ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
19class ilRbacReview
20{
21 const FILTER_ALL = 1;
22 const FILTER_ALL_GLOBAL = 2;
23 const FILTER_ALL_LOCAL = 3;
24 const FILTER_INTERNAL = 4;
25 const FILTER_NOT_INTERNAL = 5;
26 const FILTER_TEMPLATES = 6;
27
28 // Cache operation ids
29 private static $_opsCache = null;
30
34 protected static $assigned_users_cache = array();
35
39 protected static $is_assigned_cache = array();
40
44 protected $log;
45
50 public function __construct()
51 {
52 global $DIC;
53
54 $ilDB = $DIC['ilDB'];
55 $ilErr = $DIC['ilErr'];
56 $ilias = $DIC['ilias'];
57
58 $this->log = ilLoggerFactory::getLogger('ac');
59
60 // set db & error handler
61 (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
62
63 if (!isset($ilErr)) {
64 $ilErr = new ilErrorHandling();
65 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
66 } else {
67 $this->ilErr = &$ilErr;
68 }
69 }
70
79 public function roleExists($a_title, $a_id = 0)
80 {
81 global $DIC;
82
83 $ilDB = $DIC['ilDB'];
84
85 if (empty($a_title)) {
86 $message = get_class($this) . "::roleExists(): No title given!";
87 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
88 }
89
90 $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
91
92 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
93 "WHERE title =" . $ilDB->quote($a_title) . " " .
94 "AND type IN('role','rolt')" .
95 $clause . " ";
96 $r = $this->ilDB->query($q);
97
98 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
99 return $row->obj_id;
100 }
101 return false;
102 }
103
117 protected function __getParentRoles($a_path, $a_templates)
118 {
119 if (!isset($a_path) or !is_array($a_path)) {
120 $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
121 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
122 }
123
124 $parent_roles = array();
125 $role_hierarchy = array();
126
127 foreach ($a_path as $ref_id) {
128 $roles = $this->getRoleListByObject($ref_id, $a_templates);
129 foreach ($roles as $role) {
130 $id = $role["obj_id"];
131 $role["parent"] = $ref_id;
132 $parent_roles[$id] = $role;
133
134 if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
135 $role_hierarchy[$id] = $ref_id;
136 }
137 }
138 }
139 return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
140 }
141
151 public function getParentRoleIds($a_endnode_id, $a_templates = false)
152 {
153 global $DIC;
154
155 $tree = $DIC['tree'];
156
157 if (!isset($a_endnode_id)) {
158 $GLOBALS['DIC']['ilLog']->logStack();
159 $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
160 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
161 }
162
163 //var_dump($a_endnode_id);exit;
164 //$log->write("ilRBACreview::getParentRoleIds(), 0");
165 $pathIds = $tree->getPathId($a_endnode_id);
166
167 // add system folder since it may not in the path
168 //$pathIds[0] = SYSTEM_FOLDER_ID;
169 $pathIds[0] = ROLE_FOLDER_ID;
170 //$log->write("ilRBACreview::getParentRoleIds(), 1");
171 #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
172 return $this->__getParentRoles($pathIds, $a_templates);
173 }
174
183 public function getRoleListByObject($a_ref_id, $a_templates = false)
184 {
185 global $DIC;
186
187 $ilDB = $DIC['ilDB'];
188
189 if (!isset($a_ref_id) or !isset($a_templates)) {
190 $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
191 "ref_id: " . $a_ref_id .
192 "tpl_flag: " . $a_templates;
193 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
194 }
195
196 $role_list = array();
197
198 $where = $this->__setTemplateFilter($a_templates);
199
200 $query = "SELECT * FROM object_data " .
201 "JOIN rbac_fa ON obj_id = rol_id " .
202 $where .
203 "AND object_data.obj_id = rbac_fa.rol_id " .
204 "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
205
206 $res = $ilDB->query($query);
207 while ($row = $ilDB->fetchAssoc($res)) {
208 $row["desc"] = $row["description"];
209 $row["user_id"] = $row["owner"];
210 $role_list[] = $row;
211 }
212
213 $role_list = $this->__setRoleType($role_list);
214
215 return $role_list;
216 }
217
225 public function getAssignableRoles($a_templates = false, $a_internal_roles = false, $title_filter = '')
226 {
227 global $DIC;
228
229 $ilDB = $DIC['ilDB'];
230
231 $role_list = array();
232
233 $where = $this->__setTemplateFilter($a_templates);
234
235 $query = "SELECT * FROM object_data " .
236 "JOIN rbac_fa ON obj_id = rol_id " .
237 $where .
238 "AND rbac_fa.assign = 'y' ";
239
240 if (strlen($title_filter)) {
241 $query .= (' AND ' . $ilDB->like(
242 'title',
243 'text',
244 $title_filter . '%'
245 ));
246 }
247 $res = $ilDB->query($query);
248
249 while ($row = $ilDB->fetchAssoc($res)) {
250 $row["desc"] = $row["description"];
251 $row["user_id"] = $row["owner"];
252 $role_list[] = $row;
253 }
254
255 $role_list = $this->__setRoleType($role_list);
256
257 return $role_list;
258 }
259
267 public function getAssignableRolesInSubtree($ref_id)
268 {
269 global $DIC;
270
271 $ilDB = $DIC['ilDB'];
272
273 $query = 'SELECT rol_id FROM rbac_fa fa ' .
274 'JOIN tree t1 ON t1.child = fa.parent ' .
275 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
276 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
277 'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
278 'AND t1.child IN (' .
279 $GLOBALS['DIC']['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
280 ') ';
281
282
283 $res = $ilDB->query($query);
284
285 $role_list = array();
286 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
287 $role_list[] = $row->rol_id;
288 }
289 return $role_list;
290 }
291
299 public function getAssignableChildRoles($a_ref_id)
300 {
301 global $DIC;
302
303 $ilDB = $DIC['ilDB'];
304
305 $query = "SELECT fa.*, rd.* " .
306 "FROM object_data rd " .
307 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
308 "WHERE fa.assign = 'y' " .
309 "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
310 ;
311
312 $res = $ilDB->query($query);
313 while ($row = $ilDB->fetchAssoc($res)) {
314 $roles_data[] = $row;
315 }
316 return $roles_data ? $roles_data : array();
317 }
318
326 protected function __setTemplateFilter($a_templates)
327 {
328 global $DIC;
329
330 $ilDB = $DIC['ilDB'];
331
332 if ($a_templates === true) {
333 $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
334 } else {
335 $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
336 }
337
338 return $where;
339 }
340
353 protected function __setRoleType($a_role_list)
354 {
355 foreach ($a_role_list as $key => $val) {
356 // determine role type
357 if ($val["type"] == "rolt") {
358 $a_role_list[$key]["role_type"] = "template";
359 } else {
360 if ($val["assign"] == "y") {
361 if ($val["parent"] == ROLE_FOLDER_ID) {
362 $a_role_list[$key]["role_type"] = "global";
363 } else {
364 $a_role_list[$key]["role_type"] = "local";
365 }
366 } else {
367 $a_role_list[$key]["role_type"] = "linked";
368 }
369 }
370
371 if ($val["protected"] == "y") {
372 $a_role_list[$key]["protected"] = true;
373 } else {
374 $a_role_list[$key]["protected"] = false;
375 }
376 }
377
378 return $a_role_list;
379 }
380
387 public function getNumberOfAssignedUsers(array $a_roles)
388 {
389 global $DIC;
390
391 $ilDB = $DIC->database();
392
393 $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
394 'join object_data on ua.usr_id = obj_id ' .
395 'join usr_data ud on ua.usr_id = ud.usr_id ' .
396 'where ' . $ilDB->in('rol_id', $a_roles, false, 'integer');
397
398 $res = $ilDB->query($query);
399 if ($res->numRows()) {
400 $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
401 return $row->num;
402 }
403 return 0;
404 }
405
406
413 public function assignedUsers($a_rol_id)
414 {
415 global $DIC;
416
417 $ilBench = $DIC['ilBench'];
418 $ilDB = $DIC['ilDB'];
419
420 if (!isset($a_rol_id)) {
421 $message = get_class($this) . "::assignedUsers(): No role_id given!";
422 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
423 }
424 if (isset(self::$assigned_users_cache[$a_rol_id])) {
425 return self::$assigned_users_cache[$a_rol_id];
426 }
427
428 $result_arr = array();
429
430 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
431 $res = $ilDB->query($query);
432 while ($row = $ilDB->fetchAssoc($res)) {
433 array_push($result_arr, $row["usr_id"]);
434 }
435
436 self::$assigned_users_cache[$a_rol_id] = $result_arr;
437
438 return $result_arr;
439 }
440
441
450 public function isAssigned($a_usr_id, $a_role_id)
451 {
452 if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
453 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
454 }
455 // Quickly determine if user is assigned to a role
456 global $DIC;
457
458 $ilDB = $DIC['ilDB'];
459
460 $ilDB->setLimit(1, 0);
461 $query = "SELECT usr_id FROM rbac_ua WHERE " .
462 "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
463 "AND usr_id= " . $ilDB->quote($a_usr_id);
464 $res = $ilDB->query($query);
465
466 $is_assigned = $res->numRows() == 1;
467 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
468
469 return $is_assigned;
470 }
471
484 public function isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
485 {
486 global $DIC;
487
488 $ilDB = $DIC['ilDB'];
489
490 $ilDB->setLimit(1, 0);
491 $query = "SELECT usr_id FROM rbac_ua WHERE " .
492 $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
493 " AND usr_id= " . $ilDB->quote($a_usr_id);
494 $res = $ilDB->query($query);
495
496 return $ilDB->numRows($res) == 1;
497 }
498
506 public function assignedRoles($a_usr_id)
507 {
508 global $DIC;
509
510 $ilDB = $DIC->database();
511
512 $role_arr = [];
513 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
514
515 $res = $ilDB->query($query);
516 while ($row = $ilDB->fetchObject($res)) {
517 $role_arr[] = $row->rol_id;
518 }
519 return $role_arr;
520 }
521
527 public function assignedGlobalRoles($a_usr_id)
528 {
529 global $DIC;
530
531 $ilDB = $DIC['ilDB'];
532
533 $query = "SELECT ua.rol_id FROM rbac_ua ua " .
534 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
535 "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
536 "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
537 "AND assign = 'y' ";
538
539 $res = $ilDB->query($query);
540 while ($row = $ilDB->fetchObject($res)) {
541 $role_arr[] = $row->rol_id;
542 }
543 return $role_arr ? $role_arr : array();
544 }
545
554 public function isAssignable($a_rol_id, $a_ref_id)
555 {
556 global $DIC;
557
558 $ilBench = $DIC['ilBench'];
559 $ilDB = $DIC['ilDB'];
560
561 $ilBench->start("RBAC", "review_isAssignable");
562
563 // exclude system role from rbac
564 if ($a_rol_id == SYSTEM_ROLE_ID) {
565 $ilBench->stop("RBAC", "review_isAssignable");
566 return true;
567 }
568
569 if (!isset($a_rol_id) or !isset($a_ref_id)) {
570 $message = get_class($this) . "::isAssignable(): Missing parameter!" .
571 " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
572 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
573 }
574 $query = "SELECT * FROM rbac_fa " .
575 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
576 "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
577 $res = $ilDB->query($query);
578 $row = $ilDB->fetchObject($res);
579
580 $ilBench->stop("RBAC", "review_isAssignable");
581 return $row->assign == 'y' ? true : false;
582 }
583
589 public function hasMultipleAssignments($a_role_id)
590 {
591 global $DIC;
592
593 $ilDB = $DIC['ilDB'];
594
595 $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
596 "AND assign = " . $ilDB->quote('y', 'text');
597 $res = $ilDB->query($query);
598 return $res->numRows() > 1;
599 }
600
612 public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
613 {
614 global $DIC;
615
616 $ilDB = $DIC['ilDB'];
617
618 if (!isset($a_rol_id)) {
619 $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
620 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
621 }
622
623 if ($a_assignable) {
624 $where = " AND assign ='y'";
625 }
626
627 $query = "SELECT DISTINCT parent FROM rbac_fa " .
628 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
629
630 $res = $ilDB->query($query);
631 $folders = [];
632 while ($row = $ilDB->fetchObject($res)) {
633 $folders[] = $row->parent;
634 }
635 return $folders;
636 }
637
645 public function getRolesOfObject($a_ref_id, $a_assignable_only = false)
646 {
647 global $DIC;
648
649 $ilDB = $DIC['ilDB'];
650
651 if (!isset($a_ref_id)) {
652 $GLOBALS['DIC']['ilLog']->logStack();
653 throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
654 }
655 if ($a_assignable_only === true) {
656 $and = 'AND assign = ' . $ilDB->quote('y', 'text');
657 }
658 $query = "SELECT rol_id FROM rbac_fa " .
659 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
660 $and;
661
662 $res = $ilDB->query($query);
663
664 $role_ids = array();
665 while ($row = $ilDB->fetchObject($res)) {
666 $role_ids[] = $row->rol_id;
667 }
668 return $role_ids;
669 }
670
671
672
673
684 public function getRolesOfRoleFolder($a_ref_id, $a_nonassignable = true)
685 {
686 global $DIC;
687
688 $ilBench = $DIC['ilBench'];
689 $ilDB = $DIC['ilDB'];
690 $ilLog = $DIC['ilLog'];
691
692 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
693
694 if (!isset($a_ref_id)) {
695 $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
696 ilLoggerFactory::getLogger('ac')->logStack();
697 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
698 }
699
700 if ($a_nonassignable === false) {
701 $and = " AND assign='y'";
702 }
703
704 $query = "SELECT rol_id FROM rbac_fa " .
705 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
706 $and;
707
708 $res = $ilDB->query($query);
709 while ($row = $ilDB->fetchObject($res)) {
710 $rol_id[] = $row->rol_id;
711 }
712
713 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
714
715 return $rol_id ? $rol_id : array();
716 }
717
724 public function getGlobalRoles()
725 {
726 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
727 }
728
734 public function getLocalRoles($a_ref_id)
735 {
736 global $DIC;
737
738 $ilDB = $DIC['ilDB'];
739
740 $lroles = array();
741 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
742 if ($this->isAssignable($role_id, $a_ref_id)) {
743 $lroles[] = $role_id;
744 }
745 }
746 return $lroles;
747 }
748
754 public function getLocalPolicies($a_ref_id)
755 {
756 $lroles = array();
757 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
758 $lroles[] = $role_id;
759 }
760 return $lroles;
761 }
762
769 public function getGlobalRolesArray()
770 {
771 foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
772 $ga[] = array('obj_id' => $role_id,
773 'role_type' => 'global');
774 }
775 return $ga ? $ga : array();
776 }
777
784 public function getGlobalAssignableRoles()
785 {
786 include_once './Services/AccessControl/classes/class.ilObjRole.php';
787
788 foreach ($this->getGlobalRoles() as $role_id) {
789 if (ilObjRole::_getAssignUsersStatus($role_id)) {
790 $ga[] = array('obj_id' => $role_id,
791 'role_type' => 'global');
792 }
793 }
794 return $ga ? $ga : array();
795 }
796
797
802 public function isRoleAssignedToObject($a_role_id, $a_parent_id)
803 {
804 global $DIC;
805
806 $rbacreview = $DIC['rbacreview'];
807 $ilDB = $DIC['ilDB'];
808
809 $query = 'SELECT * FROM rbac_fa ' .
810 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
811 'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
812 $res = $ilDB->query($query);
813 return $res->numRows() ? true : false;
814 }
815
822 public function getOperations()
823 {
824 global $DIC;
825
826 $ilDB = $DIC['ilDB'];
827
828 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
829 $res = $this->ilDB->query($query);
830 while ($row = $ilDB->fetchObject($res)) {
831 $ops[] = array('ops_id' => $row->ops_id,
832 'operation' => $row->operation,
833 'description' => $row->description);
834 }
835
836 return $ops ? $ops : array();
837 }
838
845 public function getOperation($ops_id)
846 {
847 global $DIC;
848
849 $ilDB = $DIC['ilDB'];
850
851 $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
852 $res = $this->ilDB->query($query);
853 while ($row = $ilDB->fetchObject($res)) {
854 $ops = array('ops_id' => $row->ops_id,
855 'operation' => $row->operation,
856 'description' => $row->description);
857 }
858
859 return $ops ? $ops : array();
860 }
861
871 public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
872 {
873 global $DIC;
874
875 $ilDB = $DIC['ilDB'];
876
877 if (!$a_parent) {
878 $a_parent = ROLE_FOLDER_ID;
879 }
880
881 $query = "SELECT ops_id,type FROM rbac_templates " .
882 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
883 "AND parent = " . $ilDB->quote($a_parent, 'integer');
884 $res = $ilDB->query($query);
885
886 $ops_arr = array();
887 while ($row = $ilDB->fetchObject($res)) {
888 $ops_arr[$row->type][] = $row->ops_id;
889 }
890 return (array) $ops_arr;
891 }
892
900 public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
901 {
902 global $DIC;
903
904 $ilDB = $DIC['ilDB'];
905
906 $query = 'SELECT * FROM rbac_pa ' .
907 'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
908 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
909
910 $res = $ilDB->query($query);
911 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
912 return unserialize($row['ops_id']);
913 }
914 return array();
915 }
916
917
928 public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
929 {
930 global $DIC;
931
932 $ilDB = $DIC['ilDB'];
933 $ilLog = $DIC['ilLog'];
934
935 if (!isset($a_rol_id) or !isset($a_type)) {
936 $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
937 "role_id: " . $a_rol_id .
938 "type: " . $a_type .
939 "parent_id: " . $a_parent;
940 $ilLog->logStack("Missing parameter! ");
941 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
942 }
943
944 $ops_arr = array();
945
946 // if no rolefolder id is given, assume global role folder as target
947 if ($a_parent == 0) {
948 $a_parent = ROLE_FOLDER_ID;
949 }
950
951 $query = "SELECT ops_id FROM rbac_templates " .
952 "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
953 "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
954 "AND parent = " . $ilDB->quote($a_parent, 'integer');
955 $res = $ilDB->query($query);
956 while ($row = $ilDB->fetchObject($res)) {
957 $ops_arr[] = $row->ops_id;
958 }
959
960 return $ops_arr;
961 }
962
970 public function getRoleOperationsOnObject($a_role_id, $a_ref_id)
971 {
972 global $DIC;
973
974 $ilDB = $DIC['ilDB'];
975
976 $query = "SELECT * FROM rbac_pa " .
977 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
978 "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
979
980 $res = $ilDB->query($query);
981 while ($row = $ilDB->fetchObject($res)) {
982 $ops = unserialize($row->ops_id);
983 }
984
985 return $ops ? $ops : array();
986 }
987
995 public function getOperationsOnType($a_typ_id)
996 {
997 global $DIC;
998
999 $ilDB = $DIC['ilDB'];
1000
1001 if (!isset($a_typ_id)) {
1002 $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
1003 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1004 }
1005
1006 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1007
1008 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
1009 'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
1010 'ORDER BY op_order';
1011
1012 $res = $ilDB->query($query);
1013
1014 while ($row = $ilDB->fetchObject($res)) {
1015 $ops_id[] = $row->ops_id;
1016 }
1017
1018 return $ops_id ? $ops_id : array();
1019 }
1020
1029 public function getOperationsOnTypeString($a_type)
1030 {
1031 global $DIC;
1032
1033 $ilDB = $DIC['ilDB'];
1034
1035 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
1036
1037
1038 $res = $this->ilDB->query($query);
1039 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1040 return $this->getOperationsOnType($row->obj_id);
1041 }
1042 return false;
1043 }
1044
1052 public function getOperationsByTypeAndClass($a_type, $a_class)
1053 {
1054 global $DIC;
1055
1056 $ilDB = $DIC['ilDB'];
1057
1058 if ($a_class != 'create') {
1059 $condition = "AND class != " . $ilDB->quote('create', 'text');
1060 } else {
1061 $condition = "AND class = " . $ilDB->quote('create', 'text');
1062 }
1063
1064 $query = "SELECT ro.ops_id FROM rbac_operations ro " .
1065 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
1066 "JOIN object_data od ON rt.typ_id = od.obj_id " .
1067 "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
1068 "AND title = " . $ilDB->quote($a_type, 'text') . " " .
1069 $condition . " " .
1070 "ORDER BY op_order ";
1071
1072 $res = $ilDB->query($query);
1073
1074 $ops = array();
1075 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1076 $ops[] = $row->ops_id;
1077 }
1078 return $ops;
1079 }
1080
1081
1091 public function getObjectsWithStopedInheritance($a_rol_id, $a_filter = array())
1092 {
1093 global $DIC;
1094
1095 $ilDB = $DIC['ilDB'];
1096
1097 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1098 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1099 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1100
1101 $query = 'SELECT parent p FROM rbac_fa ' .
1102 'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1103 'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1104
1105 if ($a_filter) {
1106 $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1107 }
1108
1109 $res = $ilDB->query($query);
1110 $parent = array();
1111 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1112 $parent[] = $row->p;
1113 }
1114 return $parent;
1115 }
1116
1124 public function isDeleted($a_node_id)
1125 {
1126 global $DIC;
1127
1128 $ilDB = $DIC['ilDB'];
1129
1130 $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1131 $r = $this->ilDB->query($q);
1132
1133 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1134
1135 if (!$row) {
1136 $message = sprintf(
1137 '%s::isDeleted(): Role folder with ref_id %s not found!',
1138 get_class($this),
1139 $a_node_id
1140 );
1141 $this->log->write($message, $this->log->FATAL);
1142
1143 return true;
1144 }
1145
1146 // rolefolder is deleted
1147 if ($row->tree < 0) {
1148 return true;
1149 }
1150
1151 return false;
1152 }
1153
1160 public function isGlobalRole($a_role_id)
1161 {
1162 return in_array($a_role_id, $this->getGlobalRoles());
1163 }
1164
1174 public function getRolesByFilter($a_filter = 0, $a_user_id = 0, $title_filter = '')
1175 {
1176 global $DIC;
1177
1178 $ilDB = $DIC['ilDB'];
1179
1180 $assign = "y";
1181
1182 switch ($a_filter) {
1183 // all (assignable) roles
1184 case self::FILTER_ALL:
1185 return $this->getAssignableRoles(true, true, $title_filter);
1186 break;
1187
1188 // all (assignable) global roles
1189 case self::FILTER_ALL_GLOBAL:
1190 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1191 break;
1192
1193 // all (assignable) local roles
1194 case self::FILTER_ALL_LOCAL:
1195 case self::FILTER_INTERNAL:
1196 case self::FILTER_NOT_INTERNAL:
1197 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1198 break;
1199
1200 // all role templates
1201 case self::FILTER_TEMPLATES:
1202 $where = "WHERE object_data.type = 'rolt'";
1203 $assign = "n";
1204 break;
1205
1206 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1207 case 0:
1208 default:
1209 if (!$a_user_id) {
1210 return array();
1211 }
1212
1213 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1214 break;
1215 }
1216
1217 $roles = array();
1218
1219 $query = "SELECT * FROM object_data " .
1220 "JOIN rbac_fa ON obj_id = rol_id " .
1221 $where .
1222 "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1223
1224 if (strlen($title_filter)) {
1225 $query .= (' AND ' . $ilDB->like(
1226 'title',
1227 'text',
1228 '%' . $title_filter . '%'
1229 ));
1230 }
1231
1232 $res = $ilDB->query($query);
1233 while ($row = $ilDB->fetchAssoc($res)) {
1234 $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1235
1236 // all (assignable) internal local roles only
1237 if ($a_filter == 4 and !$prefix) {
1238 continue;
1239 }
1240
1241 // all (assignable) non internal local roles only
1242 if ($a_filter == 5 and $prefix) {
1243 continue;
1244 }
1245
1246 $row["desc"] = $row["description"];
1247 $row["user_id"] = $row["owner"];
1248 $roles[] = $row;
1249 }
1250
1251 $roles = $this->__setRoleType($roles);
1252
1253 return $roles ? $roles : array();
1254 }
1255
1263 public function getTypeId($a_type)
1264 {
1265 global $DIC;
1266
1267 $ilDB = $DIC['ilDB'];
1268
1269 $q = "SELECT obj_id FROM object_data " .
1270 "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1271 $r = $ilDB->query($q);
1272
1273 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1274 return $row->obj_id;
1275 }
1276
1287 public static function _getOperationIdsByName($operations)
1288 {
1289 global $DIC;
1290
1291 $ilDB = $DIC['ilDB'];
1292
1293 if (!count($operations)) {
1294 return array();
1295 }
1296
1297 $query = 'SELECT ops_id FROM rbac_operations ' .
1298 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1299
1300 $res = $ilDB->query($query);
1301 while ($row = $ilDB->fetchObject($res)) {
1302 $ops_ids[] = $row->ops_id;
1303 }
1304 return $ops_ids ? $ops_ids : array();
1305 }
1306
1315 public static function _getOperationIdByName($a_operation)
1316 {
1317 global $DIC;
1318
1319 $ilDB = $DIC['ilDB'];
1320 $ilErr = $DIC['ilErr'];
1321
1322 if (!isset($a_operation)) {
1323 $message = "perm::getOperationId(): No operation given!";
1324 $ilErr->raiseError($message, $ilErr->WARNING);
1325 }
1326
1327 // Cache operation ids
1328 if (!is_array(self::$_opsCache)) {
1329 self::$_opsCache = array();
1330
1331 $q = "SELECT ops_id, operation FROM rbac_operations";
1332 $r = $ilDB->query($q);
1333 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1334 self::$_opsCache[$row->operation] = $row->ops_id;
1335 }
1336 }
1337
1338 // Get operation ID by name from cache
1339 if (array_key_exists($a_operation, self::$_opsCache)) {
1340 return self::$_opsCache[$a_operation];
1341 }
1342 return null;
1343 }
1344
1351 public static function lookupCreateOperationIds($a_type_arr)
1352 {
1353 global $DIC;
1354
1355 $ilDB = $DIC['ilDB'];
1356
1357 $operations = array();
1358 foreach ($a_type_arr as $type) {
1359 $operations[] = ('create_' . $type);
1360 }
1361
1362 if (!count($operations)) {
1363 return array();
1364 }
1365
1366 $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1367 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1368
1369 $res = $ilDB->query($query);
1370
1371 $ops_ids = array();
1372 while ($row = $ilDB->fetchObject($res)) {
1373 $type_arr = explode('_', $row->operation);
1374 $type = $type_arr[1];
1375
1376 $ops_ids[$type] = $row->ops_id;
1377 }
1378 return $ops_ids;
1379 }
1380
1381
1382
1391 public function isProtected($a_ref_id, $a_role_id)
1392 {
1393 global $DIC;
1394
1395 $ilDB = $DIC['ilDB'];
1396
1397 // ref_id not used yet. protected permission acts 'global' for each role,
1398 $query = "SELECT protected FROM rbac_fa " .
1399 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1400 $res = $ilDB->query($query);
1401 $row = $ilDB->fetchAssoc($res);
1402
1403 return ilUtil::yn2tf($row['protected']);
1404 }
1405
1413 public function isBlockedAtPosition($a_role_id, $a_ref_id)
1414 {
1415 global $DIC;
1416
1417 $ilDB = $DIC['ilDB'];
1418
1419 $query = 'SELECT blocked from rbac_fa ' .
1420 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1421 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1422 $res = $ilDB->query($query);
1423 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1424 return (bool) $row->blocked;
1425 }
1426 return false;
1427 }
1428
1434 public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1435 {
1436 global $DIC;
1437
1438 $ilDB = $DIC['ilDB'];
1439 $tree = $DIC['tree'];
1440
1441 if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1442 return false;
1443 }
1444 $query = 'SELECT parent from rbac_fa ' .
1445 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1446 'AND blocked = ' . $ilDB->quote(1, 'integer');
1447 $res = $ilDB->query($query);
1448
1449 $parent_ids = array();
1450 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1451 $parent_ids[] = $row->parent;
1452 }
1453
1454 foreach ($parent_ids as $parent_id) {
1455 if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1456 return true;
1457 }
1458 }
1459 return false;
1460 }
1461
1462 // this method alters the protected status of role regarding the current user's role assignment
1463 // and current postion in the hierarchy.
1464
1476 protected function __setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
1477 {
1478 //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1479
1480 global $DIC;
1481
1482 $rbacsystem = $DIC['rbacsystem'];
1483 $ilUser = $DIC['ilUser'];
1484 $log = $DIC['log'];
1485
1486 if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1487 $leveladmin = true;
1488 } else {
1489 $leveladmin = false;
1490 }
1491 #vd("RoleHierarchy",$a_role_hierarchy);
1492 foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1493 //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1494 #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1495 //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1496
1497 if ($leveladmin == true) {
1498 $a_parent_roles[$role_id]['protected'] = false;
1499 continue;
1500 }
1501
1502 if ($a_parent_roles[$role_id]['protected'] == true) {
1503 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1504
1505 #vd("intersection",$arr_lvl_roles_user);
1506
1507 foreach ($arr_lvl_roles_user as $lvl_role_id) {
1508 #echo "<br/>level_role: ".$lvl_role_id;
1509 #echo "<br/>a_ref_id: ".$a_ref_id;
1510
1511 //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1512 // check if role grants 'edit_permission' to parent
1513 $rolf = $a_parent_roles[$role_id]['parent'];
1514 #$parent_obj = $GLOBALS['DIC']['tree']->getParentId($rolf);
1515 if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1516 #echo "<br />Permission granted";
1517 //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1518 // user may change permissions of that higher-ranked role
1519 $a_parent_roles[$role_id]['protected'] = false;
1520
1521 // remember successful check
1522 //$leveladmin = true;
1523 }
1524 }
1525 }
1526 }
1527 return $a_parent_roles;
1528 }
1529
1540 public static function _getOperationList($a_type = null)
1541 {
1542 global $DIC;
1543
1544 $ilDB = $DIC['ilDB'];
1545
1546 $arr = array();
1547
1548 if ($a_type) {
1549 $query = sprintf(
1550 'SELECT * FROM rbac_operations ' .
1551 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1552 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1553 'WHERE object_data.title = %s ' .
1554 'AND object_data.type = %s ' .
1555 'ORDER BY op_order ASC',
1556 $ilDB->quote($a_type, 'text'),
1557 $ilDB->quote('typ', 'text')
1558 );
1559 } else {
1560 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1561 }
1562 $res = $ilDB->query($query);
1563 while ($row = $ilDB->fetchAssoc($res)) {
1564 $arr[] = array(
1565 "ops_id" => $row['ops_id'],
1566 "operation" => $row['operation'],
1567 "desc" => $row['description'],
1568 "class" => $row['class'],
1569 "order" => $row['op_order']
1570 );
1571 }
1572 return $arr;
1573 }
1574
1581 public static function _groupOperationsByClass($a_ops_arr)
1582 {
1583 $arr = array();
1584
1585 foreach ($a_ops_arr as $ops) {
1586 $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1587 'name' => $ops['operation']
1588 );
1589 }
1590 return $arr;
1591 }
1592
1602 public function getObjectOfRole($a_role_id)
1603 {
1604 // internal cache
1605 static $obj_cache = array();
1606
1607 global $DIC;
1608
1609 $ilDB = $DIC['ilDB'];
1610
1611
1612 if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1613 return $obj_cache[$a_role_id];
1614 }
1615
1616 $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1617 'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1618 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1619 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1620 'AND deleted IS NULL';
1621
1622 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1623 # "JOIN tree ON rfa.parent = tree.child ".
1624 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1625 # "WHERE tree.tree = 1 ".
1626 # "AND assign = 'y' ".
1627 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1628 $res = $ilDB->query($query);
1629
1630 $obj_cache[$a_role_id] = 0;
1631 while ($row = $ilDB->fetchObject($res)) {
1632 $obj_cache[$a_role_id] = $row->obj_id;
1633 }
1634 return $obj_cache[$a_role_id];
1635 }
1636
1643 public function getObjectReferenceOfRole($a_role_id)
1644 {
1645 global $DIC;
1646
1647 $ilDB = $DIC['ilDB'];
1648
1649 $query = 'SELECT parent p_ref FROM rbac_fa ' .
1650 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1651 'AND assign = ' . $ilDB->quote('y', 'text');
1652
1653 $res = $ilDB->query($query);
1654 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1655 return $row->p_ref;
1656 }
1657 return 0;
1658 }
1659
1667 public function isRoleDeleted($a_role_id)
1668 {
1669 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1670 $deleted = true;
1671 if (count($rolf_list)) {
1672 foreach ($rolf_list as $rolf) {
1673 // only list roles that are not set to status "deleted"
1674 if (!$this->isDeleted($rolf)) {
1675 $deleted = false;
1676 break;
1677 }
1678 }
1679 }
1680 return $deleted;
1681 }
1682
1683
1691 public function getRolesForIDs($role_ids, $use_templates)
1692 {
1693 global $DIC;
1694
1695 $ilDB = $DIC['ilDB'];
1696
1697 $role_list = array();
1698
1699 $where = $this->__setTemplateFilter($use_templates);
1700
1701 $query = "SELECT * FROM object_data " .
1702 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1703 $where .
1704 "AND rbac_fa.assign = 'y' " .
1705 'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1706
1707 $res = $ilDB->query($query);
1708 while ($row = $ilDB->fetchAssoc($res)) {
1709 $row["desc"] = $row["description"];
1710 $row["user_id"] = $row["owner"];
1711 $role_list[] = $row;
1712 }
1713
1714 $role_list = $this->__setRoleType($role_list);
1715 return $role_list;
1716 }
1717
1723 public function getOperationAssignment()
1724 {
1725 global $DIC;
1726
1727 $ilDB = $DIC['ilDB'];
1728
1729 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1730 'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1731 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1732 $res = $ilDB->query($query);
1733
1734 $counter = 0;
1735 while ($row = $ilDB->fetchObject($res)) {
1736 $info[$counter]['typ_id'] = $row->typ_id;
1737 $info[$counter]['type'] = $row->title;
1738 $info[$counter]['ops_id'] = $row->ops_id;
1739 $info[$counter]['operation'] = $row->operation;
1740 $counter++;
1741 }
1742 return $info ? $info : array();
1743 }
1744
1752 public function isDeleteable($a_role_id, $a_rolf_id)
1753 {
1754 if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1755 return false;
1756 }
1757 if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1758 return false;
1759 }
1760 if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1761 return false;
1762 }
1763 return true;
1764 }
1765
1772 public function isSystemGeneratedRole($a_role_id)
1773 {
1774 $title = ilObject::_lookupTitle($a_role_id);
1775 return substr($title, 0, 3) == 'il_' ? true : false;
1776 }
1777
1778
1786 public function getRoleFolderOfRole($a_role_id)
1787 {
1788 global $DIC;
1789
1790 $ilDB = $DIC['ilDB'];
1791
1792 if (ilObject::_lookupType($a_role_id) == 'role') {
1793 $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1794 } else {
1795 $and = '';
1796 }
1797
1798 $query = 'SELECT * FROM rbac_fa ' .
1799 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1800 $and;
1801 $res = $ilDB->query($query);
1802 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1803 return $row->parent;
1804 }
1805 return 0;
1806 }
1807
1815 public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1816 {
1817 global $DIC;
1818
1819 $ilDB = $DIC['ilDB'];
1820
1821 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1822 "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1823 "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1824 "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1825
1826 $res = $ilDB->query($query);
1827 $all_ops = array();
1828 while ($row = $ilDB->fetchObject($res)) {
1829 $ops = unserialize($row->ops_id);
1830 $all_ops = array_merge($all_ops, $ops);
1831 }
1832 $all_ops = array_unique($all_ops);
1833
1834 $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1835 " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1836 $perms = array();
1837 while ($rec = $ilDB->fetchAssoc($set)) {
1838 $perms[] = $rec["operation"];
1839 }
1840
1841 return $perms;
1842 }
1843
1850 public function setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
1851 {
1852 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1853 }
1854
1861 public function getAssignedCacheEntry($a_role_id, $a_user_id)
1862 {
1863 return self::$is_assigned_cache[$a_role_id][$a_user_id];
1864 }
1865
1869 public function clearCaches()
1870 {
1871 self::$is_assigned_cache = array();
1872 self::$assigned_users_cache = array();
1873 }
1874} // END class.ilRbacReview
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
php
An exception for terminatinating execution or to throw for unit testing.
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:154
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:20
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node @access public.
Definition: class.ilRbacReview.php:299
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1174
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1263
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1581
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:754
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
Definition: class.ilRbacReview.php:506
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:928
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role @access public
Definition: class.ilRbacReview.php:413
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:734
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
Definition: class.ilRbacReview.php:1315
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
Definition: class.ilRbacReview.php:1124
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:79
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:1052
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:353
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
Definition: class.ilRbacReview.php:1476
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:684
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:900
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:724
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1160
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:645
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:802
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:612
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:970
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1413
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:589
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:151
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1869
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1391
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:527
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:995
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
Definition: class.ilRbacReview.php:1540
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1772
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
Definition: class.ilRbacReview.php:183
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users') @access public
Definition: class.ilRbacReview.php:784
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1667
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles (not properly deleted user accounts are not counted)
Definition: class.ilRbacReview.php:387
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1434
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:117
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1786
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role @access public
Definition: class.ilRbacReview.php:450
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id's by name.
Definition: class.ilRbacReview.php:1287
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
Definition: class.ilRbacReview.php:554
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1861
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1643
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1091
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1850
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:769
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:1029
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1815
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
@global ilDB $ilDB
Definition: class.ilRbacReview.php:1691
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository @access public.
Definition: class.ilRbacReview.php:267
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1723
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id @access public
Definition: class.ilRbacReview.php:845
ilRbacReview\__construct
__construct()
Constructor @access public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1602
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
Definition: class.ilRbacReview.php:326
ilRbacReview\getOperations
getOperations()
get all possible operations @access public
Definition: class.ilRbacReview.php:822
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
Definition: class.ilRbacReview.php:225
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1752
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:484
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:871
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:2983
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$key
$key
Definition: croninfo.php:18
$r
$r
Definition: example_031.php:79
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$ilBench
global $ilBench
Definition: ilias.php:18
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$info
$info
Definition: index.php:5
$row
$row
Definition: migrateto20.php:360
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
$query
$query
Definition: proxy_ylocal.php:13
$type
$type
Definition: proxy_ylocal.php:10
$ilErr
$ilErr
Definition: raiseError.php:18
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$ilUser
$ilUser
Definition: imgupload.php:18
$a_type
$a_type
Definition: workflow.php:92