ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions
ilRbacAdmin Class Reference
Services/AccessControl

Class ilRbacAdmin Core functions for role based access control. More...

+ Collaboration diagram for ilRbacAdmin:

Public Member Functions

 __construct ()
 Constructor public. More...
 
 setBlockedStatus ($a_role_id, $a_ref_id, $a_blocked_status)
 Set blocked status. More...
 
 removeUser ($a_usr_id)
 deletes a user from rbac_ua all user <-> role relations are deleted public More...
 
 deleteRole ($a_rol_id, $a_ref_id)
 Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. More...
 
 deleteTemplate ($a_obj_id)
 Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public. More...
 
 deleteLocalRole ($a_rol_id, $a_ref_id=0)
 Deletes a local role and entries in rbac_fa and rbac_templates public. More...
 
 assignUserLimited ($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
 Assign user limited. More...
 
 assignUser ($a_rol_id, $a_usr_id)
 Assigns an user to a role. More...
 
 deassignUser ($a_rol_id, $a_usr_id)
 Deassigns a user from a role. More...
 
 grantPermission ($a_rol_id, $a_ops, $a_ref_id)
 Grants a permission to an object and a specific role. More...
 
 revokePermission ($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
 Revokes permissions of an object of one role. More...
 
 revokeSubtreePermissions ($a_ref_id, $a_role_id)
 Revoke subtree permissions. More...
 
 deleteSubtreeTemplates ($a_ref_id, $a_rol_id)
 Delete all template permissions of subtree nodes. More...
 
 revokePermissionList ($a_ref_ids, $a_rol_id)
 Revokes permissions of a LIST of objects of ONE role. More...
 
 copyRolePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions and permission of one role to another. More...
 
 copyRoleTemplatePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions of one role to another. More...
 
 copyRolePermissionIntersection ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
 Copies the intersection of the template permissions of two roles to a third role. More...
 
 copyRolePermissionUnion ( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
 <type> $ilDB More...
 
 copyRolePermissionSubtract ($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
 Subtract role permissions. More...
 
 deleteRolePermission ($a_rol_id, $a_ref_id, $a_type=false)
 Deletes all entries of a template. More...
 
 setRolePermission ($a_rol_id, $a_type, $a_ops, $a_ref_id)
 Inserts template permissions in rbac_templates for an specific object type. More...
 
 assignRoleToFolder ($a_rol_id, $a_parent, $a_assign="y")
 Assigns a role to an role folder A role folder is an object to store roles. More...
 
 assignOperationToObject ($a_type_id, $a_ops_id)
 Assign an existing operation to an object Update of rbac_ta. More...
 
 deassignOperationFromObject ($a_type_id, $a_ops_id)
 Deassign an existing operation from an object Update of rbac_ta public. More...
 
 setProtected ($a_ref_id, $a_role_id, $a_value)
 Set protected $ilDB. More...
 
 copyLocalRoles ($a_source_id, $a_target_id)
 Copy local roles This method creates a copy of all local role. More...
 
 initIntersectionPermissions ($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
 Init intersection permissions. More...
 
 adjustMovedObjectPermissions ($a_ref_id, $a_old_parent)
 Adjust permissions of moved objects. More...
 

Protected Member Functions

 addDesktopItem ($a_rol_id, $a_usr_id)
 Add desktop item. More...
 
 applyMovedObjectDidacticTemplates ($a_ref_id, $a_old_parent)
 Apply didactic templates after object movement. More...
 

Detailed Description

Class ilRbacAdmin Core functions for role based access control.

Creation and maintenance of Relations. The main relations of Rbac are user <-> role (UR) assignment relation and the permission <-> role (PR) assignment relation. This class contains methods to 'create' and 'delete' instances of the (UR) relation e.g.: assignUser(), deassignUser() Required methods for the PR relation are grantPermission(), revokePermission()

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 18 of file class.ilRbacAdmin.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacAdmin::__construct ( )

Constructor public.

Definition at line 24 of file class.ilRbacAdmin.php.

References $ilDB, $ilErr, array, and PEAR_ERROR_CALLBACK.

25  {
26  global $ilDB,$ilErr,$ilias;
27 
28  // set db & error handler
29  (isset($ilDB)) ? $this->ilDB =&$ilDB : $this->ilDB =&$ilias->db;
30 
31  if (!isset($ilErr)) {
32  $ilErr = new ilErrorHandling();
33  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
34  } else {
35  $this->ilErr =&$ilErr;
36  }
37  }
$ilErr
global $ilErr
Definition: raiseError.php:16
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilDB
Database Wrapper.
Definition: class.ilDB.php:29
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
if
PHPExcel root directory.
Definition: Database.php:30

Member Function Documentation

◆ addDesktopItem()

ilRbacAdmin::addDesktopItem (   $a_rol_id,
  $a_usr_id 
)
protected

Add desktop item.

Parameters
type$a_rol_id
type$a_usr_id

Definition at line 240 of file class.ilRbacAdmin.php.

References ilObjUser\_addDesktopItem().

Referenced by assignUser(), and assignUserLimited().

241  {
242  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
243  $role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
244  foreach ($role_desk_item_obj->getAll() as $item_data) {
245  include_once './Services/User/classes/class.ilObjUser.php';
246  ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
247  }
248  }
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilObjUser\_addDesktopItem
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user&#39;s personal desktop
Definition: class.ilObjUser.php:2967
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ adjustMovedObjectPermissions()

ilRbacAdmin::adjustMovedObjectPermissions (   $a_ref_id,
  $a_old_parent 
)

Adjust permissions of moved objects.

  • Delete permissions of parent roles that do not exist in new context
  • Delete role templates of parent roles that do not exist in new context
  • Add permissions for parent roles that did not exist in old context

public

Parameters
intref id of moved object
intref_id of old parent

Definition at line 1222 of file class.ilRbacAdmin.php.

References $ilLog, $log, ilRbacLog\add(), applyMovedObjectDidacticTemplates(), array, deleteLocalRole(), ilRbacLog\diffFaPa(), ilRbacLog\gatherFaPa(), grantPermission(), initIntersectionPermissions(), ilRbacLog\isActive(), ilObjCourse\lookupCourseNonMemberTemplatesId(), ilObjGroup\lookupGroupStatusTemplateId(), ilRbacLog\MOVE_OBJECT, and revokePermission().

1223  {
1224  global $rbacreview,$tree,$ilLog;
1225 
1226  $new_parent = $tree->getParentId($a_ref_id);
1227  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false);
1228  $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
1229 
1230  $for_addition = $for_deletion = array();
1231  foreach ($new_context_roles as $new_role_id => $new_role) {
1232  if (!isset($old_context_roles[$new_role_id])) {
1233  $for_addition[$new_role_id] = $new_role;
1234  } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
1235  // handle stopped inheritance
1236  $for_deletion[$new_role_id] = $new_role;
1237  $for_addition[$new_role_id] = $new_role;
1238  }
1239  }
1240  foreach ($old_context_roles as $old_role_id => $old_role) {
1241  if (!isset($new_context_roles[$old_role_id])) {
1242  $for_deletion[$old_role_id] = $old_role;
1243  }
1244  }
1245 
1246  if (!count($for_deletion) and !count($for_addition)) {
1247  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1248  return true;
1249  }
1250 
1251  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1252  $rbac_log_active = ilRbacLog::isActive();
1253  if ($rbac_log_active) {
1254  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1255  }
1256 
1257  foreach ($nodes = $tree->getSubTree($tree->getNodeData($a_ref_id), true) as $node_data) {
1258  $node_id = $node_data['child'];
1259 
1260  if ($rbac_log_active) {
1261  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1262  }
1263 
1264  // If $node_data['type'] is not set, this means there is a tree entry without
1265  // object_reference and/or object_data entry
1266  // Continue in this case
1267  if (!$node_data['type']) {
1268  $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
1269  continue;
1270  }
1271 
1272  if (!$node_id) {
1273  $ilLog->write(__METHOD__ . ': Missing subtree node_id');
1274  continue;
1275  }
1276 
1277  foreach ($for_deletion as $role_id => $role_data) {
1278  $this->deleteLocalRole($role_id, $node_id);
1279  $this->revokePermission($node_id, $role_id, false);
1280  //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
1281  }
1282  foreach ($for_addition as $role_id => $role_data) {
1283  switch ($node_data['type']) {
1284  case 'grp':
1285  include_once './Modules/Group/classes/class.ilObjGroup.php';
1286  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1287  $this->initIntersectionPermissions(
1288  $node_data['child'],
1289  $role_id,
1290  $role_data['parent'],
1291  $tpl_id,
1292  ROLE_FOLDER_ID
1293  );
1294  break;
1295 
1296  case 'crs':
1297  include_once './Modules/Course/classes/class.ilObjCourse.php';
1298  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1299  $this->initIntersectionPermissions(
1300  $node_data['child'],
1301  $role_id,
1302  $role_data['parent'],
1303  $tpl_id,
1304  ROLE_FOLDER_ID
1305  );
1306  break;
1307 
1308 
1309  default:
1310  $this->grantPermission(
1311  $role_id,
1312  $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']),
1313  $node_id
1314  );
1315  break;
1316 
1317 
1318  }
1319 
1320 
1321  //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
1322  }
1323 
1324  if ($rbac_log_active) {
1325  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1326  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1327  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1328  }
1329  }
1330 
1331  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1332  }
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1277
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1192
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1605
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:156
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1124
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:361
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:426
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
$log
$log
Definition: inc.setup_header.php:128
+ Here is the call graph for this function:

◆ applyMovedObjectDidacticTemplates()

ilRbacAdmin::applyMovedObjectDidacticTemplates (   $a_ref_id,
  $a_old_parent 
)
protected

Apply didactic templates after object movement.

Parameters
int$a_ref_id
int$a_old_parent
Deprecated:
since version 5.1.0 will be removed with 5.4 and implemented using event handler

Definition at line 1192 of file class.ilRbacAdmin.php.

References $action, ilDidacticTemplateActionFactory\getActionsByTemplateId(), and ilDidacticTemplateObjSettings\lookupTemplateId().

Referenced by adjustMovedObjectPermissions().

1193  {
1194  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1195  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1196  if (!$tpl_id) {
1197  return;
1198  }
1199  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1200  foreach (ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1201  if ($action instanceof ilDidacticTemplateLocalRoleAction) {
1202  continue;
1203  }
1204  $action->setRefId($a_ref_id);
1205  $action->apply();
1206  }
1207  return;
1208  }
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
$action
$action
Definition: consentAdmin.php:126
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignOperationToObject()

ilRbacAdmin::assignOperationToObject (   $a_type_id,
  $a_ops_id 
)

Assign an existing operation to an object Update of rbac_ta.

public

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1005 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, and $res.

1006  {
1007  global $ilDB;
1008 
1009  if (!isset($a_type_id) or !isset($a_ops_id)) {
1010  $message = get_class($this) . "::assignOperationToObject(): Missing parameter!" .
1011  "type_id: " . $a_type_id .
1012  "ops_id: " . $a_ops_id;
1013  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1014  }
1015 
1016  $query = "INSERT INTO rbac_ta (typ_id, ops_id) " .
1017  "VALUES(" . $ilDB->quote($a_type_id, 'integer') . "," . $ilDB->quote($a_ops_id, 'integer') . ")";
1018  $res = $ilDB->manipulate($query);
1019  return true;
1020  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ assignRoleToFolder()

ilRbacAdmin::assignRoleToFolder (   $a_rol_id,
  $a_parent,
  $a_assign = "y" 
)

Assigns a role to an role folder A role folder is an object to store roles.

Every role is assigned to minimum one role folder If the inheritance of a role is stopped, a new role template will created, and the role is assigned to minimum two role folders. All roles with stopped inheritance need the flag '$a_assign = false'

public

Parameters
integerobject id of role
integerref_id of role folder
stringassignable('y','n'); default: 'y'
Returns
boolean

Definition at line 952 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, $res, and ilLoggerFactory\getLogger().

Referenced by copyLocalRoles(), and initIntersectionPermissions().

953  {
954  global $ilDB,$rbacreview;
955 
956  if (!isset($a_rol_id) or !isset($a_parent)) {
957  $message = get_class($this) . "::assignRoleToFolder(): Missing Parameter!" .
958  " role_id: " . $a_rol_id .
959  " parent_id: " . $a_parent .
960  " assign: " . $a_assign;
961  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
962  }
963 
964  // exclude system role from rbac
965  if ($a_rol_id == SYSTEM_ROLE_ID) {
966  return true;
967  }
968 
969  // if a wrong value is passed, always set assign to "n"
970  if ($a_assign != "y") {
971  $a_assign = "n";
972  }
973 
974  // check if already assigned
975  $query = 'SELECT rol_id FROM rbac_fa ' .
976  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
977  'AND parent = ' . $ilDB->quote($a_parent, 'integer');
978  $res = $ilDB->query($query);
979  if ($res->numRows()) {
980  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
981  return false;
982  }
983 
984  $query = sprintf(
985  'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
986  'VALUES (%s,%s,%s,%s)',
987  $ilDB->quote($a_rol_id, 'integer'),
988  $ilDB->quote($a_parent, 'integer'),
989  $ilDB->quote($a_assign, 'text'),
990  $ilDB->quote('n', 'text')
991  );
992  $res = $ilDB->manipulate($query);
993 
994  return true;
995  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignUser()

ilRbacAdmin::assignUser (   $a_rol_id,
  $a_usr_id 
)

Assigns an user to a role.

Update of table rbac_ua

Parameters
int$a_rol_idObject-ID of role
int$a_usr_idObject-ID of user
Returns
boolean

Definition at line 259 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $message, $query, $res, $type, ilLDAPRoleGroupMapping\_getInstance(), ilObject\_lookupObjId(), ilObject\_lookupType(), addDesktopItem(), array, and ilLoggerFactory\getInstance().

260  {
261  global $ilDB,$rbacreview;
262 
263  if (!isset($a_rol_id) or !isset($a_usr_id)) {
264  $message = get_class($this) . "::assignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
265  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
266  }
267 
268  // check if already assigned user id and role_id
269  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
270 
271  // enhanced: only if we haven't had this role for this user
272  if (!$alreadyAssigned) {
273  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
274  "VALUES (" . $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_rol_id, 'integer') . ")";
275  $res = $ilDB->manipulate($query);
276 
277  $this->addDesktopItem($a_rol_id, $a_usr_id);
278 
279  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, true);
280  }
281 
282  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
283  $mapping = ilLDAPRoleGroupMapping::_getInstance();
284  $mapping->assign($a_rol_id, $a_usr_id);
285 
286 
287  $ref_id = $GLOBALS['rbacreview']->getObjectReferenceOfRole($a_rol_id);
288  $obj_id = ilObject::_lookupObjId($ref_id);
289  $type = ilObject::_lookupType($obj_id);
290 
291  if (!$alreadyAssigned) {
292  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
293  $GLOBALS['ilAppEventHandler']->raise(
294  'Services/AccessControl',
295  'assignUser',
296  array(
297  'obj_id' => $obj_id,
298  'usr_id' => $a_usr_id,
299  'role_id' => $a_rol_id,
300  'type' => $type
301  )
302  );
303  }
304  return true;
305  }
$type
$type
Definition: proxy_ylocal.php:10
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:240
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ assignUserLimited()

ilRbacAdmin::assignUserLimited (   $a_role_id,
  $a_usr_id,
  $a_limit,
  $a_limited_roles = array() 
)

Assign user limited.

Parameters
type$a_role_id
type$a_usr_id
type$a_limit

Definition at line 192 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, $res, $ret, $row, ilLDAPRoleGroupMapping\_getInstance(), addDesktopItem(), array, ilDBConstants\FETCHMODE_OBJECT, ilDBInterface\in(), ilDBInterface\manipulate(), ilDBInterface\query(), and ilDBInterface\quote().

193  {
194  global $ilDB;
195 
196  $ilAtomQuery = $ilDB->buildAtomQuery();
197  $ilAtomQuery->addTableLock('rbac_ua');
198 
199  $ilAtomQuery->addQueryCallable(
200  function (ilDBInterface $ilDB) use (&$ret, $a_role_id, $a_usr_id,$a_limit, $a_limited_roles) {
201  $ret = true;
202  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua ' .
203  'WHERE ' . $ilDB->in('rol_id', (array) $a_limited_roles, false, 'integer');
204  $res = $ilDB->query($limit_query);
205  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
206  if ($row->num >= $a_limit) {
207  $ret = false;
208  return;
209  }
210 
211  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
212  "VALUES (" .
213  $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_role_id, 'integer') .
214  ")";
215  $res = $ilDB->manipulate($query);
216  }
217  );
218 
219  $ilAtomQuery->run();
220 
221  if (!$ret) {
222  return false;
223  }
224 
225  $GLOBALS['rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, true);
226 
227  $this->addDesktopItem($a_role_id, $a_usr_id);
228 
229  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
230  $mapping = ilLDAPRoleGroupMapping::_getInstance();
231  $mapping->assign($a_role_id, $a_usr_id);
232  return true;
233  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilDBInterface\in
in($field, $values, $negate=false, $type="")
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:9
ilDBInterface\quote
quote($value, $type)
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:240
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
Run a (read-only) Query on the database.
ilDBInterface\manipulate
manipulate($query)
Run a (write) Query on the database.
+ Here is the call graph for this function:

◆ copyLocalRoles()

ilRbacAdmin::copyLocalRoles (   $a_source_id,
  $a_target_id 
)

Copy local roles This method creates a copy of all local role.

Note: auto generated roles are excluded

public

Parameters
intsource id of object (not role folder)
inttarget id of object

Definition at line 1080 of file class.ilRbacAdmin.php.

References $ilLog, $orig, $title, array, assignRoleToFolder(), and copyRolePermissions().

1081  {
1082  global $rbacreview,$ilLog,$ilObjDataCache;
1083 
1084  $real_local = array();
1085  foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
1086  $title = $ilObjDataCache->lookupTitle($role_data);
1087  if (substr($title, 0, 3) == 'il_') {
1088  continue;
1089  }
1090  $real_local[] = $role_data;
1091  }
1092  if (!count($real_local)) {
1093  return true;
1094  }
1095  // Create role folder
1096  foreach ($real_local as $role) {
1097  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
1098  $orig = new ilObjRole($role);
1099  $orig->read();
1100 
1101  $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
1102  $roleObj = new ilObjRole();
1103  $roleObj->setTitle($orig->getTitle());
1104  $roleObj->setDescription($orig->getDescription());
1105  $roleObj->setImportId($orig->getImportId());
1106  $roleObj->create();
1107 
1108  $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
1109  $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
1110  $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
1111  }
1112  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:597
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:952
+ Here is the call graph for this function:

◆ copyRolePermissionIntersection()

ilRbacAdmin::copyRolePermissionIntersection (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_parent,
  $a_dest_id 
)

Copies the intersection of the template permissions of two roles to a third role.

public

Parameters
integer$a_source1_idrole_id source
integer$a_source1_parentparent_id source
integer$a_source2_idrole_id source
integer$a_source2_parentparent_id source
integer$a_dest_idrole_id destination
integer$a_dest_parentparent_id destination
Returns
boolean

Definition at line 688 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $key, $message, $query, $res, $row, array, ilDBConstants\FETCHMODE_OBJECT, and ilLoggerFactory\getLogger().

Referenced by initIntersectionPermissions().

689  {
690  global $rbacreview,$ilDB;
691 
692  if (!isset($a_source1_id) or !isset($a_source1_parent)
693  or !isset($a_source2_id) or !isset($a_source2_parent)
694  or !isset($a_dest_id) or !isset($a_dest_parent)) {
695  $message = get_class($this) . "::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
696  " source1_parent: " . $a_source1_parent .
697  " source2_id: " . $a_source2_id .
698  " source2_parent: " . $a_source2_parent .
699  " dest_id: " . $a_dest_id .
700  " dest_parent_id: " . $a_dest_parent;
701  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
702  }
703 
704  // exclude system role from rbac
705  if ($a_dest_id == SYSTEM_ROLE_ID) {
706  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
707  return true;
708  }
709 
710  if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
711  $GLOBALS['ilLog']->write(__METHOD__ . ': Role is protected');
712  return true;
713  }
714 
715  $query = "SELECT s1.type, s1.ops_id " .
716  "FROM rbac_templates s1, rbac_templates s2 " .
717  "WHERE s1.rol_id = " . $ilDB->quote($a_source1_id, 'integer') . " " .
718  "AND s1.parent = " . $ilDB->quote($a_source1_parent, 'integer') . " " .
719  "AND s2.rol_id = " . $ilDB->quote($a_source2_id, 'integer') . " " .
720  "AND s2.parent = " . $ilDB->quote($a_source2_parent, 'integer') . " " .
721  "AND s1.type = s2.type " .
722  "AND s1.ops_id = s2.ops_id";
723 
724  ilLoggerFactory::getLogger('ac')->dump($query);
725 
726  $res = $ilDB->query($query);
727  $operations = array();
728  $rowNum = 0;
729  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
730  $operations[$rowNum]['type'] = $row->type;
731  $operations[$rowNum]['ops_id'] = $row->ops_id;
732 
733  $rowNum++;
734  }
735 
736  // Delete template permissions of target
737  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
738  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
739  $res = $ilDB->manipulate($query);
740 
741  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
742  'VALUES (?,?,?,?)';
743  $sta = $ilDB->prepareManip($query, array('integer','text','integer','integer'));
744  foreach ($operations as $key => $set) {
745  $ilDB->execute($sta, array(
746  $a_dest_id,
747  $set['type'],
748  $set['ops_id'],
749  $a_dest_parent));
750  }
751  return true;
752  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
$key
$key
Definition: croninfo.php:18
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissions()

ilRbacAdmin::copyRolePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions and permission of one role to another.

public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 597 of file class.ilRbacAdmin.php.

References copyRoleTemplatePermissions(), grantPermission(), and revokePermission().

Referenced by copyLocalRoles().

598  {
599  global $tree,$rbacreview;
600 
601  // Copy template permissions
602  $this->copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected);
603 
604  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
605 
606  $this->revokePermission($a_dest_parent, $a_dest_id);
607  $this->grantPermission($a_dest_id, $ops, $a_dest_parent);
608  return true;
609  }
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:621
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:361
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:426
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissionSubtract()

ilRbacAdmin::copyRolePermissionSubtract (   $a_source_id,
  $a_source_parent,
  $a_dest_id,
  $a_dest_parent 
)

Subtract role permissions.

Parameters
type$a_source_id
type$a_source_parent
type$a_dest_id
type$a_dest_parent

Definition at line 825 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $type.

826  {
827  global $rbacreview, $ilDB;
828 
829  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
830  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
831 
832  foreach ($s1_ops as $type => $ops) {
833  foreach ($ops as $op) {
834  if (isset($d_ops[$type]) and in_array($op, $d_ops[$type])) {
835  $query = 'DELETE FROM rbac_templates ' .
836  'WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
837  'AND type = ' . $ilDB->quote($type, 'text') . ' ' .
838  'AND ops_id = ' . $ilDB->quote($op, 'integer') . ' ' .
839  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
840  $ilDB->manipulate($query);
841  }
842  }
843  }
844  return true;
845  }
$type
$type
Definition: proxy_ylocal.php:10
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ copyRolePermissionUnion()

ilRbacAdmin::copyRolePermissionUnion (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_id,
  $a_dest_parent 
)

<type> $ilDB

Parameters
<type>$a_source1_id
<type>$a_source1_parent
<type>$a_source2_id
<type>$a_source2_parent
<type>$a_dest_id
<type>$a_dest_parent
Returns
<type>

Definition at line 765 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, $type, and deleteRolePermission().

772  {
773  global $ilDB, $rbacreview;
774 
775 
776  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
777  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
778 
779  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
780 
781  $GLOBALS['ilLog']->write(__METHOD__ . ': ' . print_r($s1_ops, true));
782  $GLOBALS['ilLog']->write(__METHOD__ . ': ' . print_r($s2_ops, true));
783 
784  foreach ($s1_ops as $type => $ops) {
785  foreach ($ops as $op) {
786  // insert all permission of source 1
787  // #15469
788  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
789  'VALUES( ' .
790  $ilDB->quote($a_dest_id, 'integer') . ', ' .
791  $ilDB->quote($type, 'text') . ', ' .
792  $ilDB->quote($op, 'integer') . ', ' .
793  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
794  ')';
795  $ilDB->manipulate($query);
796  }
797  }
798 
799  // and the other direction...
800  foreach ($s2_ops as $type => $ops) {
801  foreach ($ops as $op) {
802  if (!isset($s1_ops[$type]) or !in_array($op, $s1_ops[$type])) {
803  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
804  'VALUES( ' .
805  $ilDB->quote($a_dest_id, 'integer') . ', ' .
806  $ilDB->quote($type, 'text') . ', ' .
807  $ilDB->quote($op, 'integer') . ', ' .
808  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
809  ')';
810  $ilDB->manipulate($query);
811  }
812  }
813  }
814 
815  return true;
816  }
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:858
$type
$type
Definition: proxy_ylocal.php:10
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ copyRoleTemplatePermissions()

ilRbacAdmin::copyRoleTemplatePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions of one role to another.

It's also possible to copy template permissions from/to RoleTemplateObject public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 621 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, $res, $row, array, and setProtected().

Referenced by copyRolePermissions().

622  {
623  global $rbacreview,$ilDB;
624 
625  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent)) {
626  $message = __METHOD__ . ": Missing parameter! source_id: " . $a_source_id .
627  " source_parent_id: " . $a_source_parent .
628  " dest_id : " . $a_dest_id .
629  " dest_parent_id: " . $a_dest_parent;
630  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
631  }
632 
633  // exclude system role from rbac
634  if ($a_dest_id == SYSTEM_ROLE_ID) {
635  return true;
636  }
637 
638  // Read operations
639  $query = 'SELECT * FROM rbac_templates ' .
640  'WHERE rol_id = ' . $ilDB->quote($a_source_id, 'integer') . ' ' .
641  'AND parent = ' . $ilDB->quote($a_source_parent, 'integer');
642  $res = $ilDB->query($query);
643  $operations = array();
644  $rownum = 0;
645  while ($row = $ilDB->fetchObject($res)) {
646  $operations[$rownum]['type'] = $row->type;
647  $operations[$rownum]['ops_id'] = $row->ops_id;
648  $rownum++;
649  }
650 
651  // Delete target permissions
652  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
653  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
654  $res = $ilDB->manipulate($query);
655 
656  foreach ($operations as $row => $op) {
657  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
658  'VALUES (' .
659  $ilDB->quote($a_dest_id, 'integer') . "," .
660  $ilDB->quote($op['type'], 'text') . "," .
661  $ilDB->quote($op['ops_id'], 'integer') . "," .
662  $ilDB->quote($a_dest_parent, 'integer') . ")";
663  $ilDB->manipulate($query);
664  }
665 
666  // copy also protection status if applicable
667  if ($a_consider_protected == true) {
668  if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
669  $this->setProtected($a_dest_parent, $a_dest_id, 'y');
670  }
671  }
672 
673  return true;
674  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1057
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deassignOperationFromObject()

ilRbacAdmin::deassignOperationFromObject (   $a_type_id,
  $a_ops_id 
)

Deassign an existing operation from an object Update of rbac_ta public.

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1030 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, and $res.

1031  {
1032  global $ilDB;
1033 
1034  if (!isset($a_type_id) or !isset($a_ops_id)) {
1035  $message = get_class($this) . "::deassignPermissionFromObject(): Missing parameter!" .
1036  "type_id: " . $a_type_id .
1037  "ops_id: " . $a_ops_id;
1038  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1039  }
1040 
1041  $query = "DELETE FROM rbac_ta " .
1042  "WHERE typ_id = " . $ilDB->quote($a_type_id, 'integer') . " " .
1043  "AND ops_id = " . $ilDB->quote($a_ops_id, 'integer');
1044  $res = $ilDB->manipulate($query);
1045 
1046  return true;
1047  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ deassignUser()

ilRbacAdmin::deassignUser (   $a_rol_id,
  $a_usr_id 
)

Deassigns a user from a role.

Update of table rbac_ua

Parameters
int$a_rol_idObject-ID of role
int$a_usr_idObject-ID of user
Returns
boolean true on success

Definition at line 316 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $message, $query, $res, $type, ilLDAPRoleGroupMapping\_getInstance(), ilObject\_lookupObjId(), ilObject\_lookupType(), array, and ilLoggerFactory\getInstance().

317  {
318  global $ilDB, $rbacreview;
319 
320  if (!isset($a_rol_id) or !isset($a_usr_id)) {
321  $message = get_class($this) . "::deassignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
322  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
323  }
324 
325  $query = "DELETE FROM rbac_ua " .
326  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . " " .
327  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
328  $res = $ilDB->manipulate($query);
329 
330  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, false);
331 
332  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
333  $mapping = ilLDAPRoleGroupMapping::_getInstance();
334  $mapping->deassign($a_rol_id, $a_usr_id);
335 
336  if ($res) {
337  $ref_id = $GLOBALS['rbacreview']->getObjectReferenceOfRole($a_rol_id);
338  $obj_id = ilObject::_lookupObjId($ref_id);
339  $type = ilObject::_lookupType($obj_id);
340 
341  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
342  $GLOBALS['ilAppEventHandler']->raise('Services/AccessControl', 'deassignUser', array(
343  'obj_id' => $obj_id,
344  'usr_id' => $a_usr_id,
345  'role_id' => $a_rol_id,
346  'type' => $type,
347  ));
348  }
349 
350  return true;
351  }
$type
$type
Definition: proxy_ylocal.php:10
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1036
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ deleteLocalRole()

ilRbacAdmin::deleteLocalRole (   $a_rol_id,
  $a_ref_id = 0 
)

Deletes a local role and entries in rbac_fa and rbac_templates public.

Parameters
integerobject_id of role
integerref_id of role folder (optional)
Returns
boolean true on success

Definition at line 156 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, and $res.

Referenced by adjustMovedObjectPermissions(), and deleteRole().

157  {
158  global $ilDB;
159 
160  if (!isset($a_rol_id)) {
161  $message = get_class($this) . "::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . "'";
162  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
163  }
164 
165  // exclude system role from rbac
166  if ($a_rol_id == SYSTEM_ROLE_ID) {
167  return true;
168  }
169 
170  if ($a_ref_id != 0) {
171  $clause = 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ';
172  }
173 
174  $query = 'DELETE FROM rbac_fa ' .
175  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
176  $clause;
177  $res = $ilDB->manipulate($query);
178 
179  $query = 'DELETE FROM rbac_templates ' .
180  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
181  $clause;
182  $res = $ilDB->manipulate($query);
183  return true;
184  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ deleteRole()

ilRbacAdmin::deleteRole (   $a_rol_id,
  $a_ref_id 
)

Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.

Parameters
integerobj_id of role (role_id)
integerref_id of role folder (ref_id)
Returns
boolean true on success

Definition at line 85 of file class.ilRbacAdmin.php.

References $ilDB, $lng, $message, $query, $res, ilLDAPRoleGroupMapping\_getInstance(), and deleteLocalRole().

86  {
87  global $lng,$ilDB;
88 
89  if (!isset($a_rol_id) or !isset($a_ref_id)) {
90  $message = get_class($this) . "::deleteRole(): Missing parameter! role_id: " . $a_rol_id . " ref_id of role folder: " . $a_ref_id;
91  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
92  }
93 
94  // exclude system role from rbac
95  if ($a_rol_id == SYSTEM_ROLE_ID) {
96  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
97  }
98 
99  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
100  $mapping = ilLDAPRoleGroupMapping::_getInstance();
101  $mapping->deleteRole($a_rol_id);
102 
103 
104  // TODO: check assigned users before deletion
105  // This is done in ilObjRole. Should be better moved to this place?
106 
107  // delete user assignements
108  $query = "DELETE FROM rbac_ua " .
109  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer');
110  $res = $ilDB->manipulate($query);
111 
112  // delete permission assignments
113  $query = "DELETE FROM rbac_pa " .
114  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
115  $res = $ilDB->manipulate($query);
116 
117  //delete rbac_templates and rbac_fa
118  $this->deleteLocalRole($a_rol_id);
119 
120  return true;
121  }
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:156
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:64
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$lng
global $lng
Definition: privfeed.php:17
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ deleteRolePermission()

ilRbacAdmin::deleteRolePermission (   $a_rol_id,
  $a_ref_id,
  $a_type = false 
)

Deletes all entries of a template.

If an object type is given for third parameter only the entries for that object type are deleted Update of table rbac_templates. public

Parameters
integerobject id of role
integerref_id of role folder
stringobject type (optional)
Returns
boolean

Definition at line 858 of file class.ilRbacAdmin.php.

References $a_type, $ilDB, $message, $query, and $res.

Referenced by copyRolePermissionUnion().

859  {
860  global $ilDB;
861 
862  if (!isset($a_rol_id) or !isset($a_ref_id)) {
863  $message = get_class($this) . "::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . " ref_id: " . $a_ref_id;
864  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
865  }
866 
867  // exclude system role from rbac
868  if ($a_rol_id == SYSTEM_ROLE_ID) {
869  return true;
870  }
871 
872  if ($a_type !== false) {
873  $and_type = " AND type=" . $ilDB->quote($a_type, 'text') . " ";
874  }
875 
876  $query = 'DELETE FROM rbac_templates ' .
877  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
878  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
879  $and_type;
880 
881  $res = $ilDB->manipulate($query);
882 
883  return true;
884  }
$a_type
$a_type
Definition: workflow.php:92
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ deleteSubtreeTemplates()

ilRbacAdmin::deleteSubtreeTemplates (   $a_ref_id,
  $a_rol_id 
)

Delete all template permissions of subtree nodes.

Parameters
object$a_ref_id
object$a_rol_id
Returns

Definition at line 532 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, and array.

533  {
534  global $ilDB;
535 
536  $query = 'DELETE FROM rbac_templates ' .
537  'WHERE parent IN ( ' .
538  $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
539  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
540 
541  $ilDB->manipulate($query);
542 
543  $query = 'DELETE FROM rbac_fa ' .
544  'WHERE parent IN ( ' .
545  $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
546  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
547 
548  $ilDB->manipulate($query);
549 
550  return true;
551  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ deleteTemplate()

ilRbacAdmin::deleteTemplate (   $a_obj_id)

Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public.

Parameters
integerobject_id of role template
Returns
boolean

Definition at line 129 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, and $res.

130  {
131  global $ilDB;
132 
133  if (!isset($a_obj_id)) {
134  $message = get_class($this) . "::deleteTemplate(): No obj_id given!";
135  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
136  }
137 
138  $query = 'DELETE FROM rbac_templates ' .
139  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
140  $res = $ilDB->manipulate($query);
141 
142  $query = 'DELETE FROM rbac_fa ' .
143  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
144  $res = $ilDB->manipulate($query);
145 
146  return true;
147  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ grantPermission()

ilRbacAdmin::grantPermission (   $a_rol_id,
  $a_ops,
  $a_ref_id 
)

Grants a permission to an object and a specific role.

Update of table rbac_pa public

Parameters
integerobject id of role
arrayarray of operation ids
integerreference id of that object which is granted the permissions
Returns
boolean

Definition at line 361 of file class.ilRbacAdmin.php.

References $ilDB, $key, $query, $res, and array.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

362  {
363  global $ilDB;
364 
365  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id)) {
366  $this->ilErr->raiseError(get_class($this) . "::grantPermission(): Missing parameter! " .
367  "role_id: " . $a_rol_id . " ref_id: " . $a_ref_id . " operations: ", $this->ilErr->WARNING);
368  }
369 
370  if (!is_array($a_ops)) {
371  $this->ilErr->raiseError(
372  get_class($this) . "::grantPermission(): Wrong datatype for operations!",
373  $this->ilErr->WARNING
374  );
375  }
376 
377  /*
378  if (count($a_ops) == 0)
379  {
380  return false;
381  }
382  */
383  // exclude system role from rbac
384  if ($a_rol_id == SYSTEM_ROLE_ID) {
385  return true;
386  }
387 
388  // convert all values to integer
389  foreach ($a_ops as $key => $operation) {
390  $a_ops[$key] = (int) $operation;
391  }
392 
393  // Serialization des ops_id Arrays
394  $ops_ids = serialize($a_ops);
395 
396  $query = 'DELETE FROM rbac_pa ' .
397  'WHERE rol_id = %s ' .
398  'AND ref_id = %s';
399  $res = $ilDB->queryF(
400  $query,
401  array('integer','integer'),
402  array($a_rol_id,$a_ref_id)
403  );
404 
405  if (!count($a_ops)) {
406  return false;
407  }
408 
409  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) " .
410  "VALUES " .
411  "(" . $ilDB->quote($a_rol_id, 'integer') . "," . $ilDB->quote($ops_ids, 'text') . "," . $ilDB->quote($a_ref_id, 'integer') . ")";
412  $res = $ilDB->manipulate($query);
413 
414  return true;
415  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$key
$key
Definition: croninfo.php:18
+ Here is the caller graph for this function:

◆ initIntersectionPermissions()

ilRbacAdmin::initIntersectionPermissions (   $a_ref_id,
  $a_role_id,
  $a_role_parent,
  $a_template_id,
  $a_template_parent 
)

Init intersection permissions.

type $rbacreview

Parameters
type$a_ref_id
type$a_role_id
type$a_role_parent
type$a_template_id
type$a_template_parent
Returns
type

Definition at line 1124 of file class.ilRbacAdmin.php.

References ilObject\_lookupType(), array, assignRoleToFolder(), copyRolePermissionIntersection(), ilLoggerFactory\getLogger(), grantPermission(), and revokePermission().

Referenced by adjustMovedObjectPermissions().

1125  {
1126  global $rbacreview;
1127 
1128  if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
1129  // Assign object permissions
1130  $new_ops = $rbacreview->getOperationsOfRole(
1131  $a_role_id,
1132  ilObject::_lookupType($a_ref_id, true),
1133  $a_role_parent
1134  );
1135 
1136  // set new permissions for object
1137  $this->grantPermission(
1138  $a_role_id,
1139  (array) $new_ops,
1140  $a_ref_id
1141  );
1142  return;
1143  }
1144  if (!$a_template_id) {
1145  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1146  return;
1147  }
1148  // create template permission intersection
1149  $this->copyRolePermissionIntersection(
1150  $a_template_id,
1151  $a_template_parent,
1152  $a_role_id,
1153  $a_role_parent,
1154  $a_ref_id,
1155  $a_role_id
1156  );
1157 
1158  // assign role to folder
1159  $this->assignRoleToFolder(
1160  $a_role_id,
1161  $a_ref_id,
1162  'n'
1163  );
1164 
1165  // Assign object permissions
1166  $new_ops = $rbacreview->getOperationsOfRole(
1167  $a_role_id,
1168  ilObject::_lookupType($a_ref_id, true),
1169  $a_ref_id
1170  );
1171 
1172  // revoke existing permissions
1173  $this->revokePermission($a_ref_id, $a_role_id);
1174 
1175  // set new permissions for object
1176  $this->grantPermission(
1177  $a_role_id,
1178  (array) $new_ops,
1179  $a_ref_id
1180  );
1181 
1182  return;
1183  }
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:688
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:361
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:426
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:952
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeUser()

ilRbacAdmin::removeUser (   $a_usr_id)

deletes a user from rbac_ua all user <-> role relations are deleted public

Parameters
integeruser_id
Returns
boolean true on success

Definition at line 63 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, and $res.

64  {
65  global $ilDB;
66 
67  if (!isset($a_usr_id)) {
68  $message = get_class($this) . "::removeUser(): No usr_id given!";
69  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
70  }
71 
72  $query = "DELETE FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
73  $res = $ilDB->manipulate($query);
74 
75  return true;
76  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ revokePermission()

ilRbacAdmin::revokePermission (   $a_ref_id,
  $a_rol_id = 0,
  $a_keep_protected = true 
)

Revokes permissions of an object of one role.

Update of table rbac_pa. Revokes all permission for all roles for that object (with this reference). When a role_id is given this applies only to that role public

Parameters
integerreference id of object where permissions should be revoked
integerrole_id (optional: if you want to revoke permissions of object only for a specific role)
Returns
boolean

Definition at line 426 of file class.ilRbacAdmin.php.

References $ilDB, $ilLog, $log, $message, $query, $res, and array.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

427  {
428  global $rbacreview,$log,$ilDB,$ilLog;
429 
430  if (!isset($a_ref_id)) {
431  $ilLog->logStack();
432  $message = get_class($this) . "::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
433  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
434  }
435  #$log->write("ilRBACadmin::revokePermission(), 0");
436 
437  // bypass protected status of roles
438  if ($a_keep_protected != true) {
439  // exclude system role from rbac
440  if ($a_rol_id == SYSTEM_ROLE_ID) {
441  return true;
442  }
443 
444  if ($a_rol_id) {
445  $and1 = " AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
446  } else {
447  $and1 = "";
448  }
449 
450  $query = "DELETE FROM rbac_pa " .
451  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') .
452  $and1;
453 
454  $res = $ilDB->manipulate($query);
455 
456  return true;
457  }
458 
459  // consider protected status of roles
460 
461  // in any case, get all roles in scope first
462  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
463 
464  if (!$a_rol_id) {
465  #$log->write("ilRBACadmin::revokePermission(), 1");
466 
467  $role_ids = array();
468 
469  foreach ($roles_in_scope as $role) {
470  if ($role['protected'] == true) {
471  continue;
472  }
473 
474  $role_ids[] = $role['obj_id'];
475  }
476 
477  // return if no role in array
478  if (!$role_ids) {
479  return true;
480  }
481 
482  $query = 'DELETE FROM rbac_pa ' .
483  'WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' ' .
484  'AND ref_id = ' . $ilDB->quote($a_ref_id, 'integer');
485  $res = $ilDB->manipulate($query);
486  } else {
487  #$log->write("ilRBACadmin::revokePermission(), 2");
488  // exclude system role from rbac
489  if ($a_rol_id == SYSTEM_ROLE_ID) {
490  return true;
491  }
492 
493  // exclude protected permission settings from revoking
494  if ($roles_in_scope[$a_rol_id]['protected'] == true) {
495  return true;
496  }
497 
498  $query = "DELETE FROM rbac_pa " .
499  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " " .
500  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
501  $res = $ilDB->manipulate($query);
502  }
503 
504  return true;
505  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$log
$log
Definition: inc.setup_header.php:128
+ Here is the caller graph for this function:

◆ revokePermissionList()

ilRbacAdmin::revokePermissionList (   $a_ref_ids,
  $a_rol_id 
)

Revokes permissions of a LIST of objects of ONE role.

Update of table rbac_pa. public

Parameters
arraylist of reference_ids to revoke permissions
integerrole_id
Returns
boolean

Definition at line 560 of file class.ilRbacAdmin.php.

References $ilDB, $message, $query, and $res.

561  {
562  global $ilDB;
563 
564  if (!isset($a_ref_ids) or !is_array($a_ref_ids)) {
565  $message = get_class($this) . "::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
566  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
567  }
568 
569  if (!isset($a_rol_id)) {
570  $message = get_class($this) . "::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
571  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
572  }
573 
574  // exclude system role from rbac
575  if ($a_rol_id == SYSTEM_ROLE_ID) {
576  return true;
577  }
578 
579  $query = "DELETE FROM rbac_pa " .
580  "WHERE " . $ilDB->in('ref_id', $a_ref_ids, false, 'integer') . ' ' .
581  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer');
582  $res = $ilDB->manipulate($query);
583 
584  return true;
585  }
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ revokeSubtreePermissions()

ilRbacAdmin::revokeSubtreePermissions (   $a_ref_id,
  $a_role_id 
)

Revoke subtree permissions.

Parameters
object$a_ref_id
object$a_role_id
Returns

Definition at line 513 of file class.ilRbacAdmin.php.

References $GLOBALS, $ilDB, $query, and array.

514  {
515  global $ilDB;
516 
517  $query = 'DELETE FROM rbac_pa ' .
518  'WHERE ref_id IN ' .
519  '( ' . $GLOBALS['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
520  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer');
521 
522  $ilDB->manipulate($query);
523  return true;
524  }
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$query
$query
Definition: proxy_ylocal.php:13
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ setBlockedStatus()

ilRbacAdmin::setBlockedStatus (   $a_role_id,
  $a_ref_id,
  $a_blocked_status 
)

Set blocked status.

Parameters
type$a_role_id
type$a_ref_id
type$a_blocked_status

Definition at line 45 of file class.ilRbacAdmin.php.

References $ilDB, $query, and ilLoggerFactory\getLogger().

46  {
47  global $ilDB;
48 
49  ilLoggerFactory::getLogger('crs')->logStack();
50  $query = 'UPDATE rbac_fa set blocked = ' . $ilDB->quote($a_blocked_status, 'integer') . ' ' .
51  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
52  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
53  $ilDB->manipulate($query);
54  }
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
+ Here is the call graph for this function:

◆ setProtected()

ilRbacAdmin::setProtected (   $a_ref_id,
  $a_role_id,
  $a_value 
)

Set protected $ilDB.

Parameters
type$a_ref_id
type$a_role_id
type$a_valuey or n
Returns
boolean

Definition at line 1057 of file class.ilRbacAdmin.php.

References $ilDB, $query, and $res.

Referenced by copyRoleTemplatePermissions().

1058  {
1059  global $ilDB;
1060 
1061  // ref_id not used yet. protected permission acts 'global' for each role,
1062  // regardless of any broken inheritance before
1063  $query = 'UPDATE rbac_fa ' .
1064  'SET protected = ' . $ilDB->quote($a_value, 'text') . ' ' .
1065  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer');
1066  $res = $ilDB->manipulate($query);
1067  return true;
1068  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ setRolePermission()

ilRbacAdmin::setRolePermission (   $a_rol_id,
  $a_type,
  $a_ops,
  $a_ref_id 
)

Inserts template permissions in rbac_templates for an specific object type.

Update of table rbac_templates public

Parameters
integerrole_id
stringobject type
arrayoperation_ids
integerref_id of role folder object
Returns
boolean

Definition at line 896 of file class.ilRbacAdmin.php.

References $a_type, $ilDB, and $message.

897  {
898  global $ilDB;
899 
900  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id)) {
901  $message = get_class($this) . "::setRolePermission(): Missing parameter!" .
902  " role_id: " . $a_rol_id .
903  " type: " . $a_type .
904  " operations: " . $a_ops .
905  " ref_id: " . $a_ref_id;
906  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
907  }
908 
909  if (!is_string($a_type) or empty($a_type)) {
910  $message = get_class($this) . "::setRolePermission(): a_type is no string or empty!";
911  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
912  }
913 
914  if (!is_array($a_ops) or empty($a_ops)) {
915  $message = get_class($this) . "::setRolePermission(): a_ops is no array or empty!";
916  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
917  }
918 
919  // exclude system role from rbac
920  if ($a_rol_id == SYSTEM_ROLE_ID) {
921  return true;
922  }
923 
924  foreach ($a_ops as $op) {
925  $ilDB->replace(
926  'rbac_templates',
927  [
928  'rol_id' => ['integer', $a_rol_id],
929  'type' => ['text', $a_type],
930  'ops_id' => ['integer', $op],
931  'parent' => ['integer', $a_ref_id]
932  ],
933  []
934  );
935  }
936  return true;
937  }
$a_type
$a_type
Definition: workflow.php:92
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
The documentation for this class was generated from the following file: