ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
19 class ilRbacReview
20 {
21  const FILTER_ALL = 1;
22  const FILTER_ALL_GLOBAL = 2;
23  const FILTER_ALL_LOCAL = 3;
24  const FILTER_INTERNAL = 4;
25  const FILTER_NOT_INTERNAL = 5;
26  const FILTER_TEMPLATES = 6;
27 
28  // Cache operation ids
29  private static $_opsCache = null;
30 
34  protected static $assigned_users_cache = [];
35 
39  protected static $is_assigned_cache = [];
40 
44  protected $log;
45 
50  public function __construct()
51  {
52  global $DIC;
53 
54  $ilDB = $DIC['ilDB'];
55  $ilErr = $DIC['ilErr'];
56  $ilias = $DIC['ilias'];
57 
58  $this->log = ilLoggerFactory::getLogger('ac');
59 
60  // set db & error handler
61  (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
62 
63  if (!isset($ilErr)) {
64  $ilErr = new ilErrorHandling();
65  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
66  } else {
67  $this->ilErr = &$ilErr;
68  }
69  }
70 
79  public function roleExists($a_title, $a_id = 0)
80  {
81  global $DIC;
82 
83  $ilDB = $DIC['ilDB'];
84 
85  if (empty($a_title)) {
86  $message = get_class($this) . "::roleExists(): No title given!";
87  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
88  }
89 
90  $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
91 
92  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
93  "WHERE title =" . $ilDB->quote($a_title) . " " .
94  "AND type IN('role','rolt')" .
95  $clause . " ";
96  $r = $this->ilDB->query($q);
97 
98  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
99  return $row->obj_id;
100  }
101  return false;
102  }
103 
117  protected function __getParentRoles($a_path, $a_templates)
118  {
119  if (!isset($a_path) or !is_array($a_path)) {
120  $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
121  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
122  }
123 
124  $parent_roles = [];
125  $role_hierarchy = [];
126 
127  foreach ($a_path as $ref_id) {
128  $roles = $this->getRoleListByObject($ref_id, $a_templates);
129  foreach ($roles as $role) {
130  $id = $role["obj_id"];
131  $role["parent"] = $ref_id;
132  $parent_roles[$id] = $role;
133 
134  if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
135  $role_hierarchy[$id] = $ref_id;
136  }
137  }
138  }
139  return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
140  }
141 
151  public function getParentRoleIds($a_endnode_id, $a_templates = false)
152  {
153  global $DIC;
154 
155  $tree = $DIC['tree'];
156 
157  if (!isset($a_endnode_id)) {
158  $GLOBALS['DIC']['ilLog']->logStack();
159  $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
160  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
161  }
162 
163  $pathIds = $tree->getPathId($a_endnode_id);
164 
165  // add system folder since it may not in the path
166  $pathIds[0] = ROLE_FOLDER_ID;
167  return $this->__getParentRoles($pathIds, $a_templates);
168  }
169 
178  public function getRoleListByObject($a_ref_id, $a_templates = false)
179  {
180  global $DIC;
181 
182  $ilDB = $DIC['ilDB'];
183 
184  if (!isset($a_ref_id) or !isset($a_templates)) {
185  $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
186  "ref_id: " . $a_ref_id .
187  "tpl_flag: " . $a_templates;
188  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
189  }
190 
191  $role_list = [];
192 
193  $where = $this->__setTemplateFilter($a_templates);
194 
195  $query = "SELECT * FROM object_data " .
196  "JOIN rbac_fa ON obj_id = rol_id " .
197  $where .
198  "AND object_data.obj_id = rbac_fa.rol_id " .
199  "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
200 
201  $res = $ilDB->query($query);
202  while ($row = $ilDB->fetchAssoc($res)) {
203  $row["desc"] = $row["description"];
204  $row["user_id"] = $row["owner"];
205  $role_list[] = $row;
206  }
207 
208  $role_list = $this->__setRoleType($role_list);
209 
210  return $role_list;
211  }
212 
220  public function getAssignableRoles($a_templates = false, $a_internal_roles = false, $title_filter = '')
221  {
222  global $DIC;
223 
224  $ilDB = $DIC['ilDB'];
225 
226  $role_list = [];
227 
228  $where = $this->__setTemplateFilter($a_templates);
229 
230  $query = "SELECT * FROM object_data " .
231  "JOIN rbac_fa ON obj_id = rol_id " .
232  $where .
233  "AND rbac_fa.assign = 'y' ";
234 
235  if (strlen($title_filter)) {
236  $query .= (' AND ' . $ilDB->like(
237  'title',
238  'text',
239  $title_filter . '%'
240  ));
241  }
242  $res = $ilDB->query($query);
243 
244  while ($row = $ilDB->fetchAssoc($res)) {
245  $row["desc"] = $row["description"];
246  $row["user_id"] = $row["owner"];
247  $role_list[] = $row;
248  }
249 
250  $role_list = $this->__setRoleType($role_list);
251 
252  return $role_list;
253  }
254 
262  public function getAssignableRolesInSubtree($ref_id)
263  {
264  global $DIC;
265 
266  $ilDB = $DIC['ilDB'];
267 
268  $query = 'SELECT rol_id FROM rbac_fa fa ' .
269  'JOIN tree t1 ON t1.child = fa.parent ' .
270  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
271  'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
272  'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
273  'AND t1.child IN (' .
274  $GLOBALS['DIC']['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
275  ') ';
276 
277 
278  $res = $ilDB->query($query);
279 
280  $role_list = [];
281  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
282  $role_list[] = $row->rol_id;
283  }
284  return $role_list;
285  }
286 
294  public function getAssignableChildRoles($a_ref_id)
295  {
296  global $DIC;
297 
298  $ilDB = $DIC['ilDB'];
299 
300  $query = "SELECT fa.*, rd.* " .
301  "FROM object_data rd " .
302  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
303  "WHERE fa.assign = 'y' " .
304  "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
305  ;
306 
307  $res = $ilDB->query($query);
308  while ($row = $ilDB->fetchAssoc($res)) {
309  $roles_data[] = $row;
310  }
311  return $roles_data ? $roles_data : [];
312  }
313 
321  protected function __setTemplateFilter($a_templates)
322  {
323  global $DIC;
324 
325  $ilDB = $DIC['ilDB'];
326 
327  if ($a_templates === true) {
328  $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
329  } else {
330  $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
331  }
332 
333  return $where;
334  }
335 
348  protected function __setRoleType($a_role_list)
349  {
350  foreach ($a_role_list as $key => $val) {
351  // determine role type
352  if ($val["type"] == "rolt") {
353  $a_role_list[$key]["role_type"] = "template";
354  } else {
355  if ($val["assign"] == "y") {
356  if ($val["parent"] == ROLE_FOLDER_ID) {
357  $a_role_list[$key]["role_type"] = "global";
358  } else {
359  $a_role_list[$key]["role_type"] = "local";
360  }
361  } else {
362  $a_role_list[$key]["role_type"] = "linked";
363  }
364  }
365 
366  if ($val["protected"] == "y") {
367  $a_role_list[$key]["protected"] = true;
368  } else {
369  $a_role_list[$key]["protected"] = false;
370  }
371  }
372 
373  return $a_role_list;
374  }
375 
382  public function getNumberOfAssignedUsers(array $a_roles)
383  {
384  global $DIC;
385 
386  $ilDB = $DIC->database();
387 
388  $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
389  'join object_data on ua.usr_id = obj_id ' .
390  'join usr_data ud on ua.usr_id = ud.usr_id ' .
391  'where ' . $ilDB->in('rol_id', $a_roles, false, 'integer');
392 
393  $res = $ilDB->query($query);
394  if ($res->numRows()) {
395  $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
396  return $row->num;
397  }
398  return 0;
399  }
400 
401 
408  public function assignedUsers($a_rol_id)
409  {
410  global $DIC;
411 
412  $ilBench = $DIC['ilBench'];
413  $ilDB = $DIC['ilDB'];
414 
415  if (!isset($a_rol_id)) {
416  $message = get_class($this) . "::assignedUsers(): No role_id given!";
417  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
418  }
419  if (isset(self::$assigned_users_cache[$a_rol_id])) {
420  return self::$assigned_users_cache[$a_rol_id];
421  }
422 
423  $result_arr = [];
424 
425  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
426  $res = $ilDB->query($query);
427  while ($row = $ilDB->fetchAssoc($res)) {
428  array_push($result_arr, $row["usr_id"]);
429  }
430 
431  self::$assigned_users_cache[$a_rol_id] = $result_arr;
432 
433  return $result_arr;
434  }
435 
436 
445  public function isAssigned($a_usr_id, $a_role_id)
446  {
447  if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
448  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
449  }
450  // Quickly determine if user is assigned to a role
451  global $DIC;
452 
453  $ilDB = $DIC['ilDB'];
454 
455  $ilDB->setLimit(1, 0);
456  $query = "SELECT usr_id FROM rbac_ua WHERE " .
457  "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
458  "AND usr_id= " . $ilDB->quote($a_usr_id);
459  $res = $ilDB->query($query);
460 
461  $is_assigned = $res->numRows() == 1;
462  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
463 
464  return $is_assigned;
465  }
466 
479  public function isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
480  {
481  global $DIC;
482 
483  $ilDB = $DIC['ilDB'];
484 
485  $ilDB->setLimit(1, 0);
486  $query = "SELECT usr_id FROM rbac_ua WHERE " .
487  $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
488  " AND usr_id= " . $ilDB->quote($a_usr_id);
489  $res = $ilDB->query($query);
490 
491  return $ilDB->numRows($res) == 1;
492  }
493 
501  public function assignedRoles($a_usr_id)
502  {
503  global $DIC;
504 
505  $ilDB = $DIC->database();
506 
507  $role_arr = [];
508  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
509 
510  $res = $ilDB->query($query);
511  while ($row = $ilDB->fetchObject($res)) {
512  $role_arr[] = $row->rol_id;
513  }
514  return $role_arr;
515  }
516 
522  public function assignedGlobalRoles($a_usr_id)
523  {
524  global $DIC;
525 
526  $ilDB = $DIC['ilDB'];
527 
528  $query = "SELECT ua.rol_id FROM rbac_ua ua " .
529  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
530  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
531  "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
532  "AND assign = 'y' ";
533 
534  $res = $ilDB->query($query);
535  while ($row = $ilDB->fetchObject($res)) {
536  $role_arr[] = $row->rol_id;
537  }
538  return $role_arr ? $role_arr : [];
539  }
540 
549  public function isAssignable($a_rol_id, $a_ref_id)
550  {
551  global $DIC;
552 
553  $ilBench = $DIC['ilBench'];
554  $ilDB = $DIC['ilDB'];
555 
556  $ilBench->start("RBAC", "review_isAssignable");
557 
558  // exclude system role from rbac
559  if ($a_rol_id == SYSTEM_ROLE_ID) {
560  $ilBench->stop("RBAC", "review_isAssignable");
561  return true;
562  }
563 
564  if (!isset($a_rol_id) or !isset($a_ref_id)) {
565  $message = get_class($this) . "::isAssignable(): Missing parameter!" .
566  " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
567  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
568  }
569  $query = "SELECT * FROM rbac_fa " .
570  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
571  "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
572  $res = $ilDB->query($query);
573  $row = $ilDB->fetchObject($res);
574 
575  $ilBench->stop("RBAC", "review_isAssignable");
576  return $row->assign == 'y' ? true : false;
577  }
578 
584  public function hasMultipleAssignments($a_role_id)
585  {
586  global $DIC;
587 
588  $ilDB = $DIC['ilDB'];
589 
590  $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
591  "AND assign = " . $ilDB->quote('y', 'text');
592  $res = $ilDB->query($query);
593  return $res->numRows() > 1;
594  }
595 
607  public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
608  {
609  global $DIC;
610 
611  $ilDB = $DIC['ilDB'];
612 
613  if (!isset($a_rol_id)) {
614  $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
615  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
616  }
617 
618  if ($a_assignable) {
619  $where = " AND assign ='y'";
620  }
621 
622  $query = "SELECT DISTINCT parent FROM rbac_fa " .
623  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
624 
625  $res = $ilDB->query($query);
626  $folders = [];
627  while ($row = $ilDB->fetchObject($res)) {
628  $folders[] = $row->parent;
629  }
630  return $folders;
631  }
632 
640  public function getRolesOfObject($a_ref_id, $a_assignable_only = false)
641  {
642  global $DIC;
643 
644  $ilDB = $DIC['ilDB'];
645 
646  if (!isset($a_ref_id)) {
647  $GLOBALS['DIC']['ilLog']->logStack();
648  throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
649  }
650  if ($a_assignable_only === true) {
651  $and = 'AND assign = ' . $ilDB->quote('y', 'text');
652  }
653  $query = "SELECT rol_id FROM rbac_fa " .
654  "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
655  $and;
656 
657  $res = $ilDB->query($query);
658 
659  $role_ids = [];
660  while ($row = $ilDB->fetchObject($res)) {
661  $role_ids[] = $row->rol_id;
662  }
663  return $role_ids;
664  }
665 
666 
667 
668 
679  public function getRolesOfRoleFolder($a_ref_id, $a_nonassignable = true)
680  {
681  global $DIC;
682 
683  $ilBench = $DIC['ilBench'];
684  $ilDB = $DIC['ilDB'];
685  $ilLog = $DIC['ilLog'];
686 
687  $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
688 
689  if (!isset($a_ref_id)) {
690  $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
691  ilLoggerFactory::getLogger('ac')->logStack();
692  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
693  }
694 
695  if ($a_nonassignable === false) {
696  $and = " AND assign='y'";
697  }
698 
699  $query = "SELECT rol_id FROM rbac_fa " .
700  "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
701  $and;
702 
703  $res = $ilDB->query($query);
704  while ($row = $ilDB->fetchObject($res)) {
705  $rol_id[] = $row->rol_id;
706  }
707 
708  $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
709 
710  return $rol_id ? $rol_id : [];
711  }
712 
719  public function getGlobalRoles()
720  {
721  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
722  }
723 
729  public function getLocalRoles($a_ref_id)
730  {
731  global $DIC;
732 
733  $ilDB = $DIC['ilDB'];
734 
735  $lroles = [];
736  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
737  if ($this->isAssignable($role_id, $a_ref_id)) {
738  $lroles[] = $role_id;
739  }
740  }
741  return $lroles;
742  }
743 
749  public function getLocalPolicies($a_ref_id)
750  {
751  $lroles = [];
752  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
753  $lroles[] = $role_id;
754  }
755  return $lroles;
756  }
757 
764  public function getGlobalRolesArray()
765  {
766  foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
767  $ga[] = array('obj_id' => $role_id,
768  'role_type' => 'global');
769  }
770  return $ga ? $ga : [];
771  }
772 
779  public function getGlobalAssignableRoles()
780  {
781  include_once './Services/AccessControl/classes/class.ilObjRole.php';
782 
783  foreach ($this->getGlobalRoles() as $role_id) {
784  if (ilObjRole::_getAssignUsersStatus($role_id)) {
785  $ga[] = array('obj_id' => $role_id,
786  'role_type' => 'global');
787  }
788  }
789  return $ga ? $ga : [];
790  }
791 
792 
797  public function isRoleAssignedToObject($a_role_id, $a_parent_id)
798  {
799  global $DIC;
800 
801  $rbacreview = $DIC['rbacreview'];
802  $ilDB = $DIC['ilDB'];
803 
804  $query = 'SELECT * FROM rbac_fa ' .
805  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
806  'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
807  $res = $ilDB->query($query);
808  return $res->numRows() ? true : false;
809  }
810 
817  public function getOperations()
818  {
819  global $DIC;
820 
821  $ilDB = $DIC['ilDB'];
822 
823  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
824  $res = $this->ilDB->query($query);
825  while ($row = $ilDB->fetchObject($res)) {
826  $ops[] = array('ops_id' => $row->ops_id,
827  'operation' => $row->operation,
828  'description' => $row->description);
829  }
830 
831  return $ops ? $ops : [];
832  }
833 
840  public function getOperation($ops_id)
841  {
842  global $DIC;
843 
844  $ilDB = $DIC['ilDB'];
845 
846  $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
847  $res = $this->ilDB->query($query);
848  while ($row = $ilDB->fetchObject($res)) {
849  $ops = array('ops_id' => $row->ops_id,
850  'operation' => $row->operation,
851  'description' => $row->description);
852  }
853 
854  return $ops ? $ops : [];
855  }
856 
866  public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
867  {
868  global $DIC;
869 
870  $ilDB = $DIC['ilDB'];
871 
872  if (!$a_parent) {
873  $a_parent = ROLE_FOLDER_ID;
874  }
875 
876  $query = "SELECT ops_id,type FROM rbac_templates " .
877  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
878  "AND parent = " . $ilDB->quote($a_parent, 'integer');
879  $res = $ilDB->query($query);
880 
881  $ops_arr = [];
882  while ($row = $ilDB->fetchObject($res)) {
883  $ops_arr[$row->type][] = $row->ops_id;
884  }
885  return (array) $ops_arr;
886  }
887 
895  public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
896  {
897  global $DIC;
898 
899  $ilDB = $DIC['ilDB'];
900 
901  $query = 'SELECT * FROM rbac_pa ' .
902  'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
903  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
904 
905  $res = $ilDB->query($query);
906  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
907  return unserialize($row['ops_id']);
908  }
909  return [];
910  }
911 
912 
923  public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
924  {
925  global $DIC;
926 
927  $ilDB = $DIC['ilDB'];
928  $ilLog = $DIC['ilLog'];
929 
930  if (!isset($a_rol_id) or !isset($a_type)) {
931  $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
932  "role_id: " . $a_rol_id .
933  "type: " . $a_type .
934  "parent_id: " . $a_parent;
935  $ilLog->logStack("Missing parameter! ");
936  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
937  }
938 
939  $ops_arr = [];
940 
941  // if no rolefolder id is given, assume global role folder as target
942  if ($a_parent == 0) {
943  $a_parent = ROLE_FOLDER_ID;
944  }
945 
946  $query = "SELECT ops_id FROM rbac_templates " .
947  "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
948  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
949  "AND parent = " . $ilDB->quote($a_parent, 'integer');
950  $res = $ilDB->query($query);
951  while ($row = $ilDB->fetchObject($res)) {
952  $ops_arr[] = $row->ops_id;
953  }
954 
955  return $ops_arr;
956  }
957 
965  public function getRoleOperationsOnObject($a_role_id, $a_ref_id)
966  {
967  global $DIC;
968 
969  $ilDB = $DIC['ilDB'];
970 
971  $query = "SELECT * FROM rbac_pa " .
972  "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
973  "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
974 
975  $res = $ilDB->query($query);
976  while ($row = $ilDB->fetchObject($res)) {
977  $ops = unserialize($row->ops_id);
978  }
979 
980  return $ops ? $ops : [];
981  }
982 
990  public function getOperationsOnType($a_typ_id)
991  {
992  global $DIC;
993 
994  $ilDB = $DIC['ilDB'];
995 
996  if (!isset($a_typ_id)) {
997  $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
998  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
999  }
1000 
1001  #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1002 
1003  $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
1004  'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
1005  'ORDER BY op_order';
1006 
1007  $res = $ilDB->query($query);
1008 
1009  while ($row = $ilDB->fetchObject($res)) {
1010  $ops_id[] = $row->ops_id;
1011  }
1012 
1013  return $ops_id ? $ops_id : [];
1014  }
1015 
1024  public function getOperationsOnTypeString($a_type)
1025  {
1026  global $DIC;
1027 
1028  $ilDB = $DIC['ilDB'];
1029 
1030  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
1031 
1032 
1033  $res = $this->ilDB->query($query);
1034  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1035  return $this->getOperationsOnType($row->obj_id);
1036  }
1037  return false;
1038  }
1039 
1047  public function getOperationsByTypeAndClass($a_type, $a_class)
1048  {
1049  global $DIC;
1050 
1051  $ilDB = $DIC['ilDB'];
1052 
1053  if ($a_class != 'create') {
1054  $condition = "AND class != " . $ilDB->quote('create', 'text');
1055  } else {
1056  $condition = "AND class = " . $ilDB->quote('create', 'text');
1057  }
1058 
1059  $query = "SELECT ro.ops_id FROM rbac_operations ro " .
1060  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
1061  "JOIN object_data od ON rt.typ_id = od.obj_id " .
1062  "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
1063  "AND title = " . $ilDB->quote($a_type, 'text') . " " .
1064  $condition . " " .
1065  "ORDER BY op_order ";
1066 
1067  $res = $ilDB->query($query);
1068 
1069  $ops = [];
1070  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1071  $ops[] = $row->ops_id;
1072  }
1073  return $ops;
1074  }
1075 
1076 
1086  public function getObjectsWithStopedInheritance($a_rol_id, $a_filter = [])
1087  {
1088  global $DIC;
1089 
1090  $ilDB = $DIC['ilDB'];
1091 
1092  #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1093  # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1094  # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1095 
1096  $query = 'SELECT parent p FROM rbac_fa ' .
1097  'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1098  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1099 
1100  if ($a_filter) {
1101  $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1102  }
1103 
1104  $res = $ilDB->query($query);
1105  $parent = [];
1106  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1107  $parent[] = $row->p;
1108  }
1109  return $parent;
1110  }
1111 
1119  public function isDeleted($a_node_id)
1120  {
1121  global $DIC;
1122 
1123  $ilDB = $DIC['ilDB'];
1124 
1125  $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1126  $r = $this->ilDB->query($q);
1127 
1128  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1129 
1130  if (!$row) {
1131  $message = sprintf(
1132  '%s::isDeleted(): Role folder with ref_id %s not found!',
1133  get_class($this),
1134  $a_node_id
1135  );
1136  $this->log->write($message, $this->log->FATAL);
1137 
1138  return true;
1139  }
1140 
1141  // rolefolder is deleted
1142  if ($row->tree < 0) {
1143  return true;
1144  }
1145 
1146  return false;
1147  }
1148 
1155  public function isGlobalRole($a_role_id)
1156  {
1157  return in_array($a_role_id, $this->getGlobalRoles());
1158  }
1159 
1169  public function getRolesByFilter($a_filter = 0, $a_user_id = 0, $title_filter = '')
1170  {
1171  global $DIC;
1172 
1173  $ilDB = $DIC['ilDB'];
1174 
1175  $assign = "y";
1176 
1177  switch ($a_filter) {
1178  // all (assignable) roles
1179  case self::FILTER_ALL:
1180  return $this->getAssignableRoles(true, true, $title_filter);
1181  break;
1182 
1183  // all (assignable) global roles
1184  case self::FILTER_ALL_GLOBAL:
1185  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1186  break;
1187 
1188  // all (assignable) local roles
1189  case self::FILTER_ALL_LOCAL:
1190  case self::FILTER_INTERNAL:
1191  case self::FILTER_NOT_INTERNAL:
1192  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1193  break;
1194 
1195  // all role templates
1196  case self::FILTER_TEMPLATES:
1197  $where = "WHERE object_data.type = 'rolt'";
1198  $assign = "n";
1199  break;
1200 
1201  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1202  case 0:
1203  default:
1204  if (!$a_user_id) {
1205  return [];
1206  }
1207 
1208  $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1209  break;
1210  }
1211 
1212  $roles = [];
1213 
1214  $query = "SELECT * FROM object_data " .
1215  "JOIN rbac_fa ON obj_id = rol_id " .
1216  $where .
1217  "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1218 
1219  if (strlen($title_filter)) {
1220  $query .= (' AND ' . $ilDB->like(
1221  'title',
1222  'text',
1223  '%' . $title_filter . '%'
1224  ));
1225  }
1226 
1227  $res = $ilDB->query($query);
1228  while ($row = $ilDB->fetchAssoc($res)) {
1229  $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1230 
1231  // all (assignable) internal local roles only
1232  if ($a_filter == 4 and !$prefix) {
1233  continue;
1234  }
1235 
1236  // all (assignable) non internal local roles only
1237  if ($a_filter == 5 and $prefix) {
1238  continue;
1239  }
1240 
1241  $row["desc"] = $row["description"];
1242  $row["user_id"] = $row["owner"];
1243  $roles[] = $row;
1244  }
1245 
1246  $roles = $this->__setRoleType($roles);
1247 
1248  return $roles ? $roles : [];
1249  }
1250 
1258  public function getTypeId($a_type)
1259  {
1260  global $DIC;
1261 
1262  $ilDB = $DIC['ilDB'];
1263 
1264  $q = "SELECT obj_id FROM object_data " .
1265  "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1266  $r = $ilDB->query($q);
1267 
1268  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1269  return $row->obj_id;
1270  }
1271 
1282  public static function _getOperationIdsByName($operations)
1283  {
1284  global $DIC;
1285 
1286  $ilDB = $DIC['ilDB'];
1287 
1288  if (!count($operations)) {
1289  return [];
1290  }
1291 
1292  $query = 'SELECT ops_id FROM rbac_operations ' .
1293  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1294 
1295  $res = $ilDB->query($query);
1296  while ($row = $ilDB->fetchObject($res)) {
1297  $ops_ids[] = $row->ops_id;
1298  }
1299  return $ops_ids ? $ops_ids : [];
1300  }
1301 
1310  public static function _getOperationIdByName($a_operation)
1311  {
1312  global $DIC;
1313 
1314  $ilDB = $DIC['ilDB'];
1315  $ilErr = $DIC['ilErr'];
1316 
1317  if (!isset($a_operation)) {
1318  $message = "perm::getOperationId(): No operation given!";
1319  $ilErr->raiseError($message, $ilErr->WARNING);
1320  }
1321 
1322  // Cache operation ids
1323  if (!is_array(self::$_opsCache)) {
1324  self::$_opsCache = [];
1325 
1326  $q = "SELECT ops_id, operation FROM rbac_operations";
1327  $r = $ilDB->query($q);
1328  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1329  self::$_opsCache[$row->operation] = $row->ops_id;
1330  }
1331  }
1332 
1333  // Get operation ID by name from cache
1334  if (array_key_exists($a_operation, self::$_opsCache)) {
1335  return self::$_opsCache[$a_operation];
1336  }
1337  return null;
1338  }
1339 
1346  public static function lookupCreateOperationIds($a_type_arr)
1347  {
1348  global $DIC;
1349 
1350  $ilDB = $DIC['ilDB'];
1351 
1352  $operations = [];
1353  foreach ($a_type_arr as $type) {
1354  $operations[] = ('create_' . $type);
1355  }
1356 
1357  if (!count($operations)) {
1358  return [];
1359  }
1360 
1361  $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1362  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1363 
1364  $res = $ilDB->query($query);
1365 
1366  $ops_ids = [];
1367  while ($row = $ilDB->fetchObject($res)) {
1368  $type_arr = explode('_', $row->operation);
1369  $type = $type_arr[1];
1370 
1371  $ops_ids[$type] = $row->ops_id;
1372  }
1373  return $ops_ids;
1374  }
1375 
1376 
1377 
1386  public function isProtected($a_ref_id, $a_role_id)
1387  {
1388  global $DIC;
1389 
1390  $ilDB = $DIC['ilDB'];
1391 
1392  // ref_id not used yet. protected permission acts 'global' for each role,
1393  $query = "SELECT protected FROM rbac_fa " .
1394  "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1395  $res = $ilDB->query($query);
1396  $row = $ilDB->fetchAssoc($res);
1397 
1398  return ilUtil::yn2tf($row['protected']);
1399  }
1400 
1408  public function isBlockedAtPosition($a_role_id, $a_ref_id)
1409  {
1410  global $DIC;
1411 
1412  $ilDB = $DIC['ilDB'];
1413 
1414  $query = 'SELECT blocked from rbac_fa ' .
1415  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1416  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1417  $res = $ilDB->query($query);
1418  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1419  return (bool) $row->blocked;
1420  }
1421  return false;
1422  }
1423 
1429  public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1430  {
1431  global $DIC;
1432 
1433  $ilDB = $DIC['ilDB'];
1434  $tree = $DIC['tree'];
1435 
1436  if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1437  return false;
1438  }
1439  $query = 'SELECT parent from rbac_fa ' .
1440  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1441  'AND blocked = ' . $ilDB->quote(1, 'integer');
1442  $res = $ilDB->query($query);
1443 
1444  $parent_ids = [];
1445  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1446  $parent_ids[] = $row->parent;
1447  }
1448 
1449  foreach ($parent_ids as $parent_id) {
1450  if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1451  return true;
1452  }
1453  }
1454  return false;
1455  }
1456 
1457  // this method alters the protected status of role regarding the current user's role assignment
1458  // and current postion in the hierarchy.
1459 
1471  protected function __setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
1472  {
1473  global $DIC;
1474 
1475  $rbacsystem = $DIC['rbacsystem'];
1476  $ilUser = $DIC['ilUser'];
1477  $log = $DIC['log'];
1478 
1479  if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1480  $leveladmin = true;
1481  } else {
1482  $leveladmin = false;
1483  }
1484 
1485  foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1486  if ($leveladmin == true) {
1487  $a_parent_roles[$role_id]['protected'] = false;
1488  continue;
1489  }
1490 
1491  if ($a_parent_roles[$role_id]['protected'] == true) {
1492  $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1493 
1494  foreach ($arr_lvl_roles_user as $lvl_role_id) {
1495  // check if role grants 'edit_permission' to parent
1496  $rolf = $a_parent_roles[$role_id]['parent'];
1497  if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1498  // user may change permissions of that higher-ranked role
1499  $a_parent_roles[$role_id]['protected'] = false;
1500  }
1501  }
1502  }
1503  }
1504  return $a_parent_roles;
1505  }
1506 
1517  public static function _getOperationList($a_type = null)
1518  {
1519  global $DIC;
1520 
1521  $ilDB = $DIC['ilDB'];
1522 
1523  $arr = [];
1524 
1525  if ($a_type) {
1526  $query = sprintf(
1527  'SELECT * FROM rbac_operations ' .
1528  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1529  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1530  'WHERE object_data.title = %s ' .
1531  'AND object_data.type = %s ' .
1532  'ORDER BY op_order ASC',
1533  $ilDB->quote($a_type, 'text'),
1534  $ilDB->quote('typ', 'text')
1535  );
1536  } else {
1537  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1538  }
1539  $res = $ilDB->query($query);
1540  while ($row = $ilDB->fetchAssoc($res)) {
1541  $arr[] = array(
1542  "ops_id" => $row['ops_id'],
1543  "operation" => $row['operation'],
1544  "desc" => $row['description'],
1545  "class" => $row['class'],
1546  "order" => $row['op_order']
1547  );
1548  }
1549  return $arr;
1550  }
1551 
1558  public static function _groupOperationsByClass($a_ops_arr)
1559  {
1560  $arr = [];
1561 
1562  foreach ($a_ops_arr as $ops) {
1563  $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1564  'name' => $ops['operation']
1565  );
1566  }
1567  return $arr;
1568  }
1569 
1579  public function getObjectOfRole($a_role_id)
1580  {
1581  // internal cache
1582  static $obj_cache = [];
1583 
1584  global $DIC;
1585 
1586  $ilDB = $DIC['ilDB'];
1587 
1588 
1589  if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1590  return $obj_cache[$a_role_id];
1591  }
1592 
1593  $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1594  'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1595  'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1596  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1597  'AND deleted IS NULL';
1598 
1599  #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1600  # "JOIN tree ON rfa.parent = tree.child ".
1601  # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1602  # "WHERE tree.tree = 1 ".
1603  # "AND assign = 'y' ".
1604  # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1605  $res = $ilDB->query($query);
1606 
1607  $obj_cache[$a_role_id] = 0;
1608  while ($row = $ilDB->fetchObject($res)) {
1609  $obj_cache[$a_role_id] = $row->obj_id;
1610  }
1611  return $obj_cache[$a_role_id];
1612  }
1613 
1620  public function getObjectReferenceOfRole($a_role_id)
1621  {
1622  global $DIC;
1623 
1624  $ilDB = $DIC['ilDB'];
1625 
1626  $query = 'SELECT parent p_ref FROM rbac_fa ' .
1627  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1628  'AND assign = ' . $ilDB->quote('y', 'text');
1629 
1630  $res = $ilDB->query($query);
1631  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1632  return $row->p_ref;
1633  }
1634  return 0;
1635  }
1636 
1644  public function isRoleDeleted($a_role_id)
1645  {
1646  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1647  $deleted = true;
1648  if (count($rolf_list)) {
1649  foreach ($rolf_list as $rolf) {
1650  // only list roles that are not set to status "deleted"
1651  if (!$this->isDeleted($rolf)) {
1652  $deleted = false;
1653  break;
1654  }
1655  }
1656  }
1657  return $deleted;
1658  }
1659 
1660 
1668  public function getRolesForIDs($role_ids, $use_templates)
1669  {
1670  global $DIC;
1671 
1672  $ilDB = $DIC['ilDB'];
1673 
1674  $role_list = [];
1675 
1676  $where = $this->__setTemplateFilter($use_templates);
1677 
1678  $query = "SELECT * FROM object_data " .
1679  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1680  $where .
1681  "AND rbac_fa.assign = 'y' " .
1682  'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1683 
1684  $res = $ilDB->query($query);
1685  while ($row = $ilDB->fetchAssoc($res)) {
1686  $row["desc"] = $row["description"];
1687  $row["user_id"] = $row["owner"];
1688  $role_list[] = $row;
1689  }
1690 
1691  $role_list = $this->__setRoleType($role_list);
1692  return $role_list;
1693  }
1694 
1700  public function getOperationAssignment()
1701  {
1702  global $DIC;
1703 
1704  $ilDB = $DIC['ilDB'];
1705 
1706  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1707  'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1708  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1709  $res = $ilDB->query($query);
1710 
1711  $counter = 0;
1712  while ($row = $ilDB->fetchObject($res)) {
1713  $info[$counter]['typ_id'] = $row->typ_id;
1714  $info[$counter]['type'] = $row->title;
1715  $info[$counter]['ops_id'] = $row->ops_id;
1716  $info[$counter]['operation'] = $row->operation;
1717  $counter++;
1718  }
1719  return $info ? $info : [];
1720  }
1721 
1729  public function isDeleteable($a_role_id, $a_rolf_id)
1730  {
1731  if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1732  return false;
1733  }
1734  if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1735  return false;
1736  }
1737  if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1738  return false;
1739  }
1740  return true;
1741  }
1742 
1749  public function isSystemGeneratedRole($a_role_id)
1750  {
1751  $title = ilObject::_lookupTitle($a_role_id);
1752  return substr($title, 0, 3) == 'il_' ? true : false;
1753  }
1754 
1755 
1756  public function getParentOfRole(int $role_id, ?int $object_ref = null) : ?int
1757  {
1758  global $DIC;
1760  $tree = $DIC['tree'];
1761 
1762  if ($object_ref === null || $object_ref === ROLE_FOLDER_ID) {
1763  return $this->getRoleFolderOfRole($role_id);
1764  }
1765 
1766 
1767  $path_ids = $tree->getPathId($object_ref);
1768  array_unshift($path_ids, ROLE_FOLDER_ID);
1769 
1770  while ($ref_id = array_pop($path_ids)) {
1771  $roles = $this->getRoleListByObject($ref_id, false);
1772  foreach ($roles as $role) {
1773  if ((int) $role['obj_id'] === $role_id) {
1774  return $ref_id;
1775  }
1776  }
1777  }
1778 
1779  return null;
1780  }
1781 
1782 
1790  public function getRoleFolderOfRole($a_role_id)
1791  {
1792  global $DIC;
1793 
1794  $ilDB = $DIC['ilDB'];
1795 
1796  if (ilObject::_lookupType($a_role_id) == 'role') {
1797  $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1798  } else {
1799  $and = '';
1800  }
1801 
1802  $query = 'SELECT * FROM rbac_fa ' .
1803  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1804  $and;
1805  $res = $ilDB->query($query);
1806  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1807  return $row->parent;
1808  }
1809  return 0;
1810  }
1811 
1819  public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1820  {
1821  global $DIC;
1822 
1823  $ilDB = $DIC['ilDB'];
1824 
1825  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1826  "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1827  "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1828  "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1829 
1830  $res = $ilDB->query($query);
1831  $all_ops = [];
1832  while ($row = $ilDB->fetchObject($res)) {
1833  $ops = unserialize($row->ops_id);
1834  $all_ops = array_merge($all_ops, $ops);
1835  }
1836  $all_ops = array_unique($all_ops);
1837 
1838  $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1839  " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1840  $perms = [];
1841  while ($rec = $ilDB->fetchAssoc($set)) {
1842  $perms[] = $rec["operation"];
1843  }
1844 
1845  return $perms;
1846  }
1847 
1854  public function setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
1855  {
1856  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1857  }
1858 
1865  public function getAssignedCacheEntry($a_role_id, $a_user_id)
1866  {
1867  return self::$is_assigned_cache[$a_role_id][$a_user_id];
1868  }
1869 
1873  public function clearCaches()
1874  {
1875  self::$is_assigned_cache = [];
1876  self::$assigned_users_cache = [];
1877  }
1878 } // END class.ilRbacReview
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1873
ilRbacReview\roleExists
roleExists($a_title, $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:79
ilRbacReview\getLocalPolicies
getLocalPolicies($a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:749
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole($a_role_id)
Get reference of role.
Definition: class.ilRbacReview.php:1620
ilRbacReview\isDeleteable
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1729
ilRbacReview\$assigned_users_cache
static $assigned_users_cache
Definition: class.ilRbacReview.php:34
ilRbacReview\isDeleted
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) public.
Definition: class.ilRbacReview.php:1119
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
ilRbacReview\getOperationsOfRole
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:923
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName($operations)
get ops_id&#39;s by name.
Definition: class.ilRbacReview.php:1282
$type
$type
Definition: proxy_ylocal.php:10
ilRbacReview\getRolesByFilter
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
ilDB $ilDB
Definition: class.ilRbacReview.php:1169
ilRbacReview\getRoleListByObject
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container public.
Definition: class.ilRbacReview.php:178
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:679
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:522
ilRbacReview\getAssignableRoles
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles public.
Definition: class.ilRbacReview.php:220
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:1047
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1517
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:991
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1700
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1429
ilRbacReview\isGlobalRole
isGlobalRole($a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:1155
ilRbacReview\__setTemplateFilter
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause private
Definition: class.ilRbacReview.php:321
ilRbacReview\__setProtectedStatus
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status type $rbacsystem type $ilUser type $log.
Definition: class.ilRbacReview.php:1471
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject($a_role_id, $a_ref_id)
ilDB $ilDB
Definition: class.ilRbacReview.php:965
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus($a_role_id)
Definition: class.ilObjRole.php:155
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node public.
Definition: class.ilRbacReview.php:294
$ilErr
$ilErr
Definition: raiseError.php:18
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1346
ilRbacReview\__getParentRoles
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:117
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:895
ilRbacReview\isProtected
isProtected($a_ref_id, $a_role_id)
Definition: class.ilRbacReview.php:1386
ilRbacReview\isAssignable
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users public.
Definition: class.ilRbacReview.php:549
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:764
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position ilDB $ilDB.
Definition: class.ilRbacReview.php:1408
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
Definition: class.ilRbacReview.php:1865
ilRbacReview\getRolesForIDs
getRolesForIDs($role_ids, $use_templates)
ilDB $ilDB
Definition: class.ilRbacReview.php:1668
ilRbacReview\getOperation
getOperation($ops_id)
get one operation by operation id public
Definition: class.ilRbacReview.php:840
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1854
$DIC
global $DIC
Definition: goto.php:24
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:797
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles public
Definition: class.ilRbacReview.php:719
$query
$query
Definition: proxy_ylocal.php:13
ilRbacReview\getTypeId
getTypeId($a_type)
Get type id of object ilDB $ilDB.
Definition: class.ilRbacReview.php:1258
ilRbacReview\isRoleDeleted
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1644
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles (not properly deleted user accounts are not counted) ...
Definition: class.ilRbacReview.php:382
ilRbacReview\getObjectOfRole
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1579
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:479
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:32
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:866
ilRbacReview\getParentRoleIds
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:151
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments($a_role_id)
Temporary bugfix.
Definition: class.ilRbacReview.php:584
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:607
ilRbacReview\_getOperationIdByName
static _getOperationIdByName($a_operation)
get operation id by name of operation public static
Definition: class.ilRbacReview.php:1310
ilRbacReview\isAssigned
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role public
Definition: class.ilRbacReview.php:445
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only &#39;global&#39; roles (with flag &#39;assign_users&#39;) public
Definition: class.ilRbacReview.php:779
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:26
ilRbacReview\__construct
__construct()
Constructor public.
Definition: class.ilRbacReview.php:50
ilRbacReview\getOperations
getOperations()
get all possible operations public
Definition: class.ilRbacReview.php:817
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole($a_role_id)
Get role folder of role ilDB $ilDB.
Definition: class.ilRbacReview.php:1790
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance($a_rol_id, $a_filter=[])
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:1086
ilRbacReview\assignedUsers
assignedUsers($a_rol_id)
get all assigned users to a given role public
Definition: class.ilRbacReview.php:408
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString($a_type)
all possible operations of a type public
Definition: class.ilRbacReview.php:1024
ilRbacReview\assignedRoles
assignedRoles($a_usr_id)
get all assigned roles to a given user public
Definition: class.ilRbacReview.php:501
$ilBench
global $ilBench
Definition: ilias.php:21
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository public.
Definition: class.ilRbacReview.php:262
$message
$message
Definition: xapiexit.php:14
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1819
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilRbacReview\__setRoleType
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:348
$ilUser
$ilUser
Definition: imgupload.php:18
ilUtil\yn2tf
static yn2tf($a_yn)
convert "y"/"n" to true/false
Definition: class.ilUtil.php:2969
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass($a_ops_arr)
Definition: class.ilRbacReview.php:1558
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1749
ilRbacReview\getOperationsOnType
getOperationsOnType($a_typ_id)
all possible operations of a type public
Definition: class.ilRbacReview.php:990
ilRbacReview\getRolesOfObject
getRolesOfObject($a_ref_id, $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:640
ilRbacReview\getLocalRoles
getLocalRoles($a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:729
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:19