ILIAS  release_7 Revision v7.30-3-g800a261c036
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Protected Attributes | Static Private Attributes
ilRbacReview Class Reference

class ilRbacReview Contains Review functions of core Rbac. More...

+ Collaboration diagram for ilRbacReview:

Public Member Functions

 __construct ()
 Constructor @access public. More...
 
 roleExists ($a_title, $a_id=0)
 Checks if a role already exists. More...
 
 getParentRoleIds ($a_endnode_id, $a_templates=false)
 get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates @access public More...
 
 getRoleListByObject ($a_ref_id, $a_templates=false)
 Returns a list of roles in an container @access public. More...
 
 getAssignableRoles ($a_templates=false, $a_internal_roles=false, $title_filter='')
 Returns a list of all assignable roles @access public. More...
 
 getAssignableRolesInSubtree ($ref_id)
 Returns a list of assignable roles in a subtree of the repository @access public. More...
 
 getAssignableChildRoles ($a_ref_id)
 Get all assignable roles directly under a specific node @access public. More...
 
 getNumberOfAssignedUsers (array $a_roles)
 Get the number of assigned users to roles (not properly deleted user accounts are not counted) More...
 
 assignedUsers ($a_rol_id)
 get all assigned users to a given role @access public More...
 
 isAssigned ($a_usr_id, $a_role_id)
 check if a specific user is assigned to specific role @access public More...
 
 isAssignedToAtLeastOneGivenRole ($a_usr_id, $a_role_ids)
 check if a specific user is assigned to at least one of the given role ids. More...
 
 assignedRoles ($a_usr_id)
 get all assigned roles to a given user @access public More...
 
 assignedGlobalRoles ($a_usr_id)
 Get assigned global roles for an user. More...
 
 isAssignable ($a_rol_id, $a_ref_id)
 Check if its possible to assign users @access public. More...
 
 hasMultipleAssignments ($a_role_id)
 Temporary bugfix. More...
 
 getFoldersAssignedToRole ($a_rol_id, $a_assignable=false)
 Returns an array of objects assigned to a role. More...
 
 getRolesOfObject ($a_ref_id, $a_assignable_only=false)
 Get roles of object. More...
 
 getRolesOfRoleFolder ($a_ref_id, $a_nonassignable=true)
 get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids @access public More...
 
 getGlobalRoles ()
 get only 'global' roles @access public More...
 
 getLocalRoles ($a_ref_id)
 Get local roles of object. More...
 
 getLocalPolicies ($a_ref_id)
 Get all roles with local policies. More...
 
 getGlobalRolesArray ()
 get only 'global' roles @access public More...
 
 getGlobalAssignableRoles ()
 get only 'global' roles (with flag 'assign_users') @access public More...
 
 isRoleAssignedToObject ($a_role_id, $a_parent_id)
 Check if role is assigned to an object. More...
 
 getOperations ()
 get all possible operations @access public More...
 
 getOperation ($ops_id)
 get one operation by operation id @access public More...
 
 getAllOperationsOfRole ($a_rol_id, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles @access public More...
 
 getActiveOperationsOfRole ($a_ref_id, $a_role_id)
 Get active operations for a role. More...
 
 getOperationsOfRole ($a_rol_id, $a_type, $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles @access public More...
 
 getRoleOperationsOnObject ($a_role_id, $a_ref_id)
 @global ilDB $ilDB More...
 
 getOperationsOnType ($a_typ_id)
 all possible operations of a type @access public More...
 
 getOperationsOnTypeString ($a_type)
 all possible operations of a type @access public More...
 
 getOperationsByTypeAndClass ($a_type, $a_class)
 Get operations by type and class. More...
 
 getObjectsWithStopedInheritance ($a_rol_id, $a_filter=[])
 get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder. More...
 
 isDeleted ($a_node_id)
 Checks if a rolefolder is set as deleted (negative tree_id) @access public. More...
 
 isGlobalRole ($a_role_id)
 Check if role is a global role. More...
 
 getRolesByFilter ($a_filter=0, $a_user_id=0, $title_filter='')
 @global ilDB $ilDB More...
 
 getTypeId ($a_type)
 Get type id of object @global ilDB $ilDB. More...
 
 isProtected ($a_ref_id, $a_role_id)
 
 isBlockedAtPosition ($a_role_id, $a_ref_id)
 Check if role is blocked at position @global ilDB $ilDB. More...
 
 isBlockedInUpperContext ($a_role_id, $a_ref_id)
 Check if role is blocked in upper context. More...
 
 getObjectOfRole ($a_role_id)
 Get object id of objects a role is assigned to. More...
 
 getObjectReferenceOfRole ($a_role_id)
 Get reference of role. More...
 
 isRoleDeleted ($a_role_id)
 return if role is only attached to deleted role folders More...
 
 getRolesForIDs ($role_ids, $use_templates)
 @global ilDB $ilDB More...
 
 getOperationAssignment ()
 get operation assignments More...
 
 isDeleteable ($a_role_id, $a_rolf_id)
 Check if role is deleteable at a specific position. More...
 
 isSystemGeneratedRole ($a_role_id)
 Check if the role is system generate role or role template. More...
 
 getRoleFolderOfRole ($a_role_id)
 Get role folder of role @global ilDB $ilDB. More...
 
 getUserPermissionsOnObject ($a_user_id, $a_ref_id)
 Get all user permissions on an object. More...
 
 setAssignedCacheEntry ($a_role_id, $a_user_id, $a_value)
 set entry of assigned_chache More...
 
 getAssignedCacheEntry ($a_role_id, $a_user_id)
 get entry of assigned_chache More...
 
 clearCaches ()
 Clear assigned users caches. More...
 

Static Public Member Functions

static _getOperationIdsByName ($operations)
 get ops_id's by name. More...
 
static _getOperationIdByName ($a_operation)
 get operation id by name of operation @access public @access static More...
 
static lookupCreateOperationIds ($a_type_arr)
 Lookup operation ids. More...
 
static _getOperationList ($a_type=null)
 get operation list by object type @access public @access static More...
 
static _groupOperationsByClass ($a_ops_arr)
 

Data Fields

const FILTER_ALL = 1
 
const FILTER_ALL_GLOBAL = 2
 
const FILTER_ALL_LOCAL = 3
 
const FILTER_INTERNAL = 4
 
const FILTER_NOT_INTERNAL = 5
 
const FILTER_TEMPLATES = 6
 

Protected Member Functions

 __getParentRoles ($a_path, $a_templates)
 Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan. More...
 
 __setTemplateFilter ($a_templates)
 get roles and templates or only roles; returns string for where clause @access private More...
 
 __setRoleType ($a_role_list)
 computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates More...
 
 __setProtectedStatus ($a_parent_roles, $a_role_hierarchy, $a_ref_id)
 Set protected status @global type $rbacsystem @global type $ilUser @global type $log. More...
 

Protected Attributes

 $log
 

Static Protected Attributes

static $assigned_users_cache = []
 
static $is_assigned_cache = []
 

Static Private Attributes

static $_opsCache = null
 

Detailed Description

class ilRbacReview Contains Review functions of core Rbac.

This class offers the possibility to view the contents of the user <-> role (UR) relation and the permission <-> role (PR) relation. For example, from the UA relation the administrator should have the facility to view all user assigned to a given role.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

Definition at line 19 of file class.ilRbacReview.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacReview::__construct ( )

Constructor @access public.

Definition at line 50 of file class.ilRbacReview.php.

51 {
52 global $DIC;
53
54 $ilDB = $DIC['ilDB'];
55 $ilErr = $DIC['ilErr'];
56 $ilias = $DIC['ilias'];
57
58 $this->log = ilLoggerFactory::getLogger('ac');
59
60 // set db & error handler
61 (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
62
63 if (!isset($ilErr)) {
64 $ilErr = new ilErrorHandling();
65 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
66 } else {
67 $this->ilErr = &$ilErr;
68 }
69 }
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$DIC
global $DIC
Definition: goto.php:24
$ilErr
$ilErr
Definition: raiseError.php:18
$ilDB
global $ilDB
Definition: storeScorm2004.php:19

References $DIC, $ilDB, $ilErr, ilLoggerFactory\getLogger(), if, and PEAR_ERROR_CALLBACK.

+ Here is the call graph for this function:

Member Function Documentation

◆ __getParentRoles()

ilRbacReview::__getParentRoles (   $a_path,
  $a_templates 
)
protected

Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan.

Get parent roles in a path. If last parameter is set 'true' it delivers also all templates in the path @access protected

Parameters
arrayarray with path_ids
booleantrue for role templates (default: false)
Returns
array array with all parent roles (obj_ids)
Todo:
refactor rolf => DONE

Definition at line 117 of file class.ilRbacReview.php.

118 {
119 if (!isset($a_path) or !is_array($a_path)) {
120 $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
121 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
122 }
123
124 $parent_roles = [];
125 $role_hierarchy = [];
126
127 foreach ($a_path as $ref_id) {
128 $roles = $this->getRoleListByObject($ref_id, $a_templates);
129 foreach ($roles as $role) {
130 $id = $role["obj_id"];
131 $role["parent"] = $ref_id;
132 $parent_roles[$id] = $role;
133
134 if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
135 $role_hierarchy[$id] = $ref_id;
136 }
137 }
138 }
139 return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
140 }
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
Definition: class.ilRbacReview.php:1471
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
Definition: class.ilRbacReview.php:178
$message
$message
Definition: xapiexit.php:14

References $message, __setProtectedStatus(), and getRoleListByObject().

Referenced by getParentRoleIds().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ __setProtectedStatus()

ilRbacReview::__setProtectedStatus (   $a_parent_roles,
  $a_role_hierarchy,
  $a_ref_id 
)
protected

Set protected status @global type $rbacsystem @global type $ilUser @global type $log.

Parameters
type$a_parent_roles
type$a_role_hierarchy
type$a_ref_id
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 1471 of file class.ilRbacReview.php.

1472 {
1473 global $DIC;
1474
1475 $rbacsystem = $DIC['rbacsystem'];
1476 $ilUser = $DIC['ilUser'];
1477 $log = $DIC['log'];
1478
1479 if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1480 $leveladmin = true;
1481 } else {
1482 $leveladmin = false;
1483 }
1484
1485 foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1486 if ($leveladmin == true) {
1487 $a_parent_roles[$role_id]['protected'] = false;
1488 continue;
1489 }
1490
1491 if ($a_parent_roles[$role_id]['protected'] == true) {
1492 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1493
1494 foreach ($arr_lvl_roles_user as $lvl_role_id) {
1495 // check if role grants 'edit_permission' to parent
1496 $rolf = $a_parent_roles[$role_id]['parent'];
1497 if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1498 // user may change permissions of that higher-ranked role
1499 $a_parent_roles[$role_id]['protected'] = false;
1500 }
1501 }
1502 }
1503 }
1504 return $a_parent_roles;
1505 }
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
Definition: class.ilRbacReview.php:501
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$ilUser
$ilUser
Definition: imgupload.php:18

References $DIC, $ilUser, $log, assignedRoles(), and SYSTEM_ROLE_ID.

Referenced by __getParentRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ __setRoleType()

ilRbacReview::__setRoleType (   $a_role_list)
protected

computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates

@access private

Parameters
arrayrole list
Returns
array role list with additional entry for role_type
Todo:
refactor rolf => DONE

Definition at line 348 of file class.ilRbacReview.php.

349 {
350 foreach ($a_role_list as $key => $val) {
351 // determine role type
352 if ($val["type"] == "rolt") {
353 $a_role_list[$key]["role_type"] = "template";
354 } else {
355 if ($val["assign"] == "y") {
356 if ($val["parent"] == ROLE_FOLDER_ID) {
357 $a_role_list[$key]["role_type"] = "global";
358 } else {
359 $a_role_list[$key]["role_type"] = "local";
360 }
361 } else {
362 $a_role_list[$key]["role_type"] = "linked";
363 }
364 }
365
366 if ($val["protected"] == "y") {
367 $a_role_list[$key]["protected"] = true;
368 } else {
369 $a_role_list[$key]["protected"] = false;
370 }
371 }
372
373 return $a_role_list;
374 }
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:32

References ROLE_FOLDER_ID.

Referenced by getAssignableRoles(), getRoleListByObject(), getRolesByFilter(), and getRolesForIDs().

+ Here is the caller graph for this function:

◆ __setTemplateFilter()

ilRbacReview::__setTemplateFilter (   $a_templates)
protected

get roles and templates or only roles; returns string for where clause @access private

Parameters
booleantrue: with templates
Returns
string where clause
Todo:
refactor rolf => DONE

Definition at line 321 of file class.ilRbacReview.php.

322 {
323 global $DIC;
324
325 $ilDB = $DIC['ilDB'];
326
327 if ($a_templates === true) {
328 $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
329 } else {
330 $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
331 }
332
333 return $where;
334 }

References $DIC, and $ilDB.

Referenced by getAssignableRoles(), getRoleListByObject(), and getRolesForIDs().

+ Here is the caller graph for this function:

◆ _getOperationIdByName()

static ilRbacReview::_getOperationIdByName (   $a_operation)
static

get operation id by name of operation @access public @access static

Parameters
stringoperation name
Returns
integer operation id
Todo:
refactor rolf => DONE

Definition at line 1310 of file class.ilRbacReview.php.

1311 {
1312 global $DIC;
1313
1314 $ilDB = $DIC['ilDB'];
1315 $ilErr = $DIC['ilErr'];
1316
1317 if (!isset($a_operation)) {
1318 $message = "perm::getOperationId(): No operation given!";
1319 $ilErr->raiseError($message, $ilErr->WARNING);
1320 }
1321
1322 // Cache operation ids
1323 if (!is_array(self::$_opsCache)) {
1324 self::$_opsCache = [];
1325
1326 $q = "SELECT ops_id, operation FROM rbac_operations";
1327 $r = $ilDB->query($q);
1328 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1329 self::$_opsCache[$row->operation] = $row->ops_id;
1330 }
1331 }
1332
1333 // Get operation ID by name from cache
1334 if (array_key_exists($a_operation, self::$_opsCache)) {
1335 return self::$_opsCache[$a_operation];
1336 }
1337 return null;
1338 }

References $DIC, $ilDB, $ilErr, $message, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by ilRepositoryObjectPlugin\beforeActivation(), ilRbacSystem\checkAccessOfUser(), and ilObjBlog\getRolesWithContributeOrRedact().

+ Here is the caller graph for this function:

◆ _getOperationIdsByName()

static ilRbacReview::_getOperationIdsByName (   $operations)
static

get ops_id's by name.

Example usage: $rbacadmin->grantPermission($roles,ilRbacReview::_getOperationIdsByName(array('visible','read'),$ref_id));

@access public

Parameters
arraystring name of operation. see rbac_operations
Returns
array integer ops_id's
Todo:
refactor rolf => DONE

Definition at line 1282 of file class.ilRbacReview.php.

1283 {
1284 global $DIC;
1285
1286 $ilDB = $DIC['ilDB'];
1287
1288 if (!count($operations)) {
1289 return [];
1290 }
1291
1292 $query = 'SELECT ops_id FROM rbac_operations ' .
1293 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1294
1295 $res = $ilDB->query($query);
1296 while ($row = $ilDB->fetchObject($res)) {
1297 $ops_ids[] = $row->ops_id;
1298 }
1299 return $ops_ids ? $ops_ids : [];
1300 }
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15

References $DIC, $ilDB, $query, and $res.

Referenced by ilUtil\_getObjectsByOperations(), ilLTIProviderObjectSettingGUI\checkLocalRole(), and ilECSObjectSettings\handlePermissionUpdate().

+ Here is the caller graph for this function:

◆ _getOperationList()

static ilRbacReview::_getOperationList (   $a_type = null)
static

get operation list by object type @access public @access static

Parameters
stringobject type you want to have the operation list
stringorder column
stringorder direction (possible values: ASC or DESC)
Returns
array returns array of operations
Todo:
refactor rolf => DONE

Definition at line 1517 of file class.ilRbacReview.php.

1518 {
1519 global $DIC;
1520
1521 $ilDB = $DIC['ilDB'];
1522
1523 $arr = [];
1524
1525 if ($a_type) {
1526 $query = sprintf(
1527 'SELECT * FROM rbac_operations ' .
1528 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1529 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1530 'WHERE object_data.title = %s ' .
1531 'AND object_data.type = %s ' .
1532 'ORDER BY op_order ASC',
1533 $ilDB->quote($a_type, 'text'),
1534 $ilDB->quote('typ', 'text')
1535 );
1536 } else {
1537 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1538 }
1539 $res = $ilDB->query($query);
1540 while ($row = $ilDB->fetchAssoc($res)) {
1541 $arr[] = array(
1542 "ops_id" => $row['ops_id'],
1543 "operation" => $row['operation'],
1544 "desc" => $row['description'],
1545 "class" => $row['class'],
1546 "order" => $row['op_order']
1547 );
1548 }
1549 return $arr;
1550 }

References $DIC, $ilDB, $query, and $res.

Referenced by ilSettingsPermissionGUI\__construct(), ilObjTypeDefinitionGUI\editObject(), ilObjectPermissionStatusGUI\getAccessPermissionTableData(), ilObjectPermissionStatusGUI\getAssignedValidRoles(), and ilObjTypeDefinitionGUI\viewObject().

+ Here is the caller graph for this function:

◆ _groupOperationsByClass()

static ilRbacReview::_groupOperationsByClass (   $a_ops_arr)
static
Parameters
type$a_ops_arr
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1558 of file class.ilRbacReview.php.

1559 {
1560 $arr = [];
1561
1562 foreach ($a_ops_arr as $ops) {
1563 $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1564 'name' => $ops['operation']
1565 );
1566 }
1567 return $arr;
1568 }

◆ assignedGlobalRoles()

ilRbacReview::assignedGlobalRoles (   $a_usr_id)

Get assigned global roles for an user.

Parameters
int$a_usr_idId of user account
Todo:
refactor rolf => DONE

Definition at line 522 of file class.ilRbacReview.php.

523 {
524 global $DIC;
525
526 $ilDB = $DIC['ilDB'];
527
528 $query = "SELECT ua.rol_id FROM rbac_ua ua " .
529 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
530 "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
531 "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
532 "AND assign = 'y' ";
533
534 $res = $ilDB->query($query);
535 while ($row = $ilDB->fetchObject($res)) {
536 $role_arr[] = $row->rol_id;
537 }
538 return $role_arr ? $role_arr : [];
539 }

References $DIC, $ilDB, $query, $res, and ROLE_FOLDER_ID.

◆ assignedRoles()

ilRbacReview::assignedRoles (   $a_usr_id)

get all assigned roles to a given user @access public

Parameters
intusr_id
Returns
int[] all roles (id) the user is assigned to
Todo:
refactor rolf => DONE

Definition at line 501 of file class.ilRbacReview.php.

502 {
503 global $DIC;
504
505 $ilDB = $DIC->database();
506
507 $role_arr = [];
508 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
509
510 $res = $ilDB->query($query);
511 while ($row = $ilDB->fetchObject($res)) {
512 $role_arr[] = $row->rol_id;
513 }
514 return $role_arr;
515 }

References $DIC, $ilDB, $query, and $res.

Referenced by __setProtectedStatus(), and getRolesByFilter().

+ Here is the caller graph for this function:

◆ assignedUsers()

ilRbacReview::assignedUsers (   $a_rol_id)

get all assigned users to a given role @access public

Parameters
integerrole_id
Returns
array all users (id) assigned to role

Definition at line 408 of file class.ilRbacReview.php.

409 {
410 global $DIC;
411
412 $ilBench = $DIC['ilBench'];
413 $ilDB = $DIC['ilDB'];
414
415 if (!isset($a_rol_id)) {
416 $message = get_class($this) . "::assignedUsers(): No role_id given!";
417 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
418 }
419 if (isset(self::$assigned_users_cache[$a_rol_id])) {
420 return self::$assigned_users_cache[$a_rol_id];
421 }
422
423 $result_arr = [];
424
425 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
426 $res = $ilDB->query($query);
427 while ($row = $ilDB->fetchAssoc($res)) {
428 array_push($result_arr, $row["usr_id"]);
429 }
430
431 self::$assigned_users_cache[$a_rol_id] = $result_arr;
432
433 return $result_arr;
434 }
$ilBench
global $ilBench
Definition: ilias.php:21

References $DIC, $ilBench, $ilDB, $message, $query, and $res.

◆ clearCaches()

ilRbacReview::clearCaches ( )

Clear assigned users caches.

Definition at line 1873 of file class.ilRbacReview.php.

1874 {
1875 self::$is_assigned_cache = [];
1876 self::$assigned_users_cache = [];
1877 }

◆ getActiveOperationsOfRole()

ilRbacReview::getActiveOperationsOfRole (   $a_ref_id,
  $a_role_id 
)

Get active operations for a role.

Parameters
object$a_ref_id
object$a_role_id
Returns
Todo:
refactor rolf => DONE

Definition at line 895 of file class.ilRbacReview.php.

896 {
897 global $DIC;
898
899 $ilDB = $DIC['ilDB'];
900
901 $query = 'SELECT * FROM rbac_pa ' .
902 'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
903 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
904
905 $res = $ilDB->query($query);
906 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
907 return unserialize($row['ops_id']);
908 }
909 return [];
910 }

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_ASSOC.

◆ getAllOperationsOfRole()

ilRbacReview::getAllOperationsOfRole (   $a_rol_id,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles @access public

Parameters
integerrole_id
integerrole folder id
Returns
array array of operation_id and types
Todo:
refactor rolf => DONE

Definition at line 866 of file class.ilRbacReview.php.

867 {
868 global $DIC;
869
870 $ilDB = $DIC['ilDB'];
871
872 if (!$a_parent) {
873 $a_parent = ROLE_FOLDER_ID;
874 }
875
876 $query = "SELECT ops_id,type FROM rbac_templates " .
877 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
878 "AND parent = " . $ilDB->quote($a_parent, 'integer');
879 $res = $ilDB->query($query);
880
881 $ops_arr = [];
882 while ($row = $ilDB->fetchObject($res)) {
883 $ops_arr[$row->type][] = $row->ops_id;
884 }
885 return (array) $ops_arr;
886 }

References $DIC, $ilDB, $query, $res, and ROLE_FOLDER_ID.

◆ getAssignableChildRoles()

ilRbacReview::getAssignableChildRoles (   $a_ref_id)

Get all assignable roles directly under a specific node @access public.

Parameters
ref_id
Returns
array set ids
Todo:
refactor rolf => Find a better name; reduce sql fields

Definition at line 294 of file class.ilRbacReview.php.

295 {
296 global $DIC;
297
298 $ilDB = $DIC['ilDB'];
299
300 $query = "SELECT fa.*, rd.* " .
301 "FROM object_data rd " .
302 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
303 "WHERE fa.assign = 'y' " .
304 "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
305 ;
306
307 $res = $ilDB->query($query);
308 while ($row = $ilDB->fetchAssoc($res)) {
309 $roles_data[] = $row;
310 }
311 return $roles_data ? $roles_data : [];
312 }

References $DIC, $ilDB, $query, and $res.

◆ getAssignableRoles()

ilRbacReview::getAssignableRoles (   $a_templates = false,
  $a_internal_roles = false,
  $title_filter = '' 
)

Returns a list of all assignable roles @access public.

Parameters
booleanif true fetch template roles too
Returns
array set ids
Todo:
refactor rolf => DONE

Definition at line 220 of file class.ilRbacReview.php.

221 {
222 global $DIC;
223
224 $ilDB = $DIC['ilDB'];
225
226 $role_list = [];
227
228 $where = $this->__setTemplateFilter($a_templates);
229
230 $query = "SELECT * FROM object_data " .
231 "JOIN rbac_fa ON obj_id = rol_id " .
232 $where .
233 "AND rbac_fa.assign = 'y' ";
234
235 if (strlen($title_filter)) {
236 $query .= (' AND ' . $ilDB->like(
237 'title',
238 'text',
239 $title_filter . '%'
240 ));
241 }
242 $res = $ilDB->query($query);
243
244 while ($row = $ilDB->fetchAssoc($res)) {
245 $row["desc"] = $row["description"];
246 $row["user_id"] = $row["owner"];
247 $role_list[] = $row;
248 }
249
250 $role_list = $this->__setRoleType($role_list);
251
252 return $role_list;
253 }
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:348
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
Definition: class.ilRbacReview.php:321

References $DIC, $ilDB, $query, $res, __setRoleType(), and __setTemplateFilter().

Referenced by getRolesByFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignableRolesInSubtree()

ilRbacReview::getAssignableRolesInSubtree (   $ref_id)

Returns a list of assignable roles in a subtree of the repository @access public.

Parameters
ref_idRoot node of subtree
Returns
array set ids
Todo:
refactor rolf => DONE

Definition at line 262 of file class.ilRbacReview.php.

263 {
264 global $DIC;
265
266 $ilDB = $DIC['ilDB'];
267
268 $query = 'SELECT rol_id FROM rbac_fa fa ' .
269 'JOIN tree t1 ON t1.child = fa.parent ' .
270 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
271 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
272 'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
273 'AND t1.child IN (' .
274 $GLOBALS['DIC']['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
275 ') ';
276
277
278 $res = $ilDB->query($query);
279
280 $role_list = [];
281 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
282 $role_list[] = $row->rol_id;
283 }
284 return $role_list;
285 }
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64

References $DIC, $GLOBALS, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

◆ getAssignedCacheEntry()

ilRbacReview::getAssignedCacheEntry (   $a_role_id,
  $a_user_id 
)

get entry of assigned_chache

Parameters
int$a_role_id
int$a_user_id

Definition at line 1865 of file class.ilRbacReview.php.

1866 {
1867 return self::$is_assigned_cache[$a_role_id][$a_user_id];
1868 }

◆ getFoldersAssignedToRole()

ilRbacReview::getFoldersAssignedToRole (   $a_rol_id,
  $a_assignable = false 
)

Returns an array of objects assigned to a role.

A role with stopped inheritance may be assigned to more than one objects. To get only the original location of a role, set the second parameter to true

@access public

Parameters
integerrole id
booleanget only rolefolders where role is assignable (true)
Returns
array reference IDs of role folders
Todo:
refactor rolf => RENAME (rest done)

Definition at line 607 of file class.ilRbacReview.php.

608 {
609 global $DIC;
610
611 $ilDB = $DIC['ilDB'];
612
613 if (!isset($a_rol_id)) {
614 $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
615 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
616 }
617
618 if ($a_assignable) {
619 $where = " AND assign ='y'";
620 }
621
622 $query = "SELECT DISTINCT parent FROM rbac_fa " .
623 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
624
625 $res = $ilDB->query($query);
626 $folders = [];
627 while ($row = $ilDB->fetchObject($res)) {
628 $folders[] = $row->parent;
629 }
630 return $folders;
631 }

References $DIC, $ilDB, $message, $query, and $res.

Referenced by isRoleDeleted().

+ Here is the caller graph for this function:

◆ getGlobalAssignableRoles()

ilRbacReview::getGlobalAssignableRoles ( )

get only 'global' roles (with flag 'assign_users') @access public

Returns
array Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 779 of file class.ilRbacReview.php.

780 {
781 include_once './Services/AccessControl/classes/class.ilObjRole.php';
782
783 foreach ($this->getGlobalRoles() as $role_id) {
784 if (ilObjRole::_getAssignUsersStatus($role_id)) {
785 $ga[] = array('obj_id' => $role_id,
786 'role_type' => 'global');
787 }
788 }
789 return $ga ? $ga : [];
790 }
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:155
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only 'global' roles @access public
Definition: class.ilRbacReview.php:719

References ilObjRole\_getAssignUsersStatus(), and getGlobalRoles().

+ Here is the call graph for this function:

◆ getGlobalRoles()

ilRbacReview::getGlobalRoles ( )

get only 'global' roles @access public

Returns
array Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 719 of file class.ilRbacReview.php.

720 {
721 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
722 }
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:679

References getRolesOfRoleFolder(), and ROLE_FOLDER_ID.

Referenced by getGlobalAssignableRoles(), getRolesByFilter(), and isGlobalRole().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getGlobalRolesArray()

ilRbacReview::getGlobalRolesArray ( )

get only 'global' roles @access public

Returns
array Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 764 of file class.ilRbacReview.php.

765 {
766 foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
767 $ga[] = array('obj_id' => $role_id,
768 'role_type' => 'global');
769 }
770 return $ga ? $ga : [];
771 }

References getRolesOfRoleFolder(), and ROLE_FOLDER_ID.

+ Here is the call graph for this function:

◆ getLocalPolicies()

ilRbacReview::getLocalPolicies (   $a_ref_id)

Get all roles with local policies.

Parameters
type$a_ref_id
Returns
type

Definition at line 749 of file class.ilRbacReview.php.

750 {
751 $lroles = [];
752 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
753 $lroles[] = $role_id;
754 }
755 return $lroles;
756 }

References getRolesOfRoleFolder().

+ Here is the call graph for this function:

◆ getLocalRoles()

ilRbacReview::getLocalRoles (   $a_ref_id)

Get local roles of object.

Parameters
int$a_ref_id
Todo:
refactor rolf => DONE

Definition at line 729 of file class.ilRbacReview.php.

730 {
731 global $DIC;
732
733 $ilDB = $DIC['ilDB'];
734
735 $lroles = [];
736 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
737 if ($this->isAssignable($role_id, $a_ref_id)) {
738 $lroles[] = $role_id;
739 }
740 }
741 return $lroles;
742 }
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
Definition: class.ilRbacReview.php:549

References $DIC, $ilDB, getRolesOfRoleFolder(), and isAssignable().

+ Here is the call graph for this function:

◆ getNumberOfAssignedUsers()

ilRbacReview::getNumberOfAssignedUsers ( array  $a_roles)

Get the number of assigned users to roles (not properly deleted user accounts are not counted)

Parameters
int[]$a_roles
Returns
int
Todo:
refactor rolf => DONE

Definition at line 382 of file class.ilRbacReview.php.

383 {
384 global $DIC;
385
386 $ilDB = $DIC->database();
387
388 $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
389 'join object_data on ua.usr_id = obj_id ' .
390 'join usr_data ud on ua.usr_id = ud.usr_id ' .
391 'where ' . $ilDB->in('rol_id', $a_roles, false, 'integer');
392
393 $res = $ilDB->query($query);
394 if ($res->numRows()) {
395 $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
396 return $row->num;
397 }
398 return 0;
399 }

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

◆ getObjectOfRole()

ilRbacReview::getObjectOfRole (   $a_role_id)

Get object id of objects a role is assigned to.

Todo:
refactor rolf (due to performance reasons the new version does not check for deleted roles only in object reference)

@access public

Parameters
introle id

Definition at line 1579 of file class.ilRbacReview.php.

1580 {
1581 // internal cache
1582 static $obj_cache = [];
1583
1584 global $DIC;
1585
1586 $ilDB = $DIC['ilDB'];
1587
1588
1589 if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1590 return $obj_cache[$a_role_id];
1591 }
1592
1593 $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1594 'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1595 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1596 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1597 'AND deleted IS NULL';
1598
1599 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1600 # "JOIN tree ON rfa.parent = tree.child ".
1601 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1602 # "WHERE tree.tree = 1 ".
1603 # "AND assign = 'y' ".
1604 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1605 $res = $ilDB->query($query);
1606
1607 $obj_cache[$a_role_id] = 0;
1608 while ($row = $ilDB->fetchObject($res)) {
1609 $obj_cache[$a_role_id] = $row->obj_id;
1610 }
1611 return $obj_cache[$a_role_id];
1612 }

References $DIC, $ilDB, $query, and $res.

◆ getObjectReferenceOfRole()

ilRbacReview::getObjectReferenceOfRole (   $a_role_id)

Get reference of role.

Parameters
object$a_role_id
Returns
int
Todo:
refactor rolf (no deleted check)

Definition at line 1620 of file class.ilRbacReview.php.

1621 {
1622 global $DIC;
1623
1624 $ilDB = $DIC['ilDB'];
1625
1626 $query = 'SELECT parent p_ref FROM rbac_fa ' .
1627 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1628 'AND assign = ' . $ilDB->quote('y', 'text');
1629
1630 $res = $ilDB->query($query);
1631 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1632 return $row->p_ref;
1633 }
1634 return 0;
1635 }

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

◆ getObjectsWithStopedInheritance()

ilRbacReview::getObjectsWithStopedInheritance (   $a_rol_id,
  $a_filter = [] 
)

get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.

@access public

Parameters
integerrole_id
arrayfilter ref_ids
Returns
array with ref_ids of objects
Todo:
refactor rolf => DONE

Definition at line 1086 of file class.ilRbacReview.php.

1087 {
1088 global $DIC;
1089
1090 $ilDB = $DIC['ilDB'];
1091
1092 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1093 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1094 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1095
1096 $query = 'SELECT parent p FROM rbac_fa ' .
1097 'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1098 'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1099
1100 if ($a_filter) {
1101 $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1102 }
1103
1104 $res = $ilDB->query($query);
1105 $parent = [];
1106 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1107 $parent[] = $row->p;
1108 }
1109 return $parent;
1110 }

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

◆ getOperation()

ilRbacReview::getOperation (   $ops_id)

get one operation by operation id @access public

Returns
array data of operation_id
Todo:
refactor rolf => DONE

Definition at line 840 of file class.ilRbacReview.php.

841 {
842 global $DIC;
843
844 $ilDB = $DIC['ilDB'];
845
846 $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
847 $res = $this->ilDB->query($query);
848 while ($row = $ilDB->fetchObject($res)) {
849 $ops = array('ops_id' => $row->ops_id,
850 'operation' => $row->operation,
851 'description' => $row->description);
852 }
853
854 return $ops ? $ops : [];
855 }

References $DIC, $ilDB, $query, and $res.

◆ getOperationAssignment()

ilRbacReview::getOperationAssignment ( )

get operation assignments

Returns
array array(array('typ_id' => $typ_id,'title' => $title,'ops_id => '$ops_is,'operation' => $operation),...
Todo:
refactor rolf => DONE

Definition at line 1700 of file class.ilRbacReview.php.

1701 {
1702 global $DIC;
1703
1704 $ilDB = $DIC['ilDB'];
1705
1706 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1707 'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1708 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1709 $res = $ilDB->query($query);
1710
1711 $counter = 0;
1712 while ($row = $ilDB->fetchObject($res)) {
1713 $info[$counter]['typ_id'] = $row->typ_id;
1714 $info[$counter]['type'] = $row->title;
1715 $info[$counter]['ops_id'] = $row->ops_id;
1716 $info[$counter]['operation'] = $row->operation;
1717 $counter++;
1718 }
1719 return $info ? $info : [];
1720 }

References $DIC, $ilDB, $query, and $res.

◆ getOperations()

ilRbacReview::getOperations ( )

get all possible operations @access public

Returns
array array of operation_id
Todo:
refactor rolf => DONE

Definition at line 817 of file class.ilRbacReview.php.

818 {
819 global $DIC;
820
821 $ilDB = $DIC['ilDB'];
822
823 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
824 $res = $this->ilDB->query($query);
825 while ($row = $ilDB->fetchObject($res)) {
826 $ops[] = array('ops_id' => $row->ops_id,
827 'operation' => $row->operation,
828 'description' => $row->description);
829 }
830
831 return $ops ? $ops : [];
832 }

References $DIC, $ilDB, $query, and $res.

◆ getOperationsByTypeAndClass()

ilRbacReview::getOperationsByTypeAndClass (   $a_type,
  $a_class 
)

Get operations by type and class.

Parameters
string$a_typeType is "object" or
string$a_class
Returns
Todo:
refactor rolf => DONE

Definition at line 1047 of file class.ilRbacReview.php.

1048 {
1049 global $DIC;
1050
1051 $ilDB = $DIC['ilDB'];
1052
1053 if ($a_class != 'create') {
1054 $condition = "AND class != " . $ilDB->quote('create', 'text');
1055 } else {
1056 $condition = "AND class = " . $ilDB->quote('create', 'text');
1057 }
1058
1059 $query = "SELECT ro.ops_id FROM rbac_operations ro " .
1060 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
1061 "JOIN object_data od ON rt.typ_id = od.obj_id " .
1062 "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
1063 "AND title = " . $ilDB->quote($a_type, 'text') . " " .
1064 $condition . " " .
1065 "ORDER BY op_order ";
1066
1067 $res = $ilDB->query($query);
1068
1069 $ops = [];
1070 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1071 $ops[] = $row->ops_id;
1072 }
1073 return $ops;
1074 }

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

◆ getOperationsOfRole()

ilRbacReview::getOperationsOfRole (   $a_rol_id,
  $a_type,
  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles @access public

Parameters
integerrole_id
stringobject type
integerrole folder id
Returns
array array of operation_id
Todo:
refactor rolf => DONE

Definition at line 923 of file class.ilRbacReview.php.

924 {
925 global $DIC;
926
927 $ilDB = $DIC['ilDB'];
928 $ilLog = $DIC['ilLog'];
929
930 if (!isset($a_rol_id) or !isset($a_type)) {
931 $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
932 "role_id: " . $a_rol_id .
933 "type: " . $a_type .
934 "parent_id: " . $a_parent;
935 $ilLog->logStack("Missing parameter! ");
936 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
937 }
938
939 $ops_arr = [];
940
941 // if no rolefolder id is given, assume global role folder as target
942 if ($a_parent == 0) {
943 $a_parent = ROLE_FOLDER_ID;
944 }
945
946 $query = "SELECT ops_id FROM rbac_templates " .
947 "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
948 "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
949 "AND parent = " . $ilDB->quote($a_parent, 'integer');
950 $res = $ilDB->query($query);
951 while ($row = $ilDB->fetchObject($res)) {
952 $ops_arr[] = $row->ops_id;
953 }
954
955 return $ops_arr;
956 }

References $DIC, $ilDB, $message, $query, $res, and ROLE_FOLDER_ID.

◆ getOperationsOnType()

ilRbacReview::getOperationsOnType (   $a_typ_id)

all possible operations of a type @access public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs
Todo:
rafactor rolf => DONE

Definition at line 990 of file class.ilRbacReview.php.

991 {
992 global $DIC;
993
994 $ilDB = $DIC['ilDB'];
995
996 if (!isset($a_typ_id)) {
997 $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
998 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
999 }
1000
1001 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1002
1003 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
1004 'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
1005 'ORDER BY op_order';
1006
1007 $res = $ilDB->query($query);
1008
1009 while ($row = $ilDB->fetchObject($res)) {
1010 $ops_id[] = $row->ops_id;
1011 }
1012
1013 return $ops_id ? $ops_id : [];
1014 }

References $DIC, $ilDB, $message, $query, and $res.

Referenced by getOperationsOnTypeString().

+ Here is the caller graph for this function:

◆ getOperationsOnTypeString()

ilRbacReview::getOperationsOnTypeString (   $a_type)

all possible operations of a type @access public

Parameters
integerobject_ID of type
Returns
array valid operation_IDs
Todo:
rafactor rolf => DONE

Definition at line 1024 of file class.ilRbacReview.php.

1025 {
1026 global $DIC;
1027
1028 $ilDB = $DIC['ilDB'];
1029
1030 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
1031
1032
1033 $res = $this->ilDB->query($query);
1034 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1035 return $this->getOperationsOnType($row->obj_id);
1036 }
1037 return false;
1038 }
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
Definition: class.ilRbacReview.php:990

References $DIC, $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and getOperationsOnType().

+ Here is the call graph for this function:

◆ getParentRoleIds()

ilRbacReview::getParentRoleIds (   $a_endnode_id,
  $a_templates = false 
)

get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates @access public

Parameters
integerref_id of an object which is end node
booleantrue for role templates (default: false)
Returns
array array(role_ids => role_data)
Todo:
refactor rolf => DONE

Definition at line 151 of file class.ilRbacReview.php.

152 {
153 global $DIC;
154
155 $tree = $DIC['tree'];
156
157 if (!isset($a_endnode_id)) {
158 $GLOBALS['DIC']['ilLog']->logStack();
159 $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
160 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
161 }
162
163 $pathIds = $tree->getPathId($a_endnode_id);
164
165 // add system folder since it may not in the path
166 $pathIds[0] = ROLE_FOLDER_ID;
167 return $this->__getParentRoles($pathIds, $a_templates);
168 }
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:117

References $DIC, $GLOBALS, $message, __getParentRoles(), and ROLE_FOLDER_ID.

+ Here is the call graph for this function:

◆ getRoleFolderOfRole()

ilRbacReview::getRoleFolderOfRole (   $a_role_id)

Get role folder of role @global ilDB $ilDB.

Parameters
int$a_role_id
Returns
int
Todo:
refactor rolf => RENAME

Definition at line 1790 of file class.ilRbacReview.php.

1791 {
1792 global $DIC;
1793
1794 $ilDB = $DIC['ilDB'];
1795
1796 if (ilObject::_lookupType($a_role_id) == 'role') {
1797 $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1798 } else {
1799 $and = '';
1800 }
1801
1802 $query = 'SELECT * FROM rbac_fa ' .
1803 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1804 $and;
1805 $res = $ilDB->query($query);
1806 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1807 return $row->parent;
1808 }
1809 return 0;
1810 }
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281

References $DIC, $ilDB, $query, $res, ilObject\_lookupType(), and ilDBConstants\FETCHMODE_OBJECT.

+ Here is the call graph for this function:

◆ getRoleListByObject()

ilRbacReview::getRoleListByObject (   $a_ref_id,
  $a_templates = false 
)

Returns a list of roles in an container @access public.

Parameters
integerref_id of object
booleanif true fetch template roles too
Returns
array set ids
Todo:
refactor rolf => DONE

Definition at line 178 of file class.ilRbacReview.php.

179 {
180 global $DIC;
181
182 $ilDB = $DIC['ilDB'];
183
184 if (!isset($a_ref_id) or !isset($a_templates)) {
185 $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
186 "ref_id: " . $a_ref_id .
187 "tpl_flag: " . $a_templates;
188 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
189 }
190
191 $role_list = [];
192
193 $where = $this->__setTemplateFilter($a_templates);
194
195 $query = "SELECT * FROM object_data " .
196 "JOIN rbac_fa ON obj_id = rol_id " .
197 $where .
198 "AND object_data.obj_id = rbac_fa.rol_id " .
199 "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
200
201 $res = $ilDB->query($query);
202 while ($row = $ilDB->fetchAssoc($res)) {
203 $row["desc"] = $row["description"];
204 $row["user_id"] = $row["owner"];
205 $role_list[] = $row;
206 }
207
208 $role_list = $this->__setRoleType($role_list);
209
210 return $role_list;
211 }

References $DIC, $ilDB, $message, $query, $res, __setRoleType(), and __setTemplateFilter().

Referenced by __getParentRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getRoleOperationsOnObject()

ilRbacReview::getRoleOperationsOnObject (   $a_role_id,
  $a_ref_id 
)

@global ilDB $ilDB

Parameters
type$a_role_id
type$a_ref_id
Returns
type
Todo:
rafactor rolf => DONE

Definition at line 965 of file class.ilRbacReview.php.

966 {
967 global $DIC;
968
969 $ilDB = $DIC['ilDB'];
970
971 $query = "SELECT * FROM rbac_pa " .
972 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
973 "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
974
975 $res = $ilDB->query($query);
976 while ($row = $ilDB->fetchObject($res)) {
977 $ops = unserialize($row->ops_id);
978 }
979
980 return $ops ? $ops : [];
981 }

References $DIC, $ilDB, $query, and $res.

◆ getRolesByFilter()

ilRbacReview::getRolesByFilter (   $a_filter = 0,
  $a_user_id = 0,
  $title_filter = '' 
)

@global ilDB $ilDB

Parameters
type$a_filter
type$a_user_id
type$title_filter
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1169 of file class.ilRbacReview.php.

1170 {
1171 global $DIC;
1172
1173 $ilDB = $DIC['ilDB'];
1174
1175 $assign = "y";
1176
1177 switch ($a_filter) {
1178 // all (assignable) roles
1179 case self::FILTER_ALL:
1180 return $this->getAssignableRoles(true, true, $title_filter);
1181 break;
1182
1183 // all (assignable) global roles
1184 case self::FILTER_ALL_GLOBAL:
1185 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1186 break;
1187
1188 // all (assignable) local roles
1189 case self::FILTER_ALL_LOCAL:
1190 case self::FILTER_INTERNAL:
1191 case self::FILTER_NOT_INTERNAL:
1192 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1193 break;
1194
1195 // all role templates
1196 case self::FILTER_TEMPLATES:
1197 $where = "WHERE object_data.type = 'rolt'";
1198 $assign = "n";
1199 break;
1200
1201 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1202 case 0:
1203 default:
1204 if (!$a_user_id) {
1205 return [];
1206 }
1207
1208 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1209 break;
1210 }
1211
1212 $roles = [];
1213
1214 $query = "SELECT * FROM object_data " .
1215 "JOIN rbac_fa ON obj_id = rol_id " .
1216 $where .
1217 "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1218
1219 if (strlen($title_filter)) {
1220 $query .= (' AND ' . $ilDB->like(
1221 'title',
1222 'text',
1223 '%' . $title_filter . '%'
1224 ));
1225 }
1226
1227 $res = $ilDB->query($query);
1228 while ($row = $ilDB->fetchAssoc($res)) {
1229 $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1230
1231 // all (assignable) internal local roles only
1232 if ($a_filter == 4 and !$prefix) {
1233 continue;
1234 }
1235
1236 // all (assignable) non internal local roles only
1237 if ($a_filter == 5 and $prefix) {
1238 continue;
1239 }
1240
1241 $row["desc"] = $row["description"];
1242 $row["user_id"] = $row["owner"];
1243 $roles[] = $row;
1244 }
1245
1246 $roles = $this->__setRoleType($roles);
1247
1248 return $roles ? $roles : [];
1249 }
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
Definition: class.ilRbacReview.php:220

References $DIC, $ilDB, $query, $res, __setRoleType(), assignedRoles(), FILTER_ALL, FILTER_ALL_GLOBAL, FILTER_ALL_LOCAL, FILTER_INTERNAL, FILTER_NOT_INTERNAL, FILTER_TEMPLATES, getAssignableRoles(), and getGlobalRoles().

+ Here is the call graph for this function:

◆ getRolesForIDs()

ilRbacReview::getRolesForIDs (   $role_ids,
  $use_templates 
)

@global ilDB $ilDB

Parameters
type$role_ids
type$use_templates
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1668 of file class.ilRbacReview.php.

1669 {
1670 global $DIC;
1671
1672 $ilDB = $DIC['ilDB'];
1673
1674 $role_list = [];
1675
1676 $where = $this->__setTemplateFilter($use_templates);
1677
1678 $query = "SELECT * FROM object_data " .
1679 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1680 $where .
1681 "AND rbac_fa.assign = 'y' " .
1682 'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1683
1684 $res = $ilDB->query($query);
1685 while ($row = $ilDB->fetchAssoc($res)) {
1686 $row["desc"] = $row["description"];
1687 $row["user_id"] = $row["owner"];
1688 $role_list[] = $row;
1689 }
1690
1691 $role_list = $this->__setRoleType($role_list);
1692 return $role_list;
1693 }

References $DIC, $ilDB, $query, $res, __setRoleType(), and __setTemplateFilter().

+ Here is the call graph for this function:

◆ getRolesOfObject()

ilRbacReview::getRolesOfObject (   $a_ref_id,
  $a_assignable_only = false 
)

Get roles of object.

Parameters
type$a_ref_id
type$a_assignable
Exceptions
InvalidArgumentException
Todo:
refactor rolf => DONE

Definition at line 640 of file class.ilRbacReview.php.

641 {
642 global $DIC;
643
644 $ilDB = $DIC['ilDB'];
645
646 if (!isset($a_ref_id)) {
647 $GLOBALS['DIC']['ilLog']->logStack();
648 throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
649 }
650 if ($a_assignable_only === true) {
651 $and = 'AND assign = ' . $ilDB->quote('y', 'text');
652 }
653 $query = "SELECT rol_id FROM rbac_fa " .
654 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
655 $and;
656
657 $res = $ilDB->query($query);
658
659 $role_ids = [];
660 while ($row = $ilDB->fetchObject($res)) {
661 $role_ids[] = $row->rol_id;
662 }
663 return $role_ids;
664 }

References $DIC, $GLOBALS, $ilDB, $query, and $res.

◆ getRolesOfRoleFolder()

ilRbacReview::getRolesOfRoleFolder (   $a_ref_id,
  $a_nonassignable = true 
)

get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids @access public

Parameters
integerref_id of object
booleanif false only get true local roles
Returns
array Array with rol_ids
Deprecated:
since version 4.5.0
Todo:
refactor rolf => RENAME

Definition at line 679 of file class.ilRbacReview.php.

680 {
681 global $DIC;
682
683 $ilBench = $DIC['ilBench'];
684 $ilDB = $DIC['ilDB'];
685 $ilLog = $DIC['ilLog'];
686
687 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
688
689 if (!isset($a_ref_id)) {
690 $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
691 ilLoggerFactory::getLogger('ac')->logStack();
692 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
693 }
694
695 if ($a_nonassignable === false) {
696 $and = " AND assign='y'";
697 }
698
699 $query = "SELECT rol_id FROM rbac_fa " .
700 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
701 $and;
702
703 $res = $ilDB->query($query);
704 while ($row = $ilDB->fetchObject($res)) {
705 $rol_id[] = $row->rol_id;
706 }
707
708 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
709
710 return $rol_id ? $rol_id : [];
711 }

References $DIC, $ilBench, $ilDB, $message, $query, $res, and ilLoggerFactory\getLogger().

Referenced by getGlobalRoles(), getGlobalRolesArray(), getLocalPolicies(), and getLocalRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getTypeId()

ilRbacReview::getTypeId (   $a_type)

Get type id of object @global ilDB $ilDB.

Parameters
type$a_type
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1258 of file class.ilRbacReview.php.

1259 {
1260 global $DIC;
1261
1262 $ilDB = $DIC['ilDB'];
1263
1264 $q = "SELECT obj_id FROM object_data " .
1265 "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1266 $r = $ilDB->query($q);
1267
1268 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1269 return $row->obj_id;
1270 }

References $DIC, $ilDB, and ilDBConstants\FETCHMODE_OBJECT.

◆ getUserPermissionsOnObject()

ilRbacReview::getUserPermissionsOnObject (   $a_user_id,
  $a_ref_id 
)

Get all user permissions on an object.

Parameters
int$a_user_iduser id
int$a_ref_idref id
Todo:
refactor rolf => DONE

Definition at line 1819 of file class.ilRbacReview.php.

1820 {
1821 global $DIC;
1822
1823 $ilDB = $DIC['ilDB'];
1824
1825 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1826 "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1827 "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1828 "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1829
1830 $res = $ilDB->query($query);
1831 $all_ops = [];
1832 while ($row = $ilDB->fetchObject($res)) {
1833 $ops = unserialize($row->ops_id);
1834 $all_ops = array_merge($all_ops, $ops);
1835 }
1836 $all_ops = array_unique($all_ops);
1837
1838 $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1839 " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1840 $perms = [];
1841 while ($rec = $ilDB->fetchAssoc($set)) {
1842 $perms[] = $rec["operation"];
1843 }
1844
1845 return $perms;
1846 }

References $DIC, $ilDB, $query, and $res.

◆ hasMultipleAssignments()

ilRbacReview::hasMultipleAssignments (   $a_role_id)

Temporary bugfix.

Todo:
refactor rolf => DONE

Definition at line 584 of file class.ilRbacReview.php.

585 {
586 global $DIC;
587
588 $ilDB = $DIC['ilDB'];
589
590 $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
591 "AND assign = " . $ilDB->quote('y', 'text');
592 $res = $ilDB->query($query);
593 return $res->numRows() > 1;
594 }

References $DIC, $ilDB, $query, and $res.

◆ isAssignable()

ilRbacReview::isAssignable (   $a_rol_id,
  $a_ref_id 
)

Check if its possible to assign users @access public.

Parameters
integerobject id of role
integerref_id of object in question
Returns
boolean
Todo:
refactor rolf (expects object reference id instead of rolf) => DONE

Definition at line 549 of file class.ilRbacReview.php.

550 {
551 global $DIC;
552
553 $ilBench = $DIC['ilBench'];
554 $ilDB = $DIC['ilDB'];
555
556 $ilBench->start("RBAC", "review_isAssignable");
557
558 // exclude system role from rbac
559 if ($a_rol_id == SYSTEM_ROLE_ID) {
560 $ilBench->stop("RBAC", "review_isAssignable");
561 return true;
562 }
563
564 if (!isset($a_rol_id) or !isset($a_ref_id)) {
565 $message = get_class($this) . "::isAssignable(): Missing parameter!" .
566 " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
567 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
568 }
569 $query = "SELECT * FROM rbac_fa " .
570 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
571 "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
572 $res = $ilDB->query($query);
573 $row = $ilDB->fetchObject($res);
574
575 $ilBench->stop("RBAC", "review_isAssignable");
576 return $row->assign == 'y' ? true : false;
577 }
true
return true
Flag indicating whether or not HTTP headers will be sent when outputting captcha image/audio.
Definition: class.ilIniFile.php:168

References $DIC, $ilBench, $ilDB, $message, $query, $res, SYSTEM_ROLE_ID, and true.

Referenced by getLocalRoles(), and isDeleteable().

+ Here is the caller graph for this function:

◆ isAssigned()

ilRbacReview::isAssigned (   $a_usr_id,
  $a_role_id 
)

check if a specific user is assigned to specific role @access public

Parameters
integerusr_id
integerrole_id
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 445 of file class.ilRbacReview.php.

446 {
447 if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
448 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
449 }
450 // Quickly determine if user is assigned to a role
451 global $DIC;
452
453 $ilDB = $DIC['ilDB'];
454
455 $ilDB->setLimit(1, 0);
456 $query = "SELECT usr_id FROM rbac_ua WHERE " .
457 "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
458 "AND usr_id= " . $ilDB->quote($a_usr_id);
459 $res = $ilDB->query($query);
460
461 $is_assigned = $res->numRows() == 1;
462 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
463
464 return $is_assigned;
465 }

References $DIC, $ilDB, $query, and $res.

◆ isAssignedToAtLeastOneGivenRole()

ilRbacReview::isAssignedToAtLeastOneGivenRole (   $a_usr_id,
  $a_role_ids 
)

check if a specific user is assigned to at least one of the given role ids.

This function is used to quickly check whether a user is member of a course or a group.

@access public

Parameters
integerusr_id
array[integer]role_ids
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 479 of file class.ilRbacReview.php.

480 {
481 global $DIC;
482
483 $ilDB = $DIC['ilDB'];
484
485 $ilDB->setLimit(1, 0);
486 $query = "SELECT usr_id FROM rbac_ua WHERE " .
487 $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
488 " AND usr_id= " . $ilDB->quote($a_usr_id);
489 $res = $ilDB->query($query);
490
491 return $ilDB->numRows($res) == 1;
492 }

References $DIC, $ilDB, $query, and $res.

◆ isBlockedAtPosition()

ilRbacReview::isBlockedAtPosition (   $a_role_id,
  $a_ref_id 
)

Check if role is blocked at position @global ilDB $ilDB.

Parameters
type$a_role_id
type$a_ref_id
Returns
boolean

Definition at line 1408 of file class.ilRbacReview.php.

1409 {
1410 global $DIC;
1411
1412 $ilDB = $DIC['ilDB'];
1413
1414 $query = 'SELECT blocked from rbac_fa ' .
1415 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1416 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1417 $res = $ilDB->query($query);
1418 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1419 return (bool) $row->blocked;
1420 }
1421 return false;
1422 }

References $DIC, $ilDB, $query, $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by isBlockedInUpperContext().

+ Here is the caller graph for this function:

◆ isBlockedInUpperContext()

ilRbacReview::isBlockedInUpperContext (   $a_role_id,
  $a_ref_id 
)

Check if role is blocked in upper context.

Parameters
type$a_role_id
type$a_ref_id

Definition at line 1429 of file class.ilRbacReview.php.

1430 {
1431 global $DIC;
1432
1433 $ilDB = $DIC['ilDB'];
1434 $tree = $DIC['tree'];
1435
1436 if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1437 return false;
1438 }
1439 $query = 'SELECT parent from rbac_fa ' .
1440 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1441 'AND blocked = ' . $ilDB->quote(1, 'integer');
1442 $res = $ilDB->query($query);
1443
1444 $parent_ids = [];
1445 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1446 $parent_ids[] = $row->parent;
1447 }
1448
1449 foreach ($parent_ids as $parent_id) {
1450 if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1451 return true;
1452 }
1453 }
1454 return false;
1455 }
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position @global ilDB $ilDB.
Definition: class.ilRbacReview.php:1408

References $DIC, $ilDB, $query, $res, ilDBConstants\FETCHMODE_OBJECT, and isBlockedAtPosition().

+ Here is the call graph for this function:

◆ isDeleteable()

ilRbacReview::isDeleteable (   $a_role_id,
  $a_rolf_id 
)

Check if role is deleteable at a specific position.

Parameters
object$a_role_id
introlf_id
Returns
Todo:
refactor rolf => DONE

Definition at line 1729 of file class.ilRbacReview.php.

1730 {
1731 if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1732 return false;
1733 }
1734 if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1735 return false;
1736 }
1737 if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1738 return false;
1739 }
1740 return true;
1741 }
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:991
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:26

References ilObject\_lookupTitle(), ANONYMOUS_ROLE_ID, isAssignable(), and SYSTEM_ROLE_ID.

+ Here is the call graph for this function:

◆ isDeleted()

ilRbacReview::isDeleted (   $a_node_id)

Checks if a rolefolder is set as deleted (negative tree_id) @access public.

Parameters
integerref_id of rolefolder
Returns
boolean true if rolefolder is set as deleted
Todo:
refactor rolf => DELETE method

Definition at line 1119 of file class.ilRbacReview.php.

1120 {
1121 global $DIC;
1122
1123 $ilDB = $DIC['ilDB'];
1124
1125 $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1126 $r = $this->ilDB->query($q);
1127
1128 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1129
1130 if (!$row) {
1131 $message = sprintf(
1132 '%s::isDeleted(): Role folder with ref_id %s not found!',
1133 get_class($this),
1134 $a_node_id
1135 );
1136 $this->log->write($message, $this->log->FATAL);
1137
1138 return true;
1139 }
1140
1141 // rolefolder is deleted
1142 if ($row->tree < 0) {
1143 return true;
1144 }
1145
1146 return false;
1147 }

References $DIC, $ilDB, $message, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by isRoleDeleted().

+ Here is the caller graph for this function:

◆ isGlobalRole()

ilRbacReview::isGlobalRole (   $a_role_id)

Check if role is a global role.

Parameters
type$a_role_id
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1155 of file class.ilRbacReview.php.

1156 {
1157 return in_array($a_role_id, $this->getGlobalRoles());
1158 }

References getGlobalRoles().

+ Here is the call graph for this function:

◆ isProtected()

ilRbacReview::isProtected (   $a_ref_id,
  $a_role_id 
)
Todo:
refactor rolf => search calls @global ilDB $ilDB
Parameters
type$a_ref_id
type$a_role_id
Returns
type
Todo:
refactor rolf => DONE

Definition at line 1386 of file class.ilRbacReview.php.

1387 {
1388 global $DIC;
1389
1390 $ilDB = $DIC['ilDB'];
1391
1392 // ref_id not used yet. protected permission acts 'global' for each role,
1393 $query = "SELECT protected FROM rbac_fa " .
1394 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1395 $res = $ilDB->query($query);
1396 $row = $ilDB->fetchAssoc($res);
1397
1398 return ilUtil::yn2tf($row['protected']);
1399 }
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:2969

References $DIC, $ilDB, $query, $res, and ilUtil\yn2tf().

+ Here is the call graph for this function:

◆ isRoleAssignedToObject()

ilRbacReview::isRoleAssignedToObject (   $a_role_id,
  $a_parent_id 
)

Check if role is assigned to an object.

Todo:
refactor rolf => DONE (renamed)

Definition at line 797 of file class.ilRbacReview.php.

798 {
799 global $DIC;
800
801 $rbacreview = $DIC['rbacreview'];
802 $ilDB = $DIC['ilDB'];
803
804 $query = 'SELECT * FROM rbac_fa ' .
805 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
806 'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
807 $res = $ilDB->query($query);
808 return $res->numRows() ? true : false;
809 }

References $DIC, $ilDB, $query, $res, and true.

◆ isRoleDeleted()

ilRbacReview::isRoleDeleted (   $a_role_id)

return if role is only attached to deleted role folders

Parameters
int$a_role_id
Returns
boolean
Todo:
refactor rolf => DONE

Definition at line 1644 of file class.ilRbacReview.php.

1645 {
1646 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1647 $deleted = true;
1648 if (count($rolf_list)) {
1649 foreach ($rolf_list as $rolf) {
1650 // only list roles that are not set to status "deleted"
1651 if (!$this->isDeleted($rolf)) {
1652 $deleted = false;
1653 break;
1654 }
1655 }
1656 }
1657 return $deleted;
1658 }
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
Definition: class.ilRbacReview.php:1119
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:607

References getFoldersAssignedToRole(), and isDeleted().

+ Here is the call graph for this function:

◆ isSystemGeneratedRole()

ilRbacReview::isSystemGeneratedRole (   $a_role_id)

Check if the role is system generate role or role template.

Parameters
int$a_role_id
Returns
bool
Todo:
refactor rolf => DONE

Definition at line 1749 of file class.ilRbacReview.php.

1750 {
1751 $title = ilObject::_lookupTitle($a_role_id);
1752 return substr($title, 0, 3) == 'il_' ? true : false;
1753 }

References ilObject\_lookupTitle(), and true.

+ Here is the call graph for this function:

◆ lookupCreateOperationIds()

static ilRbacReview::lookupCreateOperationIds (   $a_type_arr)
static

Lookup operation ids.

Parameters
array$a_type_arre.g array('cat','crs','grp'). The operation name (e.g. 'create_cat') is generated automatically
Returns
array int Array with operation ids
Todo:
refactor rolf => DONE

Definition at line 1346 of file class.ilRbacReview.php.

1347 {
1348 global $DIC;
1349
1350 $ilDB = $DIC['ilDB'];
1351
1352 $operations = [];
1353 foreach ($a_type_arr as $type) {
1354 $operations[] = ('create_' . $type);
1355 }
1356
1357 if (!count($operations)) {
1358 return [];
1359 }
1360
1361 $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1362 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1363
1364 $res = $ilDB->query($query);
1365
1366 $ops_ids = [];
1367 while ($row = $ilDB->fetchObject($res)) {
1368 $type_arr = explode('_', $row->operation);
1369 $type = $type_arr[1];
1370
1371 $ops_ids[$type] = $row->ops_id;
1372 }
1373 return $ops_ids;
1374 }
$type
$type
Definition: proxy_ylocal.php:10

References $DIC, $ilDB, $query, $res, and $type.

Referenced by ilObjectXMLWriter\__appendOperations(), ilObjectRolePermissionTableGUI\parse(), ilObjectRoleTemplatePermissionTableGUI\parse(), ilPermissionGUI\savePermissions(), and ilObjStudyProgrammeTest\testCreatePermissionExists().

+ Here is the caller graph for this function:

◆ roleExists()

ilRbacReview::roleExists (   $a_title,
  $a_id = 0 
)

Checks if a role already exists.

Role title should be unique @access public

Parameters
stringrole title
integerobj_id of role to exclude in the check. Commonly this is the current role you want to edit
Returns
boolean true if exists
Todo:
refactor rolf => DONE

Definition at line 79 of file class.ilRbacReview.php.

80 {
81 global $DIC;
82
83 $ilDB = $DIC['ilDB'];
84
85 if (empty($a_title)) {
86 $message = get_class($this) . "::roleExists(): No title given!";
87 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
88 }
89
90 $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
91
92 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
93 "WHERE title =" . $ilDB->quote($a_title) . " " .
94 "AND type IN('role','rolt')" .
95 $clause . " ";
96 $r = $this->ilDB->query($q);
97
98 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
99 return $row->obj_id;
100 }
101 return false;
102 }

References $DIC, $ilDB, $message, and ilDBConstants\FETCHMODE_OBJECT.

◆ setAssignedCacheEntry()

ilRbacReview::setAssignedCacheEntry (   $a_role_id,
  $a_user_id,
  $a_value 
)

set entry of assigned_chache

Parameters
int$a_role_id
int$a_user_id
bool$a_value

Definition at line 1854 of file class.ilRbacReview.php.

1855 {
1856 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1857 }

Field Documentation

◆ $_opsCache

ilRbacReview::$_opsCache = null
staticprivate

Definition at line 29 of file class.ilRbacReview.php.

◆ $assigned_users_cache

ilRbacReview::$assigned_users_cache = []
staticprotected

Definition at line 34 of file class.ilRbacReview.php.

◆ $is_assigned_cache

ilRbacReview::$is_assigned_cache = []
staticprotected

Definition at line 39 of file class.ilRbacReview.php.

◆ $log

ilRbacReview::$log
protected

Definition at line 44 of file class.ilRbacReview.php.

Referenced by __setProtectedStatus().

◆ FILTER_ALL

const ilRbacReview::FILTER_ALL = 1

Definition at line 21 of file class.ilRbacReview.php.

Referenced by getRolesByFilter(), ilRoleTableGUI\initFilter(), and ilRoleTableGUI\parse().

◆ FILTER_ALL_GLOBAL

const ilRbacReview::FILTER_ALL_GLOBAL = 2

Definition at line 22 of file class.ilRbacReview.php.

Referenced by getRolesByFilter(), and ilRoleTableGUI\initFilter().

◆ FILTER_ALL_LOCAL

const ilRbacReview::FILTER_ALL_LOCAL = 3

Definition at line 23 of file class.ilRbacReview.php.

Referenced by getRolesByFilter(), and ilRoleTableGUI\initFilter().

◆ FILTER_INTERNAL

const ilRbacReview::FILTER_INTERNAL = 4

Definition at line 24 of file class.ilRbacReview.php.

Referenced by getRolesByFilter(), ilRoleTableGUI\initFilter(), and ilRoleTableGUI\parse().

◆ FILTER_NOT_INTERNAL

const ilRbacReview::FILTER_NOT_INTERNAL = 5

Definition at line 25 of file class.ilRbacReview.php.

Referenced by getRolesByFilter(), and ilRoleTableGUI\initFilter().

◆ FILTER_TEMPLATES

const ilRbacReview::FILTER_TEMPLATES = 6

Definition at line 26 of file class.ilRbacReview.php.

Referenced by getRolesByFilter(), and ilRoleTableGUI\initFilter().

The documentation for this class was generated from the following file: