ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
19 class ilRbacReview
20 {
21  const FILTER_ALL = 1;
22  const FILTER_ALL_GLOBAL = 2;
23  const FILTER_ALL_LOCAL = 3;
24  const FILTER_INTERNAL = 4;
25  const FILTER_NOT_INTERNAL = 5;
26  const FILTER_TEMPLATES = 6;
27 
28  // Cache operation ids
29  private static $_opsCache = null;
30 
34  protected static $assigned_users_cache = array();
35 
39  protected static $is_assigned_cache = array();
40 
44  protected $log;
45 
50  public function __construct()
51  {
52  global $DIC;
53 
54  $ilDB = $DIC['ilDB'];
55  $ilErr = $DIC['ilErr'];
56  $ilias = $DIC['ilias'];
57 
58  $this->log = ilLoggerFactory::getLogger('ac');
59 
60  // set db & error handler
61  (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
62 
63  if (!isset($ilErr)) {
64  $ilErr = new ilErrorHandling();
65  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
66  } else {
67  $this->ilErr = &$ilErr;
68  }
69  }
70 
79  public function roleExists($a_title, $a_id = 0)
80  {
81  global $DIC;
82 
83  $ilDB = $DIC['ilDB'];
84 
85  if (empty($a_title)) {
86  $message = get_class($this) . "::roleExists(): No title given!";
87  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
88  }
89 
90  $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
91 
92  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
93  "WHERE title =" . $ilDB->quote($a_title) . " " .
94  "AND type IN('role','rolt')" .
95  $clause . " ";
96  $r = $this->ilDB->query($q);
97 
98  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
99  return $row->obj_id;
100  }
101  return false;
102  }
103 
117  protected function __getParentRoles($a_path, $a_templates)
118  {
119  if (!isset($a_path) or !is_array($a_path)) {
120  $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
121  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
122  }
123 
124  $parent_roles = array();
125  $role_hierarchy = array();
126 
127  foreach ($a_path as $ref_id) {
128  $roles = $this->getRoleListByObject($ref_id, $a_templates);
129  foreach ($roles as $role) {
130  $id = $role["obj_id"];
131  $role["parent"] = $ref_id;
132  $parent_roles[$id] = $role;
133 
134  if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
135  $role_hierarchy[$id] = $ref_id;
136  }
137  }
138  }
139  return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
140  }
141 
151  public function getParentRoleIds($a_endnode_id, $a_templates = false)
152  {
153  global $DIC;
154 
155  $tree = $DIC['tree'];
156 
157  if (!isset($a_endnode_id)) {
158  $GLOBALS['DIC']['ilLog']->logStack();
159  $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
160  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
161  }
162 
163  //var_dump($a_endnode_id);exit;
164  //$log->write("ilRBACreview::getParentRoleIds(), 0");
165  $pathIds = $tree->getPathId($a_endnode_id);
166 
167  // add system folder since it may not in the path
168  //$pathIds[0] = SYSTEM_FOLDER_ID;
169  $pathIds[0] = ROLE_FOLDER_ID;
170  //$log->write("ilRBACreview::getParentRoleIds(), 1");
171  #return $this->getParentRoles($a_endnode_id,$a_templates,$a_keep_protected);
172  return $this->__getParentRoles($pathIds, $a_templates);
173  }
174 
183  public function getRoleListByObject($a_ref_id, $a_templates = false)
184  {
185  global $DIC;
186 
187  $ilDB = $DIC['ilDB'];
188 
189  if (!isset($a_ref_id) or !isset($a_templates)) {
190  $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
191  "ref_id: " . $a_ref_id .
192  "tpl_flag: " . $a_templates;
193  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
194  }
195 
196  $role_list = array();
197 
198  $where = $this->__setTemplateFilter($a_templates);
199 
200  $query = "SELECT * FROM object_data " .
201  "JOIN rbac_fa ON obj_id = rol_id " .
202  $where .
203  "AND object_data.obj_id = rbac_fa.rol_id " .
204  "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
205 
206  $res = $ilDB->query($query);
207  while ($row = $ilDB->fetchAssoc($res)) {
208  $row["desc"] = $row["description"];
209  $row["user_id"] = $row["owner"];
210  $role_list[] = $row;
211  }
212 
213  $role_list = $this->__setRoleType($role_list);
214 
215  return $role_list;
216  }
217 
225  public function getAssignableRoles($a_templates = false, $a_internal_roles = false, $title_filter = '')
226  {
227  global $DIC;
228 
229  $ilDB = $DIC['ilDB'];
230 
231  $role_list = array();
232 
233  $where = $this->__setTemplateFilter($a_templates);
234 
235  $query = "SELECT * FROM object_data " .
236  "JOIN rbac_fa ON obj_id = rol_id " .
237  $where .
238  "AND rbac_fa.assign = 'y' ";
239 
240  if (strlen($title_filter)) {
241  $query .= (' AND ' . $ilDB->like(
242  'title',
243  'text',
244  $title_filter . '%'
245  ));
246  }
247  $res = $ilDB->query($query);
248 
249  while ($row = $ilDB->fetchAssoc($res)) {
250  $row["desc"] = $row["description"];
251  $row["user_id"] = $row["owner"];
252  $role_list[] = $row;
253  }
254 
255  $role_list = $this->__setRoleType($role_list);
256 
257  return $role_list;
258  }
259 
267  public function getAssignableRolesInSubtree($ref_id)
268  {
269  global $DIC;
270 
271  $ilDB = $DIC['ilDB'];
272 
273  $query = 'SELECT rol_id FROM rbac_fa fa ' .
274  'JOIN tree t1 ON t1.child = fa.parent ' .
275  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
276  'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
277  'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
278  'AND t1.child IN (' .
279  $GLOBALS['DIC']['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
280  ') ';
281 
282 
283  $res = $ilDB->query($query);
284 
285  $role_list = array();
286  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
287  $role_list[] = $row->rol_id;
288  }
289  return $role_list;
290  }
291 
299  public function getAssignableChildRoles($a_ref_id)
300  {
301  global $DIC;
302 
303  $ilDB = $DIC['ilDB'];
304 
305  $query = "SELECT fa.*, rd.* " .
306  "FROM object_data rd " .
307  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
308  "WHERE fa.assign = 'y' " .
309  "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
310  ;
311 
312  $res = $ilDB->query($query);
313  while ($row = $ilDB->fetchAssoc($res)) {
314  $roles_data[] = $row;
315  }
316  return $roles_data ? $roles_data : array();
317  }
318 
326  protected function __setTemplateFilter($a_templates)
327  {
328  global $DIC;
329 
330  $ilDB = $DIC['ilDB'];
331 
332  if ($a_templates === true) {
333  $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
334  } else {
335  $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
336  }
337 
338  return $where;
339  }
340 
353  protected function __setRoleType($a_role_list)
354  {
355  foreach ($a_role_list as $key => $val) {
356  // determine role type
357  if ($val["type"] == "rolt") {
358  $a_role_list[$key]["role_type"] = "template";
359  } else {
360  if ($val["assign"] == "y") {
361  if ($val["parent"] == ROLE_FOLDER_ID) {
362  $a_role_list[$key]["role_type"] = "global";
363  } else {
364  $a_role_list[$key]["role_type"] = "local";
365  }
366  } else {
367  $a_role_list[$key]["role_type"] = "linked";
368  }
369  }
370 
371  if ($val["protected"] == "y") {
372  $a_role_list[$key]["protected"] = true;
373  } else {
374  $a_role_list[$key]["protected"] = false;
375  }
376  }
377 
378  return $a_role_list;
379  }
380 
387  public function getNumberOfAssignedUsers(array $a_roles)
388  {
389  global $DIC;
390 
391  $ilDB = $DIC->database();
392 
393  $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
394  'join object_data on ua.usr_id = obj_id ' .
395  'join usr_data ud on ua.usr_id = ud.usr_id ' .
396  'where ' . $ilDB->in('rol_id', $a_roles, false, 'integer');
397 
398  $res = $ilDB->query($query);
399  if ($res->numRows()) {
400  $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
401  return $row->num;
402  }
403  return 0;
404  }
405 
406 
413  public function assignedUsers($a_rol_id)
414  {
415  global $DIC;
416 
417  $ilBench = $DIC['ilBench'];
418  $ilDB = $DIC['ilDB'];
419 
420  if (!isset($a_rol_id)) {
421  $message = get_class($this) . "::assignedUsers(): No role_id given!";
422  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
423  }
424  if (isset(self::$assigned_users_cache[$a_rol_id])) {
425  return self::$assigned_users_cache[$a_rol_id];
426  }
427 
428  $result_arr = array();
429 
430  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
431  $res = $ilDB->query($query);
432  while ($row = $ilDB->fetchAssoc($res)) {
433  array_push($result_arr, $row["usr_id"]);
434  }
435 
436  self::$assigned_users_cache[$a_rol_id] = $result_arr;
437 
438  return $result_arr;
439  }
440 
441 
450  public function isAssigned($a_usr_id, $a_role_id)
451  {
452  if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
453  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
454  }
455  // Quickly determine if user is assigned to a role
456  global $DIC;
457 
458  $ilDB = $DIC['ilDB'];
459 
460  $ilDB->setLimit(1, 0);
461  $query = "SELECT usr_id FROM rbac_ua WHERE " .
462  "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
463  "AND usr_id= " . $ilDB->quote($a_usr_id);
464  $res = $ilDB->query($query);
465 
466  $is_assigned = $res->numRows() == 1;
467  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
468 
469  return $is_assigned;
470  }
471 
484  public function isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
485  {
486  global $DIC;
487 
488  $ilDB = $DIC['ilDB'];
489 
490  $ilDB->setLimit(1, 0);
491  $query = "SELECT usr_id FROM rbac_ua WHERE " .
492  $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
493  " AND usr_id= " . $ilDB->quote($a_usr_id);
494  $res = $ilDB->query($query);
495 
496  return $ilDB->numRows($res) == 1;
497  }
498 
506  public function assignedRoles($a_usr_id)
507  {
508  global $DIC;
509 
510  $ilDB = $DIC->database();
511 
512  $role_arr = [];
513  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
514 
515  $res = $ilDB->query($query);
516  while ($row = $ilDB->fetchObject($res)) {
517  $role_arr[] = $row->rol_id;
518  }
519  return $role_arr;
520  }
521 
527  public function assignedGlobalRoles($a_usr_id)
528  {
529  global $DIC;
530 
531  $ilDB = $DIC['ilDB'];
532 
533  $query = "SELECT ua.rol_id FROM rbac_ua ua " .
534  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
535  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
536  "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
537  "AND assign = 'y' ";
538 
539  $res = $ilDB->query($query);
540  while ($row = $ilDB->fetchObject($res)) {
541  $role_arr[] = $row->rol_id;
542  }
543  return $role_arr ? $role_arr : array();
544  }
545 
554  public function isAssignable($a_rol_id, $a_ref_id)
555  {
556  global $DIC;
557 
558  $ilBench = $DIC['ilBench'];
559  $ilDB = $DIC['ilDB'];
560 
561  $ilBench->start("RBAC", "review_isAssignable");
562 
563  // exclude system role from rbac
564  if ($a_rol_id == SYSTEM_ROLE_ID) {
565  $ilBench->stop("RBAC", "review_isAssignable");
566  return true;
567  }
568 
569  if (!isset($a_rol_id) or !isset($a_ref_id)) {
570  $message = get_class($this) . "::isAssignable(): Missing parameter!" .
571  " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
572  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
573  }
574  $query = "SELECT * FROM rbac_fa " .
575  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
576  "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
577  $res = $ilDB->query($query);
578  $row = $ilDB->fetchObject($res);
579 
580  $ilBench->stop("RBAC", "review_isAssignable");
581  return $row->assign == 'y' ? true : false;
582  }
583 
589  public function hasMultipleAssignments($a_role_id)
590  {
591  global $DIC;
592 
593  $ilDB = $DIC['ilDB'];
594 
595  $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
596  "AND assign = " . $ilDB->quote('y', 'text');
597  $res = $ilDB->query($query);
598  return $res->numRows() > 1;
599  }
600 
612  public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
613  {
614  global $DIC;
615 
616  $ilDB = $DIC['ilDB'];
617 
618  if (!isset($a_rol_id)) {
619  $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
620  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
621  }
622 
623  if ($a_assignable) {
624  $where = " AND assign ='y'";
625  }
626 
627  $query = "SELECT DISTINCT parent FROM rbac_fa " .
628  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
629 
630  $res = $ilDB->query($query);
631  $folders = [];
632  while ($row = $ilDB->fetchObject($res)) {
633  $folders[] = $row->parent;
634  }
635  return $folders;
636  }
637 
645  public function getRolesOfObject($a_ref_id, $a_assignable_only = false)
646  {
647  global $DIC;
648 
649  $ilDB = $DIC['ilDB'];
650 
651  if (!isset($a_ref_id)) {
652  $GLOBALS['DIC']['ilLog']->logStack();
653  throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
654  }
655  if ($a_assignable_only === true) {
656  $and = 'AND assign = ' . $ilDB->quote('y', 'text');
657  }
658  $query = "SELECT rol_id FROM rbac_fa " .
659  "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
660  $and;
661 
662  $res = $ilDB->query($query);
663 
664  $role_ids = array();
665  while ($row = $ilDB->fetchObject($res)) {
666  $role_ids[] = $row->rol_id;
667  }
668  return $role_ids;
669  }
670 
671 
672 
673 
684  public function getRolesOfRoleFolder($a_ref_id, $a_nonassignable = true)
685  {
686  global $DIC;
687 
688  $ilBench = $DIC['ilBench'];
689  $ilDB = $DIC['ilDB'];
690  $ilLog = $DIC['ilLog'];
691 
692  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
693 
694  if (!isset($a_ref_id)) {
695  $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
696  ilLoggerFactory::getLogger('ac')->logStack();
697  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
698  }
699 
700  if ($a_nonassignable === false) {
701  $and = " AND assign='y'";
702  }
703 
704  $query = "SELECT rol_id FROM rbac_fa " .
705  "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
706  $and;
707 
708  $res = $ilDB->query($query);
709  while ($row = $ilDB->fetchObject($res)) {
710  $rol_id[] = $row->rol_id;
711  }
712 
713  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
714 
715  return $rol_id ? $rol_id : array();
716  }
717 
724  public function getGlobalRoles()
725  {
726  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
727  }
728 
734  public function getLocalRoles($a_ref_id)
735  {
736  global $DIC;
737 
738  $ilDB = $DIC['ilDB'];
739 
740  $lroles = array();
741  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
742  if ($this->isAssignable($role_id, $a_ref_id)) {
743  $lroles[] = $role_id;
744  }
745  }
746  return $lroles;
747  }
748 
754  public function getLocalPolicies($a_ref_id)
755  {
756  $lroles = array();
757  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
758  $lroles[] = $role_id;
759  }
760  return $lroles;
761  }
762 
769  public function getGlobalRolesArray()
770  {
771  foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
772  $ga[] = array('obj_id' => $role_id,
773  'role_type' => 'global');
774  }
775  return $ga ? $ga : array();
776  }
777 
784  public function getGlobalAssignableRoles()
785  {
786  include_once './Services/AccessControl/classes/class.ilObjRole.php';
787 
788  foreach ($this->getGlobalRoles() as $role_id) {
789  if (ilObjRole::_getAssignUsersStatus($role_id)) {
790  $ga[] = array('obj_id' => $role_id,
791  'role_type' => 'global');
792  }
793  }
794  return $ga ? $ga : array();
795  }
796 
797 
802  public function isRoleAssignedToObject($a_role_id, $a_parent_id)
803  {
804  global $DIC;
805 
806  $rbacreview = $DIC['rbacreview'];
807  $ilDB = $DIC['ilDB'];
808 
809  $query = 'SELECT * FROM rbac_fa ' .
810  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
811  'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
812  $res = $ilDB->query($query);
813  return $res->numRows() ? true : false;
814  }
815 
822  public function getOperations()
823  {
824  global $DIC;
825 
826  $ilDB = $DIC['ilDB'];
827 
828  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
829  $res = $this->ilDB->query($query);
830  while ($row = $ilDB->fetchObject($res)) {
831  $ops[] = array('ops_id' => $row->ops_id,
832  'operation' => $row->operation,
833  'description' => $row->description);
834  }
835 
836  return $ops ? $ops : array();
837  }
838 
845  public function getOperation($ops_id)
846  {
847  global $DIC;
848 
849  $ilDB = $DIC['ilDB'];
850 
851  $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
852  $res = $this->ilDB->query($query);
853  while ($row = $ilDB->fetchObject($res)) {
854  $ops = array('ops_id' => $row->ops_id,
855  'operation' => $row->operation,
856  'description' => $row->description);
857  }
858 
859  return $ops ? $ops : array();
860  }
861 
871  public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
872  {
873  global $DIC;
874 
875  $ilDB = $DIC['ilDB'];
876 
877  if (!$a_parent) {
878  $a_parent = ROLE_FOLDER_ID;
879  }
880 
881  $query = "SELECT ops_id,type FROM rbac_templates " .
882  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
883  "AND parent = " . $ilDB->quote($a_parent, 'integer');
884  $res = $ilDB->query($query);
885 
886  $ops_arr = array();
887  while ($row = $ilDB->fetchObject($res)) {
888  $ops_arr[$row->type][] = $row->ops_id;
889  }
890  return (array) $ops_arr;
891  }
892 
900  public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
901  {
902  global $DIC;
903 
904  $ilDB = $DIC['ilDB'];
905 
906  $query = 'SELECT * FROM rbac_pa ' .
907  'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
908  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
909 
910  $res = $ilDB->query($query);
911  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
912  return unserialize($row['ops_id']);
913  }
914  return array();
915  }
916 
917 
928  public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
929  {
930  global $DIC;
931 
932  $ilDB = $DIC['ilDB'];
933  $ilLog = $DIC['ilLog'];
934 
935  if (!isset($a_rol_id) or !isset($a_type)) {
936  $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
937  "role_id: " . $a_rol_id .
938  "type: " . $a_type .
939  "parent_id: " . $a_parent;
940  $ilLog->logStack("Missing parameter! ");
941  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
942  }
943 
944  $ops_arr = array();
945 
946  // if no rolefolder id is given, assume global role folder as target
947  if ($a_parent == 0) {
948  $a_parent = ROLE_FOLDER_ID;
949  }
950 
951  $query = "SELECT ops_id FROM rbac_templates " .
952  "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
953  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
954  "AND parent = " . $ilDB->quote($a_parent, 'integer');
955  $res = $ilDB->query($query);
956  while ($row = $ilDB->fetchObject($res)) {
957  $ops_arr[] = $row->ops_id;
958  }
959 
960  return $ops_arr;
961  }
962 
970  public function getRoleOperationsOnObject($a_role_id, $a_ref_id)
971  {
972  global $DIC;
973 
974  $ilDB = $DIC['ilDB'];
975 
976  $query = "SELECT * FROM rbac_pa " .
977  "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
978  "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
979 
980  $res = $ilDB->query($query);
981  while ($row = $ilDB->fetchObject($res)) {
982  $ops = unserialize($row->ops_id);
983  }
984 
985  return $ops ? $ops : array();
986  }
987 
995  public function getOperationsOnType($a_typ_id)
996  {
997  global $DIC;
998 
999  $ilDB = $DIC['ilDB'];
1000 
1001  if (!isset($a_typ_id)) {
1002  $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
1003  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1004  }
1005 
1006  #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1007 
1008  $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
1009  'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
1010  'ORDER BY op_order';
1011 
1012  $res = $ilDB->query($query);
1013 
1014  while ($row = $ilDB->fetchObject($res)) {
1015  $ops_id[] = $row->ops_id;
1016  }
1017 
1018  return $ops_id ? $ops_id : array();
1019  }
1020 
1029  public function getOperationsOnTypeString($a_type)
1030  {
1031  global $DIC;
1032 
1033  $ilDB = $DIC['ilDB'];
1034 
1035  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
1036 
1037 
1038  $res = $this->ilDB->query($query);
1039  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1040  return $this->getOperationsOnType($row->obj_id);
1041  }
1042  return false;
1043  }
1044 
1052  public function getOperationsByTypeAndClass($a_type, $a_class)
1053  {
1054  global $DIC;
1055 
1056  $ilDB = $DIC['ilDB'];
1057 
1058  if ($a_class != 'create') {
1059  $condition = "AND class != " . $ilDB->quote('create', 'text');
1060  } else {
1061  $condition = "AND class = " . $ilDB->quote('create', 'text');
1062  }
1063 
1064  $query = "SELECT ro.ops_id FROM rbac_operations ro " .
1065  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
1066  "JOIN object_data od ON rt.typ_id = od.obj_id " .
1067  "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
1068  "AND title = " . $ilDB->quote($a_type, 'text') . " " .
1069  $condition . " " .
1070  "ORDER BY op_order ";
1071 
1072  $res = $ilDB->query($query);
1073 
1074  $ops = array();
1075  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1076  $ops[] = $row->ops_id;
1077  }
1078  return $ops;
1079  }
1080 
1081 
1091  public function getObjectsWithStopedInheritance($a_rol_id, $a_filter = array())
1092  {
1093  global $DIC;
1094 
1095  $ilDB = $DIC['ilDB'];
1096 
1097  #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1098  # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1099  # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1100 
1101  $query = 'SELECT parent p FROM rbac_fa ' .
1102  'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1103  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1104 
1105  if ($a_filter) {
1106  $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1107  }
1108 
1109  $res = $ilDB->query($query);
1110  $parent = array();
1111  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1112  $parent[] = $row->p;
1113  }
1114  return $parent;
1115  }
1116 
1124  public function isDeleted($a_node_id)
1125  {
1126  global $DIC;
1127 
1128  $ilDB = $DIC['ilDB'];
1129 
1130  $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1131  $r = $this->ilDB->query($q);
1132 
1133  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1134 
1135  if (!$row) {
1136  $message = sprintf(
1137  '%s::isDeleted(): Role folder with ref_id %s not found!',
1138  get_class($this),
1139  $a_node_id
1140  );
1141  $this->log->write($message, $this->log->FATAL);
1142 
1143  return true;
1144  }
1145 
1146  // rolefolder is deleted
1147  if ($row->tree < 0) {
1148  return true;
1149  }
1150 
1151  return false;
1152  }
1153 
1160  public function isGlobalRole($a_role_id)
1161  {
1162  return in_array($a_role_id, $this->getGlobalRoles());
1163  }
1164 
1174  public function getRolesByFilter($a_filter = 0, $a_user_id = 0, $title_filter = '')
1175  {
1176  global $DIC;
1177 
1178  $ilDB = $DIC['ilDB'];
1179 
1180  $assign = "y";
1181 
1182  switch ($a_filter) {
1183  // all (assignable) roles
1184  case self::FILTER_ALL:
1185  return $this->getAssignableRoles(true, true, $title_filter);
1186  break;
1187 
1188  // all (assignable) global roles
1189  case self::FILTER_ALL_GLOBAL:
1190  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1191  break;
1192 
1193  // all (assignable) local roles
1194  case self::FILTER_ALL_LOCAL:
1195  case self::FILTER_INTERNAL:
1196  case self::FILTER_NOT_INTERNAL:
1197  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1198  break;
1199 
1200  // all role templates
1201  case self::FILTER_TEMPLATES:
1202  $where = "WHERE object_data.type = 'rolt'";
1203  $assign = "n";
1204  break;
1205 
1206  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1207  case 0:
1208  default:
1209  if (!$a_user_id) {
1210  return array();
1211  }
1212 
1213  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1214  break;
1215  }
1216 
1217  $roles = array();
1218 
1219  $query = "SELECT * FROM object_data " .
1220  "JOIN rbac_fa ON obj_id = rol_id " .
1221  $where .
1222  "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1223 
1224  if (strlen($title_filter)) {
1225  $query .= (' AND ' . $ilDB->like(
1226  'title',
1227  'text',
1228  '%' . $title_filter . '%'
1229  ));
1230  }
1231 
1232  $res = $ilDB->query($query);
1233  while ($row = $ilDB->fetchAssoc($res)) {
1234  $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1235 
1236  // all (assignable) internal local roles only
1237  if ($a_filter == 4 and !$prefix) {
1238  continue;
1239  }
1240 
1241  // all (assignable) non internal local roles only
1242  if ($a_filter == 5 and $prefix) {
1243  continue;
1244  }
1245 
1246  $row["desc"] = $row["description"];
1247  $row["user_id"] = $row["owner"];
1248  $roles[] = $row;
1249  }
1250 
1251  $roles = $this->__setRoleType($roles);
1252 
1253  return $roles ? $roles : array();
1254  }
1255 
1263  public function getTypeId($a_type)
1264  {
1265  global $DIC;
1266 
1267  $ilDB = $DIC['ilDB'];
1268 
1269  $q = "SELECT obj_id FROM object_data " .
1270  "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1271  $r = $ilDB->query($q);
1272 
1273  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1274  return $row->obj_id;
1275  }
1276 
1287  public static function _getOperationIdsByName($operations)
1288  {
1289  global $DIC;
1290 
1291  $ilDB = $DIC['ilDB'];
1292 
1293  if (!count($operations)) {
1294  return array();
1295  }
1296 
1297  $query = 'SELECT ops_id FROM rbac_operations ' .
1298  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1299 
1300  $res = $ilDB->query($query);
1301  while ($row = $ilDB->fetchObject($res)) {
1302  $ops_ids[] = $row->ops_id;
1303  }
1304  return $ops_ids ? $ops_ids : array();
1305  }
1306 
1315  public static function _getOperationIdByName($a_operation)
1316  {
1317  global $DIC;
1318 
1319  $ilDB = $DIC['ilDB'];
1320  $ilErr = $DIC['ilErr'];
1321 
1322  if (!isset($a_operation)) {
1323  $message = "perm::getOperationId(): No operation given!";
1324  $ilErr->raiseError($message, $ilErr->WARNING);
1325  }
1326 
1327  // Cache operation ids
1328  if (!is_array(self::$_opsCache)) {
1329  self::$_opsCache = array();
1330 
1331  $q = "SELECT ops_id, operation FROM rbac_operations";
1332  $r = $ilDB->query($q);
1333  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1334  self::$_opsCache[$row->operation] = $row->ops_id;
1335  }
1336  }
1337 
1338  // Get operation ID by name from cache
1339  if (array_key_exists($a_operation, self::$_opsCache)) {
1340  return self::$_opsCache[$a_operation];
1341  }
1342  return null;
1343  }
1344 
1351  public static function lookupCreateOperationIds($a_type_arr)
1352  {
1353  global $DIC;
1354 
1355  $ilDB = $DIC['ilDB'];
1356 
1357  $operations = array();
1358  foreach ($a_type_arr as $type) {
1359  $operations[] = ('create_' . $type);
1360  }
1361 
1362  if (!count($operations)) {
1363  return array();
1364  }
1365 
1366  $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1367  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1368 
1369  $res = $ilDB->query($query);
1370 
1371  $ops_ids = array();
1372  while ($row = $ilDB->fetchObject($res)) {
1373  $type_arr = explode('_', $row->operation);
1374  $type = $type_arr[1];
1375 
1376  $ops_ids[$type] = $row->ops_id;
1377  }
1378  return $ops_ids;
1379  }
1380 
1381 
1382 
1391  public function isProtected($a_ref_id, $a_role_id)
1392  {
1393  global $DIC;
1394 
1395  $ilDB = $DIC['ilDB'];
1396 
1397  // ref_id not used yet. protected permission acts 'global' for each role,
1398  $query = "SELECT protected FROM rbac_fa " .
1399  "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1400  $res = $ilDB->query($query);
1401  $row = $ilDB->fetchAssoc($res);
1402 
1403  return ilUtil::yn2tf($row['protected']);
1404  }
1405 
1413  public function isBlockedAtPosition($a_role_id, $a_ref_id)
1414  {
1415  global $DIC;
1416 
1417  $ilDB = $DIC['ilDB'];
1418 
1419  $query = 'SELECT blocked from rbac_fa ' .
1420  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1421  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1422  $res = $ilDB->query($query);
1423  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1424  return (bool) $row->blocked;
1425  }
1426  return false;
1427  }
1428 
1434  public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1435  {
1436  global $DIC;
1437 
1438  $ilDB = $DIC['ilDB'];
1439  $tree = $DIC['tree'];
1440 
1441  if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1442  return false;
1443  }
1444  $query = 'SELECT parent from rbac_fa ' .
1445  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1446  'AND blocked = ' . $ilDB->quote(1, 'integer');
1447  $res = $ilDB->query($query);
1448 
1449  $parent_ids = array();
1450  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1451  $parent_ids[] = $row->parent;
1452  }
1453 
1454  foreach ($parent_ids as $parent_id) {
1455  if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1456  return true;
1457  }
1458  }
1459  return false;
1460  }
1461 
1462  // this method alters the protected status of role regarding the current user's role assignment
1463  // and current postion in the hierarchy.
1464 
1476  protected function __setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
1477  {
1478  //vd('refId',$a_ref_id,'parent roles',$a_parent_roles,'role-hierarchy',$a_role_hierarchy);
1479 
1480  global $DIC;
1481 
1482  $rbacsystem = $DIC['rbacsystem'];
1483  $ilUser = $DIC['ilUser'];
1484  $log = $DIC['log'];
1485 
1486  if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1487  $leveladmin = true;
1488  } else {
1489  $leveladmin = false;
1490  }
1491  #vd("RoleHierarchy",$a_role_hierarchy);
1492  foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1493  //$log->write("ilRBACreview::__setProtectedStatus(), 0");
1494  #echo "<br/>ROLF: ".$rolf_id." ROLE_ID: ".$role_id." (".$a_parent_roles[$role_id]['title'].") ";
1495  //var_dump($leveladmin,$a_parent_roles[$role_id]['protected']);
1496 
1497  if ($leveladmin == true) {
1498  $a_parent_roles[$role_id]['protected'] = false;
1499  continue;
1500  }
1501 
1502  if ($a_parent_roles[$role_id]['protected'] == true) {
1503  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1504 
1505  #vd("intersection",$arr_lvl_roles_user);
1506 
1507  foreach ($arr_lvl_roles_user as $lvl_role_id) {
1508  #echo "<br/>level_role: ".$lvl_role_id;
1509  #echo "<br/>a_ref_id: ".$a_ref_id;
1510 
1511  //$log->write("ilRBACreview::__setProtectedStatus(), 1");
1512  // check if role grants 'edit_permission' to parent
1513  $rolf = $a_parent_roles[$role_id]['parent'];
1514  #$parent_obj = $GLOBALS['DIC']['tree']->getParentId($rolf);
1515  if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1516  #echo "<br />Permission granted";
1517  //$log->write("ilRBACreview::__setProtectedStatus(), 2");
1518  // user may change permissions of that higher-ranked role
1519  $a_parent_roles[$role_id]['protected'] = false;
1520 
1521  // remember successful check
1522  //$leveladmin = true;
1523  }
1524  }
1525  }
1526  }
1527  return $a_parent_roles;
1528  }
1529 
1540  public static function _getOperationList($a_type = null)
1541  {
1542  global $DIC;
1543 
1544  $ilDB = $DIC['ilDB'];
1545 
1546  $arr = array();
1547 
1548  if ($a_type) {
1549  $query = sprintf(
1550  'SELECT * FROM rbac_operations ' .
1551  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1552  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1553  'WHERE object_data.title = %s ' .
1554  'AND object_data.type = %s ' .
1555  'ORDER BY op_order ASC',
1556  $ilDB->quote($a_type, 'text'),
1557  $ilDB->quote('typ', 'text')
1558  );
1559  } else {
1560  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1561  }
1562  $res = $ilDB->query($query);
1563  while ($row = $ilDB->fetchAssoc($res)) {
1564  $arr[] = array(
1565  "ops_id" => $row['ops_id'],
1566  "operation" => $row['operation'],
1567  "desc" => $row['description'],
1568  "class" => $row['class'],
1569  "order" => $row['op_order']
1570  );
1571  }
1572  return $arr;
1573  }
1574 
1581  public static function _groupOperationsByClass($a_ops_arr)
1582  {
1583  $arr = array();
1584 
1585  foreach ($a_ops_arr as $ops) {
1586  $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1587  'name' => $ops['operation']
1588  );
1589  }
1590  return $arr;
1591  }
1592 
1602  public function getObjectOfRole($a_role_id)
1603  {
1604  // internal cache
1605  static $obj_cache = array();
1606 
1607  global $DIC;
1608 
1609  $ilDB = $DIC['ilDB'];
1610 
1611 
1612  if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1613  return $obj_cache[$a_role_id];
1614  }
1615 
1616  $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1617  'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1618  'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1619  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1620  'AND deleted IS NULL';
1621 
1622  #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1623  # "JOIN tree ON rfa.parent = tree.child ".
1624  # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1625  # "WHERE tree.tree = 1 ".
1626  # "AND assign = 'y' ".
1627  # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1628  $res = $ilDB->query($query);
1629 
1630  $obj_cache[$a_role_id] = 0;
1631  while ($row = $ilDB->fetchObject($res)) {
1632  $obj_cache[$a_role_id] = $row->obj_id;
1633  }
1634  return $obj_cache[$a_role_id];
1635  }
1636 
1643  public function getObjectReferenceOfRole($a_role_id)
1644  {
1645  global $DIC;
1646 
1647  $ilDB = $DIC['ilDB'];
1648 
1649  $query = 'SELECT parent p_ref FROM rbac_fa ' .
1650  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1651  'AND assign = ' . $ilDB->quote('y', 'text');
1652 
1653  $res = $ilDB->query($query);
1654  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1655  return $row->p_ref;
1656  }
1657  return 0;
1658  }
1659 
1667  public function isRoleDeleted($a_role_id)
1668  {
1669  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1670  $deleted = true;
1671  if (count($rolf_list)) {
1672  foreach ($rolf_list as $rolf) {
1673  // only list roles that are not set to status "deleted"
1674  if (!$this->isDeleted($rolf)) {
1675  $deleted = false;
1676  break;
1677  }
1678  }
1679  }
1680  return $deleted;
1681  }
1682 
1683 
1691  public function getRolesForIDs($role_ids, $use_templates)
1692  {
1693  global $DIC;
1694 
1695  $ilDB = $DIC['ilDB'];
1696 
1697  $role_list = array();
1698 
1699  $where = $this->__setTemplateFilter($use_templates);
1700 
1701  $query = "SELECT * FROM object_data " .
1702  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1703  $where .
1704  "AND rbac_fa.assign = 'y' " .
1705  'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1706 
1707  $res = $ilDB->query($query);
1708  while ($row = $ilDB->fetchAssoc($res)) {
1709  $row["desc"] = $row["description"];
1710  $row["user_id"] = $row["owner"];
1711  $role_list[] = $row;
1712  }
1713 
1714  $role_list = $this->__setRoleType($role_list);
1715  return $role_list;
1716  }
1717 
1723  public function getOperationAssignment()
1724  {
1725  global $DIC;
1726 
1727  $ilDB = $DIC['ilDB'];
1728 
1729  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1730  'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1731  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1732  $res = $ilDB->query($query);
1733 
1734  $counter = 0;
1735  while ($row = $ilDB->fetchObject($res)) {
1736  $info[$counter]['typ_id'] = $row->typ_id;
1737  $info[$counter]['type'] = $row->title;
1738  $info[$counter]['ops_id'] = $row->ops_id;
1739  $info[$counter]['operation'] = $row->operation;
1740  $counter++;
1741  }
1742  return $info ? $info : array();
1743  }
1744 
1752  public function isDeleteable($a_role_id, $a_rolf_id)
1753  {
1754  if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1755  return false;
1756  }
1757  if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1758  return false;
1759  }
1760  if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1761  return false;
1762  }
1763  return true;
1764  }
1765 
1772  public function isSystemGeneratedRole($a_role_id)
1773  {
1774  $title = ilObject::_lookupTitle($a_role_id);
1775  return substr($title, 0, 3) == 'il_' ? true : false;
1776  }
1777 
1778 
1786  public function getRoleFolderOfRole($a_role_id)
1787  {
1788  global $DIC;
1789 
1790  $ilDB = $DIC['ilDB'];
1791 
1792  if (ilObject::_lookupType($a_role_id) == 'role') {
1793  $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1794  } else {
1795  $and = '';
1796  }
1797 
1798  $query = 'SELECT * FROM rbac_fa ' .
1799  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1800  $and;
1801  $res = $ilDB->query($query);
1802  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1803  return $row->parent;
1804  }
1805  return 0;
1806  }
1807 
1815  public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1816  {
1817  global $DIC;
1818 
1819  $ilDB = $DIC['ilDB'];
1820 
1821  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1822  "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1823  "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1824  "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1825 
1826  $res = $ilDB->query($query);
1827  $all_ops = array();
1828  while ($row = $ilDB->fetchObject($res)) {
1829  $ops = unserialize($row->ops_id);
1830  $all_ops = array_merge($all_ops, $ops);
1831  }
1832  $all_ops = array_unique($all_ops);
1833 
1834  $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1835  " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1836  $perms = array();
1837  while ($rec = $ilDB->fetchAssoc($set)) {
1838  $perms[] = $rec["operation"];
1839  }
1840 
1841  return $perms;
1842  }
1843 
1850  public function setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
1851  {
1852  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1853  }
1854 
1861  public function getAssignedCacheEntry($a_role_id, $a_user_id)
1862  {
1863  return self::$is_assigned_cache[$a_role_id][$a_user_id];
1864  }
1865 
1869  public function clearCaches()
1870  {
1871  self::$is_assigned_cache = array();
1872  self::$assigned_users_cache = array();
1873  }
1874 } // END class.ilRbacReview
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1869
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:79
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:754
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1643
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1752
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) public.
Definition: class.ilRbacReview.php:1124
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:928
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id&#39;s by name.
Definition: class.ilRbacReview.php:1287
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
ilDB $ilDB
Definition: class.ilRbacReview.php:1174
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container public.
Definition: class.ilRbacReview.php:183
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:684
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:527
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles public.
Definition: class.ilRbacReview.php:225
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:1052
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1540
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1723
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1434
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1160
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause private
Definition: class.ilRbacReview.php:326
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status type $rbacsystem type $ilUser type $log.
Definition: class.ilRbacReview.php:1476
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
ilDB $ilDB
Definition: class.ilRbacReview.php:970
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:154
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node public.
Definition: class.ilRbacReview.php:299
$ilErr
$ilErr
Definition: raiseError.php:18
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:117
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:900
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1391
$a_type
$a_type
Definition: workflow.php:92
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users public.
Definition: class.ilRbacReview.php:554
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:769
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position ilDB $ilDB.
Definition: class.ilRbacReview.php:1413
$r
$r
Definition: example_031.php:79
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1861
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
ilDB $ilDB
Definition: class.ilRbacReview.php:1691
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id public
Definition: class.ilRbacReview.php:845
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1850
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:802
$ilUser
$ilUser
Definition: imgupload.php:18
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:724
$query
$query
Definition: proxy_ylocal.php:13
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object ilDB $ilDB.
Definition: class.ilRbacReview.php:1263
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1667
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles (not properly deleted user accounts are not counted) ...
Definition: class.ilRbacReview.php:387
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1602
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:484
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:871
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:151
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:589
$row
$row
Definition: migrateto20.php:360
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:612
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation public static
Definition: class.ilRbacReview.php:1315
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role public
Definition: class.ilRbacReview.php:450
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only &#39;global&#39; roles (with flag &#39;assign_users&#39;) public
Definition: class.ilRbacReview.php:784
ilRbacReview\__construct
__construct()
Constructor public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getOperations
getOperations()
get all possible operations public
Definition: class.ilRbacReview.php:822
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role ilDB $ilDB.
Definition: class.ilRbacReview.php:1786
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role public
Definition: class.ilRbacReview.php:413
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type public
Definition: class.ilRbacReview.php:1029
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user public
Definition: class.ilRbacReview.php:506
$ilBench
global $ilBench
Definition: ilias.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository public.
Definition: class.ilRbacReview.php:267
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1815
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:353
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:2983
$info
$info
Definition: index.php:5
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1581
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1772
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type public
Definition: class.ilRbacReview.php:995
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:645
$key
$key
Definition: croninfo.php:18
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:734
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=array())
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1091
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:19