ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
20{
21 const FILTER_ALL = 1;
24 const FILTER_INTERNAL = 4;
27
28 // Cache operation ids
29 private static $_opsCache = null;
30
34 protected static $assigned_users_cache = [];
35
39 protected static $is_assigned_cache = [];
40
44 protected $log;
45
50 public function __construct()
51 {
52 global $DIC;
53
54 $ilDB = $DIC['ilDB'];
55 $ilErr = $DIC['ilErr'];
56 $ilias = $DIC['ilias'];
57
58 $this->log = ilLoggerFactory::getLogger('ac');
59
60 // set db & error handler
61 (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
62
63 if (!isset($ilErr)) {
64 $ilErr = new ilErrorHandling();
65 $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
66 } else {
67 $this->ilErr = &$ilErr;
68 }
69 }
70
79 public function roleExists($a_title, $a_id = 0)
80 {
81 global $DIC;
82
83 $ilDB = $DIC['ilDB'];
84
85 if (empty($a_title)) {
86 $message = get_class($this) . "::roleExists(): No title given!";
87 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
88 }
89
90 $clause = ($a_id) ? " AND obj_id != " . $ilDB->quote($a_id) . " " : "";
91
92 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
93 "WHERE title =" . $ilDB->quote($a_title) . " " .
94 "AND type IN('role','rolt')" .
95 $clause . " ";
96 $r = $this->ilDB->query($q);
97
98 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
99 return $row->obj_id;
100 }
101 return false;
102 }
103
117 protected function __getParentRoles($a_path, $a_templates)
118 {
119 if (!isset($a_path) or !is_array($a_path)) {
120 $message = get_class($this) . "::getParentRoles(): No path given or wrong datatype!";
121 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
122 }
123
124 $parent_roles = [];
125 $role_hierarchy = [];
126
127 foreach ($a_path as $ref_id) {
128 $roles = $this->getRoleListByObject($ref_id, $a_templates);
129 foreach ($roles as $role) {
130 $id = $role["obj_id"];
131 $role["parent"] = $ref_id;
132 $parent_roles[$id] = $role;
133
134 if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
135 $role_hierarchy[$id] = $ref_id;
136 }
137 }
138 }
139 return $this->__setProtectedStatus($parent_roles, $role_hierarchy, reset($a_path));
140 }
141
151 public function getParentRoleIds($a_endnode_id, $a_templates = false)
152 {
153 global $DIC;
154
155 $tree = $DIC['tree'];
156
157 if (!isset($a_endnode_id)) {
158 $GLOBALS['DIC']['ilLog']->logStack();
159 $message = get_class($this) . "::getParentRoleIds(): No node_id (ref_id) given!";
160 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
161 }
162
163 $pathIds = $tree->getPathId($a_endnode_id);
164
165 // add system folder since it may not in the path
166 $pathIds[0] = ROLE_FOLDER_ID;
167 return $this->__getParentRoles($pathIds, $a_templates);
168 }
169
178 public function getRoleListByObject($a_ref_id, $a_templates = false)
179 {
180 global $DIC;
181
182 $ilDB = $DIC['ilDB'];
183
184 if (!isset($a_ref_id) or !isset($a_templates)) {
185 $message = get_class($this) . "::getRoleListByObject(): Missing parameter!" .
186 "ref_id: " . $a_ref_id .
187 "tpl_flag: " . $a_templates;
188 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
189 }
190
191 $role_list = [];
192
193 $where = $this->__setTemplateFilter($a_templates);
194
195 $query = "SELECT * FROM object_data " .
196 "JOIN rbac_fa ON obj_id = rol_id " .
197 $where .
198 "AND object_data.obj_id = rbac_fa.rol_id " .
199 "AND rbac_fa.parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
200
201 $res = $ilDB->query($query);
202 while ($row = $ilDB->fetchAssoc($res)) {
203 $row["desc"] = $row["description"];
204 $row["user_id"] = $row["owner"];
205 $role_list[] = $row;
206 }
207
208 $role_list = $this->__setRoleType($role_list);
209
210 return $role_list;
211 }
212
220 public function getAssignableRoles($a_templates = false, $a_internal_roles = false, $title_filter = '')
221 {
222 global $DIC;
223
224 $ilDB = $DIC['ilDB'];
225
226 $role_list = [];
227
228 $where = $this->__setTemplateFilter($a_templates);
229
230 $query = "SELECT * FROM object_data " .
231 "JOIN rbac_fa ON obj_id = rol_id " .
232 $where .
233 "AND rbac_fa.assign = 'y' ";
234
235 if (strlen($title_filter)) {
236 $query .= (' AND ' . $ilDB->like(
237 'title',
238 'text',
239 $title_filter . '%'
240 ));
241 }
242 $res = $ilDB->query($query);
243
244 while ($row = $ilDB->fetchAssoc($res)) {
245 $row["desc"] = $row["description"];
246 $row["user_id"] = $row["owner"];
247 $role_list[] = $row;
248 }
249
250 $role_list = $this->__setRoleType($role_list);
251
252 return $role_list;
253 }
254
262 public function getAssignableRolesInSubtree($ref_id)
263 {
264 global $DIC;
265
266 $ilDB = $DIC['ilDB'];
267
268 $query = 'SELECT rol_id FROM rbac_fa fa ' .
269 'JOIN tree t1 ON t1.child = fa.parent ' .
270 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
271 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
272 'AND obd.type = ' . $ilDB->quote('role', 'text') . ' ' .
273 'AND t1.child IN (' .
274 $GLOBALS['DIC']['tree']->getSubTreeQuery($ref_id, array('child')) . ' ' .
275 ') ';
276
277
278 $res = $ilDB->query($query);
279
280 $role_list = [];
281 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
282 $role_list[] = $row->rol_id;
283 }
284 return $role_list;
285 }
286
294 public function getAssignableChildRoles($a_ref_id)
295 {
296 global $DIC;
297
298 $ilDB = $DIC['ilDB'];
299
300 $query = "SELECT fa.*, rd.* " .
301 "FROM object_data rd " .
302 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
303 "WHERE fa.assign = 'y' " .
304 "AND fa.parent = " . $this->ilDB->quote($a_ref_id, 'integer') . " "
305 ;
306
307 $res = $ilDB->query($query);
308 while ($row = $ilDB->fetchAssoc($res)) {
309 $roles_data[] = $row;
310 }
311 return $roles_data ? $roles_data : [];
312 }
313
321 protected function __setTemplateFilter($a_templates)
322 {
323 global $DIC;
324
325 $ilDB = $DIC['ilDB'];
326
327 if ($a_templates === true) {
328 $where = "WHERE " . $ilDB->in('object_data.type', array('role','rolt'), false, 'text') . " ";
329 } else {
330 $where = "WHERE " . $ilDB->in('object_data.type', array('role'), false, 'text') . " ";
331 }
332
333 return $where;
334 }
335
348 protected function __setRoleType($a_role_list)
349 {
350 foreach ($a_role_list as $key => $val) {
351 // determine role type
352 if ($val["type"] == "rolt") {
353 $a_role_list[$key]["role_type"] = "template";
354 } else {
355 if ($val["assign"] == "y") {
356 if ($val["parent"] == ROLE_FOLDER_ID) {
357 $a_role_list[$key]["role_type"] = "global";
358 } else {
359 $a_role_list[$key]["role_type"] = "local";
360 }
361 } else {
362 $a_role_list[$key]["role_type"] = "linked";
363 }
364 }
365
366 if ($val["protected"] == "y") {
367 $a_role_list[$key]["protected"] = true;
368 } else {
369 $a_role_list[$key]["protected"] = false;
370 }
371 }
372
373 return $a_role_list;
374 }
375
382 public function getNumberOfAssignedUsers(array $a_roles)
383 {
384 global $DIC;
385
386 $ilDB = $DIC->database();
387
388 $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
389 'join object_data on ua.usr_id = obj_id ' .
390 'join usr_data ud on ua.usr_id = ud.usr_id ' .
391 'where ' . $ilDB->in('rol_id', $a_roles, false, 'integer');
392
393 $res = $ilDB->query($query);
394 if ($res->numRows()) {
395 $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
396 return $row->num;
397 }
398 return 0;
399 }
400
401
408 public function assignedUsers($a_rol_id)
409 {
410 global $DIC;
411
412 $ilBench = $DIC['ilBench'];
413 $ilDB = $DIC['ilDB'];
414
415 if (!isset($a_rol_id)) {
416 $message = get_class($this) . "::assignedUsers(): No role_id given!";
417 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
418 }
419 if (isset(self::$assigned_users_cache[$a_rol_id])) {
420 return self::$assigned_users_cache[$a_rol_id];
421 }
422
423 $result_arr = [];
424
425 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $ilDB->quote($a_rol_id, 'integer');
426 $res = $ilDB->query($query);
427 while ($row = $ilDB->fetchAssoc($res)) {
428 array_push($result_arr, $row["usr_id"]);
429 }
430
431 self::$assigned_users_cache[$a_rol_id] = $result_arr;
432
433 return $result_arr;
434 }
435
436
445 public function isAssigned($a_usr_id, $a_role_id)
446 {
447 if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
448 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
449 }
450 // Quickly determine if user is assigned to a role
451 global $DIC;
452
453 $ilDB = $DIC['ilDB'];
454
455 $ilDB->setLimit(1, 0);
456 $query = "SELECT usr_id FROM rbac_ua WHERE " .
457 "rol_id= " . $ilDB->quote($a_role_id, 'integer') . " " .
458 "AND usr_id= " . $ilDB->quote($a_usr_id);
459 $res = $ilDB->query($query);
460
461 $is_assigned = $res->numRows() == 1;
462 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
463
464 return $is_assigned;
465 }
466
479 public function isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
480 {
481 global $DIC;
482
483 $ilDB = $DIC['ilDB'];
484
485 $ilDB->setLimit(1, 0);
486 $query = "SELECT usr_id FROM rbac_ua WHERE " .
487 $ilDB->in('rol_id', $a_role_ids, false, 'integer') .
488 " AND usr_id= " . $ilDB->quote($a_usr_id);
489 $res = $ilDB->query($query);
490
491 return $ilDB->numRows($res) == 1;
492 }
493
501 public function assignedRoles($a_usr_id)
502 {
503 global $DIC;
504
505 $ilDB = $DIC->database();
506
507 $role_arr = [];
508 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
509
510 $res = $ilDB->query($query);
511 while ($row = $ilDB->fetchObject($res)) {
512 $role_arr[] = $row->rol_id;
513 }
514 return $role_arr;
515 }
516
522 public function assignedGlobalRoles($a_usr_id)
523 {
524 global $DIC;
525
526 $ilDB = $DIC['ilDB'];
527
528 $query = "SELECT ua.rol_id FROM rbac_ua ua " .
529 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
530 "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . ' ' .
531 "AND parent = " . $ilDB->quote(ROLE_FOLDER_ID) . " " .
532 "AND assign = 'y' ";
533
534 $res = $ilDB->query($query);
535 while ($row = $ilDB->fetchObject($res)) {
536 $role_arr[] = $row->rol_id;
537 }
538 return $role_arr ? $role_arr : [];
539 }
540
549 public function isAssignable($a_rol_id, $a_ref_id)
550 {
551 global $DIC;
552
553 $ilBench = $DIC['ilBench'];
554 $ilDB = $DIC['ilDB'];
555
556 $ilBench->start("RBAC", "review_isAssignable");
557
558 // exclude system role from rbac
559 if ($a_rol_id == SYSTEM_ROLE_ID) {
560 $ilBench->stop("RBAC", "review_isAssignable");
561 return true;
562 }
563
564 if (!isset($a_rol_id) or !isset($a_ref_id)) {
565 $message = get_class($this) . "::isAssignable(): Missing parameter!" .
566 " role_id: " . $a_rol_id . " ,ref_id: " . $a_ref_id;
567 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
568 }
569 $query = "SELECT * FROM rbac_fa " .
570 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
571 "AND parent = " . $ilDB->quote($a_ref_id, 'integer') . " ";
572 $res = $ilDB->query($query);
573 $row = $ilDB->fetchObject($res);
574
575 $ilBench->stop("RBAC", "review_isAssignable");
576 return $row->assign == 'y' ? true : false;
577 }
578
584 public function hasMultipleAssignments($a_role_id)
585 {
586 global $DIC;
587
588 $ilDB = $DIC['ilDB'];
589
590 $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . ' ' .
591 "AND assign = " . $ilDB->quote('y', 'text');
592 $res = $ilDB->query($query);
593 return $res->numRows() > 1;
594 }
595
607 public function getFoldersAssignedToRole($a_rol_id, $a_assignable = false)
608 {
609 global $DIC;
610
611 $ilDB = $DIC['ilDB'];
612
613 if (!isset($a_rol_id)) {
614 $message = get_class($this) . "::getFoldersAssignedToRole(): No role_id given!";
615 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
616 }
617
618 if ($a_assignable) {
619 $where = " AND assign ='y'";
620 }
621
622 $query = "SELECT DISTINCT parent FROM rbac_fa " .
623 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " . $where . " ";
624
625 $res = $ilDB->query($query);
626 $folders = [];
627 while ($row = $ilDB->fetchObject($res)) {
628 $folders[] = $row->parent;
629 }
630 return $folders;
631 }
632
640 public function getRolesOfObject($a_ref_id, $a_assignable_only = false)
641 {
642 global $DIC;
643
644 $ilDB = $DIC['ilDB'];
645
646 if (!isset($a_ref_id)) {
647 $GLOBALS['DIC']['ilLog']->logStack();
648 throw new InvalidArgumentException(__METHOD__ . ': No ref_id given!');
649 }
650 if ($a_assignable_only === true) {
651 $and = 'AND assign = ' . $ilDB->quote('y', 'text');
652 }
653 $query = "SELECT rol_id FROM rbac_fa " .
654 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
655 $and;
656
657 $res = $ilDB->query($query);
658
659 $role_ids = [];
660 while ($row = $ilDB->fetchObject($res)) {
661 $role_ids[] = $row->rol_id;
662 }
663 return $role_ids;
664 }
665
666
667
668
679 public function getRolesOfRoleFolder($a_ref_id, $a_nonassignable = true)
680 {
681 global $DIC;
682
683 $ilBench = $DIC['ilBench'];
684 $ilDB = $DIC['ilDB'];
685 $ilLog = $DIC['ilLog'];
686
687 $ilBench->start("RBAC", "review_getRolesOfRoleFolder");
688
689 if (!isset($a_ref_id)) {
690 $message = get_class($this) . "::getRolesOfRoleFolder(): No ref_id given!";
691 ilLoggerFactory::getLogger('ac')->logStack();
692 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
693 }
694
695 if ($a_nonassignable === false) {
696 $and = " AND assign='y'";
697 }
698
699 $query = "SELECT rol_id FROM rbac_fa " .
700 "WHERE parent = " . $ilDB->quote($a_ref_id, 'integer') . " " .
701 $and;
702
703 $res = $ilDB->query($query);
704 while ($row = $ilDB->fetchObject($res)) {
705 $rol_id[] = $row->rol_id;
706 }
707
708 $ilBench->stop("RBAC", "review_getRolesOfRoleFolder");
709
710 return $rol_id ? $rol_id : [];
711 }
712
719 public function getGlobalRoles()
720 {
721 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
722 }
723
729 public function getLocalRoles($a_ref_id)
730 {
731 global $DIC;
732
733 $ilDB = $DIC['ilDB'];
734
735 $lroles = [];
736 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
737 if ($this->isAssignable($role_id, $a_ref_id)) {
738 $lroles[] = $role_id;
739 }
740 }
741 return $lroles;
742 }
743
749 public function getLocalPolicies($a_ref_id)
750 {
751 $lroles = [];
752 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
753 $lroles[] = $role_id;
754 }
755 return $lroles;
756 }
757
764 public function getGlobalRolesArray()
765 {
766 foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
767 $ga[] = array('obj_id' => $role_id,
768 'role_type' => 'global');
769 }
770 return $ga ? $ga : [];
771 }
772
779 public function getGlobalAssignableRoles()
780 {
781 include_once './Services/AccessControl/classes/class.ilObjRole.php';
782
783 foreach ($this->getGlobalRoles() as $role_id) {
784 if (ilObjRole::_getAssignUsersStatus($role_id)) {
785 $ga[] = array('obj_id' => $role_id,
786 'role_type' => 'global');
787 }
788 }
789 return $ga ? $ga : [];
790 }
791
792
797 public function isRoleAssignedToObject($a_role_id, $a_parent_id)
798 {
799 global $DIC;
800
801 $rbacreview = $DIC['rbacreview'];
802 $ilDB = $DIC['ilDB'];
803
804 $query = 'SELECT * FROM rbac_fa ' .
805 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
806 'AND parent = ' . $ilDB->quote($a_parent_id, 'integer');
807 $res = $ilDB->query($query);
808 return $res->numRows() ? true : false;
809 }
810
817 public function getOperations()
818 {
819 global $DIC;
820
821 $ilDB = $DIC['ilDB'];
822
823 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
824 $res = $this->ilDB->query($query);
825 while ($row = $ilDB->fetchObject($res)) {
826 $ops[] = array('ops_id' => $row->ops_id,
827 'operation' => $row->operation,
828 'description' => $row->description);
829 }
830
831 return $ops ? $ops : [];
832 }
833
840 public function getOperation($ops_id)
841 {
842 global $DIC;
843
844 $ilDB = $DIC['ilDB'];
845
846 $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $ilDB->quote($ops_id, 'integer');
847 $res = $this->ilDB->query($query);
848 while ($row = $ilDB->fetchObject($res)) {
849 $ops = array('ops_id' => $row->ops_id,
850 'operation' => $row->operation,
851 'description' => $row->description);
852 }
853
854 return $ops ? $ops : [];
855 }
856
866 public function getAllOperationsOfRole($a_rol_id, $a_parent = 0)
867 {
868 global $DIC;
869
870 $ilDB = $DIC['ilDB'];
871
872 if (!$a_parent) {
873 $a_parent = ROLE_FOLDER_ID;
874 }
875
876 $query = "SELECT ops_id,type FROM rbac_templates " .
877 "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
878 "AND parent = " . $ilDB->quote($a_parent, 'integer');
879 $res = $ilDB->query($query);
880
881 $ops_arr = [];
882 while ($row = $ilDB->fetchObject($res)) {
883 $ops_arr[$row->type][] = $row->ops_id;
884 }
885 return (array) $ops_arr;
886 }
887
895 public function getActiveOperationsOfRole($a_ref_id, $a_role_id)
896 {
897 global $DIC;
898
899 $ilDB = $DIC['ilDB'];
900
901 $query = 'SELECT * FROM rbac_pa ' .
902 'WHERE ref_id = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
903 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ';
904
905 $res = $ilDB->query($query);
906 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
907 return unserialize($row['ops_id']);
908 }
909 return [];
910 }
911
912
923 public function getOperationsOfRole($a_rol_id, $a_type, $a_parent = 0)
924 {
925 global $DIC;
926
927 $ilDB = $DIC['ilDB'];
928 $ilLog = $DIC['ilLog'];
929
930 if (!isset($a_rol_id) or !isset($a_type)) {
931 $message = get_class($this) . "::getOperationsOfRole(): Missing Parameter!" .
932 "role_id: " . $a_rol_id .
933 "type: " . $a_type .
934 "parent_id: " . $a_parent;
935 $ilLog->logStack("Missing parameter! ");
936 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
937 }
938
939 $ops_arr = [];
940
941 // if no rolefolder id is given, assume global role folder as target
942 if ($a_parent == 0) {
943 $a_parent = ROLE_FOLDER_ID;
944 }
945
946 $query = "SELECT ops_id FROM rbac_templates " .
947 "WHERE type =" . $ilDB->quote($a_type, 'text') . " " .
948 "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " " .
949 "AND parent = " . $ilDB->quote($a_parent, 'integer');
950 $res = $ilDB->query($query);
951 while ($row = $ilDB->fetchObject($res)) {
952 $ops_arr[] = $row->ops_id;
953 }
954
955 return $ops_arr;
956 }
957
965 public function getRoleOperationsOnObject($a_role_id, $a_ref_id)
966 {
967 global $DIC;
968
969 $ilDB = $DIC['ilDB'];
970
971 $query = "SELECT * FROM rbac_pa " .
972 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " " .
973 "AND ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
974
975 $res = $ilDB->query($query);
976 while ($row = $ilDB->fetchObject($res)) {
977 $ops = unserialize($row->ops_id);
978 }
979
980 return $ops ? $ops : [];
981 }
982
990 public function getOperationsOnType($a_typ_id)
991 {
992 global $DIC;
993
994 $ilDB = $DIC['ilDB'];
995
996 if (!isset($a_typ_id)) {
997 $message = get_class($this) . "::getOperationsOnType(): No type_id given!";
998 $this->ilErr->raiseError($message, $this->ilErr->WARNING);
999 }
1000
1001 #$query = "SELECT * FROM rbac_ta WHERE typ_id = ".$ilDB->quote($a_typ_id,'integer');
1002
1003 $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
1004 'WHERE typ_id = ' . $ilDB->quote($a_typ_id, 'integer') . ' ' .
1005 'ORDER BY op_order';
1006
1007 $res = $ilDB->query($query);
1008
1009 while ($row = $ilDB->fetchObject($res)) {
1010 $ops_id[] = $row->ops_id;
1011 }
1012
1013 return $ops_id ? $ops_id : [];
1014 }
1015
1024 public function getOperationsOnTypeString($a_type)
1025 {
1026 global $DIC;
1027
1028 $ilDB = $DIC['ilDB'];
1029
1030 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $ilDB->quote($a_type, 'text') . " ";
1031
1032
1033 $res = $this->ilDB->query($query);
1034 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1035 return $this->getOperationsOnType($row->obj_id);
1036 }
1037 return false;
1038 }
1039
1047 public function getOperationsByTypeAndClass($a_type, $a_class)
1048 {
1049 global $DIC;
1050
1051 $ilDB = $DIC['ilDB'];
1052
1053 if ($a_class != 'create') {
1054 $condition = "AND class != " . $ilDB->quote('create', 'text');
1055 } else {
1056 $condition = "AND class = " . $ilDB->quote('create', 'text');
1057 }
1058
1059 $query = "SELECT ro.ops_id FROM rbac_operations ro " .
1060 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
1061 "JOIN object_data od ON rt.typ_id = od.obj_id " .
1062 "WHERE type = " . $ilDB->quote('typ', 'text') . " " .
1063 "AND title = " . $ilDB->quote($a_type, 'text') . " " .
1064 $condition . " " .
1065 "ORDER BY op_order ";
1066
1067 $res = $ilDB->query($query);
1068
1069 $ops = [];
1070 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1071 $ops[] = $row->ops_id;
1072 }
1073 return $ops;
1074 }
1075
1076
1086 public function getObjectsWithStopedInheritance($a_rol_id, $a_filter = [])
1087 {
1088 global $DIC;
1089
1090 $ilDB = $DIC['ilDB'];
1091
1092 #$query = 'SELECT t.parent p FROM tree t JOIN rbac_fa fa ON fa.parent = child '.
1093 # 'WHERE assign = '.$ilDB->quote('n','text').' '.
1094 # 'AND rol_id = '.$ilDB->quote($a_rol_id,'integer').' ';
1095
1096 $query = 'SELECT parent p FROM rbac_fa ' .
1097 'WHERE assign = ' . $ilDB->quote('n', 'text') . ' ' .
1098 'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ';
1099
1100 if ($a_filter) {
1101 $query .= ('AND ' . $ilDB->in('parent', (array) $a_filter, false, 'integer'));
1102 }
1103
1104 $res = $ilDB->query($query);
1105 $parent = [];
1106 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1107 $parent[] = $row->p;
1108 }
1109 return $parent;
1110 }
1111
1119 public function isDeleted($a_node_id)
1120 {
1121 global $DIC;
1122
1123 $ilDB = $DIC['ilDB'];
1124
1125 $q = "SELECT tree FROM tree WHERE child =" . $ilDB->quote($a_node_id) . " ";
1126 $r = $this->ilDB->query($q);
1127
1128 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1129
1130 if (!$row) {
1131 $message = sprintf(
1132 '%s::isDeleted(): Role folder with ref_id %s not found!',
1133 get_class($this),
1134 $a_node_id
1135 );
1136 $this->log->write($message, $this->log->FATAL);
1137
1138 return true;
1139 }
1140
1141 // rolefolder is deleted
1142 if ($row->tree < 0) {
1143 return true;
1144 }
1145
1146 return false;
1147 }
1148
1155 public function isGlobalRole($a_role_id)
1156 {
1157 return in_array($a_role_id, $this->getGlobalRoles());
1158 }
1159
1169 public function getRolesByFilter($a_filter = 0, $a_user_id = 0, $title_filter = '')
1170 {
1171 global $DIC;
1172
1173 $ilDB = $DIC['ilDB'];
1174
1175 $assign = "y";
1176
1177 switch ($a_filter) {
1178 // all (assignable) roles
1179 case self::FILTER_ALL:
1180 return $this->getAssignableRoles(true, true, $title_filter);
1181 break;
1182
1183 // all (assignable) global roles
1185 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
1186 break;
1187
1188 // all (assignable) local roles
1192 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
1193 break;
1194
1195 // all role templates
1197 $where = "WHERE object_data.type = 'rolt'";
1198 $assign = "n";
1199 break;
1200
1201 // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
1202 case 0:
1203 default:
1204 if (!$a_user_id) {
1205 return [];
1206 }
1207
1208 $where = 'WHERE ' . $ilDB->in('rbac_fa.rol_id', $this->assignedRoles($a_user_id), false, 'integer') . ' ';
1209 break;
1210 }
1211
1212 $roles = [];
1213
1214 $query = "SELECT * FROM object_data " .
1215 "JOIN rbac_fa ON obj_id = rol_id " .
1216 $where .
1217 "AND rbac_fa.assign = " . $ilDB->quote($assign, 'text') . " ";
1218
1219 if (strlen($title_filter)) {
1220 $query .= (' AND ' . $ilDB->like(
1221 'title',
1222 'text',
1223 '%' . $title_filter . '%'
1224 ));
1225 }
1226
1227 $res = $ilDB->query($query);
1228 while ($row = $ilDB->fetchAssoc($res)) {
1229 $prefix = (substr($row["title"], 0, 3) == "il_") ? true : false;
1230
1231 // all (assignable) internal local roles only
1232 if ($a_filter == 4 and !$prefix) {
1233 continue;
1234 }
1235
1236 // all (assignable) non internal local roles only
1237 if ($a_filter == 5 and $prefix) {
1238 continue;
1239 }
1240
1241 $row["desc"] = $row["description"];
1242 $row["user_id"] = $row["owner"];
1243 $roles[] = $row;
1244 }
1245
1246 $roles = $this->__setRoleType($roles);
1247
1248 return $roles ? $roles : [];
1249 }
1250
1258 public function getTypeId($a_type)
1259 {
1260 global $DIC;
1261
1262 $ilDB = $DIC['ilDB'];
1263
1264 $q = "SELECT obj_id FROM object_data " .
1265 "WHERE title=" . $ilDB->quote($a_type, 'text') . " AND type='typ'";
1266 $r = $ilDB->query($q);
1267
1268 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
1269 return $row->obj_id;
1270 }
1271
1282 public static function _getOperationIdsByName($operations)
1283 {
1284 global $DIC;
1285
1286 $ilDB = $DIC['ilDB'];
1287
1288 if (!count($operations)) {
1289 return [];
1290 }
1291
1292 $query = 'SELECT ops_id FROM rbac_operations ' .
1293 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1294
1295 $res = $ilDB->query($query);
1296 while ($row = $ilDB->fetchObject($res)) {
1297 $ops_ids[] = $row->ops_id;
1298 }
1299 return $ops_ids ? $ops_ids : [];
1300 }
1301
1310 public static function _getOperationIdByName($a_operation)
1311 {
1312 global $DIC;
1313
1314 $ilDB = $DIC['ilDB'];
1315 $ilErr = $DIC['ilErr'];
1316
1317 if (!isset($a_operation)) {
1318 $message = "perm::getOperationId(): No operation given!";
1319 $ilErr->raiseError($message, $ilErr->WARNING);
1320 }
1321
1322 // Cache operation ids
1323 if (!is_array(self::$_opsCache)) {
1324 self::$_opsCache = [];
1325
1326 $q = "SELECT ops_id, operation FROM rbac_operations";
1327 $r = $ilDB->query($q);
1328 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1329 self::$_opsCache[$row->operation] = $row->ops_id;
1330 }
1331 }
1332
1333 // Get operation ID by name from cache
1334 if (array_key_exists($a_operation, self::$_opsCache)) {
1335 return self::$_opsCache[$a_operation];
1336 }
1337 return null;
1338 }
1339
1346 public static function lookupCreateOperationIds($a_type_arr)
1347 {
1348 global $DIC;
1349
1350 $ilDB = $DIC['ilDB'];
1351
1352 $operations = [];
1353 foreach ($a_type_arr as $type) {
1354 $operations[] = ('create_' . $type);
1355 }
1356
1357 if (!count($operations)) {
1358 return [];
1359 }
1360
1361 $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1362 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1363
1364 $res = $ilDB->query($query);
1365
1366 $ops_ids = [];
1367 while ($row = $ilDB->fetchObject($res)) {
1368 $type_arr = explode('_', $row->operation);
1369 $type = $type_arr[1];
1370
1371 $ops_ids[$type] = $row->ops_id;
1372 }
1373 return $ops_ids;
1374 }
1375
1376
1377
1386 public function isProtected($a_ref_id, $a_role_id)
1387 {
1388 global $DIC;
1389
1390 $ilDB = $DIC['ilDB'];
1391
1392 // ref_id not used yet. protected permission acts 'global' for each role,
1393 $query = "SELECT protected FROM rbac_fa " .
1394 "WHERE rol_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
1395 $res = $ilDB->query($query);
1396 $row = $ilDB->fetchAssoc($res);
1397
1398 return ilUtil::yn2tf($row['protected']);
1399 }
1400
1408 public function isBlockedAtPosition($a_role_id, $a_ref_id)
1409 {
1410 global $DIC;
1411
1412 $ilDB = $DIC['ilDB'];
1413
1414 $query = 'SELECT blocked from rbac_fa ' .
1415 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1416 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
1417 $res = $ilDB->query($query);
1418 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1419 return (bool) $row->blocked;
1420 }
1421 return false;
1422 }
1423
1429 public function isBlockedInUpperContext($a_role_id, $a_ref_id)
1430 {
1431 global $DIC;
1432
1433 $ilDB = $DIC['ilDB'];
1434 $tree = $DIC['tree'];
1435
1436 if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1437 return false;
1438 }
1439 $query = 'SELECT parent from rbac_fa ' .
1440 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1441 'AND blocked = ' . $ilDB->quote(1, 'integer');
1442 $res = $ilDB->query($query);
1443
1444 $parent_ids = [];
1445 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1446 $parent_ids[] = $row->parent;
1447 }
1448
1449 foreach ($parent_ids as $parent_id) {
1450 if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1451 return true;
1452 }
1453 }
1454 return false;
1455 }
1456
1457 // this method alters the protected status of role regarding the current user's role assignment
1458 // and current postion in the hierarchy.
1459
1471 protected function __setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
1472 {
1473 global $DIC;
1474
1475 $rbacsystem = $DIC['rbacsystem'];
1476 $ilUser = $DIC['ilUser'];
1477 $log = $DIC['log'];
1478
1479 if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1480 $leveladmin = true;
1481 } else {
1482 $leveladmin = false;
1483 }
1484
1485 foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1486 if ($leveladmin == true) {
1487 $a_parent_roles[$role_id]['protected'] = false;
1488 continue;
1489 }
1490
1491 if ($a_parent_roles[$role_id]['protected'] == true) {
1492 $arr_lvl_roles_user = array_intersect($this->assignedRoles($ilUser->getId()), array_keys($a_role_hierarchy, $rolf_id));
1493
1494 foreach ($arr_lvl_roles_user as $lvl_role_id) {
1495 // check if role grants 'edit_permission' to parent
1496 $rolf = $a_parent_roles[$role_id]['parent'];
1497 if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1498 // user may change permissions of that higher-ranked role
1499 $a_parent_roles[$role_id]['protected'] = false;
1500 }
1501 }
1502 }
1503 }
1504 return $a_parent_roles;
1505 }
1506
1517 public static function _getOperationList($a_type = null)
1518 {
1519 global $DIC;
1520
1521 $ilDB = $DIC['ilDB'];
1522
1523 $arr = [];
1524
1525 if ($a_type) {
1526 $query = sprintf(
1527 'SELECT * FROM rbac_operations ' .
1528 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1529 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1530 'WHERE object_data.title = %s ' .
1531 'AND object_data.type = %s ' .
1532 'ORDER BY op_order ASC',
1533 $ilDB->quote($a_type, 'text'),
1534 $ilDB->quote('typ', 'text')
1535 );
1536 } else {
1537 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1538 }
1539 $res = $ilDB->query($query);
1540 while ($row = $ilDB->fetchAssoc($res)) {
1541 $arr[] = array(
1542 "ops_id" => $row['ops_id'],
1543 "operation" => $row['operation'],
1544 "desc" => $row['description'],
1545 "class" => $row['class'],
1546 "order" => $row['op_order']
1547 );
1548 }
1549 return $arr;
1550 }
1551
1558 public static function _groupOperationsByClass($a_ops_arr)
1559 {
1560 $arr = [];
1561
1562 foreach ($a_ops_arr as $ops) {
1563 $arr[$ops['class']][] = array('ops_id' => $ops['ops_id'],
1564 'name' => $ops['operation']
1565 );
1566 }
1567 return $arr;
1568 }
1569
1579 public function getObjectOfRole($a_role_id)
1580 {
1581 // internal cache
1582 static $obj_cache = [];
1583
1584 global $DIC;
1585
1586 $ilDB = $DIC['ilDB'];
1587
1588
1589 if (isset($obj_cache[$a_role_id]) and $obj_cache[$a_role_id]) {
1590 return $obj_cache[$a_role_id];
1591 }
1592
1593 $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1594 'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1595 'WHERE assign = ' . $ilDB->quote('y', 'text') . ' ' .
1596 'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1597 'AND deleted IS NULL';
1598
1599 #$query = "SELECT obr.obj_id FROM rbac_fa rfa ".
1600 # "JOIN tree ON rfa.parent = tree.child ".
1601 # "JOIN object_reference obr ON tree.parent = obr.ref_id ".
1602 # "WHERE tree.tree = 1 ".
1603 # "AND assign = 'y' ".
1604 # "AND rol_id = ".$ilDB->quote($a_role_id,'integer')." ";
1605 $res = $ilDB->query($query);
1606
1607 $obj_cache[$a_role_id] = 0;
1608 while ($row = $ilDB->fetchObject($res)) {
1609 $obj_cache[$a_role_id] = $row->obj_id;
1610 }
1611 return $obj_cache[$a_role_id];
1612 }
1613
1620 public function getObjectReferenceOfRole($a_role_id)
1621 {
1622 global $DIC;
1623
1624 $ilDB = $DIC['ilDB'];
1625
1626 $query = 'SELECT parent p_ref FROM rbac_fa ' .
1627 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1628 'AND assign = ' . $ilDB->quote('y', 'text');
1629
1630 $res = $ilDB->query($query);
1631 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1632 return $row->p_ref;
1633 }
1634 return 0;
1635 }
1636
1644 public function isRoleDeleted($a_role_id)
1645 {
1646 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1647 $deleted = true;
1648 if (count($rolf_list)) {
1649 foreach ($rolf_list as $rolf) {
1650 // only list roles that are not set to status "deleted"
1651 if (!$this->isDeleted($rolf)) {
1652 $deleted = false;
1653 break;
1654 }
1655 }
1656 }
1657 return $deleted;
1658 }
1659
1660
1668 public function getRolesForIDs($role_ids, $use_templates)
1669 {
1670 global $DIC;
1671
1672 $ilDB = $DIC['ilDB'];
1673
1674 $role_list = [];
1675
1676 $where = $this->__setTemplateFilter($use_templates);
1677
1678 $query = "SELECT * FROM object_data " .
1679 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1680 $where .
1681 "AND rbac_fa.assign = 'y' " .
1682 'AND ' . $ilDB->in('object_data.obj_id', $role_ids, false, 'integer');
1683
1684 $res = $ilDB->query($query);
1685 while ($row = $ilDB->fetchAssoc($res)) {
1686 $row["desc"] = $row["description"];
1687 $row["user_id"] = $row["owner"];
1688 $role_list[] = $row;
1689 }
1690
1691 $role_list = $this->__setRoleType($role_list);
1692 return $role_list;
1693 }
1694
1700 public function getOperationAssignment()
1701 {
1702 global $DIC;
1703
1704 $ilDB = $DIC['ilDB'];
1705
1706 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1707 'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1708 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1709 $res = $ilDB->query($query);
1710
1711 $counter = 0;
1712 while ($row = $ilDB->fetchObject($res)) {
1713 $info[$counter]['typ_id'] = $row->typ_id;
1714 $info[$counter]['type'] = $row->title;
1715 $info[$counter]['ops_id'] = $row->ops_id;
1716 $info[$counter]['operation'] = $row->operation;
1717 $counter++;
1718 }
1719 return $info ? $info : [];
1720 }
1721
1729 public function isDeleteable($a_role_id, $a_rolf_id)
1730 {
1731 if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1732 return false;
1733 }
1734 if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1735 return false;
1736 }
1737 if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1738 return false;
1739 }
1740 return true;
1741 }
1742
1749 public function isSystemGeneratedRole($a_role_id)
1750 {
1751 $title = ilObject::_lookupTitle($a_role_id);
1752 return substr($title, 0, 3) == 'il_' ? true : false;
1753 }
1754
1755
1756 public function getParentOfRole(int $role_id, ?int $object_ref = null) : ?int
1757 {
1758 global $DIC;
1760 $tree = $DIC['tree'];
1761
1762 if ($object_ref === null || $object_ref === ROLE_FOLDER_ID) {
1763 return $this->getRoleFolderOfRole($role_id);
1764 }
1765
1766
1767 $path_ids = $tree->getPathId($object_ref);
1768 array_unshift($path_ids, ROLE_FOLDER_ID);
1769
1770 while ($ref_id = array_pop($path_ids)) {
1771 $roles = $this->getRoleListByObject($ref_id, false);
1772 foreach ($roles as $role) {
1773 if ((int) $role['obj_id'] === $role_id) {
1774 return $ref_id;
1775 }
1776 }
1777 }
1778
1779 return null;
1780 }
1781
1782
1790 public function getRoleFolderOfRole($a_role_id)
1791 {
1792 global $DIC;
1793
1794 $ilDB = $DIC['ilDB'];
1795
1796 if (ilObject::_lookupType($a_role_id) == 'role') {
1797 $and = ('AND assign = ' . $ilDB->quote('y', 'text'));
1798 } else {
1799 $and = '';
1800 }
1801
1802 $query = 'SELECT * FROM rbac_fa ' .
1803 'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
1804 $and;
1805 $res = $ilDB->query($query);
1806 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1807 return $row->parent;
1808 }
1809 return 0;
1810 }
1811
1819 public function getUserPermissionsOnObject($a_user_id, $a_ref_id)
1820 {
1821 global $DIC;
1822
1823 $ilDB = $DIC['ilDB'];
1824
1825 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1826 "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1827 "WHERE rbac_ua.usr_id = " . $ilDB->quote($a_user_id, 'integer') . " " .
1828 "AND rbac_pa.ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " ";
1829
1830 $res = $ilDB->query($query);
1831 $all_ops = [];
1832 while ($row = $ilDB->fetchObject($res)) {
1833 $ops = unserialize($row->ops_id);
1834 $all_ops = array_merge($all_ops, $ops);
1835 }
1836 $all_ops = array_unique($all_ops);
1837
1838 $set = $ilDB->query("SELECT operation FROM rbac_operations " .
1839 " WHERE " . $ilDB->in("ops_id", $all_ops, false, "integer"));
1840 $perms = [];
1841 while ($rec = $ilDB->fetchAssoc($set)) {
1842 $perms[] = $rec["operation"];
1843 }
1844
1845 return $perms;
1846 }
1847
1854 public function setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
1855 {
1856 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1857 }
1858
1865 public function getAssignedCacheEntry($a_role_id, $a_user_id)
1866 {
1867 return self::$is_assigned_cache[$a_role_id][$a_user_id];
1868 }
1869
1873 public function clearCaches()
1874 {
1875 self::$is_assigned_cache = [];
1876 self::$assigned_users_cache = [];
1877 }
1878} // END class.ilRbacReview
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
An exception for terminatinating execution or to throw for unit testing.
return true
Flag indicating whether or not HTTP headers will be sent when outputting captcha image/audio.
static getLogger($a_component_id)
Get component logger.
static _getAssignUsersStatus($a_role_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
class ilRbacReview Contains Review functions of core Rbac.
getAssignableChildRoles($a_ref_id)
Get all assignable roles directly under a specific node @access public.
getRolesByFilter($a_filter=0, $a_user_id=0, $title_filter='')
@global ilDB $ilDB
getTypeId($a_type)
Get type id of object @global ilDB $ilDB.
static _groupOperationsByClass($a_ops_arr)
getLocalPolicies($a_ref_id)
Get all roles with local policies.
assignedRoles($a_usr_id)
get all assigned roles to a given user @access public
getOperationsOfRole($a_rol_id, $a_type, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
assignedUsers($a_rol_id)
get all assigned users to a given role @access public
getLocalRoles($a_ref_id)
Get local roles of object.
static _getOperationIdByName($a_operation)
get operation id by name of operation @access public @access static
isDeleted($a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id) @access public.
roleExists($a_title, $a_id=0)
Checks if a role already exists.
getOperationsByTypeAndClass($a_type, $a_class)
Get operations by type and class.
__setRoleType($a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
__setProtectedStatus($a_parent_roles, $a_role_hierarchy, $a_ref_id)
Set protected status @global type $rbacsystem @global type $ilUser @global type $log.
getRolesOfRoleFolder($a_ref_id, $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
getActiveOperationsOfRole($a_ref_id, $a_role_id)
Get active operations for a role.
getGlobalRoles()
get only 'global' roles @access public
isGlobalRole($a_role_id)
Check if role is a global role.
getRolesOfObject($a_ref_id, $a_assignable_only=false)
Get roles of object.
isRoleAssignedToObject($a_role_id, $a_parent_id)
Check if role is assigned to an object.
getFoldersAssignedToRole($a_rol_id, $a_assignable=false)
Returns an array of objects assigned to a role.
getRoleOperationsOnObject($a_role_id, $a_ref_id)
@global ilDB $ilDB
isBlockedAtPosition($a_role_id, $a_ref_id)
Check if role is blocked at position @global ilDB $ilDB.
hasMultipleAssignments($a_role_id)
Temporary bugfix.
getObjectsWithStopedInheritance($a_rol_id, $a_filter=[])
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
getParentRoleIds($a_endnode_id, $a_templates=false)
get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
clearCaches()
Clear assigned users caches.
isProtected($a_ref_id, $a_role_id)
assignedGlobalRoles($a_usr_id)
Get assigned global roles for an user.
getOperationsOnType($a_typ_id)
all possible operations of a type @access public
static $assigned_users_cache
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
isSystemGeneratedRole($a_role_id)
Check if the role is system generate role or role template.
getRoleListByObject($a_ref_id, $a_templates=false)
Returns a list of roles in an container @access public.
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users') @access public
isRoleDeleted($a_role_id)
return if role is only attached to deleted role folders
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles (not properly deleted user accounts are not counted)
isBlockedInUpperContext($a_role_id, $a_ref_id)
Check if role is blocked in upper context.
__getParentRoles($a_path, $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
getRoleFolderOfRole($a_role_id)
Get role folder of role @global ilDB $ilDB.
isAssigned($a_usr_id, $a_role_id)
check if a specific user is assigned to specific role @access public
static _getOperationIdsByName($operations)
get ops_id's by name.
isAssignable($a_rol_id, $a_ref_id)
Check if its possible to assign users @access public.
getAssignedCacheEntry($a_role_id, $a_user_id)
get entry of assigned_chache
getObjectReferenceOfRole($a_role_id)
Get reference of role.
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
setAssignedCacheEntry($a_role_id, $a_user_id, $a_value)
set entry of assigned_chache
getGlobalRolesArray()
get only 'global' roles @access public
getOperationsOnTypeString($a_type)
all possible operations of a type @access public
getUserPermissionsOnObject($a_user_id, $a_ref_id)
Get all user permissions on an object.
getRolesForIDs($role_ids, $use_templates)
@global ilDB $ilDB
getAssignableRolesInSubtree($ref_id)
Returns a list of assignable roles in a subtree of the repository @access public.
getOperationAssignment()
get operation assignments
getOperation($ops_id)
get one operation by operation id @access public
__construct()
Constructor @access public.
getObjectOfRole($a_role_id)
Get object id of objects a role is assigned to.
__setTemplateFilter($a_templates)
get roles and templates or only roles; returns string for where clause @access private
getOperations()
get all possible operations @access public
getAssignableRoles($a_templates=false, $a_internal_roles=false, $title_filter='')
Returns a list of all assignable roles @access public.
isDeleteable($a_role_id, $a_rolf_id)
Check if role is deleteable at a specific position.
isAssignedToAtLeastOneGivenRole($a_usr_id, $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
getAllOperationsOfRole($a_rol_id, $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
static yn2tf($a_yn)
convert "y"/"n" to true/false
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
const SYSTEM_ROLE_ID
Definition: constants.php:27
const ANONYMOUS_ROLE_ID
Definition: constants.php:26
const ROLE_FOLDER_ID
Definition: constants.php:32
global $DIC
Definition: goto.php:24
global $ilBench
Definition: ilias.php:21
$ilUser
Definition: imgupload.php:18
$query
$type
$ilErr
Definition: raiseError.php:18
foreach($_POST as $key=> $value) $res
global $ilDB
$message
Definition: xapiexit.php:14