ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilRbacAdmin.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
18 class ilRbacAdmin
19 {
24  public function __construct()
25  {
26  global $DIC;
27 
28  $ilDB = $DIC['ilDB'];
29  $ilErr = $DIC['ilErr'];
30  $ilias = $DIC['ilias'];
31 
32  // set db & error handler
33  (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
34 
35  if (!isset($ilErr)) {
36  $ilErr = new ilErrorHandling();
37  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
38  } else {
39  $this->ilErr = &$ilErr;
40  }
41  }
42 
49  public function setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
50  {
51  global $DIC;
52 
53  $ilDB = $DIC['ilDB'];
54 
55  ilLoggerFactory::getLogger('crs')->logStack();
56  $query = 'UPDATE rbac_fa set blocked = ' . $ilDB->quote($a_blocked_status, 'integer') . ' ' .
57  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
58  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
59  $ilDB->manipulate($query);
60  }
61 
69  public function removeUser($a_usr_id)
70  {
71  global $DIC;
72 
73  $ilDB = $DIC->database();
74  $review = $DIC->rbac()->review();
75 
76  if (!isset($a_usr_id)) {
77  $message = get_class($this) . "::removeUser(): No usr_id given!";
78  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
79  }
80 
81  foreach ($review->assignedRoles($a_usr_id) as $role_id) {
82  $this->deassignUser($role_id, $a_usr_id);
83  }
84 
85  $query = "DELETE FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
86  $res = $ilDB->manipulate($query);
87 
88  return true;
89  }
90 
98  public function deleteRole($a_rol_id, $a_ref_id)
99  {
100  global $DIC;
101 
102  $lng = $DIC['lng'];
103  $ilDB = $DIC['ilDB'];
104 
105  if (!isset($a_rol_id) or !isset($a_ref_id)) {
106  $message = get_class($this) . "::deleteRole(): Missing parameter! role_id: " . $a_rol_id . " ref_id of role folder: " . $a_ref_id;
107  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
108  }
109 
110  // exclude system role from rbac
111  if ($a_rol_id == SYSTEM_ROLE_ID) {
112  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
113  }
114 
115  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
116  $mapping = ilLDAPRoleGroupMapping::_getInstance();
117  $mapping->deleteRole($a_rol_id);
118 
119 
120  // TODO: check assigned users before deletion
121  // This is done in ilObjRole. Should be better moved to this place?
122 
123  // delete user assignements
124  $query = "DELETE FROM rbac_ua " .
125  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer');
126  $res = $ilDB->manipulate($query);
127 
128  // delete permission assignments
129  $query = "DELETE FROM rbac_pa " .
130  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
131  $res = $ilDB->manipulate($query);
132 
133  //delete rbac_templates and rbac_fa
134  $this->deleteLocalRole($a_rol_id);
135 
136  return true;
137  }
138 
145  public function deleteTemplate($a_obj_id)
146  {
147  global $DIC;
148 
149  $ilDB = $DIC['ilDB'];
150 
151  if (!isset($a_obj_id)) {
152  $message = get_class($this) . "::deleteTemplate(): No obj_id given!";
153  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
154  }
155 
156  $query = 'DELETE FROM rbac_templates ' .
157  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
158  $res = $ilDB->manipulate($query);
159 
160  $query = 'DELETE FROM rbac_fa ' .
161  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
162  $res = $ilDB->manipulate($query);
163 
164  return true;
165  }
166 
174  public function deleteLocalRole($a_rol_id, $a_ref_id = 0)
175  {
176  global $DIC;
177 
178  $ilDB = $DIC['ilDB'];
179 
180  if (!isset($a_rol_id)) {
181  $message = get_class($this) . "::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . "'";
182  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
183  }
184 
185  // exclude system role from rbac
186  if ($a_rol_id == SYSTEM_ROLE_ID) {
187  return true;
188  }
189 
190  if ($a_ref_id != 0) {
191  $clause = 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ';
192  }
193 
194  $query = 'DELETE FROM rbac_fa ' .
195  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
196  $clause;
197  $res = $ilDB->manipulate($query);
198 
199  $query = 'DELETE FROM rbac_templates ' .
200  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
201  $clause;
202  $res = $ilDB->manipulate($query);
203  return true;
204  }
205 
212  public function assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles = array())
213  {
214  global $DIC;
215 
216  $ilDB = $DIC['ilDB'];
217 
218  $ilAtomQuery = $ilDB->buildAtomQuery();
219  $ilAtomQuery->addTableLock('rbac_ua');
220 
221  $ilAtomQuery->addQueryCallable(
222  function (ilDBInterface $ilDB) use (&$ret, $a_role_id, $a_usr_id,$a_limit, $a_limited_roles) {
223  $ret = true;
224  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua ' .
225  'WHERE ' . $ilDB->in('rol_id', (array) $a_limited_roles, false, 'integer');
226  $res = $ilDB->query($limit_query);
227  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
228  if ($row->num >= $a_limit) {
229  $ret = false;
230  return;
231  }
232 
233  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
234  "VALUES (" .
235  $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_role_id, 'integer') .
236  ")";
237  $res = $ilDB->manipulate($query);
238  }
239  );
240 
241  $ilAtomQuery->run();
242 
243  if (!$ret) {
244  return false;
245  }
246 
247  $GLOBALS['DIC']['rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, true);
248 
249  $this->addDesktopItem($a_role_id, $a_usr_id);
250 
251  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
252  $mapping = ilLDAPRoleGroupMapping::_getInstance();
253  $mapping->assign($a_role_id, $a_usr_id);
254  return true;
255  }
256 
262  protected function addDesktopItem($a_rol_id, $a_usr_id)
263  {
264  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
265  $role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
266  foreach ($role_desk_item_obj->getAll() as $item_data) {
267  include_once './Services/User/classes/class.ilObjUser.php';
268  ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
269  }
270  }
271 
272 
281  public function assignUser($a_rol_id, $a_usr_id)
282  {
283  global $DIC;
284 
285  $ilDB = $DIC['ilDB'];
286  $rbacreview = $DIC['rbacreview'];
287 
288  if (!isset($a_rol_id) or !isset($a_usr_id)) {
289  $message = get_class($this) . "::assignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
290  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
291  }
292 
293  // check if already assigned user id and role_id
294  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
295 
296  // enhanced: only if we haven't had this role for this user
297  if (!$alreadyAssigned) {
298  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
299  "VALUES (" . $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_rol_id, 'integer') . ")";
300  $res = $ilDB->manipulate($query);
301 
302  $this->addDesktopItem($a_rol_id, $a_usr_id);
303 
304  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, true);
305  }
306 
307  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
308  $mapping = ilLDAPRoleGroupMapping::_getInstance();
309  $mapping->assign($a_rol_id, $a_usr_id);
310 
311 
312  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
313  $obj_id = ilObject::_lookupObjId($ref_id);
314  $type = ilObject::_lookupType($obj_id);
315 
316  if (!$alreadyAssigned) {
317  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
318  $GLOBALS['DIC']['ilAppEventHandler']->raise(
319  'Services/AccessControl',
320  'assignUser',
321  array(
322  'obj_id' => $obj_id,
323  'usr_id' => $a_usr_id,
324  'role_id' => $a_rol_id,
325  'type' => $type
326  )
327  );
328  }
329  return true;
330  }
331 
332 
341  public function deassignUser($a_rol_id, $a_usr_id)
342  {
343  global $DIC;
344 
345  $ilDB = $DIC['ilDB'];
346  $rbacreview = $DIC->rbac()->review();
347 
348  if (!isset($a_rol_id) or !isset($a_usr_id)) {
349  $message = get_class($this) . "::deassignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
350  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
351  }
352 
353  $query = "DELETE FROM rbac_ua " .
354  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . " " .
355  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
356  $res = $ilDB->manipulate($query);
357 
358  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, false);
359 
360  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
361  $mapping = ilLDAPRoleGroupMapping::_getInstance();
362  $mapping->deassign($a_rol_id, $a_usr_id);
363 
364  if ($res) {
365  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
366  $obj_id = ilObject::_lookupObjId($ref_id);
367  $type = ilObject::_lookupType($obj_id);
368 
369  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
370  $GLOBALS['DIC']['ilAppEventHandler']->raise('Services/AccessControl', 'deassignUser', array(
371  'obj_id' => $obj_id,
372  'usr_id' => $a_usr_id,
373  'role_id' => $a_rol_id,
374  'type' => $type,
375  ));
376  }
377 
378  return true;
379  }
380 
389  public function grantPermission($a_rol_id, $a_ops, $a_ref_id)
390  {
391  global $DIC;
392 
393  $ilDB = $DIC['ilDB'];
394 
395  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id)) {
396  $this->ilErr->raiseError(get_class($this) . "::grantPermission(): Missing parameter! " .
397  "role_id: " . $a_rol_id . " ref_id: " . $a_ref_id . " operations: ", $this->ilErr->WARNING);
398  }
399 
400  if (!is_array($a_ops)) {
401  $this->ilErr->raiseError(
402  get_class($this) . "::grantPermission(): Wrong datatype for operations!",
403  $this->ilErr->WARNING
404  );
405  }
406 
407  /*
408  if (count($a_ops) == 0)
409  {
410  return false;
411  }
412  */
413  // exclude system role from rbac
414  if ($a_rol_id == SYSTEM_ROLE_ID) {
415  return true;
416  }
417 
418  // convert all values to integer
419  foreach ($a_ops as $key => $operation) {
420  $a_ops[$key] = (int) $operation;
421  }
422 
423  // Serialization des ops_id Arrays
424  $ops_ids = serialize($a_ops);
425 
426  $query = 'DELETE FROM rbac_pa ' .
427  'WHERE rol_id = %s ' .
428  'AND ref_id = %s';
429  $res = $ilDB->queryF(
430  $query,
431  array('integer','integer'),
432  array($a_rol_id,$a_ref_id)
433  );
434 
435  if (!count($a_ops)) {
436  return false;
437  }
438 
439  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) " .
440  "VALUES " .
441  "(" . $ilDB->quote($a_rol_id, 'integer') . "," . $ilDB->quote($ops_ids, 'text') . "," . $ilDB->quote($a_ref_id, 'integer') . ")";
442  $res = $ilDB->manipulate($query);
443 
444  return true;
445  }
446 
456  public function revokePermission($a_ref_id, $a_rol_id = 0, $a_keep_protected = true)
457  {
458  global $DIC;
459 
460  $rbacreview = $DIC['rbacreview'];
461  $log = $DIC['log'];
462  $ilDB = $DIC['ilDB'];
463  $ilLog = $DIC['ilLog'];
464 
465  if (!isset($a_ref_id)) {
466  $ilLog->logStack();
467  $message = get_class($this) . "::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
468  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
469  }
470  #$log->write("ilRBACadmin::revokePermission(), 0");
471 
472  // bypass protected status of roles
473  if ($a_keep_protected != true) {
474  // exclude system role from rbac
475  if ($a_rol_id == SYSTEM_ROLE_ID) {
476  return true;
477  }
478 
479  if ($a_rol_id) {
480  $and1 = " AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
481  } else {
482  $and1 = "";
483  }
484 
485  $query = "DELETE FROM rbac_pa " .
486  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') .
487  $and1;
488 
489  $res = $ilDB->manipulate($query);
490 
491  return true;
492  }
493 
494  // consider protected status of roles
495 
496  // in any case, get all roles in scope first
497  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
498 
499  if (!$a_rol_id) {
500  #$log->write("ilRBACadmin::revokePermission(), 1");
501 
502  $role_ids = array();
503 
504  foreach ($roles_in_scope as $role) {
505  if ($role['protected'] == true) {
506  continue;
507  }
508 
509  $role_ids[] = $role['obj_id'];
510  }
511 
512  // return if no role in array
513  if (!$role_ids) {
514  return true;
515  }
516 
517  $query = 'DELETE FROM rbac_pa ' .
518  'WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' ' .
519  'AND ref_id = ' . $ilDB->quote($a_ref_id, 'integer');
520  $res = $ilDB->manipulate($query);
521  } else {
522  #$log->write("ilRBACadmin::revokePermission(), 2");
523  // exclude system role from rbac
524  if ($a_rol_id == SYSTEM_ROLE_ID) {
525  return true;
526  }
527 
528  // exclude protected permission settings from revoking
529  if ($roles_in_scope[$a_rol_id]['protected'] == true) {
530  return true;
531  }
532 
533  $query = "DELETE FROM rbac_pa " .
534  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " " .
535  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
536  $res = $ilDB->manipulate($query);
537  }
538 
539  return true;
540  }
541 
548  public function revokeSubtreePermissions($a_ref_id, $a_role_id)
549  {
550  global $DIC;
551 
552  $ilDB = $DIC['ilDB'];
553 
554  $query = 'DELETE FROM rbac_pa ' .
555  'WHERE ref_id IN ' .
556  '( ' . $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
557  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer');
558 
559  $ilDB->manipulate($query);
560  return true;
561  }
562 
569  public function deleteSubtreeTemplates($a_ref_id, $a_rol_id)
570  {
571  global $DIC;
572 
573  $ilDB = $DIC['ilDB'];
574 
575  $query = 'DELETE FROM rbac_templates ' .
576  'WHERE parent IN ( ' .
577  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
578  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
579 
580  $ilDB->manipulate($query);
581 
582  $query = 'DELETE FROM rbac_fa ' .
583  'WHERE parent IN ( ' .
584  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
585  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
586 
587  $ilDB->manipulate($query);
588 
589  return true;
590  }
591 
599  public function revokePermissionList($a_ref_ids, $a_rol_id)
600  {
601  global $DIC;
602 
603  $ilDB = $DIC['ilDB'];
604 
605  if (!isset($a_ref_ids) or !is_array($a_ref_ids)) {
606  $message = get_class($this) . "::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
607  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
608  }
609 
610  if (!isset($a_rol_id)) {
611  $message = get_class($this) . "::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
612  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
613  }
614 
615  // exclude system role from rbac
616  if ($a_rol_id == SYSTEM_ROLE_ID) {
617  return true;
618  }
619 
620  $query = "DELETE FROM rbac_pa " .
621  "WHERE " . $ilDB->in('ref_id', $a_ref_ids, false, 'integer') . ' ' .
622  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer');
623  $res = $ilDB->manipulate($query);
624 
625  return true;
626  }
627 
638  public function copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = true)
639  {
640  global $DIC;
641 
642  $tree = $DIC['tree'];
643  $rbacreview = $DIC['rbacreview'];
644 
645  // Copy template permissions
646  $this->copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected);
647 
648  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
649 
650  $this->revokePermission($a_dest_parent, $a_dest_id);
651  $this->grantPermission($a_dest_id, $ops, $a_dest_parent);
652  return true;
653  }
654 
665  public function copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = true)
666  {
667  global $DIC;
668 
669  $rbacreview = $DIC['rbacreview'];
670  $ilDB = $DIC['ilDB'];
671 
672  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent)) {
673  $message = __METHOD__ . ": Missing parameter! source_id: " . $a_source_id .
674  " source_parent_id: " . $a_source_parent .
675  " dest_id : " . $a_dest_id .
676  " dest_parent_id: " . $a_dest_parent;
677  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
678  }
679 
680  // exclude system role from rbac
681  if ($a_dest_id == SYSTEM_ROLE_ID) {
682  return true;
683  }
684 
685  // Read operations
686  $query = 'SELECT * FROM rbac_templates ' .
687  'WHERE rol_id = ' . $ilDB->quote($a_source_id, 'integer') . ' ' .
688  'AND parent = ' . $ilDB->quote($a_source_parent, 'integer');
689  $res = $ilDB->query($query);
690  $operations = array();
691  $rownum = 0;
692  while ($row = $ilDB->fetchObject($res)) {
693  $operations[$rownum]['type'] = $row->type;
694  $operations[$rownum]['ops_id'] = $row->ops_id;
695  $rownum++;
696  }
697 
698  // Delete target permissions
699  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
700  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
701  $res = $ilDB->manipulate($query);
702 
703  foreach ($operations as $row => $op) {
704  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
705  'VALUES (' .
706  $ilDB->quote($a_dest_id, 'integer') . "," .
707  $ilDB->quote($op['type'], 'text') . "," .
708  $ilDB->quote($op['ops_id'], 'integer') . "," .
709  $ilDB->quote($a_dest_parent, 'integer') . ")";
710  $ilDB->manipulate($query);
711  }
712 
713  // copy also protection status if applicable
714  if ($a_consider_protected == true) {
715  if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
716  $this->setProtected($a_dest_parent, $a_dest_id, 'y');
717  }
718  }
719 
720  return true;
721  }
735  public function copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
736  {
737  global $DIC;
738 
739  $rbacreview = $DIC['rbacreview'];
740  $ilDB = $DIC['ilDB'];
741 
742  if (!isset($a_source1_id) or !isset($a_source1_parent)
743  or !isset($a_source2_id) or !isset($a_source2_parent)
744  or !isset($a_dest_id) or !isset($a_dest_parent)) {
745  $message = get_class($this) . "::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
746  " source1_parent: " . $a_source1_parent .
747  " source2_id: " . $a_source2_id .
748  " source2_parent: " . $a_source2_parent .
749  " dest_id: " . $a_dest_id .
750  " dest_parent_id: " . $a_dest_parent;
751  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
752  }
753 
754  // exclude system role from rbac
755  if ($a_dest_id == SYSTEM_ROLE_ID) {
756  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
757  return true;
758  }
759 
760  if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
761  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': Role is protected');
762  return true;
763  }
764 
765  $query = "SELECT s1.type, s1.ops_id " .
766  "FROM rbac_templates s1, rbac_templates s2 " .
767  "WHERE s1.rol_id = " . $ilDB->quote($a_source1_id, 'integer') . " " .
768  "AND s1.parent = " . $ilDB->quote($a_source1_parent, 'integer') . " " .
769  "AND s2.rol_id = " . $ilDB->quote($a_source2_id, 'integer') . " " .
770  "AND s2.parent = " . $ilDB->quote($a_source2_parent, 'integer') . " " .
771  "AND s1.type = s2.type " .
772  "AND s1.ops_id = s2.ops_id";
773 
774  ilLoggerFactory::getLogger('ac')->dump($query);
775 
776  $res = $ilDB->query($query);
777  $operations = array();
778  $rowNum = 0;
779  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
780  $operations[$rowNum]['type'] = $row->type;
781  $operations[$rowNum]['ops_id'] = $row->ops_id;
782 
783  $rowNum++;
784  }
785 
786  // Delete template permissions of target
787  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
788  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
789  $res = $ilDB->manipulate($query);
790 
791  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
792  'VALUES (?,?,?,?)';
793  $sta = $ilDB->prepareManip($query, array('integer','text','integer','integer'));
794  foreach ($operations as $key => $set) {
795  $ilDB->execute($sta, array(
796  $a_dest_id,
797  $set['type'],
798  $set['ops_id'],
799  $a_dest_parent));
800  }
801  return true;
802  }
803 
815  public function copyRolePermissionUnion(
816  $a_source1_id,
817  $a_source1_parent,
818  $a_source2_id,
819  $a_source2_parent,
820  $a_dest_id,
821  $a_dest_parent
822  ) {
823  global $DIC;
824 
825  $ilDB = $DIC['ilDB'];
826  $rbacreview = $DIC['rbacreview'];
827 
828 
829  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
830  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
831 
832  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
833 
834  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s1_ops, true));
835  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s2_ops, true));
836 
837  foreach ($s1_ops as $type => $ops) {
838  foreach ($ops as $op) {
839  // insert all permission of source 1
840  // #15469
841  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
842  'VALUES( ' .
843  $ilDB->quote($a_dest_id, 'integer') . ', ' .
844  $ilDB->quote($type, 'text') . ', ' .
845  $ilDB->quote($op, 'integer') . ', ' .
846  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
847  ')';
848  $ilDB->manipulate($query);
849  }
850  }
851 
852  // and the other direction...
853  foreach ($s2_ops as $type => $ops) {
854  foreach ($ops as $op) {
855  if (!isset($s1_ops[$type]) or !in_array($op, $s1_ops[$type])) {
856  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
857  'VALUES( ' .
858  $ilDB->quote($a_dest_id, 'integer') . ', ' .
859  $ilDB->quote($type, 'text') . ', ' .
860  $ilDB->quote($op, 'integer') . ', ' .
861  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
862  ')';
863  $ilDB->manipulate($query);
864  }
865  }
866  }
867 
868  return true;
869  }
870 
878  public function copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
879  {
880  global $DIC;
881 
882  $rbacreview = $DIC['rbacreview'];
883  $ilDB = $DIC['ilDB'];
884 
885  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
886  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
887 
888  foreach ($s1_ops as $type => $ops) {
889  foreach ($ops as $op) {
890  if (isset($d_ops[$type]) and in_array($op, $d_ops[$type])) {
891  $query = 'DELETE FROM rbac_templates ' .
892  'WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
893  'AND type = ' . $ilDB->quote($type, 'text') . ' ' .
894  'AND ops_id = ' . $ilDB->quote($op, 'integer') . ' ' .
895  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
896  $ilDB->manipulate($query);
897  }
898  }
899  }
900  return true;
901  }
902 
903 
914  public function deleteRolePermission($a_rol_id, $a_ref_id, $a_type = false)
915  {
916  global $DIC;
917 
918  $ilDB = $DIC['ilDB'];
919 
920  if (!isset($a_rol_id) or !isset($a_ref_id)) {
921  $message = get_class($this) . "::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . " ref_id: " . $a_ref_id;
922  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
923  }
924 
925  // exclude system role from rbac
926  if ($a_rol_id == SYSTEM_ROLE_ID) {
927  return true;
928  }
929 
930  if ($a_type !== false) {
931  $and_type = " AND type=" . $ilDB->quote($a_type, 'text') . " ";
932  }
933 
934  $query = 'DELETE FROM rbac_templates ' .
935  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
936  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
937  $and_type;
938 
939  $res = $ilDB->manipulate($query);
940 
941  return true;
942  }
943 
954  public function setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
955  {
956  global $DIC;
957 
958  $ilDB = $DIC['ilDB'];
959 
960  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id)) {
961  $message = get_class($this) . "::setRolePermission(): Missing parameter!" .
962  " role_id: " . $a_rol_id .
963  " type: " . $a_type .
964  " operations: " . $a_ops .
965  " ref_id: " . $a_ref_id;
966  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
967  }
968 
969  if (!is_string($a_type) or empty($a_type)) {
970  $message = get_class($this) . "::setRolePermission(): a_type is no string or empty!";
971  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
972  }
973 
974  if (!is_array($a_ops) or empty($a_ops)) {
975  $message = get_class($this) . "::setRolePermission(): a_ops is no array or empty!";
976  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
977  }
978 
979  // exclude system role from rbac
980  if ($a_rol_id == SYSTEM_ROLE_ID) {
981  return true;
982  }
983 
984  foreach ($a_ops as $op) {
985  $ilDB->replace(
986  'rbac_templates',
987  [
988  'rol_id' => ['integer', $a_rol_id],
989  'type' => ['text', $a_type],
990  'ops_id' => ['integer', $op],
991  'parent' => ['integer', $a_ref_id]
992  ],
993  []
994  );
995  }
996  return true;
997  }
998 
1012  public function assignRoleToFolder($a_rol_id, $a_parent, $a_assign = "y")
1013  {
1014  global $DIC;
1015 
1016  $ilDB = $DIC['ilDB'];
1017  $rbacreview = $DIC['rbacreview'];
1018 
1019  if (!isset($a_rol_id) or !isset($a_parent)) {
1020  $message = get_class($this) . "::assignRoleToFolder(): Missing Parameter!" .
1021  " role_id: " . $a_rol_id .
1022  " parent_id: " . $a_parent .
1023  " assign: " . $a_assign;
1024  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1025  }
1026 
1027  // exclude system role from rbac
1028  if ($a_rol_id == SYSTEM_ROLE_ID) {
1029  return true;
1030  }
1031 
1032  // if a wrong value is passed, always set assign to "n"
1033  if ($a_assign != "y") {
1034  $a_assign = "n";
1035  }
1036 
1037  // check if already assigned
1038  $query = 'SELECT rol_id FROM rbac_fa ' .
1039  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
1040  'AND parent = ' . $ilDB->quote($a_parent, 'integer');
1041  $res = $ilDB->query($query);
1042  if ($res->numRows()) {
1043  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
1044  return false;
1045  }
1046 
1047  $query = sprintf(
1048  'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
1049  'VALUES (%s,%s,%s,%s)',
1050  $ilDB->quote($a_rol_id, 'integer'),
1051  $ilDB->quote($a_parent, 'integer'),
1052  $ilDB->quote($a_assign, 'text'),
1053  $ilDB->quote('n', 'text')
1054  );
1055  $res = $ilDB->manipulate($query);
1056 
1057  return true;
1058  }
1059 
1068  public function assignOperationToObject($a_type_id, $a_ops_id)
1069  {
1070  global $DIC;
1071 
1072  $ilDB = $DIC['ilDB'];
1073 
1074  if (!isset($a_type_id) or !isset($a_ops_id)) {
1075  $message = get_class($this) . "::assignOperationToObject(): Missing parameter!" .
1076  "type_id: " . $a_type_id .
1077  "ops_id: " . $a_ops_id;
1078  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1079  }
1080 
1081  $query = "INSERT INTO rbac_ta (typ_id, ops_id) " .
1082  "VALUES(" . $ilDB->quote($a_type_id, 'integer') . "," . $ilDB->quote($a_ops_id, 'integer') . ")";
1083  $res = $ilDB->manipulate($query);
1084  return true;
1085  }
1086 
1095  public function deassignOperationFromObject($a_type_id, $a_ops_id)
1096  {
1097  global $DIC;
1098 
1099  $ilDB = $DIC['ilDB'];
1100 
1101  if (!isset($a_type_id) or !isset($a_ops_id)) {
1102  $message = get_class($this) . "::deassignPermissionFromObject(): Missing parameter!" .
1103  "type_id: " . $a_type_id .
1104  "ops_id: " . $a_ops_id;
1105  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1106  }
1107 
1108  $query = "DELETE FROM rbac_ta " .
1109  "WHERE typ_id = " . $ilDB->quote($a_type_id, 'integer') . " " .
1110  "AND ops_id = " . $ilDB->quote($a_ops_id, 'integer');
1111  $res = $ilDB->manipulate($query);
1112 
1113  return true;
1114  }
1115 
1124  public function setProtected($a_ref_id, $a_role_id, $a_value)
1125  {
1126  global $DIC;
1127 
1128  $ilDB = $DIC['ilDB'];
1129 
1130  // ref_id not used yet. protected permission acts 'global' for each role,
1131  // regardless of any broken inheritance before
1132  $query = 'UPDATE rbac_fa ' .
1133  'SET protected = ' . $ilDB->quote($a_value, 'text') . ' ' .
1134  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer');
1135  $res = $ilDB->manipulate($query);
1136  return true;
1137  }
1138 
1149  public function copyLocalRoles($a_source_id, $a_target_id)
1150  {
1151  global $DIC;
1152 
1153  $rbacreview = $DIC['rbacreview'];
1154  $ilLog = $DIC['ilLog'];
1155  $ilObjDataCache = $DIC['ilObjDataCache'];
1156 
1157  $real_local = array();
1158  foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
1159  $title = $ilObjDataCache->lookupTitle($role_data);
1160  if (substr($title, 0, 3) == 'il_') {
1161  continue;
1162  }
1163  $real_local[] = $role_data;
1164  }
1165  if (!count($real_local)) {
1166  return true;
1167  }
1168  // Create role folder
1169  foreach ($real_local as $role) {
1170  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
1171  $orig = new ilObjRole($role);
1172  $orig->read();
1173 
1174  $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
1175  $roleObj = new ilObjRole();
1176  $roleObj->setTitle($orig->getTitle());
1177  $roleObj->setDescription($orig->getDescription());
1178  $roleObj->setImportId($orig->getImportId());
1179  $roleObj->create();
1180 
1181  $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
1182  $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
1183  $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
1184  }
1185  }
1186 
1197  public function initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
1198  {
1199  global $DIC;
1200 
1201  $rbacreview = $DIC['rbacreview'];
1202 
1203  if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
1204  // Assign object permissions
1205  $new_ops = $rbacreview->getOperationsOfRole(
1206  $a_role_id,
1207  ilObject::_lookupType($a_ref_id, true),
1208  $a_role_parent
1209  );
1210 
1211  // set new permissions for object
1212  $this->grantPermission(
1213  $a_role_id,
1214  (array) $new_ops,
1215  $a_ref_id
1216  );
1217  return;
1218  }
1219  if (!$a_template_id) {
1220  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1221  return;
1222  }
1223  // create template permission intersection
1224  $this->copyRolePermissionIntersection(
1225  $a_template_id,
1226  $a_template_parent,
1227  $a_role_id,
1228  $a_role_parent,
1229  $a_ref_id,
1230  $a_role_id
1231  );
1232 
1233  // assign role to folder
1234  $this->assignRoleToFolder(
1235  $a_role_id,
1236  $a_ref_id,
1237  'n'
1238  );
1239 
1240  // Assign object permissions
1241  $new_ops = $rbacreview->getOperationsOfRole(
1242  $a_role_id,
1243  ilObject::_lookupType($a_ref_id, true),
1244  $a_ref_id
1245  );
1246 
1247  // revoke existing permissions
1248  $this->revokePermission($a_ref_id, $a_role_id);
1249 
1250  // set new permissions for object
1251  $this->grantPermission(
1252  $a_role_id,
1253  (array) $new_ops,
1254  $a_ref_id
1255  );
1256 
1257  return;
1258  }
1259 
1267  protected function applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
1268  {
1269  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1270  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1271  if (!$tpl_id) {
1272  return;
1273  }
1274  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1275  foreach (ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1276  if ($action instanceof ilDidacticTemplateLocalRoleAction) {
1277  continue;
1278  }
1279  $action->setRefId($a_ref_id);
1280  $action->apply();
1281  }
1282  return;
1283  }
1284 
1285 
1297  public function adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
1298  {
1299  global $DIC;
1300 
1301  $rbacreview = $DIC['rbacreview'];
1302  $tree = $DIC['tree'];
1303  $ilLog = $DIC['ilLog'];
1304 
1305  $new_parent = $tree->getParentId($a_ref_id);
1306  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false);
1307  $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
1308 
1309  $for_addition = $for_deletion = array();
1310  foreach ($new_context_roles as $new_role_id => $new_role) {
1311  if (!isset($old_context_roles[$new_role_id])) {
1312  $for_addition[$new_role_id] = $new_role;
1313  } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
1314  // handle stopped inheritance
1315  $for_deletion[$new_role_id] = $new_role;
1316  $for_addition[$new_role_id] = $new_role;
1317  }
1318  }
1319  foreach ($old_context_roles as $old_role_id => $old_role) {
1320  if (!isset($new_context_roles[$old_role_id])) {
1321  $for_deletion[$old_role_id] = $old_role;
1322  }
1323  }
1324 
1325  if (!count($for_deletion) and !count($for_addition)) {
1326  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1327  return true;
1328  }
1329 
1330  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1331  $rbac_log_active = ilRbacLog::isActive();
1332  if ($rbac_log_active) {
1333  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1334  }
1335 
1336  foreach ($nodes = $tree->getSubTree($tree->getNodeData($a_ref_id), true) as $node_data) {
1337  $node_id = $node_data['child'];
1338 
1339  if ($rbac_log_active) {
1340  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1341  }
1342 
1343  // If $node_data['type'] is not set, this means there is a tree entry without
1344  // object_reference and/or object_data entry
1345  // Continue in this case
1346  if (!$node_data['type']) {
1347  $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
1348  continue;
1349  }
1350 
1351  if (!$node_id) {
1352  $ilLog->write(__METHOD__ . ': Missing subtree node_id');
1353  continue;
1354  }
1355 
1356  foreach ($for_deletion as $role_id => $role_data) {
1357  $this->deleteLocalRole($role_id, $node_id);
1358  $this->revokePermission($node_id, $role_id, false);
1359  //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
1360  }
1361  foreach ($for_addition as $role_id => $role_data) {
1362  switch ($node_data['type']) {
1363  case 'grp':
1364  include_once './Modules/Group/classes/class.ilObjGroup.php';
1365  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1366  $this->initIntersectionPermissions(
1367  $node_data['child'],
1368  $role_id,
1369  $role_data['parent'],
1370  $tpl_id,
1371  ROLE_FOLDER_ID
1372  );
1373  break;
1374 
1375  case 'crs':
1376  include_once './Modules/Course/classes/class.ilObjCourse.php';
1377  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1378  $this->initIntersectionPermissions(
1379  $node_data['child'],
1380  $role_id,
1381  $role_data['parent'],
1382  $tpl_id,
1383  ROLE_FOLDER_ID
1384  );
1385  break;
1386 
1387 
1388  default:
1389  $this->grantPermission(
1390  $role_id,
1391  $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']),
1392  $node_id
1393  );
1394  break;
1395 
1396 
1397  }
1398 
1399 
1400  //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
1401  }
1402 
1403  if ($rbac_log_active) {
1404  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1405  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1406  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1407  }
1408  }
1409 
1410  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1411  }
1412 } // END class.ilRbacAdmin
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1342
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1267
ilRbacAdmin\removeUser
removeUser($a_usr_id)
deletes a user from rbac_ua all user <-> role relations are deleted public
Definition: class.ilRbacAdmin.php:69
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:914
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
$action
$action
Definition: consentAdmin.php:140
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
ilRbacAdmin\deassignOperationFromObject
deassignOperationFromObject($a_type_id, $a_ops_id)
Deassign an existing operation from an object Update of rbac_ta public.
Definition: class.ilRbacAdmin.php:1095
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1678
ilRbacAdmin\revokeSubtreePermissions
revokeSubtreePermissions($a_ref_id, $a_role_id)
Revoke subtree permissions.
Definition: class.ilRbacAdmin.php:548
ilRbacAdmin\setBlockedStatus
setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
Set blocked status.
Definition: class.ilRbacAdmin.php:49
ilRbacAdmin\adjustMovedObjectPermissions
adjustMovedObjectPermissions($a_ref_id, $a_old_parent)
Adjust permissions of moved objects.
Definition: class.ilRbacAdmin.php:1297
ilDBInterface\in
in($field, $values, $negate=false, $type="")
ilRbacAdmin\copyRolePermissionUnion
copyRolePermissionUnion( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
<type> $ilDB
Definition: class.ilRbacAdmin.php:815
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
$log
$log
Definition: sabredav.php:21
ilRbacAdmin\deleteSubtreeTemplates
deleteSubtreeTemplates($a_ref_id, $a_rol_id)
Delete all template permissions of subtree nodes.
Definition: class.ilRbacAdmin.php:569
ilRbacAdmin\assignUser
assignUser($a_rol_id, $a_usr_id)
Assigns an user to a role.
Definition: class.ilRbacAdmin.php:281
ilRbacAdmin\setRolePermission
setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
Inserts template permissions in rbac_templates for an specific object type.
Definition: class.ilRbacAdmin.php:954
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:665
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
$ilErr
$ilErr
Definition: raiseError.php:18
ilRbacAdmin\deassignUser
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
Definition: class.ilRbacAdmin.php:341
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:174
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$a_type
$a_type
Definition: workflow.php:92
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1197
ilDBInterface\quote
quote($value, $type)
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
ilRbacAdmin\assignUserLimited
assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
Assign user limited.
Definition: class.ilRbacAdmin.php:212
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$lng
$lng
Definition: save_question_post_data.php:23
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:262
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1124
ilRbacAdmin\copyLocalRoles
copyLocalRoles($a_source_id, $a_target_id)
Copy local roles This method creates a copy of all local role.
Definition: class.ilRbacAdmin.php:1149
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:735
$query
$query
Definition: proxy_ylocal.php:13
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:389
ilRbacAdmin\revokePermissionList
revokePermissionList($a_ref_ids, $a_rol_id)
Revokes permissions of a LIST of objects of ONE role.
Definition: class.ilRbacAdmin.php:599
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilRbacAdmin\copyRolePermissionSubtract
copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
Subtract role permissions.
Definition: class.ilRbacAdmin.php:878
ilRbacAdmin\__construct
__construct()
Constructor public.
Definition: class.ilRbacAdmin.php:24
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:638
$row
$row
Definition: migrateto20.php:360
ilRbacAdmin\deleteRole
deleteRole($a_rol_id, $a_ref_id)
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
Definition: class.ilRbacAdmin.php:98
ilObjUser\_addDesktopItem
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user&#39;s personal desktop
Definition: class.ilObjUser.php:3139
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilRbacAdmin\assignOperationToObject
assignOperationToObject($a_type_id, $a_ops_id)
Assign an existing operation to an object Update of rbac_ta.
Definition: class.ilRbacAdmin.php:1068
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:456
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
Run a (read-only) Query on the database.
ilRbacAdmin\deleteTemplate
deleteTemplate($a_obj_id)
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public...
Definition: class.ilRbacAdmin.php:145
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:18
$key
$key
Definition: croninfo.php:18
ilDBInterface\manipulate
manipulate($query)
Run a (write) Query on the database.
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:1012
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:65