5require_once 
"./Services/Object/classes/class.ilObject.php";
 
    6require_once(
'./Services/Repository/classes/class.ilObjectPlugin.php');
 
   50    public function __construct($a_id = 0, $a_call_by_reference = 
false)
 
   54        $this->logger = 
$DIC->logger()->ac();
 
   74        $res = 
$ilDB->query(
"SELECT obj_id FROM object_data " .
 
   75            " WHERE type=" . 
$ilDB->quote(
"rolt", 
"text") .
 
   76            " AND title=" . 
$ilDB->quote($a_tpl_name, 
"text"));
 
   78            $tpl_id = $row->obj_id;
 
   85        include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
   87        $role->setTitle($a_title);
 
   88        $role->setDescription($a_description);
 
   91        $GLOBALS[
'DIC'][
'rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 
'y');
 
   93        $GLOBALS[
'DIC'][
'rbacadmin']->copyRoleTemplatePermissions(
 
  100        $ops = 
$GLOBALS[
'DIC'][
'rbacreview']->getOperationsOfRole(
 
  105        $GLOBALS[
'DIC'][
'rbacadmin']->grantPermission(
 
  124        if (substr($this->
getTitle(), 0, 3) == 
'il_') {
 
  125            $ilErr->setMessage(
'msg_role_reserved_prefix');
 
  148        $this->assign_users = (int) $a_assign_users;
 
  152        return $this->assign_users ? $this->assign_users : 0;
 
  161        $query = 
"SELECT assign_users FROM role_data WHERE role_id = " . 
$ilDB->quote($a_role_id, 
'integer') . 
" ";
 
  163        while ($row = 
$ilDB->fetchObject(
$res)) {
 
  164            return $row->assign_users ? 
true : 
false;
 
  179        $query = 
"SELECT * FROM role_data WHERE role_id= " . 
$ilDB->quote($this->
id, 
'integer') . 
" ";
 
  182        if (
$res->numRows() > 0) {
 
  188            $this->
ilias->raiseError(
"<b>Error: There is no dataset with id " . $this->
id . 
"!</b><br />class: " . get_class($this) . 
"<br />Script: " . __FILE__ . 
"<br />Line: " . __LINE__, $this->
ilias->FATAL);
 
  217        $query = 
"UPDATE role_data SET " .
 
  218            "allow_register= " . 
$ilDB->quote($this->allow_register, 
'integer') . 
", " .
 
  220            "WHERE role_id= " . 
$ilDB->quote($this->
id, 
'integer') . 
" ";
 
  243        $this->
id = parent::create();
 
  245        $query = 
"INSERT INTO role_data " .
 
  246            "(role_id,allow_register,assign_users) " .
 
  248            "(" . 
$ilDB->quote($this->
id, 
'integer') . 
"," .
 
  265        if (empty($a_allow_register)) {
 
  266            $a_allow_register == 0;
 
  269        $this->allow_register = (int) $a_allow_register;
 
  280        return $this->allow_register ? $this->allow_register : 
false;
 
  295        $query = 
"SELECT * FROM role_data " .
 
  296            "JOIN object_data ON object_data.obj_id = role_data.role_id " .
 
  297            "WHERE allow_register = 1";
 
  301        while ($role = 
$ilDB->fetchAssoc(
$res)) {
 
  302            $roles[] = array(
"id" => $role[
"obj_id"],
 
  303                             "title" => $role[
"title"],
 
  304                             "auth_mode" => $role[
'auth_mode']);
 
  322        $query = 
"SELECT * FROM role_data " .
 
  323            " WHERE role_id =" . 
$ilDB->quote($a_role_id, 
'integer');
 
  326        if ($role_rec = 
$ilDB->fetchAssoc(
$res)) {
 
  327            if ($role_rec[
"allow_register"]) {
 
  343        $this->parent = $a_parent_ref;
 
  364    public function delete()
 
  373        if (
$rbacreview->hasMultipleAssignments($this->getId())) {
 
  379        if (
$rbacreview->isAssignable($this->getId(), $this->getParent())) {
 
  388            $last_role_user_ids = array();
 
  396                foreach ($user_ids as $user_id) {
 
  401                    if (count($role_ids) == 1) {
 
  402                        $last_role_user_ids[] = $user_id;
 
  408            if (count($last_role_user_ids) > 0) {
 
  409                $user_names = array();
 
  410                foreach ($last_role_user_ids as $user_id) {
 
  418                $users = implode(
', ', $user_names);
 
  420                $this->
ilias->raiseError($this->lng->txt(
"msg_user_last_role1") . 
" " .
 
  421                                     $users . 
"<br/>" . $this->lng->txt(
"msg_user_last_role2"), $this->ilias->error_obj->WARNING);
 
  427                include_once(
'./Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
 
  434                $query = 
"DELETE FROM role_data WHERE role_id = " . 
$ilDB->quote($this->
getId(), 
'integer');
 
  451        return count(
$rbacreview->assignedUsers($this->getId()));
 
  463        if (preg_match(
"/^il_([a-z]{1,4})_./", $role_title, 
$type)) {
 
  469            return $lng->txt($role_title);
 
  472        return $a_role_title;
 
  477        $role_title_parts = explode(
'_', $a_role_title);
 
  479        $test2 = (int) $role_title_parts[3];
 
  481            unset($role_title_parts[3]);
 
  484        return implode(
'_', $role_title_parts);
 
  494    public static function getSubObjects($a_obj_type, $a_add_admin_objects)
 
  502        $subs = 
$objDefinition->getSubObjectsRecursively($a_obj_type, 
true, $a_add_admin_objects);
 
  512        foreach ($subs as $subtype => $def) {
 
  513            if (in_array($def[
"name"], $filter)) {
 
  520                $translation = 
$lng->txt(
"obj_" . $subtype);
 
  522                $translation = 
$lng->txt(
'objs_' . $subtype);
 
  525            $sorted[$subtype] = $def;
 
  526            $sorted[$subtype][
'translation'] = $translation;
 
  538        foreach ($a_roles as $role_id => $auth_mode) {
 
  539            $query = 
"UPDATE role_data SET " .
 
  540                 "auth_mode= " . 
$ilDB->quote($auth_mode, 
'text') . 
" " .
 
  541                 "WHERE role_id= " . 
$ilDB->quote($role_id, 
'integer') . 
" ";
 
  552        $query = 
"SELECT auth_mode FROM role_data " .
 
  553             "WHERE role_id= " . 
$ilDB->quote($a_role_id, 
'integer') . 
" ";
 
  557        return $row[
'auth_mode'];
 
  573        $query = 
"SELECT * FROM role_data " .
 
  574            "WHERE auth_mode = " . 
$ilDB->quote($a_auth_mode, 
'text');
 
  577        while ($row = 
$ilDB->fetchObject(
$res)) {
 
  578            $roles[] = $row->role_id;
 
  597        $query = 
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " . 
$ilDB->quote($a_auth_mode, 
'text');
 
  612        $operation_info = 
$rbacreview->getOperationAssignment();
 
  613        foreach ($operation_info as $info) {
 
  617            $rbac_objects[$info[
'typ_id']] = array(
"obj_id" => $info[
'typ_id'],
 
  618                                                   "type" => $info[
'type']);
 
  623                : 
$lng->txt($info[
'type'] . 
"_" . $info[
'operation']);
 
  624            if (substr($info[
'operation'], 0, 7) == 
"create_" &&
 
  628            $rbac_operations[$info[
'typ_id']][$info[
'ops_id']] = array(
 
  629                                                                "ops_id" => $info[
'ops_id'],
 
  630                                                                "title" => $info[
'operation'],
 
  633        return array($rbac_objects,$rbac_operations);
 
  649    public function changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter = array(),$a_operation_mode = self::MODE_READ_OPERATIONS, $a_operation_stack = [])
 
  657        $nodes = 
$tree->getRbacSubtreeInfo($a_start_node);
 
  660        $all_local_policies = 
$rbacreview->getObjectsWithStopedInheritance($this->
getId());
 
  663        $local_policies = array();
 
  664        foreach ($all_local_policies as $lp) {
 
  665            if (isset($nodes[$lp])) {
 
  666                $local_policies[] = $lp;
 
  677        $this->
adjustPermissions($a_mode, $nodes, $local_policies, $a_filter, $a_exclusion_filter, $a_operation_mode, $a_operation_stack);
 
  692        $local_policies = array();
 
  693        foreach ($a_policies as $policy) {
 
  695                $local_policies[] = $policy;
 
  699                $local_policies[] = $policy;
 
  704        return $local_policies;
 
  715    protected function adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter = array(), $a_operation_mode = self::MODE_READ_OPERATIONS, $a_operation_stack = [])
 
  724        $operation_stack = array();
 
  725        $policy_stack = array();
 
  726        $node_stack = array();
 
  728        $start_node = current($a_nodes);
 
  729        array_push($node_stack, $start_node);
 
  732        if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
 
  736            $operation_stack = $a_operation_stack;
 
  739        $this->logger->debug(
'adjust permissions operation stack');
 
  742        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  745        $local_policy = 
false;
 
  746        foreach ($a_nodes as $node) {
 
  747            $cmp_node = end($node_stack);
 
  748            while ($relation = 
$tree->getRelationOfNodes($node, $cmp_node)) {
 
  752                        $logger->debug(
'Handling sibling/none relation.');
 
  753                        array_pop($operation_stack);
 
  754                        array_pop($policy_stack);
 
  755                        array_pop($node_stack);
 
  756                        $cmp_node = end($node_stack);
 
  757                        $local_policy = 
false;
 
  764                        $logger->debug(
'Handling child/equals/parent ' . $relation);
 
  774            if ($node[
'child'] == $start_node[
'child']) {
 
  776                    if ($rbac_log_active) {
 
  777                        $rbac_log_roles = 
$rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  782                    $perms = end($operation_stack);
 
  785                        (array) $perms[$node[
'type']],
 
  790                    if ($rbac_log_active) {
 
  800            if (in_array($node[
'child'], $a_policies) and ($node[
'child'] != 
SYSTEM_FOLDER_ID)) {
 
  801                $local_policy = 
true;
 
  804                array_push($node_stack, $node);
 
  813            if ($rbac_log_active) {
 
  814                $rbac_log_roles = 
$rbacreview->getParentRoleIds($node[
'child'], 
false);
 
  820                ($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES || $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) &&
 
  821                ($node[
'type'] == 
'crs' || $node[
'type'] == 
'grp')
 
  824                $perms = end($operation_stack);
 
  828                    array_push($node_stack, $node);
 
  833            $perms = end($operation_stack);
 
  836                (array) $perms[$node[
'type']],
 
  840            if ($rbac_log_active) {
 
  858        $admin = 
$DIC->rbac()->admin();
 
  859        $review = 
$DIC->rbac()->review();
 
  860        if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
 
  861            $admin->grantPermission(
 
  867        elseif ($a_operation_mode == self::MODE_ADD_OPERATIONS) {
 
  868            $current_operations = $review->getRoleOperationsOnObject(
 
  872            $this->logger->debug(
'Current operations');
 
  873            $this->logger->dump($current_operations);
 
  875            $new_ops = array_unique(array_merge($a_permissions, $current_operations));
 
  876            $this->logger->debug(
'New operations');
 
  877            $this->logger->dump($new_ops);
 
  879            $admin->grantPermission(
 
  885        elseif ($a_operation_mode == self::MODE_REMOVE_OPERATIONS) {
 
  886            $current_operations = $review->getRoleOperationsOnObject(
 
  890            $this->logger->debug(
'Current operations');
 
  891            $this->logger->dump($current_operations);
 
  893            $new_ops = array_diff($current_operations, $a_permissions);
 
  895            $admin->grantPermission(
 
  912        if (in_array($a_type, $a_exclusion_filter)) {
 
  916        if (in_array(
'all', $a_filter)) {
 
  919        return in_array($a_type, $a_filter);
 
  934        $has_policies = 
null;
 
  935        $policy_origin = 
null;
 
  938            $has_policies = 
true;
 
  941            $has_policies = 
$rbacreview->getLocalPolicies($a_node);
 
  942            $policy_origin = $a_node;
 
  945                $parent_roles = 
$rbacreview->getParentRoleIds($a_node, 
false);
 
  946                if ($parent_roles[$this->
getId()]) {
 
  949                        $parent_roles[$this->
getId()][
'parent']
 
  956        if (!$has_policies) {
 
  978        $has_policies = 
null;
 
  979        $policy_origin = 
null;
 
  982            $has_policies = 
true;
 
  985            $has_policies = 
$rbacreview->getLocalPolicies($a_node);
 
  986            $policy_origin = $a_node;
 
  989        if (!$has_policies) {
 
  993        $a_stack[] = $policy_origin;
 
 1012        static $course_non_member_id = 
null;
 
 1013        static $group_non_member_id = 
null;
 
 1014        static $group_open_id = 
null;
 
 1015        static $group_closed_id = 
null;
 
 1021                    include_once 
'./Modules/Group/classes/class.ilObjGroup.php';
 
 1023                    #var_dump("GROUP TYPE",$type);
 
 1026                            if (!$group_closed_id) {
 
 1027                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
 
 1030                                    $group_closed_id = $row->obj_id;
 
 1033                            $template_id = $group_closed_id;
 
 1034                            #var_dump("GROUP CLOSED id:" . $template_id);
 
 1039                            if (!$group_open_id) {
 
 1040                                $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
 
 1043                                    $group_open_id = $row->obj_id;
 
 1046                            $template_id = $group_open_id;
 
 1047                            #var_dump("GROUP OPEN id:" . $template_id);
 
 1053                    if (!$course_non_member_id) {
 
 1054                        $query = 
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
 
 1057                            $course_non_member_id = $row->obj_id;
 
 1060                    $template_id = $course_non_member_id;
 
 1064        $current_ops = $a_current_ops[$a_type];
 
 1079            #echo "No template id for ".$a_id.' of type'.$a_type.'<br>';
 
 1081        #echo "ROLE ASSIGN: ".$rolf.' AID'.$a_id;
 
 1082        if ($a_id and !
$GLOBALS[
'DIC'][
'rbacreview']->isRoleAssignedToObject($this->
getId(), $a_id)) {
 
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
An exception for terminatinating execution or to throw for unit testing.
return true
Flag indicating whether or not HTTP headers will be sent when outputting captcha image/audio.
static ecsConfigured()
Checks if an ecs server is configured.
static getPossibleRemoteTypes($a_with_captions=false)
Get all possible remote object types.
static _deleteByRole($a_role_id)
static getLogger($a_component_id)
Get component logger.
static lookupGroupTye($a_id)
Lookup group type.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
createPermissionIntersection($policy_stack, $a_current_ops, $a_id, $a_type)
Create course group permission intersection.
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
changeExistingObjectsGrantPermissions($a_role_id, $a_permissions, $a_ref_id, $a_operation_mode)
__getPermissionDefinitions()
updatePolicyStack(&$a_stack, $a_node)
Update policy stack.
static _getRolesByAuthMode($a_auth_mode)
Get roles by auth mode.
static _lookupAllowRegister($a_role_id)
check whether role is allowed in user registration or not
isHandledObjectType($a_filter, $a_exclusion_filter, $a_type)
Check if type is filterer.
setParent($a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
static _getAuthMode($a_role_id)
getAllowRegister()
get allow_register
const MODE_REMOVE_OPERATIONS
deleteLocalPolicies($a_start, $a_policies, $a_filter)
Delete local policies.
static _getTranslation($a_role_title)
updateOperationStack(&$a_stack, $a_node, $a_init=false)
Update operation stack.
update()
updates a record "role" and write it into database @access public
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
adjustPermissions($a_mode, $a_nodes, $a_policies, $a_filter, $a_exclusion_filter=array(), $a_operation_mode=self::MODE_READ_OPERATIONS, $a_operation_stack=[])
Adjust permissions.
static _removeObjectId($a_role_title)
read()
loads "role" from database @access private
static isAutoGenerated($a_role_id)
toggleAssignUsersStatus($a_assign_users)
static _resetAuthMode($a_auth_mode)
Reset auth mode to default.
static _getAssignUsersStatus($a_role_id)
static _lookupRegisterAllowed()
get all roles that are activated in user registration
const MODE_ADD_OPERATIONS
getPresentationTitle()
For autogenerated roles this returns 'Translated Title (untranslated title)'.
static _updateAuthMode($a_roles)
validate()
Validate role data.
const MODE_READ_OPERATIONS
__construct($a_id=0, $a_call_by_reference=false)
Constructor @access public.
assignData($a_data)
loads a record "role" from array @access public
getParent()
get reference id of parent object
static createDefaultRole($a_title, $a_description, $a_tpl_name, $a_ref_id)
changeExistingObjects($a_start_node, $a_mode, $a_filter, $a_exclusion_filter=array(), $a_operation_mode=self::MODE_READ_OPERATIONS, $a_operation_stack=[])
Change existing objects.
static _lookupLogin($a_user_id)
lookup login
static lookupTxtById($plugin_id, $lang_var)
Class ilObject Basic functions for all objects.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getId()
get object id @access public
getUntranslatedTitle()
get untranslated object title @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
getTitle()
get object title @access public
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
const EDIT_TEMPLATE_EXISTING
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static sortArray( $array, $a_array_sortby, $a_array_sortorder=0, $a_numeric=false, $a_keep_keys=false)
sortArray
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
redirection script todo: (a better solution should control the processing via a xml file)
foreach($_POST as $key=> $value) $res