30        $ilias = 
$DIC[
'ilias'];
 
   33        (isset(
$ilDB)) ? $this->ilDB = &
$ilDB : $this->ilDB = &$ilias->db;
 
   56        $query = 
'UPDATE rbac_fa set blocked = ' . 
$ilDB->quote($a_blocked_status, 
'integer') . 
' ' .
 
   57                'WHERE rol_id = ' . 
$ilDB->quote($a_role_id, 
'integer') . 
' ' .
 
   58                'AND parent = ' . 
$ilDB->quote($a_ref_id, 
'integer');
 
   74        $review = 
$DIC->rbac()->review();
 
   76        if (!isset($a_usr_id)) {
 
   77            $message = get_class($this) . 
"::removeUser(): No usr_id given!";
 
   78            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
   81        foreach ($review->assignedRoles($a_usr_id) as $role_id) {
 
   85        $query = 
"DELETE FROM rbac_ua WHERE usr_id = " . 
$ilDB->quote($a_usr_id, 
'integer');
 
  105        if (!isset($a_rol_id) or !isset($a_ref_id)) {
 
  106            $message = get_class($this) . 
"::deleteRole(): Missing parameter! role_id: " . $a_rol_id . 
" ref_id of role folder: " . $a_ref_id;
 
  107            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  111        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  112            $this->ilErr->raiseError(
$lng->txt(
"msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
 
  115        include_once(
'Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
 
  117        $mapping->deleteRole($a_rol_id);
 
  124        $query = 
"DELETE FROM rbac_ua " .
 
  125             "WHERE rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer');
 
  129        $query = 
"DELETE FROM rbac_pa " .
 
  130             "WHERE rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer') . 
" ";
 
  151        if (!isset($a_obj_id)) {
 
  152            $message = get_class($this) . 
"::deleteTemplate(): No obj_id given!";
 
  153            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  156        $query = 
'DELETE FROM rbac_templates ' .
 
  157             'WHERE rol_id = ' . 
$ilDB->quote($a_obj_id, 
'integer');
 
  160        $query = 
'DELETE FROM rbac_fa ' .
 
  161            'WHERE rol_id = ' . 
$ilDB->quote($a_obj_id, 
'integer');
 
  180        if (!isset($a_rol_id)) {
 
  181            $message = get_class($this) . 
"::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . 
"'";
 
  182            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  186        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  190        if ($a_ref_id != 0) {
 
  191            $clause = 
'AND parent = ' . 
$ilDB->quote($a_ref_id, 
'integer') . 
' ';
 
  194        $query = 
'DELETE FROM rbac_fa ' .
 
  195             'WHERE rol_id = ' . 
$ilDB->quote($a_rol_id, 
'integer') . 
' ' .
 
  199        $query = 
'DELETE FROM rbac_templates ' .
 
  200             'WHERE rol_id = ' . 
$ilDB->quote($a_rol_id, 
'integer') . 
' ' .
 
  218        $ilAtomQuery = 
$ilDB->buildAtomQuery();
 
  219        $ilAtomQuery->addTableLock(
'rbac_ua');
 
  221        $ilAtomQuery->addQueryCallable(
 
  224                $limit_query = 
'SELECT COUNT(*) num FROM rbac_ua ' .
 
  225                'WHERE ' . 
$ilDB->in(
'rol_id', (array) $a_limited_roles, 
false, 
'integer');
 
  228                if (
$row->num >= $a_limit) {
 
  233                $query = 
"INSERT INTO rbac_ua (usr_id, rol_id) " .
 
  235                $ilDB->quote($a_usr_id, 
'integer') . 
"," . 
$ilDB->quote($a_role_id, 
'integer') .
 
  247        $GLOBALS[
'DIC'][
'rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, 
true);
 
  251        include_once(
'Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
 
  253        $mapping->assign($a_role_id, $a_usr_id);
 
  264        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  266        foreach ($role_desk_item_obj->getAll() as $item_data) {
 
  267            include_once 
'./Services/User/classes/class.ilObjUser.php';
 
  286        $rbacreview = 
$DIC[
'rbacreview'];
 
  288        if (!isset($a_rol_id) or !isset($a_usr_id)) {
 
  289            $message = get_class($this) . 
"::assignUser(): Missing parameter! role_id: " . $a_rol_id . 
" usr_id: " . $a_usr_id;
 
  290            #$this->ilErr->raiseError($message,$this->ilErr->WARNING); 
  294        $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
 
  297        if (!$alreadyAssigned) {
 
  298            $query = 
"INSERT INTO rbac_ua (usr_id, rol_id) " .
 
  299             "VALUES (" . 
$ilDB->quote($a_usr_id, 
'integer') . 
"," . 
$ilDB->quote($a_rol_id, 
'integer') . 
")";
 
  304            $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, 
true);
 
  307        include_once(
'Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
 
  309        $mapping->assign($a_rol_id, $a_usr_id);
 
  312        $ref_id = 
$GLOBALS[
'DIC'][
'rbacreview']->getObjectReferenceOfRole($a_rol_id);
 
  316        if (!$alreadyAssigned) {
 
  318            $GLOBALS[
'DIC'][
'ilAppEventHandler']->raise(
 
  319                'Services/AccessControl',
 
  323                        'usr_id' => $a_usr_id,
 
  324                        'role_id' => $a_rol_id,
 
  346        $rbacreview = 
$DIC->rbac()->review();
 
  348        if (!isset($a_rol_id) or !isset($a_usr_id)) {
 
  349            $message = get_class($this) . 
"::deassignUser(): Missing parameter! role_id: " . $a_rol_id . 
" usr_id: " . $a_usr_id;
 
  350            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  353        $query = 
"DELETE FROM rbac_ua " .
 
  354             "WHERE usr_id = " . 
$ilDB->quote($a_usr_id, 
'integer') . 
" " .
 
  355             "AND rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer') . 
" ";
 
  358        $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, 
false);
 
  360        include_once(
'Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
 
  362        $mapping->deassign($a_rol_id, $a_usr_id);
 
  365            $ref_id = 
$GLOBALS[
'DIC'][
'rbacreview']->getObjectReferenceOfRole($a_rol_id);
 
  370            $GLOBALS[
'DIC'][
'ilAppEventHandler']->raise(
'Services/AccessControl', 
'deassignUser', array(
 
  372                    'usr_id' => $a_usr_id,
 
  373                    'role_id' => $a_rol_id,
 
  395        if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id)) {
 
  396            $this->ilErr->raiseError(get_class($this) . 
"::grantPermission(): Missing parameter! " .
 
  397                            "role_id: " . $a_rol_id . 
" ref_id: " . $a_ref_id . 
" operations: ", $this->ilErr->WARNING);
 
  400        if (!is_array($a_ops)) {
 
  401            $this->ilErr->raiseError(
 
  402                get_class($this) . 
"::grantPermission(): Wrong datatype for operations!",
 
  403                $this->ilErr->WARNING
 
  414        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  419        foreach ($a_ops as 
$key => $operation) {
 
  420            $a_ops[
$key] = (int) $operation;
 
  424        $ops_ids = serialize($a_ops);
 
  426        $query = 
'DELETE FROM rbac_pa ' .
 
  427            'WHERE rol_id = %s ' .
 
  431            array(
'integer',
'integer'),
 
  432            array($a_rol_id,$a_ref_id)
 
  435        if (!count($a_ops)) {
 
  439        $query = 
"INSERT INTO rbac_pa (rol_id,ops_id,ref_id) " .
 
  441             "(" . 
$ilDB->quote($a_rol_id, 
'integer') . 
"," . 
$ilDB->quote($ops_ids, 
'text') . 
"," . 
$ilDB->quote($a_ref_id, 
'integer') . 
")";
 
  460        $rbacreview = 
$DIC[
'rbacreview'];
 
  465        if (!isset($a_ref_id)) {
 
  467            $message = get_class($this) . 
"::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
 
  468            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  470        #$log->write("ilRBACadmin::revokePermission(), 0");
 
  473        if ($a_keep_protected != 
true) {
 
  475            if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  480                $and1 = 
" AND rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer') . 
" ";
 
  485            $query = 
"DELETE FROM rbac_pa " .
 
  486                 "WHERE ref_id = " . 
$ilDB->quote($a_ref_id, 
'integer') .
 
  497        $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
 
  500            #$log->write("ilRBACadmin::revokePermission(), 1");
 
  504            foreach ($roles_in_scope as $role) {
 
  505                if ($role[
'protected'] == 
true) {
 
  509                $role_ids[] = $role[
'obj_id'];
 
  517            $query = 
'DELETE FROM rbac_pa ' .
 
  518                'WHERE ' . 
$ilDB->in(
'rol_id', $role_ids, 
false, 
'integer') . 
' ' .
 
  519                'AND ref_id = ' . 
$ilDB->quote($a_ref_id, 
'integer');
 
  522            #$log->write("ilRBACadmin::revokePermission(), 2");
 
  524            if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  529            if ($roles_in_scope[$a_rol_id][
'protected'] == 
true) {
 
  533            $query = 
"DELETE FROM rbac_pa " .
 
  534                 "WHERE ref_id = " . 
$ilDB->quote($a_ref_id, 
'integer') . 
" " .
 
  535                 "AND rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer') . 
" ";
 
  554        $query = 
'DELETE FROM rbac_pa ' .
 
  556                '( ' . 
$GLOBALS[
'DIC'][
'tree']->getSubTreeQuery($a_ref_id, array(
'child')) . 
' ) ' .
 
  557                'AND rol_id = ' . 
$ilDB->quote($a_role_id, 
'integer');
 
  575        $query = 
'DELETE FROM rbac_templates ' .
 
  576                'WHERE parent IN ( ' .
 
  577                $GLOBALS[
'DIC'][
'tree']->getSubTreeQuery($a_ref_id, array(
'child')) . 
' ) ' .
 
  578                'AND rol_id = ' . 
$ilDB->quote($a_rol_id, 
'integer');
 
  582        $query = 
'DELETE FROM rbac_fa ' .
 
  583                'WHERE parent IN ( ' .
 
  584                $GLOBALS[
'DIC'][
'tree']->getSubTreeQuery($a_ref_id, array(
'child')) . 
' ) ' .
 
  585                'AND rol_id = ' . 
$ilDB->quote($a_rol_id, 
'integer');
 
  605        if (!isset($a_ref_ids) or !is_array($a_ref_ids)) {
 
  606            $message = get_class($this) . 
"::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
 
  607            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  610        if (!isset($a_rol_id)) {
 
  611            $message = get_class($this) . 
"::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
 
  612            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  616        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  620        $query = 
"DELETE FROM rbac_pa " .
 
  621             "WHERE " . 
$ilDB->in(
'ref_id', $a_ref_ids, 
false, 
'integer') . 
' ' .
 
  622             "AND rol_id = " . 
$ilDB->quote($a_rol_id, 
'integer');
 
  638    public function copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = 
true)
 
  643        $rbacreview = 
$DIC[
'rbacreview'];
 
  648        $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
 
  669        $rbacreview = 
$DIC[
'rbacreview'];
 
  672        if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent)) {
 
  673            $message = __METHOD__ . 
": Missing parameter! source_id: " . $a_source_id .
 
  674                       " source_parent_id: " . $a_source_parent .
 
  675                       " dest_id : " . $a_dest_id .
 
  676                       " dest_parent_id: " . $a_dest_parent;
 
  677            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  681        if ($a_dest_id == SYSTEM_ROLE_ID) {
 
  686        $query = 
'SELECT * FROM rbac_templates ' .
 
  687             'WHERE rol_id = ' . 
$ilDB->quote($a_source_id, 
'integer') . 
' ' .
 
  688             'AND parent = ' . 
$ilDB->quote($a_source_parent, 
'integer');
 
  690        $operations = array();
 
  693            $operations[$rownum][
'type'] = 
$row->type;
 
  694            $operations[$rownum][
'ops_id'] = 
$row->ops_id;
 
  699        $query = 
'DELETE FROM rbac_templates WHERE rol_id = ' . 
$ilDB->quote($a_dest_id, 
'integer') . 
' ' .
 
  700            'AND parent = ' . 
$ilDB->quote($a_dest_parent, 
'integer');
 
  703        foreach ($operations as 
$row => $op) {
 
  704            $query = 
'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
 
  706                 $ilDB->quote($a_dest_id, 
'integer') . 
"," .
 
  707                 $ilDB->quote($op[
'type'], 
'text') . 
"," .
 
  708                 $ilDB->quote($op[
'ops_id'], 
'integer') . 
"," .
 
  709                 $ilDB->quote($a_dest_parent, 
'integer') . 
")";
 
  714        if ($a_consider_protected == 
true) {
 
  715            if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
 
  739        $rbacreview = 
$DIC[
'rbacreview'];
 
  742        if (!isset($a_source1_id) or !isset($a_source1_parent)
 
  743        or !isset($a_source2_id) or !isset($a_source2_parent)
 
  744                or !isset($a_dest_id) or !isset($a_dest_parent)) {
 
  745            $message = get_class($this) . 
"::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
 
  746                       " source1_parent: " . $a_source1_parent .
 
  747                       " source2_id: " . $a_source2_id .
 
  748                       " source2_parent: " . $a_source2_parent .
 
  749                       " dest_id: " . $a_dest_id .
 
  750                       " dest_parent_id: " . $a_dest_parent;
 
  751            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  755        if ($a_dest_id == SYSTEM_ROLE_ID) {
 
  760        if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
 
  761            $GLOBALS[
'DIC'][
'ilLog']->write(__METHOD__ . 
': Role is protected');
 
  765        $query = 
"SELECT s1.type, s1.ops_id " .
 
  766                        "FROM rbac_templates s1, rbac_templates s2 " .
 
  767                        "WHERE s1.rol_id = " . 
$ilDB->quote($a_source1_id, 
'integer') . 
" " .
 
  768                        "AND s1.parent = " . 
$ilDB->quote($a_source1_parent, 
'integer') . 
" " .
 
  769                        "AND s2.rol_id = " . 
$ilDB->quote($a_source2_id, 
'integer') . 
" " .
 
  770                        "AND s2.parent = " . 
$ilDB->quote($a_source2_parent, 
'integer') . 
" " .
 
  771                        "AND s1.type = s2.type " .
 
  772                        "AND s1.ops_id = s2.ops_id";
 
  777        $operations = array();
 
  780            $operations[$rowNum][
'type'] = 
$row->type;
 
  781            $operations[$rowNum][
'ops_id'] = 
$row->ops_id;
 
  787        $query = 
'DELETE FROM rbac_templates WHERE rol_id = ' . 
$ilDB->quote($a_dest_id, 
'integer') . 
' ' .
 
  788            'AND parent = ' . 
$ilDB->quote($a_dest_parent, 
'integer');
 
  791        $query = 
'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
 
  793        $sta = 
$ilDB->prepareManip(
$query, array(
'integer',
'text',
'integer',
'integer'));
 
  794        foreach ($operations as 
$key => $set) {
 
  795            $ilDB->execute($sta, array(
 
  826        $rbacreview = 
$DIC[
'rbacreview'];
 
  829        $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
 
  830        $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
 
  834        $GLOBALS[
'DIC'][
'ilLog']->write(__METHOD__ . 
': ' . print_r($s1_ops, 
true));
 
  835        $GLOBALS[
'DIC'][
'ilLog']->write(__METHOD__ . 
': ' . print_r($s2_ops, 
true));
 
  837        foreach ($s1_ops as 
$type => $ops) {
 
  838            foreach ($ops as $op) {
 
  841                $query = 
'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
 
  843                    $ilDB->quote($a_dest_id, 
'integer') . 
', ' .
 
  845                    $ilDB->quote($op, 
'integer') . 
', ' .
 
  846                    $ilDB->quote($a_dest_parent, 
'integer') . 
' ' .
 
  853        foreach ($s2_ops as 
$type => $ops) {
 
  854            foreach ($ops as $op) {
 
  855                if (!isset($s1_ops[
$type]) or !in_array($op, $s1_ops[
$type])) {
 
  856                    $query = 
'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
 
  858                        $ilDB->quote($a_dest_id, 
'integer') . 
', ' .
 
  860                        $ilDB->quote($op, 
'integer') . 
', ' .
 
  861                        $ilDB->quote($a_dest_parent, 
'integer') . 
' ' .
 
  882        $rbacreview = 
$DIC[
'rbacreview'];
 
  885        $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
 
  886        $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
 
  888        foreach ($s1_ops as 
$type => $ops) {
 
  889            foreach ($ops as $op) {
 
  890                if (isset($d_ops[
$type]) and in_array($op, $d_ops[
$type])) {
 
  891                    $query = 
'DELETE FROM rbac_templates ' .
 
  892                            'WHERE rol_id = ' . 
$ilDB->quote($a_dest_id, 
'integer') . 
' ' .
 
  893                            'AND type = ' . 
$ilDB->quote(
$type, 
'text') . 
' ' .
 
  894                            'AND ops_id = ' . 
$ilDB->quote($op, 
'integer') . 
' ' .
 
  895                            'AND parent = ' . 
$ilDB->quote($a_dest_parent, 
'integer');
 
  920        if (!isset($a_rol_id) or !isset($a_ref_id)) {
 
  921            $message = get_class($this) . 
"::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . 
" ref_id: " . $a_ref_id;
 
  922            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  926        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  931            $and_type = 
" AND type=" . 
$ilDB->quote(
$a_type, 
'text') . 
" ";
 
  934        $query = 
'DELETE FROM rbac_templates ' .
 
  935             'WHERE rol_id = ' . 
$ilDB->quote($a_rol_id, 
'integer') . 
' ' .
 
  936             'AND parent = ' . 
$ilDB->quote($a_ref_id, 
'integer') . 
' ' .
 
  960        if (!isset($a_rol_id) or !isset(
$a_type) or !isset($a_ops) or !isset($a_ref_id)) {
 
  961            $message = get_class($this) . 
"::setRolePermission(): Missing parameter!" .
 
  962                       " role_id: " . $a_rol_id .
 
  964                       " operations: " . $a_ops .
 
  965                       " ref_id: " . $a_ref_id;
 
  966            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  970            $message = get_class($this) . 
"::setRolePermission(): a_type is no string or empty!";
 
  971            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  974        if (!is_array($a_ops) or empty($a_ops)) {
 
  975            $message = get_class($this) . 
"::setRolePermission(): a_ops is no array or empty!";
 
  976            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
  980        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
  984        foreach ($a_ops as $op) {
 
  988                    'rol_id' => [
'integer', $a_rol_id],
 
  990                    'ops_id' => [
'integer', $op],
 
  991                    'parent' => [
'integer', $a_ref_id]
 
 1017        $rbacreview = 
$DIC[
'rbacreview'];
 
 1019        if (!isset($a_rol_id) or !isset($a_parent)) {
 
 1020            $message = get_class($this) . 
"::assignRoleToFolder(): Missing Parameter!" .
 
 1021                       " role_id: " . $a_rol_id .
 
 1022                       " parent_id: " . $a_parent .
 
 1023                       " assign: " . $a_assign;
 
 1024            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
 1028        if ($a_rol_id == SYSTEM_ROLE_ID) {
 
 1033        if ($a_assign != 
"y") {
 
 1038        $query = 
'SELECT rol_id FROM rbac_fa ' .
 
 1039            'WHERE rol_id = ' . 
$ilDB->quote($a_rol_id, 
'integer') . 
' ' .
 
 1040            'AND parent = ' . 
$ilDB->quote($a_parent, 
'integer');
 
 1042        if (
$res->numRows()) {
 
 1048            'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
 
 1049            'VALUES (%s,%s,%s,%s)',
 
 1050            $ilDB->quote($a_rol_id, 
'integer'),
 
 1051            $ilDB->quote($a_parent, 
'integer'),
 
 1052            $ilDB->quote($a_assign, 
'text'),
 
 1053            $ilDB->quote(
'n', 
'text')
 
 1074        if (!isset($a_type_id) or !isset($a_ops_id)) {
 
 1075            $message = get_class($this) . 
"::assignOperationToObject(): Missing parameter!" .
 
 1076                       "type_id: " . $a_type_id .
 
 1077                       "ops_id: " . $a_ops_id;
 
 1078            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
 1081        $query = 
"INSERT INTO rbac_ta (typ_id, ops_id) " .
 
 1082             "VALUES(" . 
$ilDB->quote($a_type_id, 
'integer') . 
"," . 
$ilDB->quote($a_ops_id, 
'integer') . 
")";
 
 1101        if (!isset($a_type_id) or !isset($a_ops_id)) {
 
 1102            $message = get_class($this) . 
"::deassignPermissionFromObject(): Missing parameter!" .
 
 1103                       "type_id: " . $a_type_id .
 
 1104                       "ops_id: " . $a_ops_id;
 
 1105            $this->ilErr->raiseError(
$message, $this->ilErr->WARNING);
 
 1108        $query = 
"DELETE FROM rbac_ta " .
 
 1109             "WHERE typ_id = " . 
$ilDB->quote($a_type_id, 
'integer') . 
" " .
 
 1110             "AND ops_id = " . 
$ilDB->quote($a_ops_id, 
'integer');
 
 1132        $query = 
'UPDATE rbac_fa ' .
 
 1133            'SET protected = ' . 
$ilDB->quote($a_value, 
'text') . 
' ' .
 
 1134            'WHERE rol_id = ' . 
$ilDB->quote($a_role_id, 
'integer');
 
 1153        $rbacreview = 
$DIC[
'rbacreview'];
 
 1155        $ilObjDataCache = 
$DIC[
'ilObjDataCache'];
 
 1157        $real_local = array();
 
 1158        foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, 
false) as $role_data) {
 
 1159            $title = $ilObjDataCache->lookupTitle($role_data);
 
 1160            if (substr(
$title, 0, 3) == 
'il_') {
 
 1163            $real_local[] = $role_data;
 
 1165        if (!count($real_local)) {
 
 1169        foreach ($real_local as $role) {
 
 1170            include_once(
"./Services/AccessControl/classes/class.ilObjRole.php");
 
 1174            $ilLog->write(__METHOD__ . 
': Start copying of role ' . $orig->getTitle());
 
 1176            $roleObj->setTitle($orig->getTitle());
 
 1177            $roleObj->setDescription($orig->getDescription());
 
 1178            $roleObj->setImportId($orig->getImportId());
 
 1183            $ilLog->write(__METHOD__ . 
': Added new local role, id ' . $roleObj->getId());
 
 1201        $rbacreview = 
$DIC[
'rbacreview'];
 
 1203        if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
 
 1205            $new_ops = $rbacreview->getOperationsOfRole(
 
 1219        if (!$a_template_id) {
 
 1241        $new_ops = $rbacreview->getOperationsOfRole(
 
 1269        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
 
 1274        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
 
 1301        $rbacreview = 
$DIC[
'rbacreview'];
 
 1305        $new_parent = 
$tree->getParentId($a_ref_id);
 
 1306        $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, 
false);
 
 1307        $new_context_roles = $rbacreview->getParentRoleIds($new_parent, 
false);
 
 1309        $for_addition = $for_deletion = array();
 
 1310        foreach ($new_context_roles as $new_role_id => $new_role) {
 
 1311            if (!isset($old_context_roles[$new_role_id])) {
 
 1312                $for_addition[$new_role_id] = $new_role;
 
 1313            } elseif ($new_role[
'parent'] != $old_context_roles[$new_role_id][
'parent']) {
 
 1315                $for_deletion[$new_role_id] = $new_role;
 
 1316                $for_addition[$new_role_id] = $new_role;
 
 1319        foreach ($old_context_roles as $old_role_id => $old_role) {
 
 1320            if (!isset($new_context_roles[$old_role_id])) {
 
 1321                $for_deletion[$old_role_id] = $old_role;
 
 1325        if (!count($for_deletion) and !count($for_addition)) {
 
 1330        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
 1332        if ($rbac_log_active) {
 
 1333            $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
 
 1336        foreach (
$nodes = 
$tree->getSubTree(
$tree->getNodeData($a_ref_id), 
true) as $node_data) {
 
 1337            $node_id = $node_data[
'child'];
 
 1339            if ($rbac_log_active) {
 
 1346            if (!$node_data[
'type']) {
 
 1347                $ilLog->write(__METHOD__ . 
': No type give. Choosing next tree entry.');
 
 1352                $ilLog->write(__METHOD__ . 
': Missing subtree node_id');
 
 1356            foreach ($for_deletion as $role_id => $role_data) {
 
 1361            foreach ($for_addition as $role_id => $role_data) {
 
 1362                switch ($node_data[
'type']) {
 
 1364                        include_once 
'./Modules/Group/classes/class.ilObjGroup.php';
 
 1367                            $node_data[
'child'],
 
 1369                            $role_data[
'parent'],
 
 1376                        include_once 
'./Modules/Course/classes/class.ilObjCourse.php';
 
 1379                            $node_data[
'child'],
 
 1381                            $role_data[
'parent'],
 
 1391                            $ops = $rbacreview->getOperationsOfRole($role_id, $node_data[
'type'], $role_data[
'parent']),
 
 1403            if ($rbac_log_active) {
 
const PEAR_ERROR_CALLBACK
An exception for terminatinating execution or to throw for unit testing.
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
represents a creation of local roles action
static lookupTemplateId($a_ref_id)
Lookup template id @global ilDB $ilDB.
static _getInstance()
Get singleton instance of this class.
static getLogger($a_component_id)
Get component logger.
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
static lookupGroupStatusTemplateId($a_obj_id)
@global $ilDB $ilDB
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user's personal desktop
static _lookupObjId($a_id)
static _lookupType($a_id, $a_reference=false)
lookup object type
Class ilRbacAdmin Core functions for role based access control.
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected @global $ilDB.
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
deleteRole($a_rol_id, $a_ref_id)
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua,...
deleteSubtreeTemplates($a_ref_id, $a_rol_id)
Delete all template permissions of subtree nodes.
__construct()
Constructor @access public.
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
deassignOperationFromObject($a_type_id, $a_ops_id)
Deassign an existing operation from an object Update of rbac_ta @access public.
adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
Adjust permissions of moved objects.
assignUser($a_rol_id, $a_usr_id)
Assigns an user to a role.
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
removeUser($a_usr_id)
deletes a user from rbac_ua all user <-> role relations are deleted @access public
assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
Assign user limited.
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates @access public.
copyLocalRoles($a_source_id, $a_target_id)
Copy local roles This method creates a copy of all local role.
revokePermissionList($a_ref_ids, $a_rol_id)
Revokes permissions of a LIST of objects of ONE role.
setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
Inserts template permissions in rbac_templates for an specific object type.
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
copyRolePermissionUnion( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
@global <type> $ilDB
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
Set blocked status.
revokeSubtreePermissions($a_ref_id, $a_role_id)
Revoke subtree permissions.
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role.
assignOperationToObject($a_type_id, $a_ops_id)
Assign an existing operation to an object Update of rbac_ta.
deleteTemplate($a_obj_id)
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa @access public...
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
Subtract role permissions.
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
catch(Exception $e) $message
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
foreach($_POST as $key=> $value) $res