ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilObjRole.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 require_once "./Services/Object/classes/class.ilObject.php";
6 require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7 
16 class ilObjRole extends ilObject
17 {
18  const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1;
19  const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2;
20  const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3;
21  const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4;
22 
30  public $parent;
31 
32  public $allow_register;
33  public $assign_users;
34 
36  public $disk_quota;
37  public $wsp_disk_quota;
44  public function __construct($a_id = 0, $a_call_by_reference = false)
45  {
46  $this->type = "role";
47  $this->disk_quota = 0;
48  $this->wsp_disk_quota = 0;
49  parent::__construct($a_id, $a_call_by_reference);
50  }
51 
60  public static function createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
61  {
62  global $ilDB;
63 
64  // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
65  $res = $ilDB->query("SELECT obj_id FROM object_data " .
66  " WHERE type=" . $ilDB->quote("rolt", "text") .
67  " AND title=" . $ilDB->quote($a_tpl_name, "text"));
68  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
69  $tpl_id = $row->obj_id;
70  }
71 
72  if (!$tpl_id) {
73  return null;
74  }
75 
76  include_once './Services/AccessControl/classes/class.ilObjRole.php';
77  $role = new ilObjRole();
78  $role->setTitle($a_title);
79  $role->setDescription($a_description);
80  $role->create();
81 
82  $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 'y');
83 
84  $GLOBALS['rbacadmin']->copyRoleTemplatePermissions(
85  $tpl_id,
86  ROLE_FOLDER_ID,
87  $a_ref_id,
88  $role->getId()
89  );
90 
91  $ops = $GLOBALS['rbacreview']->getOperationsOfRole(
92  $role->getId(),
93  ilObject::_lookupType($a_ref_id, true),
94  $a_ref_id
95  );
96  $GLOBALS['rbacadmin']->grantPermission(
97  $role->getId(),
98  $ops,
99  $a_ref_id
100  );
101  return $role;
102  }
103 
104 
109  public function validate()
110  {
111  global $ilErr;
112 
113  if (substr($this->getTitle(), 0, 3) == 'il_') {
114  $ilErr->setMessage('msg_role_reserved_prefix');
115  return false;
116  }
117  return true;
118  }
119 
124  public function getPresentationTitle()
125  {
126  return ilObjRole::_getTranslation($this->getTitle());
127  }
128 
129  public function toggleAssignUsersStatus($a_assign_users)
130  {
131  $this->assign_users = (int) $a_assign_users;
132  }
133  public function getAssignUsersStatus()
134  {
135  return $this->assign_users ? $this->assign_users : 0;
136  }
137  // Same method (static)
138  public static function _getAssignUsersStatus($a_role_id)
139  {
140  global $ilDB;
141 
142  $query = "SELECT assign_users FROM role_data WHERE role_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
143  $res = $ilDB->query($query);
144  while ($row = $ilDB->fetchObject($res)) {
145  return $row->assign_users ? true : false;
146  }
147  return false;
148  }
149 
154  public function read()
155  {
156  global $ilDB;
157 
158  $query = "SELECT * FROM role_data WHERE role_id= " . $ilDB->quote($this->id, 'integer') . " ";
159 
160  $res = $ilDB->query($query);
161  if ($res->numRows() > 0) {
162  $data = $ilDB->fetchAssoc($res);
163 
164  // fill member vars in one shot
165  $this->assignData($data);
166  } else {
167  $this->ilias->raiseError("<b>Error: There is no dataset with id " . $this->id . "!</b><br />class: " . get_class($this) . "<br />Script: " . __FILE__ . "<br />Line: " . __LINE__, $this->ilias->FATAL);
168  }
169 
170  parent::read();
171  }
172 
178  public function assignData($a_data)
179  {
180  $this->setTitle(ilUtil::stripSlashes($a_data["title"]));
181  $this->setDescription(ilUtil::stripslashes($a_data["desc"]));
182  $this->setAllowRegister($a_data["allow_register"]);
183  $this->toggleAssignUsersStatus($a_data['assign_users']);
184  $this->setDiskQuota($a_data['disk_quota']);
185  $this->setPersonalWorkspaceDiskQuota($a_data['wsp_disk_quota']);
186  }
187 
192  public function update()
193  {
194  global $ilDB;
195 
196  $query = "UPDATE role_data SET " .
197  "allow_register= " . $ilDB->quote($this->allow_register, 'integer') . ", " .
198  "assign_users = " . $ilDB->quote($this->getAssignUsersStatus(), 'integer') . ", " .
199  "disk_quota = " . $ilDB->quote($this->getDiskQuota(), 'integer') . ", " .
200  "wsp_disk_quota = " . $ilDB->quote($this->getPersonalWorkspaceDiskQuota(), 'integer') . " " .
201  "WHERE role_id= " . $ilDB->quote($this->id, 'integer') . " ";
202  $res = $ilDB->manipulate($query);
203 
204  parent::update();
205 
206  $this->read();
207 
208  return true;
209  }
210 
218  public function create()
219  {
220  global $ilDB;
221 
222  $this->id = parent::create();
223 
224  $query = "INSERT INTO role_data " .
225  "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) " .
226  "VALUES " .
227  "(" . $ilDB->quote($this->id, 'integer') . "," .
228  $ilDB->quote($this->getAllowRegister(), 'integer') . "," .
229  $ilDB->quote($this->getAssignUsersStatus(), 'integer') . "," .
230  $ilDB->quote($this->getDiskQuota(), 'integer') . "," .
231  $ilDB->quote($this->getPersonalWorkspaceDiskQuota(), 'integer') . ")"
232  ;
233  $res = $ilDB->query($query);
234 
235  return $this->id;
236  }
237 
244  public function setAllowRegister($a_allow_register)
245  {
246  if (empty($a_allow_register)) {
247  $a_allow_register == 0;
248  }
249 
250  $this->allow_register = (int) $a_allow_register;
251  }
252 
259  public function getAllowRegister()
260  {
261  return $this->allow_register ? $this->allow_register : false;
262  }
263 
272  public function setDiskQuota($a_disk_quota)
273  {
274  $this->disk_quota = $a_disk_quota;
275  }
276 
286  public function getDiskQuota()
287  {
288  return $this->disk_quota;
289  }
290 
291 
300  public function setPersonalWorkspaceDiskQuota($a_disk_quota)
301  {
302  $this->wsp_disk_quota = $a_disk_quota;
303  }
304 
314  public function getPersonalWorkspaceDiskQuota()
315  {
316  return $this->wsp_disk_quota;
317  }
318 
325  public static function _lookupRegisterAllowed()
326  {
327  global $ilDB;
328 
329  $query = "SELECT * FROM role_data " .
330  "JOIN object_data ON object_data.obj_id = role_data.role_id " .
331  "WHERE allow_register = 1";
332  $res = $ilDB->query($query);
333 
334  $roles = array();
335  while ($role = $ilDB->fetchAssoc($res)) {
336  $roles[] = array("id" => $role["obj_id"],
337  "title" => $role["title"],
338  "auth_mode" => $role['auth_mode']);
339  }
340 
341  return $roles;
342  }
343 
350  public static function _lookupAllowRegister($a_role_id)
351  {
352  global $ilDB;
353 
354  $query = "SELECT * FROM role_data " .
355  " WHERE role_id =" . $ilDB->quote($a_role_id, 'integer');
356 
357  $res = $ilDB->query($query);
358  if ($role_rec = $ilDB->fetchAssoc($res)) {
359  if ($role_rec["allow_register"]) {
360  return true;
361  }
362  }
363  return false;
364  }
365 
373  public function setParent($a_parent_ref)
374  {
375  $this->parent = $a_parent_ref;
376  }
377 
384  public function getParent()
385  {
386  return $this->parent;
387  }
388 
389 
396  public function delete()
397  {
398  global $rbacadmin, $rbacreview,$ilDB;
399 
400  // Temporary bugfix
401  if ($rbacreview->hasMultipleAssignments($this->getId())) {
402  ilLoggerFactory::getLogger('ac')->warning('Found role with multiple assignments: role_id: ' . $this->getId());
403  ilLoggerFactory::getLogger('ac')->warning('Aborted deletion of role.');
404  return false;
405  }
406 
407  if ($rbacreview->isAssignable($this->getId(), $this->getParent())) {
408  ilLoggerFactory::getLogger('ac')->debug('Handling assignable role...');
409  // do not delete a global role, if the role is the last
410  // role a user is assigned to.
411  //
412  // Performance improvement: In the code section below, we
413  // only need to consider _global_ roles. We don't need
414  // to check for _local_ roles, because a user who has
415  // a local role _always_ has a global role too.
416  $last_role_user_ids = array();
417  if ($this->getParent() == ROLE_FOLDER_ID) {
418  ilLoggerFactory::getLogger('ac')->debug('Handling global role...');
419  // The role is a global role: check if
420  // we find users who aren't assigned to any
421  // other global role than this one.
422  $user_ids = $rbacreview->assignedUsers($this->getId());
423 
424  foreach ($user_ids as $user_id) {
425  // get all roles each user has
426  $role_ids = $rbacreview->assignedRoles($user_id);
427 
428  // is last role?
429  if (count($role_ids) == 1) {
430  $last_role_user_ids[] = $user_id;
431  }
432  }
433  }
434 
435  // users with last role found?
436  if (count($last_role_user_ids) > 0) {
437  $user_names = array();
438  foreach ($last_role_user_ids as $user_id) {
439  // GET OBJECT TITLE
440  $user_names[] = ilObjUser::_lookupLogin($user_id);
441  }
442 
443  // TODO: This check must be done in rolefolder object because if multiple
444  // roles were selected the other roles are still deleted and the system does not
445  // give any feedback about this.
446  $users = implode(', ', $user_names);
447  ilLoggerFactory::getLogger('ac')->info('Cannot delete last global role of users.');
448  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1") . " " .
449  $users . "<br/>" . $this->lng->txt("msg_user_last_role2"), $this->ilias->error_obj->WARNING);
450  } else {
451  ilLoggerFactory::getLogger('ac')->debug('Starting deletion of assignable role: role_id: ' . $this->getId());
452  $rbacadmin->deleteRole($this->getId(), $this->getParent());
453 
454  // Delete ldap role group mappings
455  include_once('./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
456  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
457 
458  // delete object_data entry
459  parent::delete();
460 
461  // delete role_data entry
462  $query = "DELETE FROM role_data WHERE role_id = " . $ilDB->quote($this->getId(), 'integer');
463  $res = $ilDB->manipulate($query);
464 
465  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
466  $role_desk_item_obj = new ilRoleDesktopItem($this->getId());
467  $role_desk_item_obj->deleteAll();
468  }
469  } else {
470  ilLoggerFactory::getLogger('ac')->debug('Starting deletion of linked role: role_id ' . $this->getId());
471  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
472  $rbacadmin->deleteLocalRole($this->getId(), $this->getParent());
473  }
474  return true;
475  }
476 
477  public function getCountMembers()
478  {
479  global $rbacreview;
480 
481  return count($rbacreview->assignedUsers($this->getId()));
482  }
483 
484  public static function _getTranslation($a_role_title)
485  {
486  global $lng;
487 
488  $role_title = self::_removeObjectId($a_role_title);
489 
490  if (preg_match("/^il_./", $role_title)) {
491  return $lng->txt($role_title);
492  }
493 
494  return $a_role_title;
495  }
496 
497  public static function _removeObjectId($a_role_title)
498  {
499  $role_title_parts = explode('_', $a_role_title);
500 
501  $test2 = (int) $role_title_parts[3];
502  if ($test2 > 0) {
503  unset($role_title_parts[3]);
504  }
505 
506  return implode('_', $role_title_parts);
507  }
508 
509  public static function _updateAuthMode($a_roles)
510  {
511  global $ilDB;
512 
513  foreach ($a_roles as $role_id => $auth_mode) {
514  $query = "UPDATE role_data SET " .
515  "auth_mode= " . $ilDB->quote($auth_mode, 'text') . " " .
516  "WHERE role_id= " . $ilDB->quote($role_id, 'integer') . " ";
517  $res = $ilDB->manipulate($query);
518  }
519  }
520 
521  public static function _getAuthMode($a_role_id)
522  {
523  global $ilDB;
524 
525  $query = "SELECT auth_mode FROM role_data " .
526  "WHERE role_id= " . $ilDB->quote($a_role_id, 'integer') . " ";
527  $res = $ilDB->query($query);
528  $row = $ilDB->fetchAssoc($res);
529 
530  return $row['auth_mode'];
531  }
532 
540  public static function _getRolesByAuthMode($a_auth_mode)
541  {
542  global $ilDB;
543 
544  $query = "SELECT * FROM role_data " .
545  "WHERE auth_mode = " . $ilDB->quote($a_auth_mode, 'text');
546  $res = $ilDB->query($query);
547  $roles = array();
548  while ($row = $ilDB->fetchObject($res)) {
549  $roles[] = $row->role_id;
550  }
551  return $roles;
552  }
553 
562  public static function _resetAuthMode($a_auth_mode)
563  {
564  global $ilDB;
565 
566  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " . $ilDB->quote($a_auth_mode, 'text');
567  $res = $ilDB->manipulate($query);
568  }
569 
570  // returns array of operation/objecttype definitions
571  // private
572  public function __getPermissionDefinitions()
573  {
574  global $ilDB, $lng, $objDefinition,$rbacreview;
575 
576  $operation_info = $rbacreview->getOperationAssignment();
577  foreach ($operation_info as $info) {
578  if ($objDefinition->getDevMode($info['type'])) {
579  continue;
580  }
581  $rbac_objects[$info['typ_id']] = array("obj_id" => $info['typ_id'],
582  "type" => $info['type']);
583 
584  // handle plugin permission texts
585  $txt = $objDefinition->isPlugin($info['type'])
586  ? ilObjectPlugin::lookupTxtById($info['type'], $info['type'] . "_" . $info['operation'])
587  : $lng->txt($info['type'] . "_" . $info['operation']);
588  if (substr($info['operation'], 0, 7) == "create_" &&
589  $objDefinition->isPlugin(substr($info['operation'], 7))) {
590  $txt = ilObjectPlugin::lookupTxtById(substr($info['operation'], 7), $info['type'] . "_" . $info['operation']);
591  }
592  $rbac_operations[$info['typ_id']][$info['ops_id']] = array(
593  "ops_id" => $info['ops_id'],
594  "title" => $info['operation'],
595  "name" => $txt);
596  }
597  return array($rbac_objects,$rbac_operations);
598  }
599 
600 
601  public static function isAutoGenerated($a_role_id)
602  {
603  return substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_';
604  }
605 
613  public function changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter = array())
614  {
615  global $tree,$rbacreview;
616 
617  // Get node info of subtree
618  $nodes = $tree->getRbacSubtreeInfo($a_start_node);
619 
620  // get local policies
621  $all_local_policies = $rbacreview->getObjectsWithStopedInheritance($this->getId());
622 
623  // filter relevant roles
624  $local_policies = array();
625  foreach ($all_local_policies as $lp) {
626  if (isset($nodes[$lp])) {
627  $local_policies[] = $lp;
628  }
629  }
630 
631  // Delete deprecated policies
632  switch ($a_mode) {
633  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
634  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
635  $local_policies = $this->deleteLocalPolicies($a_start_node, $local_policies, $a_filter);
636  #$local_policies = array($a_start_node == ROOT_FOLDER_ID ? SYSTEM_FOLDER_ID : $a_start_node);
637  break;
638  }
639  $this->adjustPermissions($a_mode, $nodes, $local_policies, $a_filter, $a_exclusion_filter);
640 
641  #var_dump(memory_get_peak_usage());
642  #var_dump(memory_get_usage());
643  }
644 
650  protected function deleteLocalPolicies($a_start, $a_policies, $a_filter)
651  {
652  global $rbacreview,$rbacadmin;
653 
654  $local_policies = array();
655  foreach ($a_policies as $policy) {
656  if ($policy == $a_start or $policy == SYSTEM_FOLDER_ID) {
657  $local_policies[] = $policy;
658  continue;
659  }
660  if (!in_array('all', $a_filter) and !in_array(ilObject::_lookupType(ilObject::_lookupObjId($policy)), $a_filter)) {
661  $local_policies[] = $policy;
662  continue;
663  }
664  $rbacadmin->deleteLocalRole($this->getId(), $policy);
665  }
666  return $local_policies;
667  }
668 
677  protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array())
678  {
679  global $rbacadmin, $rbacreview, $tree;
680 
681  $operation_stack = array();
682  $policy_stack = array();
683  $node_stack = array();
684 
685  $start_node = current($a_nodes);
686  array_push($node_stack, $start_node);
687  $this->updatePolicyStack($policy_stack, $start_node['child']);
688  $this->updateOperationStack($operation_stack, $start_node['child'], true);
689 
690  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
691  $rbac_log_active = ilRbacLog::isActive();
692 
693  $local_policy = false;
694  foreach ($a_nodes as $node) {
695  $cmp_node = end($node_stack);
696  while ($relation = $tree->getRelationOfNodes($node, $cmp_node)) {
697  switch ($relation) {
698  case ilTree::RELATION_NONE:
699  case ilTree::RELATION_SIBLING:
700  $GLOBALS['ilLog']->write(__METHOD__ . ': Handling sibling/none relation.');
701  array_pop($operation_stack);
702  array_pop($policy_stack);
703  array_pop($node_stack);
704  $cmp_node = end($node_stack);
705  $local_policy = false;
706  break;
707 
708  case ilTree::RELATION_CHILD:
709  case ilTree::RELATION_EQUALS:
710  case ilTree::RELATION_PARENT:
711  default:
712  $GLOBALS['ilLog']->write(__METHOD__ . ': Handling child/equals/parent ' . $relation);
713  break 2;
714  }
715  }
716 
717  if ($local_policy) {
718  continue;
719  }
720 
721  // Start node => set permissions and continue
722  if ($node['child'] == $start_node['child']) {
723  if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
724  if ($rbac_log_active) {
725  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
726  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
727  }
728 
729  // Set permissions
730  $perms = end($operation_stack);
731  $rbacadmin->grantPermission(
732  $this->getId(),
733  (array) $perms[$node['type']],
734  $node['child']
735  );
736 
737  if ($rbac_log_active) {
738  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
739  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
740  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
741  }
742  }
743  continue;
744  }
745 
746  // Node has local policies => update permission stack and continue
747  if (in_array($node['child'], $a_policies) and ($node['child'] != SYSTEM_FOLDER_ID)) {
748  $local_policy = true;
749  $this->updatePolicyStack($policy_stack, $node['child']);
750  $this->updateOperationStack($operation_stack, $node['child']);
751  array_push($node_stack, $node);
752  continue;
753  }
754 
755  // Continue if this object type is not in filter
756  if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
757  continue;
758  }
759 
760  if ($rbac_log_active) {
761  $rbac_log_roles = $rbacreview->getParentRoleIds($node['child'], false);
762  $rbac_log_old = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
763  }
764 
765  // Node is course => create course permission intersection
766  if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
767  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'crs')) {
768  // Copy role permission intersection
769  $perms = end($operation_stack);
770  $this->createPermissionIntersection($policy_stack, $perms['crs'], $node['child'], $node['type']);
771  if ($this->updateOperationStack($operation_stack, $node['child'])) {
772  $this->updatePolicyStack($policy_stack, $node['child']);
773  array_push($node_stack, $node);
774  }
775  }
776 
777  // Node is group => create group permission intersection
778  if (($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES or
779  $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) and ($node['type'] == 'grp')) {
780  // Copy role permission intersection
781  $perms = end($operation_stack);
782  $this->createPermissionIntersection($policy_stack, $perms['grp'], $node['child'], $node['type']);
783  if ($this->updateOperationStack($operation_stack, $node['child'])) {
784  $this->updatePolicyStack($policy_stack, $node['child']);
785  array_push($node_stack, $node);
786  }
787  }
788 
789  // Set permission
790  $perms = end($operation_stack);
791  $rbacadmin->grantPermission(
792  $this->getId(),
793  (array) $perms[$node['type']],
794  $node['child']
795  );
796 
797  if ($rbac_log_active) {
798  $rbac_log_new = ilRbacLog::gatherFaPa($node['child'], array_keys($rbac_log_roles));
799  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
800  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
801  }
802  }
803  }
804 
811  protected function isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
812  {
813  if (in_array($a_type, $a_exclusion_filter)) {
814  return false;
815  }
816 
817  if (in_array('all', $a_filter)) {
818  return true;
819  }
820  return in_array($a_type, $a_filter);
821  }
822 
829  protected function updateOperationStack(&$a_stack, $a_node, $a_init = false)
830  {
831  global $rbacreview;
832 
833  $has_policies = null;
834  $policy_origin = null;
835 
836  if ($a_node == ROOT_FOLDER_ID) {
837  $has_policies = true;
838  $policy_origin = ROLE_FOLDER_ID;
839  } else {
840  $has_policies = $rbacreview->getLocalPolicies($a_node);
841  $policy_origin = $a_node;
842 
843  if ($a_init) {
844  $parent_roles = $rbacreview->getParentRoleIds($a_node, false);
845  if ($parent_roles[$this->getId()]) {
846  $a_stack[] = $rbacreview->getAllOperationsOfRole(
847  $this->getId(),
848  $parent_roles[$this->getId()]['parent']
849  );
850  }
851  return true;
852  }
853  }
854 
855  if (!$has_policies) {
856  return false;
857  }
858 
859  $a_stack[] = $rbacreview->getAllOperationsOfRole(
860  $this->getId(),
861  $policy_origin
862  );
863  return true;
864  }
865 
871  protected function updatePolicyStack(&$a_stack, $a_node)
872  {
873  global $rbacreview;
874 
875  $has_policies = null;
876  $policy_origin = null;
877 
878  if ($a_node == ROOT_FOLDER_ID) {
879  $has_policies = true;
880  $policy_origin = ROLE_FOLDER_ID;
881  } else {
882  $has_policies = $rbacreview->getLocalPolicies($a_node);
883  $policy_origin = $a_node;
884  }
885 
886  if (!$has_policies) {
887  return false;
888  }
889 
890  $a_stack[] = $policy_origin;
891  return true;
892  }
893 
901  protected function createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
902  {
903  global $ilDB, $rbacreview,$rbacadmin;
904 
905  static $course_non_member_id = null;
906  static $group_non_member_id = null;
907  static $group_open_id = null;
908  static $group_closed_id = null;
909 
910  // Get template id
911  switch ($a_type) {
912  case 'grp':
913 
914  include_once './Modules/Group/classes/class.ilObjGroup.php';
915  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
916  #var_dump("GROUP TYPE",$type);
917  switch ($type) {
918  case GRP_TYPE_CLOSED:
919  if (!$group_closed_id) {
920  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
921  $res = $ilDB->query($query);
922  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
923  $group_closed_id = $row->obj_id;
924  }
925  }
926  $template_id = $group_closed_id;
927  #var_dump("GROUP CLOSED id:" . $template_id);
928  break;
929 
930  case GRP_TYPE_OPEN:
931  default:
932  if (!$group_open_id) {
933  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
934  $res = $ilDB->query($query);
935  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
936  $group_open_id = $row->obj_id;
937  }
938  }
939  $template_id = $group_open_id;
940  #var_dump("GROUP OPEN id:" . $template_id);
941  break;
942  }
943  break;
944 
945  case 'crs':
946  if (!$course_non_member_id) {
947  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
948  $res = $ilDB->query($query);
949  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
950  $course_non_member_id = $row->obj_id;
951  }
952  }
953  $template_id = $course_non_member_id;
954  break;
955  }
956 
957  $current_ops = $a_current_ops[$a_type];
958 
959  // Create intersection template permissions
960  if ($template_id) {
961  //$rolf = $rbacreview->getRoleFolderIdOfObject($a_id);
962 
963  $rbacadmin->copyRolePermissionIntersection(
964  $template_id,
965  ROLE_FOLDER_ID,
966  $this->getId(),
967  end($policy_stack),
968  $a_id,
969  $this->getId()
970  );
971  } else {
972  #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
973  }
974  #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
975  if ($a_id and !$GLOBALS['rbacreview']->isRoleAssignedToObject($this->getId(), $a_id)) {
976  $rbacadmin->assignRoleToFolder($this->getId(), $a_id, "n");
977  }
978  return true;
979  }
980 } // END class.ilObjRole
GRP_TYPE_OPEN
const GRP_TYPE_OPEN
Definition: class.ilObjGroup.php:20
ilObjUser\_lookupLogin
static _lookupLogin($a_user_id)
lookup login
Definition: class.ilObjUser.php:768
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$ilErr
global $ilErr
Definition: raiseError.php:16
ilObjRole\$disk_quota
$disk_quota
The disk quota in bytes.
Definition: class.ilObjRole.php:36
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilObjectPlugin\lookupTxtById
static lookupTxtById($plugin_id, $lang_var)
Definition: class.ilObjectPlugin.php:83
ilObjRole\getPresentationTitle
getPresentationTitle()
return translated title for autogenerated roles
Definition: class.ilObjRole.php:124
ilObjRole\_lookupRegisterAllowed
static _lookupRegisterAllowed()
get all roles that are activated in user registration
Definition: class.ilObjRole.php:325
ilObjRole\getPersonalWorkspaceDiskQuota
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:314
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObjRole\createPermissionIntersection
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
Definition: class.ilObjRole.php:901
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilObjRole\setParent
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!!! ...
Definition: class.ilObjRole.php:373
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus($a_assign_users)
Definition: class.ilObjRole.php:129
ilObjRole\_updateAuthMode
static _updateAuthMode($a_roles)
Definition: class.ilObjRole.php:509
ilTree\RELATION_PARENT
const RELATION_PARENT
Definition: class.ilTree.php:31
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilObjRole\setAllowRegister
setAllowRegister($a_allow_register)
set allow_register of role
Definition: class.ilObjRole.php:244
ilObjRole\update
update()
updates a record "role" and write it into database public
Definition: class.ilObjRole.php:192
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilObjRole\updatePolicyStack
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
Definition: class.ilObjRole.php:871
ilObjRole\_getAuthMode
static _getAuthMode($a_role_id)
Definition: class.ilObjRole.php:521
ilObjRole\_resetAuthMode
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
Definition: class.ilObjRole.php:562
ilObjRole\deleteLocalPolicies
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
Definition: class.ilObjRole.php:650
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:138
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilObjRole\getAllowRegister
getAllowRegister()
get allow_register
Definition: class.ilObjRole.php:259
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilObjRole\getDiskQuota
getDiskQuota()
Gets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:286
ilObject\setTitle
setTitle($a_title)
set object title
Definition: class.ilObject.php:406
ilObjRole\createDefaultRole
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
Definition: class.ilObjRole.php:60
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjRole\create
create()
create
Definition: class.ilObjRole.php:218
$a_type
$a_type
Definition: workflow.php:92
ilObjRole\isAutoGenerated
static isAutoGenerated($a_role_id)
Definition: class.ilObjRole.php:601
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilObject\getId
getId()
get object id public
Definition: class.ilObject.php:308
GRP_TYPE_CLOSED
const GRP_TYPE_CLOSED
Definition: class.ilObjGroup.php:19
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
ilObjRole\isHandledObjectType
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
Definition: class.ilObjRole.php:811
ilObject\getTitle
getTitle()
get object title public
Definition: class.ilObject.php:384
ilObjRole\_getRolesByAuthMode
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
Definition: class.ilObjRole.php:540
ilias
redirection script todo: (a better solution should control the processing via a xml file) ...
$query
$query
Definition: proxy_ylocal.php:13
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2441
ilObjRole\__construct
__construct($a_id=0, $a_call_by_reference=false)
Constructor public.
Definition: class.ilObjRole.php:44
ilTree\RELATION_EQUALS
const RELATION_EQUALS
Definition: class.ilTree.php:33
ilObjRole\setPersonalWorkspaceDiskQuota
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:300
$txt
$txt
Definition: error.php:11
ilTree\RELATION_CHILD
const RELATION_CHILD
Definition: class.ilTree.php:30
ilTree\RELATION_NONE
const RELATION_NONE
Definition: class.ilTree.php:34
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:484
ilObjRole\validate
validate()
Validate role data.
Definition: class.ilObjRole.php:109
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
$users
$users
Definition: authpage.php:44
ilObjRole\adjustPermissions
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array())
Adjust permissions.
Definition: class.ilObjRole.php:677
ilObjRole\getParent
getParent()
get reference id of parent object
Definition: class.ilObjRole.php:384
ilObjRole\__getPermissionDefinitions
__getPermissionDefinitions()
Definition: class.ilObjRole.php:572
League\Flysystem\Adapter\Polyfill\update
update($pash, $contents, Config $config)
ilObjRole\_removeObjectId
static _removeObjectId($a_role_title)
Definition: class.ilObjRole.php:497
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\changeExistingObjects
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array())
Change existing objects.
Definition: class.ilObjRole.php:613
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilObjGroup\lookupGroupTye
static lookupGroupTye($a_id)
Lookup group type.
Definition: class.ilObjGroup.php:129
ilRbacLog\EDIT_TEMPLATE_EXISTING
const EDIT_TEMPLATE_EXISTING
Definition: class.ilRbacLog.php:22
ilObjRole\updateOperationStack
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
Definition: class.ilObjRole.php:829
ilTree\RELATION_SIBLING
const RELATION_SIBLING
Definition: class.ilTree.php:32
ilObject\setDescription
setDescription($a_desc)
set object description
Definition: class.ilObject.php:431
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilObjRole\read
read()
loads "role" from database private
Definition: class.ilObjRole.php:154
$info
$info
Definition: index.php:5
$template_id
$template_id
Definition: logout-iframe.php:118
ilObjRole\_lookupAllowRegister
static _lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
Definition: class.ilObjRole.php:350
ilObjRole\setDiskQuota
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:272
ilObjRole\assignData
assignData($a_data)
loads a record "role" from array public
Definition: class.ilObjRole.php:178