5require_once 
"./Services/Object/classes/class.ilObject.php";
 
    6require_once(
'./Services/Repository/classes/class.ilObjectPlugin.php');
 
   53    public function __construct($a_id = 0, $a_call_by_reference = 
false)
 
   57        $this->logger = 
$DIC->logger()->ac();
 
   59        $this->disk_quota = 0;
 
   60        $this->wsp_disk_quota = 0;
 
   79        $res = 
$ilDB->query(
"SELECT obj_id FROM object_data " .
 
   80            " WHERE type=" . 
$ilDB->quote(
"rolt", 
"text") .
 
   81            " AND title=" . 
$ilDB->quote($a_tpl_name, 
"text"));
 
   83            $tpl_id = $row->obj_id;
 
   90        include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
   92        $role->setTitle($a_title);
 
   93        $role->setDescription($a_description);
 
   96        $GLOBALS[
'DIC'][
'rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 
'y');
 
   98        $GLOBALS[
'DIC'][
'rbacadmin']->copyRoleTemplatePermissions(
 
  105        $ops = 
$GLOBALS[
'DIC'][
'rbacreview']->getOperationsOfRole(
 
  110        $GLOBALS[
'DIC'][
'rbacadmin']->grantPermission(
 
  129        if (substr($this->
getTitle(), 0, 3) == 
'il_') {
 
  130            $ilErr->setMessage(
'msg_role_reserved_prefix');
 
  147        $this->assign_users = (int) $a_assign_users;
 
  151        return $this->assign_users ? $this->assign_users : 0;
 
  160        $query = 
"SELECT assign_users FROM role_data WHERE role_id = " . 
$ilDB->quote($a_role_id, 
'integer') . 
" ";
 
  162        while ($row = 
$ilDB->fetchObject(
$res)) {
 
  163            return $row->assign_users ? true : 
false;
 
  178        $query = 
"SELECT * FROM role_data WHERE role_id= " . 
$ilDB->quote($this->
id, 
'integer') . 
" ";
 
  181        if (
$res->numRows() > 0) {
 
  187            $this->
ilias->raiseError(
"<b>Error: There is no dataset with id " . $this->
id . 
"!</b><br />class: " . get_class($this) . 
"<br />Script: " . __FILE__ . 
"<br />Line: " . __LINE__, $this->
ilias->FATAL);
 
  218        $query = 
"UPDATE role_data SET " .
 
  219            "allow_register= " . 
$ilDB->quote($this->allow_register, 
'integer') . 
", " .
 
  223            "WHERE role_id= " . 
$ilDB->quote($this->
id, 
'integer') . 
" ";
 
  246        $this->
id = parent::create();
 
  248        $query = 
"INSERT INTO role_data " .
 
  249            "(role_id,allow_register,assign_users,disk_quota,wsp_disk_quota) " .
 
  251            "(" . 
$ilDB->quote($this->
id, 
'integer') . 
"," .
 
  270        if (empty($a_allow_register)) {
 
  271            $a_allow_register == 0;
 
  274        $this->allow_register = (int) $a_allow_register;
 
  285        return $this->allow_register ? $this->allow_register : 
false;
 
  298        $this->disk_quota = $a_disk_quota;
 
  326        $this->wsp_disk_quota = $a_disk_quota;
 
  355        $query = 
"SELECT * FROM role_data " .
 
  356            "JOIN object_data ON object_data.obj_id = role_data.role_id " .
 
  357            "WHERE allow_register = 1";
 
  361        while ($role = 
$ilDB->fetchAssoc(
$res)) {
 
  362            $roles[] = array(
"id" => $role[
"obj_id"],
 
  363                             "title" => $role[
"title"],
 
  364                             "auth_mode" => $role[
'auth_mode']);
 
  382        $query = 
"SELECT * FROM role_data " .
 
  383            " WHERE role_id =" . 
$ilDB->quote($a_role_id, 
'integer');
 
  386        if ($role_rec = 
$ilDB->fetchAssoc(
$res)) {
 
  387            if ($role_rec[
"allow_register"]) {
 
  403        $this->parent = $a_parent_ref;
 
  424    public function delete()
 
  433        if (
$rbacreview->hasMultipleAssignments($this->getId())) {
 
  439        if (
$rbacreview->isAssignable($this->getId(), $this->getParent())) {
 
  448            $last_role_user_ids = array();
 
  449            if ($this->
getParent() == ROLE_FOLDER_ID) {
 
  456                foreach ($user_ids as $user_id) {
 
  461                    if (count($role_ids) == 1) {
 
  462                        $last_role_user_ids[] = $user_id;
 
  468            if (count($last_role_user_ids) > 0) {
 
  469                $user_names = array();
 
  470                foreach ($last_role_user_ids as $user_id) {
 
  478                $users = implode(
', ', $user_names);
 
  480                $this->
ilias->raiseError($this->lng->txt(
"msg_user_last_role1") . 
" " .
 
  481                                     $users . 
"<br/>" . $this->lng->txt(
"msg_user_last_role2"), $this->ilias->error_obj->WARNING);
 
  487                include_once(
'./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
 
  494                $query = 
"DELETE FROM role_data WHERE role_id = " . 
$ilDB->quote($this->
getId(), 
'integer');
 
  511        return count(
$rbacreview->assignedUsers($this->getId()));
 
  523        if (preg_match(
"/^il_([a-z]{1,4})_./", $role_title, 
$type)) {
 
  529            return $lng->txt($role_title);
 
  532        return $a_role_title;
 
  537        $role_title_parts = explode(
'_', $a_role_title);
 
  539        $test2 = (int) $role_title_parts[3];
 
  541            unset($role_title_parts[3]);
 
  544        return implode(
'_', $role_title_parts);
 
  554    public static function getSubObjects($a_obj_type, $a_add_admin_objects)
 
  562        $subs = 
$objDefinition->getSubObjectsRecursively($a_obj_type, 
true, $a_add_admin_objects);
 
  572        foreach ($subs as $subtype => $def) {
 
  573            if (in_array($def[
"name"], $filter)) {
 
  580                $translation = 
$lng->txt(
"obj_" . $subtype);
 
  582                $translation = 
$lng->txt(
'objs_' . $subtype);
 
  585            $sorted[$subtype] = $def;
 
  586            $sorted[$subtype][
'translation'] = $translation;
 
  598        foreach ($a_roles as $role_id => $auth_mode) {
 
  599            $query = 
"UPDATE role_data SET " .
 
  600                 "auth_mode= " . 
$ilDB->quote($auth_mode, 
'text') . 
" " .
 
  601                 "WHERE role_id= " . 
$ilDB->quote($role_id, 
'integer') . 
" ";
 
  612        $query = 
"SELECT auth_mode FROM role_data " .
 
  613             "WHERE role_id= " . 
$ilDB->quote($a_role_id, 
'integer') . 
" ";
 
  617        return $row[
'auth_mode'];
 
  633        $query = 
"SELECT * FROM role_data " .
 
  634            "WHERE auth_mode = " . 
$ilDB->quote($a_auth_mode, 
'text');
 
  637        while ($row = 
$ilDB->fetchObject(
$res)) {
 
  638            $roles[] = $row->role_id;
 
  657        $query = 
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " . 
$ilDB->quote($a_auth_mode, 
'text');
 
  672        $operation_info = 
$rbacreview->getOperationAssignment();
 
  673        foreach ($operation_info as $info) {
 
  677            $rbac_objects[$info[
'typ_id']] = array(
"obj_id" => $info[
'typ_id'],
 
  678                                                   "type" => $info[
'type']);
 
  683                : 
$lng->txt($info[
'type'] . 
"_" . $info[
'operation']);
 
  684            if (substr($info[
'operation'], 0, 7) == 
"create_" &&
 
  688            $rbac_operations[$info[
'typ_id']][$info[
'ops_id']] = array(
 
  689                                                                "ops_id" => $info[
'ops_id'],
 
  690                                                                "title" => $info[
'operation'],
 
  693        return array($rbac_objects,$rbac_operations);
 
  709    public function changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter = array(),$a_operation_mode = self::MODE_READ_OPERATIONS, $a_operation_stack = [])
 
  717        $nodes = 
$tree->getRbacSubtreeInfo($a_start_node);
 
  720        $all_local_policies = 
$rbacreview->getObjectsWithStopedInheritance($this->
getId());
 
  723        $local_policies = array();
 
  724        foreach ($all_local_policies as $lp) {
 
  725            if (isset($nodes[$lp])) {
 
  726                $local_policies[] = $lp;
 
  737        $this->
adjustPermissions($a_mode, $nodes, $local_policies, $a_filter, $a_exclusion_filter, $a_operation_mode, $a_operation_stack);
 
  752        $local_policies = array();
 
  753        foreach ($a_policies as $policy) {
 
  754            if ($policy == $a_start or $policy == SYSTEM_FOLDER_ID) {
 
  755                $local_policies[] = $policy;
 
  759                $local_policies[] = $policy;
 
  764        return $local_policies;
 
  775    protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array(), $a_operation_mode = self::MODE_READ_OPERATIONS, $a_operation_stack = [])
 
  784        $operation_stack = array();
 
  785        $policy_stack = array();
 
  786        $node_stack = array();
 
  788        $start_node = current($a_nodes);
 
  789        array_push($node_stack, $start_node);
 
  792        if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
 
  796            $operation_stack = $a_operation_stack;
 
  799        $this->logger->debug(
'adjust permissions operation stack');
 
  802        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  805        $local_policy = 
false;
 
  806        foreach ($a_nodes as $node) {
 
  807            $cmp_node = end($node_stack);
 
  808            while ($relation = 
$tree->getRelationOfNodes($node, $cmp_node)) {
 
  812                        $logger->debug(
'Handling sibling/none relation.');
 
  813                        array_pop($operation_stack);
 
  814                        array_pop($policy_stack);
 
  815                        array_pop($node_stack);
 
  816                        $cmp_node = end($node_stack);
 
  817                        $local_policy = 
false;
 
  824                        $logger->debug(
'Handling child/equals/parent ' . $relation);
 
  834            if ($node[
'child'] == $start_node[
'child']) {
 
  836                    if ($rbac_log_active) {
 
  837                        $rbac_log_roles = 
$rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  842                    $perms = end($operation_stack);
 
  845                        (array) $perms[$node[
'type']],
 
  850                    if ($rbac_log_active) {
 
  860            if (in_array($node[
'child'], $a_policies) and ($node[
'child'] != SYSTEM_FOLDER_ID)) {
 
  861                $local_policy = 
true;
 
  864                array_push($node_stack, $node);
 
  873            if ($rbac_log_active) {
 
  874                $rbac_log_roles = 
$rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  880                ($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES || $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) &&
 
  881                ($node[
'type'] == 
'crs' || $node[
'type'] == 
'grp')
 
  884                $perms = end($operation_stack);
 
  888                    array_push($node_stack, $node);
 
  893            $perms = end($operation_stack);
 
  896                (array) $perms[$node[
'type']],
 
  900            if ($rbac_log_active) {
 
  918        $admin = 
$DIC->rbac()->admin();
 
  919        $review = 
$DIC->rbac()->review();
 
  920        if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
 
  921            $admin->grantPermission(
 
  927        elseif ($a_operation_mode == self::MODE_ADD_OPERATIONS) {
 
  928            $current_operations = $review->getRoleOperationsOnObject(
 
  932            $this->logger->debug(
'Current operations');
 
  933            $this->logger->dump($current_operations);
 
  935            $new_ops = array_unique(array_merge($a_permissions, $current_operations));
 
  936            $this->logger->debug(
'New operations');
 
  937            $this->logger->dump($new_ops);
 
  939            $admin->grantPermission(
 
  945        elseif ($a_operation_mode == self::MODE_REMOVE_OPERATIONS) {
 
  946            $current_operations = $review->getRoleOperationsOnObject(
 
  950            $this->logger->debug(
'Current operations');
 
  951            $this->logger->dump($current_operations);
 
  953            $new_ops = array_diff($current_operations, $a_permissions);
 
  955            $admin->grantPermission(
 
  972        if (in_array(
$a_type, $a_exclusion_filter)) {
 
  976        if (in_array(
'all', $a_filter)) {
 
  979        return in_array(
$a_type, $a_filter);
 
  994        $has_policies = 
null;
 
  995        $policy_origin = 
null;
 
  997        if ($a_node == ROOT_FOLDER_ID) {
 
  998            $has_policies = 
true;
 
  999            $policy_origin = ROLE_FOLDER_ID;
 
 1001            $has_policies = 
$rbacreview->getLocalPolicies($a_node);
 
 1002            $policy_origin = $a_node;
 
 1005                $parent_roles = 
$rbacreview->getParentRoleIds($a_node, 
false);
 
 1006                if ($parent_roles[$this->
getId()]) {
 
 1009                        $parent_roles[$this->
getId()][
'parent']
 
 1016        if (!$has_policies) {
 
 1038        $has_policies = 
null;
 
 1039        $policy_origin = 
null;
 
 1041        if ($a_node == ROOT_FOLDER_ID) {
 
 1042            $has_policies = 
true;
 
 1043            $policy_origin = ROLE_FOLDER_ID;
 
 1045            $has_policies = 
$rbacreview->getLocalPolicies($a_node);
 
 1046            $policy_origin = $a_node;
 
 1049        if (!$has_policies) {
 
 1053        $a_stack[] = $policy_origin;
 
 1072        static $course_non_member_id = 
null;
 
 1073        static $group_non_member_id = 
null;
 
 1074        static $group_open_id = 
null;
 
 1075        static $group_closed_id = 
null;
 
 1081                    include_once 
'./Modules/Group/classes/class.ilObjGroup.php';
 
 1083                    #var_dump("GROUP TYPE",$type);
 
 1086                            if (!$group_closed_id) {
 
 1087                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
 
 1090                                    $group_closed_id = $row->obj_id;
 
 1093                            $template_id = $group_closed_id;
 
 1094                            #var_dump("GROUP CLOSED id:" . $template_id);
 
 1099                            if (!$group_open_id) {
 
 1100                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
 
 1103                                    $group_open_id = $row->obj_id;
 
 1106                            $template_id = $group_open_id;
 
 1107                            #var_dump("GROUP OPEN id:" . $template_id);
 
 1113                    if (!$course_non_member_id) {
 
 1114                        $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
 
 1117                            $course_non_member_id = $row->obj_id;
 
 1120                    $template_id = $course_non_member_id;
 
 1124        $current_ops = $a_current_ops[
$a_type];
 
 1139            #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
 
 1141        #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
 
 1142        if ($a_id and !
$GLOBALS[
'DIC'][
'rbacreview']->isRoleAssignedToObject($this->
getId(), $a_id)) {
 
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
An exception for terminatinating execution or to throw for unit testing.
static ecsConfigured()
Checks if an ecs server is configured.
static getPossibleRemoteTypes($a_with_captions=false)
Get all possible remote object types.
static _deleteByRole($a_role_id)
static getLogger($a_component_id)
Get component logger.
static lookupGroupTye($a_id)
Lookup group type.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
changeExistingObjectsGrantPermissions($a_role_id, $a_permissions, $a_ref_id, $a_operation_mode)
__getPermissionDefinitions()
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
static _lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
static _getAuthMode($a_role_id)
getAllowRegister()
get allow_register
const MODE_REMOVE_OPERATIONS
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
static _getTranslation($a_role_title)
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
update()
updates a record "role" and write it into database @access public
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array(), $a_operation_mode=self::MODE_READ_OPERATIONS, $a_operation_stack=[])
Adjust permissions.
static _removeObjectId($a_role_title)
read()
loads "role" from database @access private
$disk_quota
The disk quota in bytes.
static isAutoGenerated($a_role_id)
getDiskQuota()
Gets the minimal disk quota imposed by this role.
toggleAssignUsersStatus($a_assign_users)
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
static _getAssignUsersStatus($a_role_id)
static _lookupRegisterAllowed()
get all roles that are activated in user registration
const MODE_ADD_OPERATIONS
getPresentationTitle()
return translated title for autogenerated roles
static _updateAuthMode($a_roles)
validate()
Validate role data.
const MODE_READ_OPERATIONS
__construct($a_id=0, $a_call_by_reference=false)
Constructor @access public.
assignData($a_data)
loads a record "role" from array @access public
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
getParent()
get reference id of parent object
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array(), $a_operation_mode=self::MODE_READ_OPERATIONS, $a_operation_stack=[])
Change existing objects.
static _lookupLogin($a_user_id)
lookup login
static lookupTxtById($plugin_id, $lang_var)
Class ilObject Basic functions for all objects.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getTitle()
get object title @access public
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
const EDIT_TEMPLATE_EXISTING
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static sortArray( $array, $a_array_sortby, $a_array_sortorder=0, $a_numeric=false, $a_keep_keys=false)
sortArray
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
redirection script todo: (a better solution should control the processing via a xml file)
foreach($_POST as $key=> $value) $res