5require_once
"./Services/Object/classes/class.ilObject.php";
6require_once(
'./Services/Repository/classes/class.ilObjectPlugin.php');
44 public function __construct($a_id = 0, $a_call_by_reference =
false)
47 $this->disk_quota = 0;
48 $this->wsp_disk_quota = 0;
49 parent::__construct($a_id, $a_call_by_reference);
65 $res =
$ilDB->query(
"SELECT obj_id FROM object_data " .
66 " WHERE type=" .
$ilDB->quote(
"rolt",
"text") .
67 " AND title=" .
$ilDB->quote($a_tpl_name,
"text"));
69 $tpl_id =
$row->obj_id;
76 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
78 $role->setTitle($a_title);
79 $role->setDescription($a_description);
82 $GLOBALS[
'rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id,
'y');
84 $GLOBALS[
'rbacadmin']->copyRoleTemplatePermissions(
91 $ops =
$GLOBALS[
'rbacreview']->getOperationsOfRole(
96 $GLOBALS[
'rbacadmin']->grantPermission(
113 if (substr($this->
getTitle(), 0, 3) ==
'il_') {
114 $ilErr->setMessage(
'msg_role_reserved_prefix');
131 $this->assign_users = (int) $a_assign_users;
135 return $this->assign_users ? $this->assign_users : 0;
142 $query =
"SELECT assign_users FROM role_data WHERE role_id = " .
$ilDB->quote($a_role_id,
'integer') .
" ";
145 return $row->assign_users ? true :
false;
158 $query =
"SELECT * FROM role_data WHERE role_id= " .
$ilDB->quote($this->
id,
'integer') .
" ";
161 if (
$res->numRows() > 0) {
167 $this->
ilias->raiseError(
"<b>Error: There is no dataset with id " . $this->
id .
"!</b><br />class: " . get_class($this) .
"<br />Script: " . __FILE__ .
"<br />Line: " . __LINE__, $this->
ilias->FATAL);
196 $query =
"UPDATE role_data SET " .
197 "allow_register= " .
$ilDB->quote($this->allow_register,
'integer') .
", " .
199 "disk_quota = " . $ilDB->quote($this->
getDiskQuota(),
'integer') .
", " .
201 "WHERE role_id= " . $ilDB->quote($this->
id,
'integer') .
" ";
222 $this->
id = parent::create();
224 $query =
"INSERT INTO role_data " .
225 "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) " .
227 "(" .
$ilDB->quote($this->
id,
'integer') .
"," .
246 if (empty($a_allow_register)) {
247 $a_allow_register == 0;
250 $this->allow_register = (int) $a_allow_register;
261 return $this->allow_register ? $this->allow_register :
false;
274 $this->disk_quota = $a_disk_quota;
302 $this->wsp_disk_quota = $a_disk_quota;
329 $query =
"SELECT * FROM role_data " .
330 "JOIN object_data ON object_data.obj_id = role_data.role_id " .
331 "WHERE allow_register = 1";
335 while ($role =
$ilDB->fetchAssoc(
$res)) {
336 $roles[] = array(
"id" => $role[
"obj_id"],
337 "title" => $role[
"title"],
338 "auth_mode" => $role[
'auth_mode']);
354 $query =
"SELECT * FROM role_data " .
355 " WHERE role_id =" .
$ilDB->quote($a_role_id,
'integer');
358 if ($role_rec =
$ilDB->fetchAssoc(
$res)) {
359 if ($role_rec[
"allow_register"]) {
375 $this->parent = $a_parent_ref;
396 public function delete()
401 if (
$rbacreview->hasMultipleAssignments($this->getId())) {
407 if ($rbacreview->isAssignable($this->getId(), $this->getParent())) {
416 $last_role_user_ids = array();
417 if ($this->
getParent() == ROLE_FOLDER_ID) {
424 foreach ($user_ids as $user_id) {
429 if (count($role_ids) == 1) {
430 $last_role_user_ids[] = $user_id;
436 if (count($last_role_user_ids) > 0) {
437 $user_names = array();
438 foreach ($last_role_user_ids as $user_id) {
446 $users = implode(
', ', $user_names);
448 $this->
ilias->raiseError($this->lng->txt(
"msg_user_last_role1") .
" " .
449 $users .
"<br/>" . $this->lng->txt(
"msg_user_last_role2"), $this->ilias->error_obj->WARNING);
455 include_once(
'./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
462 $query =
"DELETE FROM role_data WHERE role_id = " .
$ilDB->quote($this->
getId(),
'integer');
465 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
467 $role_desk_item_obj->deleteAll();
481 return count(
$rbacreview->assignedUsers($this->getId()));
490 if (preg_match(
"/^il_./", $role_title)) {
491 return $lng->txt($role_title);
494 return $a_role_title;
499 $role_title_parts = explode(
'_', $a_role_title);
501 $test2 = (int) $role_title_parts[3];
503 unset($role_title_parts[3]);
506 return implode(
'_', $role_title_parts);
513 foreach ($a_roles as $role_id => $auth_mode) {
514 $query =
"UPDATE role_data SET " .
515 "auth_mode= " .
$ilDB->quote($auth_mode,
'text') .
" " .
516 "WHERE role_id= " .
$ilDB->quote($role_id,
'integer') .
" ";
525 $query =
"SELECT auth_mode FROM role_data " .
526 "WHERE role_id= " .
$ilDB->quote($a_role_id,
'integer') .
" ";
530 return $row[
'auth_mode'];
544 $query =
"SELECT * FROM role_data " .
545 "WHERE auth_mode = " .
$ilDB->quote($a_auth_mode,
'text');
549 $roles[] =
$row->role_id;
566 $query =
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " .
$ilDB->quote($a_auth_mode,
'text');
576 $operation_info =
$rbacreview->getOperationAssignment();
577 foreach ($operation_info as
$info) {
581 $rbac_objects[
$info[
'typ_id']] = array(
"obj_id" =>
$info[
'typ_id'],
582 "type" =>
$info[
'type']);
588 if (substr(
$info[
'operation'], 0, 7) ==
"create_" &&
592 $rbac_operations[
$info[
'typ_id']][
$info[
'ops_id']] = array(
593 "ops_id" =>
$info[
'ops_id'],
594 "title" =>
$info[
'operation'],
597 return array($rbac_objects,$rbac_operations);
618 $nodes =
$tree->getRbacSubtreeInfo($a_start_node);
621 $all_local_policies =
$rbacreview->getObjectsWithStopedInheritance($this->
getId());
624 $local_policies = array();
625 foreach ($all_local_policies as $lp) {
626 if (isset($nodes[$lp])) {
627 $local_policies[] = $lp;
636 #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
639 $this->
adjustPermissions($a_mode, $nodes, $local_policies, $a_filter, $a_exclusion_filter);
641 #var_dump(memory_get_peak_usage());
642 #var_dump(memory_get_usage());
654 $local_policies = array();
655 foreach ($a_policies as $policy) {
656 if ($policy == $a_start or $policy == SYSTEM_FOLDER_ID) {
657 $local_policies[] = $policy;
661 $local_policies[] = $policy;
666 return $local_policies;
677 protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
681 $operation_stack = array();
682 $policy_stack = array();
683 $node_stack = array();
685 $start_node = current($a_nodes);
686 array_push($node_stack, $start_node);
690 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
693 $local_policy =
false;
694 foreach ($a_nodes as $node) {
695 $cmp_node = end($node_stack);
696 while ($relation =
$tree->getRelationOfNodes($node, $cmp_node)) {
700 $GLOBALS[
'ilLog']->write(__METHOD__ .
': Handling sibling/none relation.');
701 array_pop($operation_stack);
702 array_pop($policy_stack);
703 array_pop($node_stack);
704 $cmp_node = end($node_stack);
705 $local_policy =
false;
712 $GLOBALS[
'ilLog']->write(__METHOD__ .
': Handling child/equals/parent ' . $relation);
722 if ($node[
'child'] == $start_node[
'child']) {
724 if ($rbac_log_active) {
725 $rbac_log_roles =
$rbacreview->getParentRoleIds($node[
'child'],
false);
730 $perms = end($operation_stack);
733 (array) $perms[$node[
'type']],
737 if ($rbac_log_active) {
747 if (in_array($node[
'child'], $a_policies) and ($node[
'child'] != SYSTEM_FOLDER_ID)) {
748 $local_policy =
true;
751 array_push($node_stack, $node);
760 if ($rbac_log_active) {
761 $rbac_log_roles =
$rbacreview->getParentRoleIds($node[
'child'],
false);
766 if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
767 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] ==
'crs')) {
769 $perms = end($operation_stack);
773 array_push($node_stack, $node);
778 if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
779 $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node[
'type'] ==
'grp')) {
781 $perms = end($operation_stack);
785 array_push($node_stack, $node);
790 $perms = end($operation_stack);
793 (array) $perms[$node[
'type']],
797 if ($rbac_log_active) {
813 if (in_array(
$a_type, $a_exclusion_filter)) {
817 if (in_array(
'all', $a_filter)) {
820 return in_array(
$a_type, $a_filter);
833 $has_policies =
null;
834 $policy_origin =
null;
836 if ($a_node == ROOT_FOLDER_ID) {
837 $has_policies =
true;
838 $policy_origin = ROLE_FOLDER_ID;
840 $has_policies =
$rbacreview->getLocalPolicies($a_node);
841 $policy_origin = $a_node;
844 $parent_roles =
$rbacreview->getParentRoleIds($a_node,
false);
845 if ($parent_roles[$this->
getId()]) {
848 $parent_roles[$this->
getId()][
'parent']
855 if (!$has_policies) {
875 $has_policies =
null;
876 $policy_origin =
null;
878 if ($a_node == ROOT_FOLDER_ID) {
879 $has_policies =
true;
880 $policy_origin = ROLE_FOLDER_ID;
882 $has_policies =
$rbacreview->getLocalPolicies($a_node);
883 $policy_origin = $a_node;
886 if (!$has_policies) {
890 $a_stack[] = $policy_origin;
905 static $course_non_member_id =
null;
906 static $group_non_member_id =
null;
907 static $group_open_id =
null;
908 static $group_closed_id =
null;
914 include_once
'./Modules/Group/classes/class.ilObjGroup.php';
916 #var_dump("GROUP TYPE",$type);
919 if (!$group_closed_id) {
920 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
923 $group_closed_id =
$row->obj_id;
927 #var_dump("GROUP CLOSED id:" . $template_id);
932 if (!$group_open_id) {
933 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
936 $group_open_id =
$row->obj_id;
940 #var_dump("GROUP OPEN id:" . $template_id);
946 if (!$course_non_member_id) {
947 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
950 $course_non_member_id =
$row->obj_id;
957 $current_ops = $a_current_ops[
$a_type];
972 #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
974 #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
975 if ($a_id and !
$GLOBALS[
'rbacreview']->isRoleAssignedToObject($this->
getId(), $a_id)) {
An exception for terminatinating execution or to throw for unit testing.
static _deleteByRole($a_role_id)
static getLogger($a_component_id)
Get component logger.
static lookupGroupTye($a_id)
Lookup group type.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
__getPermissionDefinitions()
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
static _lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
static _getAuthMode($a_role_id)
getAllowRegister()
get allow_register
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
static _getTranslation($a_role_title)
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
update()
updates a record "role" and write it into database @access public
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static _removeObjectId($a_role_title)
read()
loads "role" from database @access private
$disk_quota
The disk quota in bytes.
static isAutoGenerated($a_role_id)
getDiskQuota()
Gets the minimal disk quota imposed by this role.
toggleAssignUsersStatus($a_assign_users)
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
static _getAssignUsersStatus($a_role_id)
static _lookupRegisterAllowed()
get all roles that are activated in user registration
getPresentationTitle()
return translated title for autogenerated roles
static _updateAuthMode($a_roles)
validate()
Validate role data.
__construct($a_id=0, $a_call_by_reference=false)
Constructor @access public.
assignData($a_data)
loads a record "role" from array @access public
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
getParent()
get reference id of parent object
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
static _lookupLogin($a_user_id)
lookup login
static lookupTxtById($plugin_id, $lang_var)
Class ilObject Basic functions for all objects.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getTitle()
get object title @access public
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
const EDIT_TEMPLATE_EXISTING
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
update($pash, $contents, Config $config)
redirection script todo: (a better solution should control the processing via a xml file)
foreach($_POST as $key=> $value) $res