ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions
ilRbacAdmin Class Reference
Services/AccessControl

Class ilRbacAdmin Core functions for role based access control. More...

+ Collaboration diagram for ilRbacAdmin:

Public Member Functions

 __construct ()
 Constructor public. More...
 
 setBlockedStatus ($a_role_id, $a_ref_id, $a_blocked_status)
 Set blocked status. More...
 
 removeUser ($a_usr_id)
 deletes a user from rbac_ua all user <-> role relations are deleted public More...
 
 deleteRole ($a_rol_id, $a_ref_id)
 Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. More...
 
 deleteTemplate ($a_obj_id)
 Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public. More...
 
 deleteLocalRole ($a_rol_id, $a_ref_id=0)
 Deletes a local role and entries in rbac_fa and rbac_templates public. More...
 
 assignUserLimited ($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=array())
 Assign user limited. More...
 
 assignUser ($a_rol_id, $a_usr_id)
 Assigns an user to a role. More...
 
 deassignUser ($a_rol_id, $a_usr_id)
 Deassigns a user from a role. More...
 
 grantPermission ($a_rol_id, $a_ops, $a_ref_id)
 Grants a permission to an object and a specific role. More...
 
 revokePermission ($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
 Revokes permissions of an object of one role. More...
 
 revokeSubtreePermissions ($a_ref_id, $a_role_id)
 Revoke subtree permissions. More...
 
 deleteSubtreeTemplates ($a_ref_id, $a_rol_id)
 Delete all template permissions of subtree nodes. More...
 
 revokePermissionList ($a_ref_ids, $a_rol_id)
 Revokes permissions of a LIST of objects of ONE role. More...
 
 copyRolePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions and permission of one role to another. More...
 
 copyRoleTemplatePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions of one role to another. More...
 
 copyRolePermissionIntersection ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
 Copies the intersection of the template permissions of two roles to a third role. More...
 
 copyRolePermissionUnion ( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
 <type> $ilDB More...
 
 copyRolePermissionSubtract ($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
 Subtract role permissions. More...
 
 deleteRolePermission ($a_rol_id, $a_ref_id, $a_type=false)
 Deletes all entries of a template. More...
 
 setRolePermission ($a_rol_id, $a_type, $a_ops, $a_ref_id)
 Inserts template permissions in rbac_templates for an specific object type. More...
 
 assignRoleToFolder ($a_rol_id, $a_parent, $a_assign="y")
 Assigns a role to an role folder A role folder is an object to store roles. More...
 
 assignOperationToObject ($a_type_id, $a_ops_id)
 Assign an existing operation to an object Update of rbac_ta. More...
 
 deassignOperationFromObject ($a_type_id, $a_ops_id)
 Deassign an existing operation from an object Update of rbac_ta public. More...
 
 setProtected ($a_ref_id, $a_role_id, $a_value)
 Set protected $ilDB. More...
 
 copyLocalRoles ($a_source_id, $a_target_id)
 Copy local roles This method creates a copy of all local role. More...
 
 initIntersectionPermissions ($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
 Init intersection permissions. More...
 
 adjustMovedObjectPermissions ($a_ref_id, $a_old_parent)
 Adjust permissions of moved objects. More...
 

Protected Member Functions

 addDesktopItem ($a_rol_id, $a_usr_id)
 Add desktop item. More...
 
 applyMovedObjectDidacticTemplates ($a_ref_id, $a_old_parent)
 Apply didactic templates after object movement. More...
 

Detailed Description

Class ilRbacAdmin Core functions for role based access control.

Creation and maintenance of Relations. The main relations of Rbac are user <-> role (UR) assignment relation and the permission <-> role (PR) assignment relation. This class contains methods to 'create' and 'delete' instances of the (UR) relation e.g.: assignUser(), deassignUser() Required methods for the PR relation are grantPermission(), revokePermission()

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 18 of file class.ilRbacAdmin.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacAdmin::__construct ( )

Constructor public.

Definition at line 24 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $ilErr, if, and PEAR_ERROR_CALLBACK.

25  {
26  global $DIC;
27 
28  $ilDB = $DIC['ilDB'];
29  $ilErr = $DIC['ilErr'];
30  $ilias = $DIC['ilias'];
31 
32  // set db & error handler
33  (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
34 
35  if (!isset($ilErr)) {
36  $ilErr = new ilErrorHandling();
37  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
38  } else {
39  $this->ilErr = &$ilErr;
40  }
41  }
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
$DIC
global $DIC
Definition: saml.php:7
$ilErr
$ilErr
Definition: raiseError.php:18
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

Member Function Documentation

◆ addDesktopItem()

ilRbacAdmin::addDesktopItem (   $a_rol_id,
  $a_usr_id 
)
protected

Add desktop item.

Parameters
type$a_rol_id
type$a_usr_id

Definition at line 262 of file class.ilRbacAdmin.php.

References ilObjUser\_addDesktopItem().

Referenced by assignUser(), and assignUserLimited().

263  {
264  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
265  $role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
266  foreach ($role_desk_item_obj->getAll() as $item_data) {
267  include_once './Services/User/classes/class.ilObjUser.php';
268  ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
269  }
270  }
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilObjUser\_addDesktopItem
static _addDesktopItem($a_usr_id, $a_item_id, $a_type, $a_par="")
add an item to user&#39;s personal desktop
Definition: class.ilObjUser.php:3139
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ adjustMovedObjectPermissions()

ilRbacAdmin::adjustMovedObjectPermissions (   $a_ref_id,
  $a_old_parent 
)

Adjust permissions of moved objects.

  • Delete permissions of parent roles that do not exist in new context
  • Delete role templates of parent roles that do not exist in new context
  • Add permissions for parent roles that did not exist in old context

public

Parameters
intref id of moved object
intref_id of old parent

Definition at line 1297 of file class.ilRbacAdmin.php.

References $DIC, $ilLog, $log, $nodes, $tree, ilRbacLog\add(), applyMovedObjectDidacticTemplates(), deleteLocalRole(), ilRbacLog\diffFaPa(), ilRbacLog\gatherFaPa(), grantPermission(), initIntersectionPermissions(), ilRbacLog\isActive(), ilObjCourse\lookupCourseNonMemberTemplatesId(), ilObjGroup\lookupGroupStatusTemplateId(), ilRbacLog\MOVE_OBJECT, and revokePermission().

1298  {
1299  global $DIC;
1300 
1301  $rbacreview = $DIC['rbacreview'];
1302  $tree = $DIC['tree'];
1303  $ilLog = $DIC['ilLog'];
1304 
1305  $new_parent = $tree->getParentId($a_ref_id);
1306  $old_context_roles = $rbacreview->getParentRoleIds($a_old_parent, false);
1307  $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
1308 
1309  $for_addition = $for_deletion = array();
1310  foreach ($new_context_roles as $new_role_id => $new_role) {
1311  if (!isset($old_context_roles[$new_role_id])) {
1312  $for_addition[$new_role_id] = $new_role;
1313  } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
1314  // handle stopped inheritance
1315  $for_deletion[$new_role_id] = $new_role;
1316  $for_addition[$new_role_id] = $new_role;
1317  }
1318  }
1319  foreach ($old_context_roles as $old_role_id => $old_role) {
1320  if (!isset($new_context_roles[$old_role_id])) {
1321  $for_deletion[$old_role_id] = $old_role;
1322  }
1323  }
1324 
1325  if (!count($for_deletion) and !count($for_addition)) {
1326  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1327  return true;
1328  }
1329 
1330  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1331  $rbac_log_active = ilRbacLog::isActive();
1332  if ($rbac_log_active) {
1333  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1334  }
1335 
1336  foreach ($nodes = $tree->getSubTree($tree->getNodeData($a_ref_id), true) as $node_data) {
1337  $node_id = $node_data['child'];
1338 
1339  if ($rbac_log_active) {
1340  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1341  }
1342 
1343  // If $node_data['type'] is not set, this means there is a tree entry without
1344  // object_reference and/or object_data entry
1345  // Continue in this case
1346  if (!$node_data['type']) {
1347  $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
1348  continue;
1349  }
1350 
1351  if (!$node_id) {
1352  $ilLog->write(__METHOD__ . ': Missing subtree node_id');
1353  continue;
1354  }
1355 
1356  foreach ($for_deletion as $role_id => $role_data) {
1357  $this->deleteLocalRole($role_id, $node_id);
1358  $this->revokePermission($node_id, $role_id, false);
1359  //var_dump("<pre>",'REVOKE',$role_id,$node_id,$rolf_id,"</pre>");
1360  }
1361  foreach ($for_addition as $role_id => $role_data) {
1362  switch ($node_data['type']) {
1363  case 'grp':
1364  include_once './Modules/Group/classes/class.ilObjGroup.php';
1365  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1366  $this->initIntersectionPermissions(
1367  $node_data['child'],
1368  $role_id,
1369  $role_data['parent'],
1370  $tpl_id,
1371  ROLE_FOLDER_ID
1372  );
1373  break;
1374 
1375  case 'crs':
1376  include_once './Modules/Course/classes/class.ilObjCourse.php';
1377  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1378  $this->initIntersectionPermissions(
1379  $node_data['child'],
1380  $role_id,
1381  $role_data['parent'],
1382  $tpl_id,
1383  ROLE_FOLDER_ID
1384  );
1385  break;
1386 
1387 
1388  default:
1389  $this->grantPermission(
1390  $role_id,
1391  $ops = $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_data['parent']),
1392  $node_id
1393  );
1394  break;
1395 
1396 
1397  }
1398 
1399 
1400  //var_dump("<pre>",'GRANT',$role_id,$ops,$role_id,$node_data['type'],$role_data['parent'],"</pre>");
1401  }
1402 
1403  if ($rbac_log_active) {
1404  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1405  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1406  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1407  }
1408  }
1409 
1410  $this->applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent);
1411  }
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1342
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1267
$DIC
global $DIC
Definition: saml.php:7
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1678
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
$log
$log
Definition: sabredav.php:21
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:174
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1197
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:389
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:456
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
+ Here is the call graph for this function:

◆ applyMovedObjectDidacticTemplates()

ilRbacAdmin::applyMovedObjectDidacticTemplates (   $a_ref_id,
  $a_old_parent 
)
protected

Apply didactic templates after object movement.

Parameters
int$a_ref_id
int$a_old_parent
Deprecated:
since version 5.1.0 will be removed with 5.4 and implemented using event handler

Definition at line 1267 of file class.ilRbacAdmin.php.

References $action, ilDidacticTemplateActionFactory\getActionsByTemplateId(), and ilDidacticTemplateObjSettings\lookupTemplateId().

Referenced by adjustMovedObjectPermissions().

1268  {
1269  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1270  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1271  if (!$tpl_id) {
1272  return;
1273  }
1274  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1275  foreach (ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1276  if ($action instanceof ilDidacticTemplateLocalRoleAction) {
1277  continue;
1278  }
1279  $action->setRefId($a_ref_id);
1280  $action->apply();
1281  }
1282  return;
1283  }
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
$action
$action
Definition: consentAdmin.php:140
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignOperationToObject()

ilRbacAdmin::assignOperationToObject (   $a_type_id,
  $a_ops_id 
)

Assign an existing operation to an object Update of rbac_ta.

public

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1068 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

1069  {
1070  global $DIC;
1071 
1072  $ilDB = $DIC['ilDB'];
1073 
1074  if (!isset($a_type_id) or !isset($a_ops_id)) {
1075  $message = get_class($this) . "::assignOperationToObject(): Missing parameter!" .
1076  "type_id: " . $a_type_id .
1077  "ops_id: " . $a_ops_id;
1078  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1079  }
1080 
1081  $query = "INSERT INTO rbac_ta (typ_id, ops_id) " .
1082  "VALUES(" . $ilDB->quote($a_type_id, 'integer') . "," . $ilDB->quote($a_ops_id, 'integer') . ")";
1083  $res = $ilDB->manipulate($query);
1084  return true;
1085  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ assignRoleToFolder()

ilRbacAdmin::assignRoleToFolder (   $a_rol_id,
  $a_parent,
  $a_assign = "y" 
)

Assigns a role to an role folder A role folder is an object to store roles.

Every role is assigned to minimum one role folder If the inheritance of a role is stopped, a new role template will created, and the role is assigned to minimum two role folders. All roles with stopped inheritance need the flag '$a_assign = false'

public

Parameters
integerobject id of role
integerref_id of role folder
stringassignable('y','n'); default: 'y'
Returns
boolean

Definition at line 1012 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, and ilLoggerFactory\getLogger().

Referenced by copyLocalRoles(), and initIntersectionPermissions().

1013  {
1014  global $DIC;
1015 
1016  $ilDB = $DIC['ilDB'];
1017  $rbacreview = $DIC['rbacreview'];
1018 
1019  if (!isset($a_rol_id) or !isset($a_parent)) {
1020  $message = get_class($this) . "::assignRoleToFolder(): Missing Parameter!" .
1021  " role_id: " . $a_rol_id .
1022  " parent_id: " . $a_parent .
1023  " assign: " . $a_assign;
1024  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1025  }
1026 
1027  // exclude system role from rbac
1028  if ($a_rol_id == SYSTEM_ROLE_ID) {
1029  return true;
1030  }
1031 
1032  // if a wrong value is passed, always set assign to "n"
1033  if ($a_assign != "y") {
1034  $a_assign = "n";
1035  }
1036 
1037  // check if already assigned
1038  $query = 'SELECT rol_id FROM rbac_fa ' .
1039  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
1040  'AND parent = ' . $ilDB->quote($a_parent, 'integer');
1041  $res = $ilDB->query($query);
1042  if ($res->numRows()) {
1043  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
1044  return false;
1045  }
1046 
1047  $query = sprintf(
1048  'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
1049  'VALUES (%s,%s,%s,%s)',
1050  $ilDB->quote($a_rol_id, 'integer'),
1051  $ilDB->quote($a_parent, 'integer'),
1052  $ilDB->quote($a_assign, 'text'),
1053  $ilDB->quote('n', 'text')
1054  );
1055  $res = $ilDB->manipulate($query);
1056 
1057  return true;
1058  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignUser()

ilRbacAdmin::assignUser (   $a_rol_id,
  $a_usr_id 
)

Assigns an user to a role.

Update of table rbac_ua

Parameters
int$a_rol_idObject-ID of role
int$a_usr_idObject-ID of user
Returns
boolean

Definition at line 281 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $message, $query, $res, $type, ilLDAPRoleGroupMapping\_getInstance(), ilObject\_lookupObjId(), ilObject\_lookupType(), addDesktopItem(), and ilLoggerFactory\getInstance().

282  {
283  global $DIC;
284 
285  $ilDB = $DIC['ilDB'];
286  $rbacreview = $DIC['rbacreview'];
287 
288  if (!isset($a_rol_id) or !isset($a_usr_id)) {
289  $message = get_class($this) . "::assignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
290  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
291  }
292 
293  // check if already assigned user id and role_id
294  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
295 
296  // enhanced: only if we haven't had this role for this user
297  if (!$alreadyAssigned) {
298  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
299  "VALUES (" . $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_rol_id, 'integer') . ")";
300  $res = $ilDB->manipulate($query);
301 
302  $this->addDesktopItem($a_rol_id, $a_usr_id);
303 
304  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, true);
305  }
306 
307  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
308  $mapping = ilLDAPRoleGroupMapping::_getInstance();
309  $mapping->assign($a_rol_id, $a_usr_id);
310 
311 
312  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
313  $obj_id = ilObject::_lookupObjId($ref_id);
314  $type = ilObject::_lookupType($obj_id);
315 
316  if (!$alreadyAssigned) {
317  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
318  $GLOBALS['DIC']['ilAppEventHandler']->raise(
319  'Services/AccessControl',
320  'assignUser',
321  array(
322  'obj_id' => $obj_id,
323  'usr_id' => $a_usr_id,
324  'role_id' => $a_rol_id,
325  'type' => $type
326  )
327  );
328  }
329  return true;
330  }
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:262
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
$query
$query
Definition: proxy_ylocal.php:13
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
+ Here is the call graph for this function:

◆ assignUserLimited()

ilRbacAdmin::assignUserLimited (   $a_role_id,
  $a_usr_id,
  $a_limit,
  $a_limited_roles = array() 
)

Assign user limited.

Parameters
type$a_role_id
type$a_usr_id
type$a_limit

Definition at line 212 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $query, $res, $ret, $row, ilLDAPRoleGroupMapping\_getInstance(), addDesktopItem(), ilDBConstants\FETCHMODE_OBJECT, ilDBInterface\in(), ilDBInterface\manipulate(), ilDBInterface\query(), and ilDBInterface\quote().

213  {
214  global $DIC;
215 
216  $ilDB = $DIC['ilDB'];
217 
218  $ilAtomQuery = $ilDB->buildAtomQuery();
219  $ilAtomQuery->addTableLock('rbac_ua');
220 
221  $ilAtomQuery->addQueryCallable(
222  function (ilDBInterface $ilDB) use (&$ret, $a_role_id, $a_usr_id,$a_limit, $a_limited_roles) {
223  $ret = true;
224  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua ' .
225  'WHERE ' . $ilDB->in('rol_id', (array) $a_limited_roles, false, 'integer');
226  $res = $ilDB->query($limit_query);
227  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
228  if ($row->num >= $a_limit) {
229  $ret = false;
230  return;
231  }
232 
233  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
234  "VALUES (" .
235  $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_role_id, 'integer') .
236  ")";
237  $res = $ilDB->manipulate($query);
238  }
239  );
240 
241  $ilAtomQuery->run();
242 
243  if (!$ret) {
244  return false;
245  }
246 
247  $GLOBALS['DIC']['rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, true);
248 
249  $this->addDesktopItem($a_role_id, $a_usr_id);
250 
251  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
252  $mapping = ilLDAPRoleGroupMapping::_getInstance();
253  $mapping->assign($a_role_id, $a_usr_id);
254  return true;
255  }
$DIC
global $DIC
Definition: saml.php:7
ilDBInterface\in
in($field, $values, $negate=false, $type="")
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
ilDBInterface\quote
quote($value, $type)
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\addDesktopItem
addDesktopItem($a_rol_id, $a_usr_id)
Add desktop item.
Definition: class.ilRbacAdmin.php:262
$query
$query
Definition: proxy_ylocal.php:13
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
Run a (read-only) Query on the database.
ilDBInterface\manipulate
manipulate($query)
Run a (write) Query on the database.
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
+ Here is the call graph for this function:

◆ copyLocalRoles()

ilRbacAdmin::copyLocalRoles (   $a_source_id,
  $a_target_id 
)

Copy local roles This method creates a copy of all local role.

Note: auto generated roles are excluded

public

Parameters
intsource id of object (not role folder)
inttarget id of object

Definition at line 1149 of file class.ilRbacAdmin.php.

References $DIC, $ilLog, $title, assignRoleToFolder(), and copyRolePermissions().

1150  {
1151  global $DIC;
1152 
1153  $rbacreview = $DIC['rbacreview'];
1154  $ilLog = $DIC['ilLog'];
1155  $ilObjDataCache = $DIC['ilObjDataCache'];
1156 
1157  $real_local = array();
1158  foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
1159  $title = $ilObjDataCache->lookupTitle($role_data);
1160  if (substr($title, 0, 3) == 'il_') {
1161  continue;
1162  }
1163  $real_local[] = $role_data;
1164  }
1165  if (!count($real_local)) {
1166  return true;
1167  }
1168  // Create role folder
1169  foreach ($real_local as $role) {
1170  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
1171  $orig = new ilObjRole($role);
1172  $orig->read();
1173 
1174  $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
1175  $roleObj = new ilObjRole();
1176  $roleObj->setTitle($orig->getTitle());
1177  $roleObj->setDescription($orig->getDescription());
1178  $roleObj->setImportId($orig->getImportId());
1179  $roleObj->create();
1180 
1181  $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
1182  $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
1183  $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
1184  }
1185  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$DIC
global $DIC
Definition: saml.php:7
$ilLog
$ilLog
Definition: inc.setup_header.php:123
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:638
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:1012
+ Here is the call graph for this function:

◆ copyRolePermissionIntersection()

ilRbacAdmin::copyRolePermissionIntersection (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_parent,
  $a_dest_id 
)

Copies the intersection of the template permissions of two roles to a third role.

public

Parameters
integer$a_source1_idrole_id source
integer$a_source1_parentparent_id source
integer$a_source2_idrole_id source
integer$a_source2_parentparent_id source
integer$a_dest_idrole_id destination
integer$a_dest_parentparent_id destination
Returns
boolean

Definition at line 735 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $key, $message, $query, $res, $row, ilDBConstants\FETCHMODE_OBJECT, and ilLoggerFactory\getLogger().

Referenced by initIntersectionPermissions().

736  {
737  global $DIC;
738 
739  $rbacreview = $DIC['rbacreview'];
740  $ilDB = $DIC['ilDB'];
741 
742  if (!isset($a_source1_id) or !isset($a_source1_parent)
743  or !isset($a_source2_id) or !isset($a_source2_parent)
744  or !isset($a_dest_id) or !isset($a_dest_parent)) {
745  $message = get_class($this) . "::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
746  " source1_parent: " . $a_source1_parent .
747  " source2_id: " . $a_source2_id .
748  " source2_parent: " . $a_source2_parent .
749  " dest_id: " . $a_dest_id .
750  " dest_parent_id: " . $a_dest_parent;
751  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
752  }
753 
754  // exclude system role from rbac
755  if ($a_dest_id == SYSTEM_ROLE_ID) {
756  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
757  return true;
758  }
759 
760  if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
761  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': Role is protected');
762  return true;
763  }
764 
765  $query = "SELECT s1.type, s1.ops_id " .
766  "FROM rbac_templates s1, rbac_templates s2 " .
767  "WHERE s1.rol_id = " . $ilDB->quote($a_source1_id, 'integer') . " " .
768  "AND s1.parent = " . $ilDB->quote($a_source1_parent, 'integer') . " " .
769  "AND s2.rol_id = " . $ilDB->quote($a_source2_id, 'integer') . " " .
770  "AND s2.parent = " . $ilDB->quote($a_source2_parent, 'integer') . " " .
771  "AND s1.type = s2.type " .
772  "AND s1.ops_id = s2.ops_id";
773 
774  ilLoggerFactory::getLogger('ac')->dump($query);
775 
776  $res = $ilDB->query($query);
777  $operations = array();
778  $rowNum = 0;
779  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
780  $operations[$rowNum]['type'] = $row->type;
781  $operations[$rowNum]['ops_id'] = $row->ops_id;
782 
783  $rowNum++;
784  }
785 
786  // Delete template permissions of target
787  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
788  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
789  $res = $ilDB->manipulate($query);
790 
791  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
792  'VALUES (?,?,?,?)';
793  $sta = $ilDB->prepareManip($query, array('integer','text','integer','integer'));
794  foreach ($operations as $key => $set) {
795  $ilDB->execute($sta, array(
796  $a_dest_id,
797  $set['type'],
798  $set['ops_id'],
799  $a_dest_parent));
800  }
801  return true;
802  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
$key
$key
Definition: croninfo.php:18
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissions()

ilRbacAdmin::copyRolePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions and permission of one role to another.

public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 638 of file class.ilRbacAdmin.php.

References $DIC, $tree, copyRoleTemplatePermissions(), grantPermission(), and revokePermission().

Referenced by copyLocalRoles().

639  {
640  global $DIC;
641 
642  $tree = $DIC['tree'];
643  $rbacreview = $DIC['rbacreview'];
644 
645  // Copy template permissions
646  $this->copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected);
647 
648  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
649 
650  $this->revokePermission($a_dest_parent, $a_dest_id);
651  $this->grantPermission($a_dest_id, $ops, $a_dest_parent);
652  return true;
653  }
$DIC
global $DIC
Definition: saml.php:7
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:665
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:389
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:456
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissionSubtract()

ilRbacAdmin::copyRolePermissionSubtract (   $a_source_id,
  $a_source_parent,
  $a_dest_id,
  $a_dest_parent 
)

Subtract role permissions.

Parameters
type$a_source_id
type$a_source_parent
type$a_dest_id
type$a_dest_parent

Definition at line 878 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, and $type.

879  {
880  global $DIC;
881 
882  $rbacreview = $DIC['rbacreview'];
883  $ilDB = $DIC['ilDB'];
884 
885  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
886  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
887 
888  foreach ($s1_ops as $type => $ops) {
889  foreach ($ops as $op) {
890  if (isset($d_ops[$type]) and in_array($op, $d_ops[$type])) {
891  $query = 'DELETE FROM rbac_templates ' .
892  'WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
893  'AND type = ' . $ilDB->quote($type, 'text') . ' ' .
894  'AND ops_id = ' . $ilDB->quote($op, 'integer') . ' ' .
895  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
896  $ilDB->manipulate($query);
897  }
898  }
899  }
900  return true;
901  }
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ copyRolePermissionUnion()

ilRbacAdmin::copyRolePermissionUnion (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_id,
  $a_dest_parent 
)

<type> $ilDB

Parameters
<type>$a_source1_id
<type>$a_source1_parent
<type>$a_source2_id
<type>$a_source2_parent
<type>$a_dest_id
<type>$a_dest_parent
Returns
<type>

Definition at line 815 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $query, $type, and deleteRolePermission().

822  {
823  global $DIC;
824 
825  $ilDB = $DIC['ilDB'];
826  $rbacreview = $DIC['rbacreview'];
827 
828 
829  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
830  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
831 
832  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
833 
834  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s1_ops, true));
835  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s2_ops, true));
836 
837  foreach ($s1_ops as $type => $ops) {
838  foreach ($ops as $op) {
839  // insert all permission of source 1
840  // #15469
841  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
842  'VALUES( ' .
843  $ilDB->quote($a_dest_id, 'integer') . ', ' .
844  $ilDB->quote($type, 'text') . ', ' .
845  $ilDB->quote($op, 'integer') . ', ' .
846  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
847  ')';
848  $ilDB->manipulate($query);
849  }
850  }
851 
852  // and the other direction...
853  foreach ($s2_ops as $type => $ops) {
854  foreach ($ops as $op) {
855  if (!isset($s1_ops[$type]) or !in_array($op, $s1_ops[$type])) {
856  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
857  'VALUES( ' .
858  $ilDB->quote($a_dest_id, 'integer') . ', ' .
859  $ilDB->quote($type, 'text') . ', ' .
860  $ilDB->quote($op, 'integer') . ', ' .
861  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
862  ')';
863  $ilDB->manipulate($query);
864  }
865  }
866  }
867 
868  return true;
869  }
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:914
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
+ Here is the call graph for this function:

◆ copyRoleTemplatePermissions()

ilRbacAdmin::copyRoleTemplatePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions of one role to another.

It's also possible to copy template permissions from/to RoleTemplateObject public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 665 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, $row, and setProtected().

Referenced by copyRolePermissions().

666  {
667  global $DIC;
668 
669  $rbacreview = $DIC['rbacreview'];
670  $ilDB = $DIC['ilDB'];
671 
672  if (!isset($a_source_id) or !isset($a_source_parent) or !isset($a_dest_id) or !isset($a_dest_parent)) {
673  $message = __METHOD__ . ": Missing parameter! source_id: " . $a_source_id .
674  " source_parent_id: " . $a_source_parent .
675  " dest_id : " . $a_dest_id .
676  " dest_parent_id: " . $a_dest_parent;
677  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
678  }
679 
680  // exclude system role from rbac
681  if ($a_dest_id == SYSTEM_ROLE_ID) {
682  return true;
683  }
684 
685  // Read operations
686  $query = 'SELECT * FROM rbac_templates ' .
687  'WHERE rol_id = ' . $ilDB->quote($a_source_id, 'integer') . ' ' .
688  'AND parent = ' . $ilDB->quote($a_source_parent, 'integer');
689  $res = $ilDB->query($query);
690  $operations = array();
691  $rownum = 0;
692  while ($row = $ilDB->fetchObject($res)) {
693  $operations[$rownum]['type'] = $row->type;
694  $operations[$rownum]['ops_id'] = $row->ops_id;
695  $rownum++;
696  }
697 
698  // Delete target permissions
699  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
700  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
701  $res = $ilDB->manipulate($query);
702 
703  foreach ($operations as $row => $op) {
704  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
705  'VALUES (' .
706  $ilDB->quote($a_dest_id, 'integer') . "," .
707  $ilDB->quote($op['type'], 'text') . "," .
708  $ilDB->quote($op['ops_id'], 'integer') . "," .
709  $ilDB->quote($a_dest_parent, 'integer') . ")";
710  $ilDB->manipulate($query);
711  }
712 
713  // copy also protection status if applicable
714  if ($a_consider_protected == true) {
715  if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
716  $this->setProtected($a_dest_parent, $a_dest_id, 'y');
717  }
718  }
719 
720  return true;
721  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1124
$query
$query
Definition: proxy_ylocal.php:13
$row
$row
Definition: migrateto20.php:360
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deassignOperationFromObject()

ilRbacAdmin::deassignOperationFromObject (   $a_type_id,
  $a_ops_id 
)

Deassign an existing operation from an object Update of rbac_ta public.

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1095 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

1096  {
1097  global $DIC;
1098 
1099  $ilDB = $DIC['ilDB'];
1100 
1101  if (!isset($a_type_id) or !isset($a_ops_id)) {
1102  $message = get_class($this) . "::deassignPermissionFromObject(): Missing parameter!" .
1103  "type_id: " . $a_type_id .
1104  "ops_id: " . $a_ops_id;
1105  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1106  }
1107 
1108  $query = "DELETE FROM rbac_ta " .
1109  "WHERE typ_id = " . $ilDB->quote($a_type_id, 'integer') . " " .
1110  "AND ops_id = " . $ilDB->quote($a_ops_id, 'integer');
1111  $res = $ilDB->manipulate($query);
1112 
1113  return true;
1114  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ deassignUser()

ilRbacAdmin::deassignUser (   $a_rol_id,
  $a_usr_id 
)

Deassigns a user from a role.

Update of table rbac_ua

Parameters
int$a_rol_idObject-ID of role
int$a_usr_idObject-ID of user
Returns
boolean true on success

Definition at line 341 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $message, $query, $res, $type, ilLDAPRoleGroupMapping\_getInstance(), ilObject\_lookupObjId(), ilObject\_lookupType(), and ilLoggerFactory\getInstance().

Referenced by removeUser().

342  {
343  global $DIC;
344 
345  $ilDB = $DIC['ilDB'];
346  $rbacreview = $DIC->rbac()->review();
347 
348  if (!isset($a_rol_id) or !isset($a_usr_id)) {
349  $message = get_class($this) . "::deassignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
350  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
351  }
352 
353  $query = "DELETE FROM rbac_ua " .
354  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . " " .
355  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
356  $res = $ilDB->manipulate($query);
357 
358  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, false);
359 
360  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
361  $mapping = ilLDAPRoleGroupMapping::_getInstance();
362  $mapping->deassign($a_rol_id, $a_usr_id);
363 
364  if ($res) {
365  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
366  $obj_id = ilObject::_lookupObjId($ref_id);
367  $type = ilObject::_lookupType($obj_id);
368 
369  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
370  $GLOBALS['DIC']['ilAppEventHandler']->raise('Services/AccessControl', 'deassignUser', array(
371  'obj_id' => $obj_id,
372  'usr_id' => $a_usr_id,
373  'role_id' => $a_rol_id,
374  'type' => $type,
375  ));
376  }
377 
378  return true;
379  }
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: saml.php:7
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
$query
$query
Definition: proxy_ylocal.php:13
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deleteLocalRole()

ilRbacAdmin::deleteLocalRole (   $a_rol_id,
  $a_ref_id = 0 
)

Deletes a local role and entries in rbac_fa and rbac_templates public.

Parameters
integerobject_id of role
integerref_id of role folder (optional)
Returns
boolean true on success

Definition at line 174 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

Referenced by adjustMovedObjectPermissions(), and deleteRole().

175  {
176  global $DIC;
177 
178  $ilDB = $DIC['ilDB'];
179 
180  if (!isset($a_rol_id)) {
181  $message = get_class($this) . "::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . "'";
182  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
183  }
184 
185  // exclude system role from rbac
186  if ($a_rol_id == SYSTEM_ROLE_ID) {
187  return true;
188  }
189 
190  if ($a_ref_id != 0) {
191  $clause = 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ';
192  }
193 
194  $query = 'DELETE FROM rbac_fa ' .
195  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
196  $clause;
197  $res = $ilDB->manipulate($query);
198 
199  $query = 'DELETE FROM rbac_templates ' .
200  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
201  $clause;
202  $res = $ilDB->manipulate($query);
203  return true;
204  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ deleteRole()

ilRbacAdmin::deleteRole (   $a_rol_id,
  $a_ref_id 
)

Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.

Parameters
integerobj_id of role (role_id)
integerref_id of role folder (ref_id)
Returns
boolean true on success

Definition at line 98 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $lng, $message, $query, $res, ilLDAPRoleGroupMapping\_getInstance(), and deleteLocalRole().

99  {
100  global $DIC;
101 
102  $lng = $DIC['lng'];
103  $ilDB = $DIC['ilDB'];
104 
105  if (!isset($a_rol_id) or !isset($a_ref_id)) {
106  $message = get_class($this) . "::deleteRole(): Missing parameter! role_id: " . $a_rol_id . " ref_id of role folder: " . $a_ref_id;
107  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
108  }
109 
110  // exclude system role from rbac
111  if ($a_rol_id == SYSTEM_ROLE_ID) {
112  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
113  }
114 
115  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
116  $mapping = ilLDAPRoleGroupMapping::_getInstance();
117  $mapping->deleteRole($a_rol_id);
118 
119 
120  // TODO: check assigned users before deletion
121  // This is done in ilObjRole. Should be better moved to this place?
122 
123  // delete user assignements
124  $query = "DELETE FROM rbac_ua " .
125  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer');
126  $res = $ilDB->manipulate($query);
127 
128  // delete permission assignments
129  $query = "DELETE FROM rbac_pa " .
130  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
131  $res = $ilDB->manipulate($query);
132 
133  //delete rbac_templates and rbac_fa
134  $this->deleteLocalRole($a_rol_id);
135 
136  return true;
137  }
$DIC
global $DIC
Definition: saml.php:7
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:174
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$lng
$lng
Definition: save_question_post_data.php:23
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ deleteRolePermission()

ilRbacAdmin::deleteRolePermission (   $a_rol_id,
  $a_ref_id,
  $a_type = false 
)

Deletes all entries of a template.

If an object type is given for third parameter only the entries for that object type are deleted Update of table rbac_templates. public

Parameters
integerobject id of role
integerref_id of role folder
stringobject type (optional)
Returns
boolean

Definition at line 914 of file class.ilRbacAdmin.php.

References $a_type, $DIC, $ilDB, $message, $query, and $res.

Referenced by copyRolePermissionUnion().

915  {
916  global $DIC;
917 
918  $ilDB = $DIC['ilDB'];
919 
920  if (!isset($a_rol_id) or !isset($a_ref_id)) {
921  $message = get_class($this) . "::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . " ref_id: " . $a_ref_id;
922  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
923  }
924 
925  // exclude system role from rbac
926  if ($a_rol_id == SYSTEM_ROLE_ID) {
927  return true;
928  }
929 
930  if ($a_type !== false) {
931  $and_type = " AND type=" . $ilDB->quote($a_type, 'text') . " ";
932  }
933 
934  $query = 'DELETE FROM rbac_templates ' .
935  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
936  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
937  $and_type;
938 
939  $res = $ilDB->manipulate($query);
940 
941  return true;
942  }
$DIC
global $DIC
Definition: saml.php:7
$a_type
$a_type
Definition: workflow.php:92
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ deleteSubtreeTemplates()

ilRbacAdmin::deleteSubtreeTemplates (   $a_ref_id,
  $a_rol_id 
)

Delete all template permissions of subtree nodes.

Parameters
object$a_ref_id
object$a_rol_id
Returns

Definition at line 569 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, and $query.

570  {
571  global $DIC;
572 
573  $ilDB = $DIC['ilDB'];
574 
575  $query = 'DELETE FROM rbac_templates ' .
576  'WHERE parent IN ( ' .
577  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
578  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
579 
580  $ilDB->manipulate($query);
581 
582  $query = 'DELETE FROM rbac_fa ' .
583  'WHERE parent IN ( ' .
584  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
585  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
586 
587  $ilDB->manipulate($query);
588 
589  return true;
590  }
$DIC
global $DIC
Definition: saml.php:7
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702

◆ deleteTemplate()

ilRbacAdmin::deleteTemplate (   $a_obj_id)

Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public.

Parameters
integerobject_id of role template
Returns
boolean

Definition at line 145 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

146  {
147  global $DIC;
148 
149  $ilDB = $DIC['ilDB'];
150 
151  if (!isset($a_obj_id)) {
152  $message = get_class($this) . "::deleteTemplate(): No obj_id given!";
153  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
154  }
155 
156  $query = 'DELETE FROM rbac_templates ' .
157  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
158  $res = $ilDB->manipulate($query);
159 
160  $query = 'DELETE FROM rbac_fa ' .
161  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
162  $res = $ilDB->manipulate($query);
163 
164  return true;
165  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ grantPermission()

ilRbacAdmin::grantPermission (   $a_rol_id,
  $a_ops,
  $a_ref_id 
)

Grants a permission to an object and a specific role.

Update of table rbac_pa public

Parameters
integerobject id of role
arrayarray of operation ids
integerreference id of that object which is granted the permissions
Returns
boolean

Definition at line 389 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $key, $query, and $res.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

390  {
391  global $DIC;
392 
393  $ilDB = $DIC['ilDB'];
394 
395  if (!isset($a_rol_id) or !isset($a_ops) or !isset($a_ref_id)) {
396  $this->ilErr->raiseError(get_class($this) . "::grantPermission(): Missing parameter! " .
397  "role_id: " . $a_rol_id . " ref_id: " . $a_ref_id . " operations: ", $this->ilErr->WARNING);
398  }
399 
400  if (!is_array($a_ops)) {
401  $this->ilErr->raiseError(
402  get_class($this) . "::grantPermission(): Wrong datatype for operations!",
403  $this->ilErr->WARNING
404  );
405  }
406 
407  /*
408  if (count($a_ops) == 0)
409  {
410  return false;
411  }
412  */
413  // exclude system role from rbac
414  if ($a_rol_id == SYSTEM_ROLE_ID) {
415  return true;
416  }
417 
418  // convert all values to integer
419  foreach ($a_ops as $key => $operation) {
420  $a_ops[$key] = (int) $operation;
421  }
422 
423  // Serialization des ops_id Arrays
424  $ops_ids = serialize($a_ops);
425 
426  $query = 'DELETE FROM rbac_pa ' .
427  'WHERE rol_id = %s ' .
428  'AND ref_id = %s';
429  $res = $ilDB->queryF(
430  $query,
431  array('integer','integer'),
432  array($a_rol_id,$a_ref_id)
433  );
434 
435  if (!count($a_ops)) {
436  return false;
437  }
438 
439  $query = "INSERT INTO rbac_pa (rol_id,ops_id,ref_id) " .
440  "VALUES " .
441  "(" . $ilDB->quote($a_rol_id, 'integer') . "," . $ilDB->quote($ops_ids, 'text') . "," . $ilDB->quote($a_ref_id, 'integer') . ")";
442  $res = $ilDB->manipulate($query);
443 
444  return true;
445  }
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$key
$key
Definition: croninfo.php:18
+ Here is the caller graph for this function:

◆ initIntersectionPermissions()

ilRbacAdmin::initIntersectionPermissions (   $a_ref_id,
  $a_role_id,
  $a_role_parent,
  $a_template_id,
  $a_template_parent 
)

Init intersection permissions.

type $rbacreview

Parameters
type$a_ref_id
type$a_role_id
type$a_role_parent
type$a_template_id
type$a_template_parent
Returns
type

Definition at line 1197 of file class.ilRbacAdmin.php.

References $DIC, ilObject\_lookupType(), assignRoleToFolder(), copyRolePermissionIntersection(), ilLoggerFactory\getLogger(), grantPermission(), and revokePermission().

Referenced by adjustMovedObjectPermissions().

1198  {
1199  global $DIC;
1200 
1201  $rbacreview = $DIC['rbacreview'];
1202 
1203  if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
1204  // Assign object permissions
1205  $new_ops = $rbacreview->getOperationsOfRole(
1206  $a_role_id,
1207  ilObject::_lookupType($a_ref_id, true),
1208  $a_role_parent
1209  );
1210 
1211  // set new permissions for object
1212  $this->grantPermission(
1213  $a_role_id,
1214  (array) $new_ops,
1215  $a_ref_id
1216  );
1217  return;
1218  }
1219  if (!$a_template_id) {
1220  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1221  return;
1222  }
1223  // create template permission intersection
1224  $this->copyRolePermissionIntersection(
1225  $a_template_id,
1226  $a_template_parent,
1227  $a_role_id,
1228  $a_role_parent,
1229  $a_ref_id,
1230  $a_role_id
1231  );
1232 
1233  // assign role to folder
1234  $this->assignRoleToFolder(
1235  $a_role_id,
1236  $a_ref_id,
1237  'n'
1238  );
1239 
1240  // Assign object permissions
1241  $new_ops = $rbacreview->getOperationsOfRole(
1242  $a_role_id,
1243  ilObject::_lookupType($a_ref_id, true),
1244  $a_ref_id
1245  );
1246 
1247  // revoke existing permissions
1248  $this->revokePermission($a_ref_id, $a_role_id);
1249 
1250  // set new permissions for object
1251  $this->grantPermission(
1252  $a_role_id,
1253  (array) $new_ops,
1254  $a_ref_id
1255  );
1256 
1257  return;
1258  }
$DIC
global $DIC
Definition: saml.php:7
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:735
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:389
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:456
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:1012
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeUser()

ilRbacAdmin::removeUser (   $a_usr_id)

deletes a user from rbac_ua all user <-> role relations are deleted public

Parameters
intuser_id
Returns
boolean true on success

Definition at line 69 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, and deassignUser().

70  {
71  global $DIC;
72 
73  $ilDB = $DIC->database();
74  $review = $DIC->rbac()->review();
75 
76  if (!isset($a_usr_id)) {
77  $message = get_class($this) . "::removeUser(): No usr_id given!";
78  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
79  }
80 
81  foreach ($review->assignedRoles($a_usr_id) as $role_id) {
82  $this->deassignUser($role_id, $a_usr_id);
83  }
84 
85  $query = "DELETE FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
86  $res = $ilDB->manipulate($query);
87 
88  return true;
89  }
$DIC
global $DIC
Definition: saml.php:7
ilRbacAdmin\deassignUser
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
Definition: class.ilRbacAdmin.php:341
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ revokePermission()

ilRbacAdmin::revokePermission (   $a_ref_id,
  $a_rol_id = 0,
  $a_keep_protected = true 
)

Revokes permissions of an object of one role.

Update of table rbac_pa. Revokes all permission for all roles for that object (with this reference). When a role_id is given this applies only to that role public

Parameters
integerreference id of object where permissions should be revoked
integerrole_id (optional: if you want to revoke permissions of object only for a specific role)
Returns
boolean

Definition at line 456 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $ilLog, $log, $message, $query, and $res.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

457  {
458  global $DIC;
459 
460  $rbacreview = $DIC['rbacreview'];
461  $log = $DIC['log'];
462  $ilDB = $DIC['ilDB'];
463  $ilLog = $DIC['ilLog'];
464 
465  if (!isset($a_ref_id)) {
466  $ilLog->logStack();
467  $message = get_class($this) . "::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
468  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
469  }
470  #$log->write("ilRBACadmin::revokePermission(), 0");
471 
472  // bypass protected status of roles
473  if ($a_keep_protected != true) {
474  // exclude system role from rbac
475  if ($a_rol_id == SYSTEM_ROLE_ID) {
476  return true;
477  }
478 
479  if ($a_rol_id) {
480  $and1 = " AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
481  } else {
482  $and1 = "";
483  }
484 
485  $query = "DELETE FROM rbac_pa " .
486  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') .
487  $and1;
488 
489  $res = $ilDB->manipulate($query);
490 
491  return true;
492  }
493 
494  // consider protected status of roles
495 
496  // in any case, get all roles in scope first
497  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
498 
499  if (!$a_rol_id) {
500  #$log->write("ilRBACadmin::revokePermission(), 1");
501 
502  $role_ids = array();
503 
504  foreach ($roles_in_scope as $role) {
505  if ($role['protected'] == true) {
506  continue;
507  }
508 
509  $role_ids[] = $role['obj_id'];
510  }
511 
512  // return if no role in array
513  if (!$role_ids) {
514  return true;
515  }
516 
517  $query = 'DELETE FROM rbac_pa ' .
518  'WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' ' .
519  'AND ref_id = ' . $ilDB->quote($a_ref_id, 'integer');
520  $res = $ilDB->manipulate($query);
521  } else {
522  #$log->write("ilRBACadmin::revokePermission(), 2");
523  // exclude system role from rbac
524  if ($a_rol_id == SYSTEM_ROLE_ID) {
525  return true;
526  }
527 
528  // exclude protected permission settings from revoking
529  if ($roles_in_scope[$a_rol_id]['protected'] == true) {
530  return true;
531  }
532 
533  $query = "DELETE FROM rbac_pa " .
534  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " " .
535  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
536  $res = $ilDB->manipulate($query);
537  }
538 
539  return true;
540  }
$DIC
global $DIC
Definition: saml.php:7
$log
$log
Definition: sabredav.php:21
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ revokePermissionList()

ilRbacAdmin::revokePermissionList (   $a_ref_ids,
  $a_rol_id 
)

Revokes permissions of a LIST of objects of ONE role.

Update of table rbac_pa. public

Parameters
arraylist of reference_ids to revoke permissions
integerrole_id
Returns
boolean

Definition at line 599 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

600  {
601  global $DIC;
602 
603  $ilDB = $DIC['ilDB'];
604 
605  if (!isset($a_ref_ids) or !is_array($a_ref_ids)) {
606  $message = get_class($this) . "::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
607  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
608  }
609 
610  if (!isset($a_rol_id)) {
611  $message = get_class($this) . "::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
612  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
613  }
614 
615  // exclude system role from rbac
616  if ($a_rol_id == SYSTEM_ROLE_ID) {
617  return true;
618  }
619 
620  $query = "DELETE FROM rbac_pa " .
621  "WHERE " . $ilDB->in('ref_id', $a_ref_ids, false, 'integer') . ' ' .
622  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer');
623  $res = $ilDB->manipulate($query);
624 
625  return true;
626  }
$DIC
global $DIC
Definition: saml.php:7
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ revokeSubtreePermissions()

ilRbacAdmin::revokeSubtreePermissions (   $a_ref_id,
  $a_role_id 
)

Revoke subtree permissions.

Parameters
object$a_ref_id
object$a_role_id
Returns

Definition at line 548 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, and $query.

549  {
550  global $DIC;
551 
552  $ilDB = $DIC['ilDB'];
553 
554  $query = 'DELETE FROM rbac_pa ' .
555  'WHERE ref_id IN ' .
556  '( ' . $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
557  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer');
558 
559  $ilDB->manipulate($query);
560  return true;
561  }
$DIC
global $DIC
Definition: saml.php:7
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702

◆ setBlockedStatus()

ilRbacAdmin::setBlockedStatus (   $a_role_id,
  $a_ref_id,
  $a_blocked_status 
)

Set blocked status.

Parameters
type$a_role_id
type$a_ref_id
type$a_blocked_status

Definition at line 49 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, and ilLoggerFactory\getLogger().

50  {
51  global $DIC;
52 
53  $ilDB = $DIC['ilDB'];
54 
55  ilLoggerFactory::getLogger('crs')->logStack();
56  $query = 'UPDATE rbac_fa set blocked = ' . $ilDB->quote($a_blocked_status, 'integer') . ' ' .
57  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
58  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
59  $ilDB->manipulate($query);
60  }
$DIC
global $DIC
Definition: saml.php:7
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
+ Here is the call graph for this function:

◆ setProtected()

ilRbacAdmin::setProtected (   $a_ref_id,
  $a_role_id,
  $a_value 
)

Set protected $ilDB.

Parameters
type$a_ref_id
type$a_role_id
type$a_valuey or n
Returns
boolean

Definition at line 1124 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, and $res.

Referenced by copyRoleTemplatePermissions().

1125  {
1126  global $DIC;
1127 
1128  $ilDB = $DIC['ilDB'];
1129 
1130  // ref_id not used yet. protected permission acts 'global' for each role,
1131  // regardless of any broken inheritance before
1132  $query = 'UPDATE rbac_fa ' .
1133  'SET protected = ' . $ilDB->quote($a_value, 'text') . ' ' .
1134  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer');
1135  $res = $ilDB->manipulate($query);
1136  return true;
1137  }
$DIC
global $DIC
Definition: saml.php:7
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ setRolePermission()

ilRbacAdmin::setRolePermission (   $a_rol_id,
  $a_type,
  $a_ops,
  $a_ref_id 
)

Inserts template permissions in rbac_templates for an specific object type.

Update of table rbac_templates public

Parameters
integerrole_id
stringobject type
arrayoperation_ids
integerref_id of role folder object
Returns
boolean

Definition at line 954 of file class.ilRbacAdmin.php.

References $a_type, $DIC, $ilDB, and $message.

955  {
956  global $DIC;
957 
958  $ilDB = $DIC['ilDB'];
959 
960  if (!isset($a_rol_id) or !isset($a_type) or !isset($a_ops) or !isset($a_ref_id)) {
961  $message = get_class($this) . "::setRolePermission(): Missing parameter!" .
962  " role_id: " . $a_rol_id .
963  " type: " . $a_type .
964  " operations: " . $a_ops .
965  " ref_id: " . $a_ref_id;
966  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
967  }
968 
969  if (!is_string($a_type) or empty($a_type)) {
970  $message = get_class($this) . "::setRolePermission(): a_type is no string or empty!";
971  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
972  }
973 
974  if (!is_array($a_ops) or empty($a_ops)) {
975  $message = get_class($this) . "::setRolePermission(): a_ops is no array or empty!";
976  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
977  }
978 
979  // exclude system role from rbac
980  if ($a_rol_id == SYSTEM_ROLE_ID) {
981  return true;
982  }
983 
984  foreach ($a_ops as $op) {
985  $ilDB->replace(
986  'rbac_templates',
987  [
988  'rol_id' => ['integer', $a_rol_id],
989  'type' => ['text', $a_type],
990  'ops_id' => ['integer', $op],
991  'parent' => ['integer', $a_ref_id]
992  ],
993  []
994  );
995  }
996  return true;
997  }
$DIC
global $DIC
Definition: saml.php:7
$a_type
$a_type
Definition: workflow.php:92
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
The documentation for this class was generated from the following file: