode
static _updateAuthMode($a_roles)
Definition: class.ilObjRole.php:509
ilObjRole\validate
validate()
Validate role data.
Definition: class.ilObjRole.php:109
ilObjRole\__construct
__construct($a_id=0, $a_call_by_reference=false)
Constructor @access public.
Definition: class.ilObjRole.php:44
ilObjRole\assignData
assignData($a_data)
loads a record "role" from array @access public
Definition: class.ilObjRole.php:178
ilObjRole\setDiskQuota
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:272
ilObjRole\getParent
getParent()
get reference id of parent object
Definition: class.ilObjRole.php:384
ilObjRole\createDefaultRole
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
Definition: class.ilObjRole.php:60
ilObjRole\adjustPermissions
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
Definition: class.ilObjRole.php:677
ilObjRole\setPersonalWorkspaceDiskQuota
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:300
ilObjUser\_lookupLogin
static _lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:768
ilObjectPlugin\lookupTxtById
static lookupTxtById($plugin_id, $lang_var)
Definition: class.ilObjectPlugin.php:83
ilObject
Class ilObject Basic functions for all objects.
Definition: class.ilObject.php:14
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilObject\setTitle
setTitle($a_title)
set object title
Definition: class.ilObject.php:406
ilObject\setDescription
setDescription($a_desc)
set object description
Definition: class.ilObject.php:431
ilObject\getId
getId()
get object id @access public
Definition: class.ilObject.php:308
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilObject\getTitle
getTitle()
get object title @access public
Definition: class.ilObject.php:384
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilRbacLog\EDIT_TEMPLATE_EXISTING
const EDIT_TEMPLATE_EXISTING
Definition: class.ilRbacLog.php:22
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilTree\RELATION_EQUALS
const RELATION_EQUALS
Definition: class.ilTree.php:33
ilTree\RELATION_PARENT
const RELATION_PARENT
Definition: class.ilTree.php:31
ilTree\RELATION_NONE
const RELATION_NONE
Definition: class.ilTree.php:34
ilTree\RELATION_SIBLING
const RELATION_SIBLING
Definition: class.ilTree.php:32
ilTree\RELATION_CHILD
const RELATION_CHILD
Definition: class.ilTree.php:30
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2441
$txt
$txt
Definition: error.php:11
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$info
$info
Definition: index.php:5
League\Flysystem\Adapter\Polyfill\update
update($pash, $contents, Config $config)
ilias
redirection script todo: (a better solution should control the processing via a xml file)
$query
$query
Definition: proxy_ylocal.php:13
$ilErr
global $ilErr
Definition: raiseError.php:16
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$a_type
$a_type
Definition: workflow.php:92
$template_id
$template_id
Definition: logout-iframe.php:118