5require_once 
"./Services/Object/classes/class.ilObject.php";
 
    6require_once(
'./Services/Repository/classes/class.ilObjectPlugin.php');
 
   44    public function __construct($a_id = 0, $a_call_by_reference = 
false)
 
   47        $this->disk_quota = 0;
 
   48        $this->wsp_disk_quota = 0;
 
   49        parent::__construct($a_id, $a_call_by_reference);
 
   65        $res = 
$ilDB->query(
"SELECT obj_id FROM object_data " .
 
   66            " WHERE type=" . 
$ilDB->quote(
"rolt", 
"text") .
 
   67            " AND title=" . 
$ilDB->quote($a_tpl_name, 
"text"));
 
   69            $tpl_id = 
$row->obj_id;
 
   76        include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
   78        $role->setTitle($a_title);
 
   79        $role->setDescription($a_description);
 
   82        $GLOBALS[
'rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 
'y');
 
   84        $GLOBALS[
'rbacadmin']->copyRoleTemplatePermissions(
 
   91        $ops = 
$GLOBALS[
'rbacreview']->getOperationsOfRole(
 
   96        $GLOBALS[
'rbacadmin']->grantPermission(
 
  113        if (substr($this->
getTitle(), 0, 3) == 
'il_') {
 
  114            $ilErr->setMessage(
'msg_role_reserved_prefix');
 
  131        $this->assign_users = (int) $a_assign_users;
 
  135        return $this->assign_users ? $this->assign_users : 0;
 
  142        $query = 
"SELECT assign_users FROM role_data WHERE role_id = " . 
$ilDB->quote($a_role_id, 
'integer') . 
" ";
 
  145            return $row->assign_users ? true : 
false;
 
  158        $query = 
"SELECT * FROM role_data WHERE role_id= " . 
$ilDB->quote($this->
id, 
'integer') . 
" ";
 
  161        if (
$res->numRows() > 0) {
 
  167            $this->
ilias->raiseError(
"<b>Error: There is no dataset with id " . $this->
id . 
"!</b><br />class: " . get_class($this) . 
"<br />Script: " . __FILE__ . 
"<br />Line: " . __LINE__, $this->
ilias->FATAL);
 
  196        $query = 
"UPDATE role_data SET " .
 
  197            "allow_register= " . 
$ilDB->quote($this->allow_register, 
'integer') . 
", " .
 
  199            "disk_quota = " . $ilDB->quote($this->
getDiskQuota(), 
'integer') . 
", " .
 
  201            "WHERE role_id= " . $ilDB->quote($this->
id, 
'integer') . 
" ";
 
  222        $this->
id = parent::create();
 
  224        $query = 
"INSERT INTO role_data " .
 
  225            "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) " .
 
  227            "(" . 
$ilDB->quote($this->
id, 
'integer') . 
"," .
 
  246        if (empty($a_allow_register)) {
 
  247            $a_allow_register == 0;
 
  250        $this->allow_register = (int) $a_allow_register;
 
  261        return $this->allow_register ? $this->allow_register : 
false;
 
  274        $this->disk_quota = $a_disk_quota;
 
  302        $this->wsp_disk_quota = $a_disk_quota;
 
  329        $query = 
"SELECT * FROM role_data " .
 
  330            "JOIN object_data ON object_data.obj_id = role_data.role_id " .
 
  331            "WHERE allow_register = 1";
 
  335        while ($role = 
$ilDB->fetchAssoc(
$res)) {
 
  336            $roles[] = array(
"id" => $role[
"obj_id"],
 
  337                             "title" => $role[
"title"],
 
  338                             "auth_mode" => $role[
'auth_mode']);
 
  354        $query = 
"SELECT * FROM role_data " .
 
  355            " WHERE role_id =" . 
$ilDB->quote($a_role_id, 
'integer');
 
  358        if ($role_rec = 
$ilDB->fetchAssoc(
$res)) {
 
  359            if ($role_rec[
"allow_register"]) {
 
  375        $this->parent = $a_parent_ref;
 
  396    public function delete()
 
  401        if (
$rbacreview->hasMultipleAssignments($this->getId())) {
 
  407        if ($rbacreview->isAssignable($this->getId(), $this->getParent())) {
 
  416            $last_role_user_ids = array();
 
  417            if ($this->
getParent() == ROLE_FOLDER_ID) {
 
  424                foreach ($user_ids as $user_id) {
 
  429                    if (count($role_ids) == 1) {
 
  430                        $last_role_user_ids[] = $user_id;
 
  436            if (count($last_role_user_ids) > 0) {
 
  437                $user_names = array();
 
  438                foreach ($last_role_user_ids as $user_id) {
 
  446                $users = implode(
', ', $user_names);
 
  448                $this->
ilias->raiseError($this->lng->txt(
"msg_user_last_role1") . 
" " .
 
  449                                     $users . 
"<br/>" . $this->lng->txt(
"msg_user_last_role2"), $this->ilias->error_obj->WARNING);
 
  455                include_once(
'./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
 
  462                $query = 
"DELETE FROM role_data WHERE role_id = " . 
$ilDB->quote($this->
getId(), 
'integer');
 
  465                include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  467                $role_desk_item_obj->deleteAll();
 
  481        return count(
$rbacreview->assignedUsers($this->getId()));
 
  490        if (preg_match(
"/^il_./", $role_title)) {
 
  491            return $lng->txt($role_title);
 
  494        return $a_role_title;
 
  499        $role_title_parts = explode(
'_', $a_role_title);
 
  501        $test2 = (int) $role_title_parts[3];
 
  503            unset($role_title_parts[3]);
 
  506        return implode(
'_', $role_title_parts);
 
  513        foreach ($a_roles as $role_id => $auth_mode) {
 
  514            $query = 
"UPDATE role_data SET " .
 
  515                 "auth_mode= " . 
$ilDB->quote($auth_mode, 
'text') . 
" " .
 
  516                 "WHERE role_id= " . 
$ilDB->quote($role_id, 
'integer') . 
" ";
 
  525        $query = 
"SELECT auth_mode FROM role_data " .
 
  526             "WHERE role_id= " . 
$ilDB->quote($a_role_id, 
'integer') . 
" ";
 
  530        return $row[
'auth_mode'];
 
  544        $query = 
"SELECT * FROM role_data " .
 
  545            "WHERE auth_mode = " . 
$ilDB->quote($a_auth_mode, 
'text');
 
  549            $roles[] = 
$row->role_id;
 
  566        $query = 
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " . 
$ilDB->quote($a_auth_mode, 
'text');
 
  576        $operation_info = 
$rbacreview->getOperationAssignment();
 
  577        foreach ($operation_info as 
$info) {
 
  581            $rbac_objects[
$info[
'typ_id']] = array(
"obj_id"     => 
$info[
'typ_id'],
 
  582                                                   "type"       => 
$info[
'type']);
 
  588            if (substr(
$info[
'operation'], 0, 7) == 
"create_" &&
 
  592            $rbac_operations[
$info[
'typ_id']][
$info[
'ops_id']] = array(
 
  593                                                                "ops_id"        => 
$info[
'ops_id'],
 
  594                                                                "title"         => 
$info[
'operation'],
 
  597        return array($rbac_objects,$rbac_operations);
 
  618        $nodes = 
$tree->getRbacSubtreeInfo($a_start_node);
 
  621        $all_local_policies = 
$rbacreview->getObjectsWithStopedInheritance($this->
getId());
 
  624        $local_policies = array();
 
  625        foreach ($all_local_policies as $lp) {
 
  626            if (isset($nodes[$lp])) {
 
  627                $local_policies[] = $lp;
 
  636                #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node); 
  639        $this->
adjustPermissions($a_mode, $nodes, $local_policies, $a_filter, $a_exclusion_filter);
 
  641        #var_dump(memory_get_peak_usage()); 
  642        #var_dump(memory_get_usage()); 
  654        $local_policies = array();
 
  655        foreach ($a_policies as $policy) {
 
  656            if ($policy == $a_start or $policy == SYSTEM_FOLDER_ID) {
 
  657                $local_policies[] = $policy;
 
  661                $local_policies[] = $policy;
 
  666        return $local_policies;
 
  677    protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
 
  681        $operation_stack = array();
 
  682        $policy_stack = array();
 
  683        $node_stack = array();
 
  685        $start_node = current($a_nodes);
 
  686        array_push($node_stack, $start_node);
 
  690        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  693        $local_policy = 
false;
 
  694        foreach ($a_nodes as $node) {
 
  695            $cmp_node = end($node_stack);
 
  696            while ($relation = 
$tree->getRelationOfNodes($node, $cmp_node)) {
 
  700                        $GLOBALS[
'ilLog']->write(__METHOD__ . 
': Handling sibling/none relation.');
 
  701                        array_pop($operation_stack);
 
  702                        array_pop($policy_stack);
 
  703                        array_pop($node_stack);
 
  704                        $cmp_node = end($node_stack);
 
  705                        $local_policy = 
false;
 
  712                        $GLOBALS[
'ilLog']->write(__METHOD__ . 
': Handling child/equals/parent ' . $relation);
 
  722            if ($node[
'child'] == $start_node[
'child']) {
 
  724                    if ($rbac_log_active) {
 
  725                        $rbac_log_roles = 
$rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  730                    $perms = end($operation_stack);
 
  733                        (array) $perms[$node[
'type']],
 
  737                    if ($rbac_log_active) {
 
  747            if (in_array($node[
'child'], $a_policies) and ($node[
'child'] != SYSTEM_FOLDER_ID)) {
 
  748                $local_policy = 
true;
 
  751                array_push($node_stack, $node);
 
  760            if ($rbac_log_active) {
 
  761                $rbac_log_roles = 
$rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  766            if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
 
  767                $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] == 
'crs')) {
 
  769                $perms = end($operation_stack);
 
  773                    array_push($node_stack, $node);
 
  778            if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
 
  779                $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] == 
'grp')) {
 
  781                $perms = end($operation_stack);
 
  785                    array_push($node_stack, $node);
 
  790            $perms = end($operation_stack);
 
  793                (array) $perms[$node[
'type']],
 
  797            if ($rbac_log_active) {
 
  813        if (in_array(
$a_type, $a_exclusion_filter)) {
 
  817        if (in_array(
'all', $a_filter)) {
 
  820        return in_array(
$a_type, $a_filter);
 
  833        $has_policies = 
null;
 
  834        $policy_origin = 
null;
 
  836        if ($a_node == ROOT_FOLDER_ID) {
 
  837            $has_policies = 
true;
 
  838            $policy_origin = ROLE_FOLDER_ID;
 
  840            $has_policies = 
$rbacreview->getLocalPolicies($a_node);
 
  841            $policy_origin = $a_node;
 
  844                $parent_roles = 
$rbacreview->getParentRoleIds($a_node, 
false);
 
  845                if ($parent_roles[$this->
getId()]) {
 
  848                        $parent_roles[$this->
getId()][
'parent']
 
  855        if (!$has_policies) {
 
  875        $has_policies = 
null;
 
  876        $policy_origin = 
null;
 
  878        if ($a_node == ROOT_FOLDER_ID) {
 
  879            $has_policies = 
true;
 
  880            $policy_origin = ROLE_FOLDER_ID;
 
  882            $has_policies = 
$rbacreview->getLocalPolicies($a_node);
 
  883            $policy_origin = $a_node;
 
  886        if (!$has_policies) {
 
  890        $a_stack[] = $policy_origin;
 
  905        static $course_non_member_id = 
null;
 
  906        static $group_non_member_id = 
null;
 
  907        static $group_open_id = 
null;
 
  908        static $group_closed_id = 
null;
 
  914                    include_once 
'./Modules/Group/classes/class.ilObjGroup.php';
 
  916                    #var_dump("GROUP TYPE",$type);
 
  919                            if (!$group_closed_id) {
 
  920                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
 
  923                                    $group_closed_id = 
$row->obj_id;
 
  927                            #var_dump("GROUP CLOSED id:" . $template_id);
 
  932                            if (!$group_open_id) {
 
  933                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
 
  936                                    $group_open_id = 
$row->obj_id;
 
  940                            #var_dump("GROUP OPEN id:" . $template_id);
 
  946                    if (!$course_non_member_id) {
 
  947                        $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
 
  950                            $course_non_member_id = 
$row->obj_id;
 
  957        $current_ops = $a_current_ops[
$a_type];
 
  972            #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
 
  974        #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
 
  975        if ($a_id and !
$GLOBALS[
'rbacreview']->isRoleAssignedToObject($this->
getId(), $a_id)) {
 
An exception for terminatinating execution or to throw for unit testing.
static _deleteByRole($a_role_id)
static getLogger($a_component_id)
Get component logger.
static lookupGroupTye($a_id)
Lookup group type.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
__getPermissionDefinitions()
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
static _lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
static _getAuthMode($a_role_id)
getAllowRegister()
get allow_register
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
static _getTranslation($a_role_title)
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
update()
updates a record "role" and write it into database @access public
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static _removeObjectId($a_role_title)
read()
loads "role" from database @access private
$disk_quota
The disk quota in bytes.
static isAutoGenerated($a_role_id)
getDiskQuota()
Gets the minimal disk quota imposed by this role.
toggleAssignUsersStatus($a_assign_users)
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
static _getAssignUsersStatus($a_role_id)
static _lookupRegisterAllowed()
get all roles that are activated in user registration
getPresentationTitle()
return translated title for autogenerated roles
static _updateAuthMode($a_roles)
validate()
Validate role data.
__construct($a_id=0, $a_call_by_reference=false)
Constructor @access public.
assignData($a_data)
loads a record "role" from array @access public
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
getParent()
get reference id of parent object
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
static _lookupLogin($a_user_id)
lookup login
static lookupTxtById($plugin_id, $lang_var)
Class ilObject Basic functions for all objects.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getTitle()
get object title @access public
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
const EDIT_TEMPLATE_EXISTING
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
update($pash, $contents, Config $config)
redirection script todo: (a better solution should control the processing via a xml file)
foreach($_POST as $key=> $value) $res