ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilRbacAdmin.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
18 class ilRbacAdmin
19 {
24  public function __construct()
25  {
26  global $ilDB,$ilErr,$ilias;
27 
28  // set db & error handler
29  (isset($ilDB)) ? $this->ilDB =&$ilDB : $this->ilDB =&$ilias->db;
30 
31  if (!isset($ilErr)) {
32  $ilErr = new ilErrorHandling();
33  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
34  } else {
35  $this->ilErr =&$ilErr;
36  }
37  }
38 
45  public function setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
46  {
47  global $ilDB;
48 
49  ilLoggerFactory::getLogger('crs')->logStack();
50  $query = 'UPDATE rbac_fa set blocked = ' . $ilDB->quote($a_blocked_status, 'integer') . ' ' .
51  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
52  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
53  $ilDB->manipulate($query);
54  }
55 
63  public function removeUser($a_usr_id)
64  {
65  global $ilDB;
66 
67  if (!isset($a_usr_id)) {
68  $message = get_class($this) . "::removeUser(): No usr_id given!";
69  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
70  }
71 
72  $query = "DELETE FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
73  $res = $ilDB->manipulate($query);
74 
75  return true;
76  }
77 
85  public function deleteRole($a_rol_id, $a_ref_id)
86  {
87  global $lng,$ilDB;
88 
89  if (!isset($a_rol_id) or !isset($a_ref_id)) {
90  $message = get_class($this) . "::deleteRole(): Missing parameter! role_id: " . $a_rol_id . " ref_id of role folder: " . $a_ref_id;
91  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
92  }
93 
94  // exclude system role from rbac
95  if ($a_rol_id == SYSTEM_ROLE_ID) {
96  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
97  }
98 
99  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
100  $mapping = ilLDAPRoleGroupMapping::_getInstance();
101  $mapping->deleteRole($a_rol_id);
102 
103 
104  // TODO: check assigned users before deletion
105  // This is done in ilObjRole. Should be better moved to this place?
106 
107  // delete user assignements
108  $query = "DELETE FROM rbac_ua " .
109  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer');
110  $res = $ilDB->manipulate($query);
111 
112  // delete permission assignments
113  $query = "DELETE FROM rbac_pa " .
114  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
115  $res = $ilDB->manipulate($query);
116 
117  //delete rbac_templates and rbac_fa
118  $this->deleteLocalRole($a_rol_id);
119 
120  return true;
121  }
122 
129  public function deleteTemplate($a_obj_id)
130  {
131  global $ilDB;
132 
133  if (!isset($a_obj_id)) {
134  $message = get_class($this) . "::deleteTemplate(): No obj_id given!";
135  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
136  }
137 
138  $query = 'DELETE FROM rbac_templates ' .
139  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
140  $res = $ilDB->manipulate($query);
141 
142  $query = 'DELETE FROM rbac_fa ' .
143  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
144  $res = $ilDB->manipulate($query);
145 
146  return true;
147  }
148 
156  public function deleteLocalRole($a_rol_id, $a_ref_id = 0)
157  {
158  global $ilDB;
159 
160  if (!isset($a_rol_id)) {
161  $message = get_class($this) . "::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . "'";
162  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
163  }
164 
165  // exclude system role from rbac
166  if ($a_rol_id == SYSTEM_ROLE_ID) {
167  return true;
168  }
169 
170  if ($a_ref_id != 0) {
171  $clause = 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ';
172  }
173 
174  $query = 'DELETE FROM rbac_fa ' .
175  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
176  $clause;
177  $res = $ilDB->manipulate($query);
178 
179  $query = 'DELETE FROM rbac_templates ' .
180  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
181  $clause;
182  $res = $ilDB->manipulate($query);
183  return true;
184  }
185 
192  public function assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles = array())
193  {
194  global $ilDB;
195 
196  $ilAtomQuery = $ilDB->buildAtomQuery();
197  $ilAtomQuery->addTableLock('rbac_ua');
198 
199  $ilAtomQuery->addQueryCallable(
200  function (ilDBInterface $ilDB) use (&$ret, $a_role_id, $a_usr_id,$a_limit, $a_limited_roles) {
201  $ret = true;
202  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua ' .
203  'WHERE ' . $ilDB->in('rol_id', (array) $a_limited_roles, false, 'integer');
204  $res = $ilDB->query($limit_query);
205  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
206  if ($row->num >= $a_limit) {
207  $ret = false;
208  return;
209  }
210 
211  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
212  "VALUES (" .
213  $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_role_id, 'integer') .
214  ")";
215  $res = $ilDB->manipulate($query);
216  }
217  );
218 
219  $ilAtomQuery->run();
220 
221  if (!$ret) {
222  return false;
223  }
224 
225  $GLOBALS['rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, true);
226 
227  $this->addDesktopItem($a_role_id, $a_usr_id);
228 
229  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
230  $mapping = ilLDAPRoleGroupMapping::_getInstance();
231  $mapping->assign($a_role_id, $a_usr_id);
232  return true;
233  }
234 
240  protected function addDesktopItem($a_rol_id, $a_usr_id)
241  {
242  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
243  $role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
244  foreach ($role_desk_item_obj->getAll() as $item_data) {
245  include_once './Services/User/classes/class.ilObjUser.php';
246  ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
247  }
248  }
249 
250 
259  public function assignUser($a_rol_id, $a_usr_id)
260  {
261  global $ilDB,$rbacreview;
262 
263  if (!isset($a_rol_id) or !isset($a_usr_id)) {
264  $message = get_class($this) . "::assignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
265  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
266  }
267 
268  // check if already assigned user id and role_id
269  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
270 
271  // enhanced: only if we haven't had this role for this user
272  if (!$alreadyAssigned) {
273  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
274  "VALUES (" . $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_rol_id, 'integer') . ")";
275  $res = $ilDB->manipulate($query);
276 
277  $this->addDesktopItem($a_rol_id, $a_usr_id);
278 
279  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, true);
280  }
281 
282  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
283  $mapping = ilLDAPRoleGroupMapping::_getInstance();
284  $mapping->assign($a_rol_id, $a_usr_id);
285 
286 
287  $ref_id = $GLOBALS['rbacreview']->getObjectReferenceOfRole($a_rol_id);
288  $obj_id = ilObject::_lookupObjId($ref_id);
289  $type = ilObject::_lookupType($obj_id);
290 
291  if (!$alreadyAssigned) {
292  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
293  $GLOBALS['ilAppEventHandler']->raise(
294  'Services/AccessControl',
295  'assignUser',
296  array(
297  'obj_id' => $obj_id,
298  'usr_id' => $a_usr_id,
299  'role_id' => $a_rol_id,
300  'type' => $type
301  )
302  );
303  }
304  return true;
305  }
306 
307 
316  public function deassignUser($a_rol_id, $a_usr_id)
317  {
318  global $ilDB, $rbacreview;
319 
320  if (!isset($a_rol_id) or !isset($a_usr_id)) {
321  $message = get_class($this) . "::deassignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
322  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
323  }
324 
325  $query = "DELETE FROM rbac_ua " .
326  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . " " .
327  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
328  $res = $ilDB->manipulate($query);
329 
330  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, false);
331 
332  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
333  $mapping = ilLDAPRoleGroupMapping::_getInstance();
334  $mapping->deassign($a_rol_id, $a_usr_id);
335 
336  if ($res) {
337  $ref_id = $GLOBALS['rbacreview']->getObjectReferenceOfRole($a_rol_id);
338  $obj_id = ilObject::_lookupObjId($ref_id);
339  $type = ilObject::_lookupType($obj_id);
340 
341  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
342  $GLOBALS['ilAppEventHandler']->raise('Services/AccessControl', 'deassignUser', array(
343  'obj_id' => $obj_id,
344  'usr_id' => $a_usr_id,
345  'role_id' => $a_rol_id,
346  'type' => $type,
347  ));
348  }
349 
350  return true;
351  }
352 
361  public function grantPermission($a_rol_id, $a_ops, $a_ref_id)
362  {
363  global $ilDB;
364 
365  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id)) {
366  $this->ilErr->raiseError(get_class($this) . "::grantPermission(): Missing parameter! " .
367  "role_id: " . $a_rol_id . " ref_id: " . $a_ref_id . " operations: ", $this->ilErr->WARNING);
368  }
369 
370  if (!is_array($a_ops)) {
371  $this->ilErr->raiseError(
372  get_class($this) . "::grantPermission(): Wrong datatype for operations!",
373  $this->ilErr->WARNING
374  );
375  }
376 
377  /*
378  if (count($a_ops) == 0)
379  {
380  return false;
381  }
382  */
383  // exclude system role from rbac
384  if ($a_rol_id == SYSTEM_ROLE_ID) {
385  return true;
386  }
387 
388  // convert all values to integer
389  foreach ($a_ops as $key => $operation) {
390  $a_ops[$key] = (int) $operation;
391  }
392 
393  // Serialization des ops_id Arrays
394  $ops_ids = serialize($a_ops);
395 
396  $query = 'DELETE FROM rbac_pa ' .
397  'WHERE rol_id = %s ' .
398  'AND ref_id = %s';
399  $res = $ilDB->queryF(
400  $query,
401  array('integer','integer'),
402  array($a_rol_id,$a_ref_id)
403  );
404 
405  if (!count($a_ops)) {
406  return false;
407  }
408 
409  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) " .
410  "VALUES " .
411  "(" . $ilDB->quote($a_rol_id, 'integer') . "," . $ilDB->quote($ops_ids, 'text') . "," . $ilDB->quote($a_ref_id, 'integer') . ")";
412  $res = $ilDB->manipulate($query);
413 
414  return true;
415  }
416 
426  public function revokePermission($a_ref_id, $a_rol_id = 0, $a_keep_protected = true)
427  {
428  global $rbacreview,$log,$ilDB,$ilLog;
429 
430  if (!isset($a_ref_id)) {
431  $ilLog->logStack();
432  $message = get_class($this) . "::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
433  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
434  }
435  #$log->write("ilRBACadmin::revokePermission(), 0");
436 
437  // bypass protected status of roles
438  if ($a_keep_protected != true) {
439  // exclude system role from rbac
440  if ($a_rol_id == SYSTEM_ROLE_ID) {
441  return true;
442  }
443 
444  if ($a_rol_id) {
445  $and1 = " AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
446  } else {
447  $and1 = "";
448  }
449 
450  $query = "DELETE FROM rbac_pa " .
451  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') .
452  $and1;
453 
454  $res = $ilDB->manipulate($query);
455 
456  return true;
457  }
458 
459  // consider protected status of roles
460 
461  // in any case, get all roles in scope first
462  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
463 
464  if (!$a_rol_id) {
465  #$log->write("ilRBACadmin::revokePermission(), 1");
466 
467  $role_ids = array();
468 
469  foreach ($roles_in_scope as $role) {
470  if ($role['protected'] == true) {
471  continue;
472  }
473 
474  $role_ids[] = $role['obj_id'];
475  }
476 
477  // return if no role in array
478  if (!$role_ids) {
479  return true;
480  }
481 
482  $query = 'DELETE FROM rbac_pa ' .
483  'WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' ' .
484  'AND ref_id = ' . $ilDB->quote($a_ref_id, 'integer');
485  $res = $ilDB->manipulate($query);
486  } else {
487  #$log->write("ilRBACadmin::revokePermission(), 2");
488  // exclude system role from rbac
489  if ($a_rol_id == SYSTEM_ROLE_ID) {
490  return true;
491  }
492 
493  // exclude protected permission settings from revoking
494  if ($roles_in_scope[$a_rol_id]['protected'] == true) {
495  return true;
496  }
497 
498  $query = "DELETE FROM rbac_pa " .
499  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " " .
500  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
501  $res = $ilDB->manipulate($query);
502  }
503 
504  return true;
505  }
506 
513  public function revokeSubtreePermissions($a_ref_id, $a_role_id)
514  {
515  global $ilDB;
516 
517  $query = 'DELETE FROM rbac_pa ' .
518  'WHERE ref_id IN ' .
519  '( ' . $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
520  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer');
521 
522  $ilDB->manipulate($query);
523  return true;
524  }
525 
532  public function deleteSubtreeTemplates($a_ref_id, $a_rol_id)
533  {
534  global $ilDB;
535 
536  $query = 'DELETE FROM rbac_templates ' .
537  'WHERE parent IN ( ' .
538  $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
539  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
540 
541  $ilDB->manipulate($query);
542 
543  $query = 'DELETE FROM rbac_fa ' .
544  'WHERE parent IN ( ' .
545  $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
546  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
547 
548  $ilDB->manipulate($query);
549 
550  return true;
551  }
552 
560  public function revokePermissionList($a_ref_ids, $a_rol_id)
561  {
562  global $ilDB;
563 
564  if (!isset($a_ref_ids) or !is_array($a_ref_ids)) {
565  $message = get_class($this) . "::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
566  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
567  }
568 
569  if (!isset($a_rol_id)) {
570  $message = get_class($this) . "::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
571  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
572  }
573 
574  // exclude system role from rbac
575  if ($a_rol_id == SYSTEM_ROLE_ID) {
576  return true;
577  }
578 
579  $query = "DELETE FROM rbac_pa " .
580  "WHERE " . $ilDB->in('ref_id', $a_ref_ids, false, 'integer') . ' ' .
581  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer');
582  $res = $ilDB->manipulate($query);
583 
584  return true;
585  }
586 
597  public function copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = true)
598  {
599  global $tree,$rbacreview;
600 
601  // Copy template permissions
602  $this->copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected);
603 
604  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
605 
606  $this->revokePermission($a_dest_parent, $a_dest_id);
607  $this->grantPermission($a_dest_id, $ops, $a_dest_parent);
608  return true;
609  }
610 
621  public function copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = true)
622  {
623  global $rbacreview,$ilDB;
624 
625  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent)) {
626  $message = __METHOD__ . ": Missing parameter! source_id: " . $a_source_id .
627  " source_parent_id: " . $a_source_parent .
628  " dest_id : " . $a_dest_id .
629  " dest_parent_id: " . $a_dest_parent;
630  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
631  }
632 
633  // exclude system role from rbac
634  if ($a_dest_id == SYSTEM_ROLE_ID) {
635  return true;
636  }
637 
638  // Read operations
639  $query = 'SELECT * FROM rbac_templates ' .
640  'WHERE rol_id = ' . $ilDB->quote($a_source_id, 'integer') . ' ' .
641  'AND parent = ' . $ilDB->quote($a_source_parent, 'integer');
642  $res = $ilDB->query($query);
643  $operations = array();
644  $rownum = 0;
645  while ($row = $ilDB->fetchObject($res)) {
646  $operations[$rownum]['type'] = $row->type;
647  $operations[$rownum]['ops_id'] = $row->ops_id;
648  $rownum++;
649  }
650 
651  // Delete target permissions
652  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
653  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
654  $res = $ilDB->manipulate($query);
655 
656  foreach ($operations as $row => $op) {
657  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
658  'VALUES (' .
659  $ilDB->quote($a_dest_id, 'integer') . "," .
660  $ilDB->quote($op['type'], 'text') . "," .
661  $ilDB->quote($op['ops_id'], 'integer') . "," .
662  $ilDB->quote($a_dest_parent, 'integer') . ")";
663  $ilDB->manipulate($query);
664  }
665 
666  // copy also protection status if applicable
667  if ($a_consider_protected == true) {
668  if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
669  $this->setProtected($a_dest_parent, $a_dest_id, 'y');
670  }
671  }
672 
673  return true;
674  }
688  public function copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
689  {
690  global $rbacreview,$ilDB;
691 
692  if (!isset($a_source1_id) or !isset($a_source1_parent)
693  or !isset($a_source2_id) or !isset($a_source2_parent)
694  or !isset($a_dest_id) or !isset($a_dest_parent)) {
695  $message = get_class($this) . "::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
696  " source1_parent: " . $a_source1_parent .
697  " source2_id: " . $a_source2_id .
698  " source2_parent: " . $a_source2_parent .
699  " dest_id: " . $a_dest_id .
700  " dest_parent_id: " . $a_dest_parent;
701  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
702  }
703 
704  // exclude system role from rbac
705  if ($a_dest_id == SYSTEM_ROLE_ID) {
706  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
707  return true;
708  }
709 
710  if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
711  $GLOBALS['ilLog']->write(__METHOD__ . ': Role is protected');
712  return true;
713  }
714 
715  $query = "SELECT s1.type, s1.ops_id " .
716  "FROM rbac_templates s1, rbac_templates s2 " .
717  "WHERE s1.rol_id = " . $ilDB->quote($a_source1_id, 'integer') . " " .
718  "AND s1.parent = " . $ilDB->quote($a_source1_parent, 'integer') . " " .
719  "AND s2.rol_id = " . $ilDB->quote($a_source2_id, 'integer') . " " .
720  "AND s2.parent = " . $ilDB->quote($a_source2_parent, 'integer') . " " .
721  "AND s1.type = s2.type " .
722  "AND s1.ops_id = s2.ops_id";
723 
724  ilLoggerFactory::getLogger('ac')->dump($query);
725 
726  $res = $ilDB->query($query);
727  $operations = array();
728  $rowNum = 0;
729  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
730  $operations[$rowNum]['type'] = $row->type;
731  $operations[$rowNum]['ops_id'] = $row->ops_id;
732 
733  $rowNum++;
734  }
735 
736  // Delete template permissions of target
737  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
738  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
739  $res = $ilDB->manipulate($query);
740 
741  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
742  'VALUES (?,?,?,?)';
743  $sta = $ilDB->prepareManip($query, array('integer','text','integer','integer'));
744  foreach ($operations as $key => $set) {
745  $ilDB->execute($sta, array(
746  $a_dest_id,
747  $set['type'],
748  $set['ops_id'],
749  $a_dest_parent));
750  }
751  return true;
752  }
753 
765  public function copyRolePermissionUnion(
766  $a_source1_id,
767  $a_source1_parent,
768  $a_source2_id,
769  $a_source2_parent,
770  $a_dest_id,
771  $a_dest_parent
772  ) {
773  global $ilDB, $rbacreview;
774 
775 
776  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
777  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
778 
779  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
780 
781  $GLOBALS['ilLog']->write(__METHOD__ . ': ' . print_r($s1_ops, true));
782  $GLOBALS['ilLog']->write(__METHOD__ . ': ' . print_r($s2_ops, true));
783 
784  foreach ($s1_ops as $type => $ops) {
785  foreach ($ops as $op) {
786  // insert all permission of source 1
787  // #15469
788  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
789  'VALUES( ' .
790  $ilDB->quote($a_dest_id, 'integer') . ', ' .
791  $ilDB->quote($type, 'text') . ', ' .
792  $ilDB->quote($op, 'integer') . ', ' .
793  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
794  ')';
795  $ilDB->manipulate($query);
796  }
797  }
798 
799  // and the other direction...
800  foreach ($s2_ops as $type => $ops) {
801  foreach ($ops as $op) {
802  if (!isset($s1_ops[$type]) or !in_array($op, $s1_ops[$type])) {
803  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
804  'VALUES( ' .
805  $ilDB->quote($a_dest_id, 'integer') . ', ' .
806  $ilDB->quote($type, 'text') . ', ' .
807  $ilDB->quote($op, 'integer') . ', ' .
808  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
809  ')';
810  $ilDB->manipulate($query);
811  }
812  }
813  }
814 
815  return true;
816  }
817 
825  public function copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
826  {
827  global $rbacreview, $ilDB;
828 
829  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
830  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
831 
832  foreach ($s1_ops as $type => $ops) {
833  foreach ($ops as $op) {
834  if (isset($d_ops[$type]) and in_array($op, $d_ops[$type])) {
835  $query = 'DELETE FROM rbac_templates ' .
836  'WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
837  'AND type = ' . $ilDB->quote($type, 'text') . ' ' .
838  'AND ops_id = ' . $ilDB->quote($op, 'integer') . ' ' .
839  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
840  $ilDB->manipulate($query);
841  }
842  }
843  }
844  return true;
845  }
846 
847 
858  public function deleteRolePermission($a_rol_id, $a_ref_id, $a_type = false)
859  {
860  global $ilDB;
861 
862  if (!isset($a_rol_id) or !isset($a_ref_id)) {
863  $message = get_class($this) . "::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . " ref_id: " . $a_ref_id;
864  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
865  }
866 
867  // exclude system role from rbac
868  if ($a_rol_id == SYSTEM_ROLE_ID) {
869  return true;
870  }
871 
872  if ($a_type !== false) {
873  $and_type = " AND type=" . $ilDB->quote($a_type, 'text') . " ";
874  }
875 
876  $query = 'DELETE FROM rbac_templates ' .
877  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
878  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
879  $and_type;
880 
881  $res = $ilDB->manipulate($query);
882 
883  return true;
884  }
885 
896  public function setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
897  {
898  global $ilDB;
899 
900  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id)) {
901  $message = get_class($this) . "::setRolePermission(): Missing parameter!" .
902  " role_id: " . $a_rol_id .
903  " type: " . $a_type .
904  " operations: " . $a_ops .
905  " ref_id: " . $a_ref_id;
906  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
907  }
908 
909  if (!is_string($a_type) or empty($a_type)) {
910  $message = get_class($this) . "::setRolePermission(): a_type is no string or empty!";
911  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
912  }
913 
914  if (!is_array($a_ops) or empty($a_ops)) {
915  $message = get_class($this) . "::setRolePermission(): a_ops is no array or empty!";
916  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
917  }
918 
919  // exclude system role from rbac
920  if ($a_rol_id == SYSTEM_ROLE_ID) {
921  return true;
922  }
923 
924  foreach ($a_ops as $op) {
925  $ilDB->replace(
926  'rbac_templates',
927  [
928  'rol_id' => ['integer', $a_rol_id],
929  'type' => ['text', $a_type],
930  'ops_id' => ['integer', $op],
931  'parent' => ['integer', $a_ref_id]
932  ],
933  []
934  );
935  }
936  return true;
937  }
938 
952  public function assignRoleToFolder($a_rol_id, $a_parent, $a_assign = "y")
953  {
954  global $ilDB,$rbacreview;
955 
956  if (!isset($a_rol_id) or !isset($a_parent)) {
957  $message = get_class($this) . "::assignRoleToFolder(): Missing Parameter!" .
958  " role_id: " . $a_rol_id .
959  " parent_id: " . $a_parent .
960  " assign: " . $a_assign;
961  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
962  }
963 
964  // exclude system role from rbac
965  if ($a_rol_id == SYSTEM_ROLE_ID) {
966  return true;
967  }
968 
969  // if a wrong value is passed, always set assign to "n"
970  if ($a_assign != "y") {
971  $a_assign = "n";
972  }
973 
974  // check if already assigned
975  $query = 'SELECT rol_id FROM rbac_fa ' .
976  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
977  'AND parent = ' . $ilDB->quote($a_parent, 'integer');
978  $res = $ilDB->query($query);
979  if ($res->numRows()) {
980  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
981  return false;
982  }
983 
984  $query = sprintf(
985  'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
986  'VALUES (%s,%s,%s,%s)',
987  $ilDB->quote($a_rol_id, 'integer'),
988  $ilDB->quote($a_parent, 'integer'),
989  $ilDB->quote($a_assign, 'text'),
990  $ilDB->quote('n', 'text')
991  );
992  $res = $ilDB->manipulate($query);
993 
994  return true;
995  }
996 
1005  public function assignOperationToObject($a_type_id, $a_ops_id)
1006  {
1007  global $ilDB;
1008 
1009  if (!isset($a_type_id) or !isset($a_ops_id)) {
1010  $message = get_class($this) . "::assignOperationToObject(): Missing parameter!" .
1011  "type_id: " . $a_type_id .
1012  "ops_id: " . $a_ops_id;
1013  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1014  }
1015 
1016  $query = "INSERT INTO rbac_ta (typ_id, ops_id) " .
1017  "VALUES(" . $ilDB->quote($a_type_id, 'integer') . "," . $ilDB->quote($a_ops_id, 'integer') . ")";
1018  $res = $ilDB->manipulate($query);
1019  return true;
1020  }
1021 
1030  public function deassignOperationFromObject($a_type_id, $a_ops_id)
1031  {
1032  global $ilDB;
1033 
1034  if (!isset($a_type_id) or !isset($a_ops_id)) {
1035  $message = get_class($this) . "::deassignPermissionFromObject(): Missing parameter!" .
1036  "type_id: " . $a_type_id .
1037  "ops_id: " . $a_ops_id;
1038  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1039  }
1040 
1041  $query = "DELETE FROM rbac_ta " .
1042  "WHERE typ_id = " . $ilDB->quote($a_type_id, 'integer') . " " .
1043  "AND ops_id = " . $ilDB->quote($a_ops_id, 'integer');
1044  $res = $ilDB->manipulate($query);
1045 
1046  return true;
1047  }
1048 
1057  public function setProtected($a_ref_id, $a_role_id, $a_value)
1058  {
1059  global $ilDB;
1060 
1061  // ref_id not used yet. protected permission acts 'global' for each role,
1062  // regardless of any broken inheritance before
1063  $query = 'UPDATE rbac_fa ' .
1064  'SET protected = ' . $ilDB->quote($a_value, 'text') . ' ' .
1065  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer');
1066  $res = $ilDB->manipulate($query);
1067  return true;
1068  }
1069 
1080  public function copyLocalRoles($a_source_id, $a_target_id)
1081  {
1082  global $rbacreview,$ilLog,$ilObjDataCache;
1083 
1084  $real_local = array();
1085  foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
1086  $title = $ilObjDataCache->lookupTitle($role_data);
1087  if (substr($title, 0, 3) == 'il_') {
1088  continue;
1089  }
1090  $real_local[] = $role_data;
1091  }
1092  if (!count($real_local)) {
1093  return true;
1094  }
1095  // Create role folder
1096  foreach ($real_local as $role) {
1097  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
1098  $orig = new ilObjRole($role);
1099  $orig->read();
1100 
1101  $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
1102  $roleObj = new ilObjRole();
1103  $roleObj->setTitle($orig->getTitle());
1104  $roleObj->setDescription($orig->getDescription());
1105  $roleObj->setImportId($orig->getImportId());
1106  $roleObj->create();
1107 
1108  $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
1109  $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
1110  $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
1111  }
1112  }
1113 
1124  public function initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
1125  {
1126  global $rbacreview;
1127 
1128  if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
1129  // Assign object permissions
1130  $new_ops = $rbacreview->getOperationsOfRole(
1131  $a_role_id,
1132  ilObject::_lookupType($a_ref_id, true),
1133  $a_role_parent
1134  );
1135 
1136  // set new permissions for object
1137  $this->grantPermission(
1138  $a_role_id,
1139  (array) $new_ops,
1140  $a_ref_id
1141  );
1142  return;
1143  }
1144  if (!$a_template_id) {
1145  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1146  return;
1147  }
1148  // create template permission intersection
1149  $this->copyRolePermissionIntersection(
1150  $a_template_id,
1151  $a_template_parent,
1152  $a_role_id,
1153  $a_role_parent,
1154  $a_ref_id,
1155  $a_role_id
1156  );
1157 
1158  // assign role to folder
1159  $this->assignRoleToFolder(
1160  $a_role_id,
1161  $a_ref_id,
1162  'n'
1163  );
1164 
1165  // Assign object permissions
1166  $new_ops = $rbacreview->getOperationsOfRole(
1167  $a_role_id,
1168  ilObject::_lookupType($a_ref_id, true),
1169  $a_ref_id
1170  );
1171 
1172  // revoke existing permissions
1173  $this->revokePermission($a_ref_id, $a_role_id);
1174 
1175  // set new permissions for object
1176  $this->grantPermission(
1177  $a_role_id,
1178  (array) $new_ops,
1179  $a_ref_id
1180  );
1181 
1182  return;
1183  }
1184 
1192  protected function applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
1193  {
1194  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1195  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1196  if (!$tpl_id) {
1197  return;
1198  }
1199  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1200  foreach (ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1201  if ($action instanceof ilDidacticTemplateLocalRoleAction) {
1202  continue;
1203  }
1204  $action->setRefId($a_ref_id);
1205  $action->apply();
1206  }
1207  return;
1208  }
1209 
1210 
1222  public function adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
1223  {
1224  global $rbacreview,$tree,$ilLog;
1225 
1226  $new_parent = $tree->getParentId($a_ref_id);
1227  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false);
1228  $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
1229 
1230  $for_addition = $for_deletion = array();
1231  foreach ($new_context_roles as $new_role_id => $new_role) {
1232  if (!isset($old_context_roles[$new_role_id])) {
1233  $for_addition[$new_role_id] = $new_role;
1234  } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
1235  // handle stopped inheritance
1236  $for_deletion[$new_role_id] = $new_role;
1237  $for_addition[$new_role_id] = $new_role;
1238  }
1239  }
1240  foreach ($old_context_roles as $old_role_id => $old_role) {
1241  if (!isset($new_context_roles[$old_role_id])) {
1242  $for_deletion[$old_role_id] = $old_role;
1243  }
1244  }
1245 
1246  if (!count($for_deletion) and !count($for_addition)) {
1247  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1248  return true;
1249  }
1250 
1251  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1252  $rbac_log_active = ilRbacLog::isActive();
1253  if ($rbac_log_active) {
1254  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1255  }
1256 
1257  foreach ($nodes = $tree->getSubTree($tree->getNodeData($a_ref_id), true) as $node_data) {
1258  $node_id = $node_data['child'];
1259 
1260  if ($rbac_log_active) {
1261  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1262  }
1263 
1264  // If $node_data['type'] is not set, this means there is a tree entry without
1265  // object_reference and/or object_data entry
1266  // Continue in this case
1267  if (!$node_data['type']) {
1268  $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
1269  continue;
1270  }
1271 
1272  if (!$node_id) {
1273  $ilLog->write(__METHOD__ . ': Missing subtree node_id');
1274  continue;
1275  }
1276 
1277  foreach ($for_deletion as $role_id => $role_data) {
1278  $this->deleteLocalRole($role_id, $node_id);
1279  $this->revokePermission($node_id, $role_id, false);
1280  //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
1281  }
1282  foreach ($for_addition as $role_id => $role_data) {
1283  switch ($node_data['type']) {
1284  case 'grp':
1285  include_once './Modules/Group/classes/class.ilObjGroup.php';
1286  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1287  $this->initIntersectionPermissions(
1288  $node_data['child'],
1289  $role_id,
1290  $role_data['parent'],
1291  $tpl_id,
1292  ROLE_FOLDER_ID
1293  );
1294  break;
1295 
1296  case 'crs':
1297  include_once './Modules/Course/classes/class.ilObjCourse.php';
1298  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1299  $this->initIntersectionPermissions(
1300  $node_data['child'],
1301  $role_id,
1302  $role_data['parent'],
1303  $tpl_id,
1304  ROLE_FOLDER_ID
1305  );
1306  break;
1307 
1308 
1309  default:
1310  $this->grantPermission(
1311  $role_id,
1312  $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']),
1313  $node_id
1314  );
1315  break;
1316 
1317 
1318  }
1319 
1320 
1321  //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
1322  }
1323 
1324  if ($rbac_log_active) {
1325  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1326  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1327  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1328  }
1329  }
1330 
1331  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1332  }
1333 } // END class.ilRbacAdmin
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1277
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$ilErr
global $ilErr
Definition: raiseError.php:16
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1192
ilRbacAdmin\removeUser
removeUser($a_usr_id)
deletes a user from rbac_ua all user <-> role relations are deleted public
Definition: class.ilRbacAdmin.php:63
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:858
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
$action
$action
Definition: consentAdmin.php:126
$type
$type
Definition: proxy_ylocal.php:10
ilRbacAdmin\deassignOperationFromObject
deassignOperationFromObject($a_type_id, $a_ops_id)
Deassign an existing operation from an object Update of rbac_ta public.
Definition: class.ilRbacAdmin.php:1030
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1605
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilRbacAdmin\revokeSubtreePermissions
revokeSubtreePermissions($a_ref_id, $a_role_id)
Revoke subtree permissions.
Definition: class.ilRbacAdmin.php:513
ilRbacAdmin\setBlockedStatus
setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
Set blocked status.
Definition: class.ilRbacAdmin.php:45
ilRbacAdmin\adjustMovedObjectPermissions
adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
Adjust permissions of moved objects.
Definition: class.ilRbacAdmin.php:1222
ilDBInterface\in
in($field, $values, $negate=false, $type="")
ilRbacAdmin\copyRolePermissionUnion
copyRolePermissionUnion( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
<type> $ilDB
Definition: class.ilRbacAdmin.php:765
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRbacAdmin\deleteSubtreeTemplates
deleteSubtreeTemplates($a_ref_id, $a_rol_id)
Delete all template permissions of subtree nodes.
Definition: class.ilRbacAdmin.php:532
ilRbacAdmin\assignUser
assignUser($a_rol_id, $a_usr_id)
Assigns an user to a role.
Definition: class.ilRbacAdmin.php:259
ilRbacAdmin\setRolePermission
setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
Inserts template permissions in rbac_templates for an specific object type.
Definition: class.ilRbacAdmin.php:896
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:621
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilRbacAdmin\deassignUser
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
Definition: class.ilRbacAdmin.php:316
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:156
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:9
$a_type
$a_type
Definition: workflow.php:92
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1124
ilDBInterface\quote
quote($value, $type)
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
ilRbacAdmin\assignUserLimited
assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
Assign user limited.
Definition: class.ilRbacAdmin.php:192
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:240
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1057
ilRbacAdmin\copyLocalRoles
copyLocalRoles($a_source_id, $a_target_id)
Copy local roles This method creates a copy of all local role.
Definition: class.ilRbacAdmin.php:1080
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:688
$query
$query
Definition: proxy_ylocal.php:13
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:361
ilRbacAdmin\revokePermissionList
revokePermissionList($a_ref_ids, $a_rol_id)
Revokes permissions of a LIST of objects of ONE role.
Definition: class.ilRbacAdmin.php:560
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilRbacAdmin\copyRolePermissionSubtract
copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
Subtract role permissions.
Definition: class.ilRbacAdmin.php:825
ilRbacAdmin\__construct
__construct()
Constructor public.
Definition: class.ilRbacAdmin.php:24
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:597
ilRbacAdmin\deleteRole
deleteRole($a_rol_id, $a_ref_id)
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
Definition: class.ilRbacAdmin.php:85
ilObjUser\_addDesktopItem
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user&#39;s personal desktop
Definition: class.ilObjUser.php:2967
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilDB
Database Wrapper.
Definition: class.ilDB.php:29
$lng
global $lng
Definition: privfeed.php:17
ilRbacAdmin\assignOperationToObject
assignOperationToObject($a_type_id, $a_ops_id)
Assign an existing operation to an object Update of rbac_ta.
Definition: class.ilRbacAdmin.php:1005
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:426
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
Run a (read-only) Query on the database.
ilRbacAdmin\deleteTemplate
deleteTemplate($a_obj_id)
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public...
Definition: class.ilRbacAdmin.php:129
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:18
$key
$key
Definition: croninfo.php:18
ilDBInterface\manipulate
manipulate($query)
Run a (write) Query on the database.
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:952
$log
$log
Definition: inc.setup_header.php:128
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:65
if
PHPExcel root directory.
Definition: Database.php:30