ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilRbacAdmin.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
18 class ilRbacAdmin
19 {
24  public function __construct()
25  {
26  global $DIC;
27 
28  $ilDB = $DIC['ilDB'];
29  $ilErr = $DIC['ilErr'];
30  $ilias = $DIC['ilias'];
31 
32  // set db & error handler
33  (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
34 
35  if (!isset($ilErr)) {
36  $ilErr = new ilErrorHandling();
37  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
38  } else {
39  $this->ilErr = &$ilErr;
40  }
41  }
42 
49  public function setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
50  {
51  global $DIC;
52 
53  $ilDB = $DIC['ilDB'];
54 
55  ilLoggerFactory::getLogger('crs')->logStack();
56  $query = 'UPDATE rbac_fa set blocked = ' . $ilDB->quote($a_blocked_status, 'integer') . ' ' .
57  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
58  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
59  $ilDB->manipulate($query);
60  }
61 
69  public function removeUser($a_usr_id)
70  {
71  global $DIC;
72 
73  $ilDB = $DIC->database();
74  $review = $DIC->rbac()->review();
75 
76  if (!isset($a_usr_id)) {
77  $message = get_class($this) . "::removeUser(): No usr_id given!";
78  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
79  }
80 
81  foreach ($review->assignedRoles($a_usr_id) as $role_id) {
82  $this->deassignUser($role_id, $a_usr_id);
83  }
84 
85  $query = "DELETE FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
86  $res = $ilDB->manipulate($query);
87 
88  return true;
89  }
90 
98  public function deleteRole($a_rol_id, $a_ref_id)
99  {
100  global $DIC;
101 
102  $lng = $DIC['lng'];
103  $ilDB = $DIC['ilDB'];
104 
105  if (!isset($a_rol_id) || !isset($a_ref_id)) {
106  $message = get_class($this) . "::deleteRole(): Missing parameter! role_id: " . $a_rol_id . " ref_id of role folder: " . $a_ref_id;
107  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
108  }
109 
110  // exclude system role from rbac
111  if ($a_rol_id == SYSTEM_ROLE_ID) {
112  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
113  }
114 
115  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
116  $mapping = ilLDAPRoleGroupMapping::_getInstance();
117  $mapping->deleteRole($a_rol_id);
118 
119 
120  // TODO: check assigned users before deletion
121  // This is done in ilObjRole. Should be better moved to this place?
122 
123  // delete user assignements
124  $query = "DELETE FROM rbac_ua " .
125  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer');
126  $res = $ilDB->manipulate($query);
127 
128  // delete permission assignments
129  $query = "DELETE FROM rbac_pa " .
130  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
131  $res = $ilDB->manipulate($query);
132 
133  //delete rbac_templates and rbac_fa
134  $this->deleteLocalRole($a_rol_id);
135 
136  return true;
137  }
138 
145  public function deleteTemplate($a_obj_id)
146  {
147  global $DIC;
148 
149  $ilDB = $DIC['ilDB'];
150 
151  if (!isset($a_obj_id)) {
152  $message = get_class($this) . "::deleteTemplate(): No obj_id given!";
153  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
154  }
155 
156  $query = 'DELETE FROM rbac_templates ' .
157  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
158  $res = $ilDB->manipulate($query);
159 
160  $query = 'DELETE FROM rbac_fa ' .
161  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
162  $res = $ilDB->manipulate($query);
163 
164  return true;
165  }
166 
174  public function deleteLocalRole($a_rol_id, $a_ref_id = 0)
175  {
176  global $DIC;
177 
178  $ilDB = $DIC['ilDB'];
179 
180  if (!isset($a_rol_id)) {
181  $message = get_class($this) . "::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . "'";
182  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
183  }
184 
185  // exclude system role from rbac
186  if ($a_rol_id == SYSTEM_ROLE_ID) {
187  return true;
188  }
189 
190  if ($a_ref_id != 0) {
191  $clause = 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ';
192  }
193 
194  $query = 'DELETE FROM rbac_fa ' .
195  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
196  $clause;
197  $res = $ilDB->manipulate($query);
198 
199  $query = 'DELETE FROM rbac_templates ' .
200  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
201  $clause;
202  $res = $ilDB->manipulate($query);
203  return true;
204  }
205 
212  public function assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles = [])
213  {
214  global $DIC;
215 
216  $ilDB = $DIC['ilDB'];
217 
218  $ilAtomQuery = $ilDB->buildAtomQuery();
219  $ilAtomQuery->addTableLock('rbac_ua');
220 
221  $ilAtomQuery->addQueryCallable(
222  function (ilDBInterface $ilDB) use (&$ret, $a_role_id, $a_usr_id, $a_limit, $a_limited_roles) {
223  $ret = true;
224  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua ' .
225  'WHERE ' . $ilDB->in('rol_id', (array) $a_limited_roles, false, 'integer');
226  $res = $ilDB->query($limit_query);
227  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
228  if ($row->num >= $a_limit) {
229  $ret = false;
230  return;
231  }
232 
233  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
234  "VALUES (" .
235  $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_role_id, 'integer') .
236  ")";
237  $res = $ilDB->manipulate($query);
238  }
239  );
240 
241  $ilAtomQuery->run();
242 
243  if (!$ret) {
244  return false;
245  }
246 
247  $GLOBALS['DIC']['rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, true);
248 
249  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
250  $mapping = ilLDAPRoleGroupMapping::_getInstance();
251  $mapping->assign($a_role_id, $a_usr_id);
252  return true;
253  }
254 
255 
264  public function assignUser($a_rol_id, $a_usr_id)
265  {
266  global $DIC;
267 
268  $ilDB = $DIC['ilDB'];
269  $rbacreview = $DIC['rbacreview'];
270 
271  if (!isset($a_rol_id) || !isset($a_usr_id)) {
272  $message = get_class($this) . "::assignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
273  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
274  }
275 
276  // check if already assigned user id and role_id
277  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
278 
279  // enhanced: only if we haven't had this role for this user
280  if (!$alreadyAssigned) {
281  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
282  "VALUES (" . $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_rol_id, 'integer') . ")";
283  $res = $ilDB->manipulate($query);
284 
285  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, true);
286  }
287 
288  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
289  $mapping = ilLDAPRoleGroupMapping::_getInstance();
290  $mapping->assign($a_rol_id, $a_usr_id);
291 
292 
293  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
294  $obj_id = ilObject::_lookupObjId($ref_id);
295  $type = ilObject::_lookupType($obj_id);
296 
297  if (!$alreadyAssigned) {
298  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
299  $GLOBALS['DIC']['ilAppEventHandler']->raise(
300  'Services/AccessControl',
301  'assignUser',
302  array(
303  'obj_id' => $obj_id,
304  'usr_id' => $a_usr_id,
305  'role_id' => $a_rol_id,
306  'type' => $type
307  )
308  );
309  }
310  return true;
311  }
312 
313 
322  public function deassignUser($a_rol_id, $a_usr_id)
323  {
324  global $DIC;
325 
326  $ilDB = $DIC['ilDB'];
327  $rbacreview = $DIC->rbac()->review();
328 
329  if (!isset($a_rol_id) || !isset($a_usr_id)) {
330  $message = get_class($this) . "::deassignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
331  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
332  }
333 
334  $query = "DELETE FROM rbac_ua " .
335  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . " " .
336  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
337  $res = $ilDB->manipulate($query);
338 
339  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, false);
340 
341  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
342  $mapping = ilLDAPRoleGroupMapping::_getInstance();
343  $mapping->deassign($a_rol_id, $a_usr_id);
344 
345  if ($res) {
346  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
347  $obj_id = ilObject::_lookupObjId($ref_id);
348  $type = ilObject::_lookupType($obj_id);
349 
350  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
351  $GLOBALS['DIC']['ilAppEventHandler']->raise('Services/AccessControl', 'deassignUser', array(
352  'obj_id' => $obj_id,
353  'usr_id' => $a_usr_id,
354  'role_id' => $a_rol_id,
355  'type' => $type,
356  ));
357  }
358 
359  return true;
360  }
361 
370  public function grantPermission($a_rol_id, $a_ops, $a_ref_id)
371  {
372  global $DIC;
373 
374  $ilDB = $DIC['ilDB'];
375 
376  if (!isset($a_rol_id) || !isset($a_ops) || !isset($a_ref_id)) {
377  $this->ilErr->raiseError(get_class($this) . "::grantPermission(): Missing parameter! " .
378  "role_id: " . $a_rol_id . " ref_id: " . $a_ref_id . " operations: ", $this->ilErr->WARNING);
379  }
380 
381  if (!is_array($a_ops)) {
382  $this->ilErr->raiseError(
383  get_class($this) . "::grantPermission(): Wrong datatype for operations!",
384  $this->ilErr->WARNING
385  );
386  }
387 
388  // exclude system role from rbac
389  if ($a_rol_id == SYSTEM_ROLE_ID) {
390  return true;
391  }
392 
393  // convert all values to integer
394  foreach ($a_ops as $key => $operation) {
395  $a_ops[$key] = (int) $operation;
396  }
397 
398  // Serialization des ops_id Arrays
399  $ops_ids = serialize($a_ops);
400 
401  $query = 'DELETE FROM rbac_pa ' .
402  'WHERE rol_id = %s ' .
403  'AND ref_id = %s';
404  $res = $ilDB->queryF(
405  $query,
406  array('integer','integer'),
407  array($a_rol_id,$a_ref_id)
408  );
409 
410  if (!count($a_ops)) {
411  return false;
412  }
413 
414  $query = "INSERT INTO rbac_pa (rol_id, ops_id, ref_id) " .
415  "VALUES " .
416  "(" . $ilDB->quote($a_rol_id, 'integer') . ", " . $ilDB->quote($ops_ids, 'text') . ", " . $ilDB->quote($a_ref_id, 'integer') . ")";
417  $res = $ilDB->manipulate($query);
418 
419  return true;
420  }
421 
431  public function revokePermission($a_ref_id, $a_rol_id = 0, $a_keep_protected = true)
432  {
433  global $DIC;
434 
435  $rbacreview = $DIC['rbacreview'];
436  $log = $DIC['log'];
437  $ilDB = $DIC['ilDB'];
438  $ilLog = $DIC['ilLog'];
439 
440  if (!isset($a_ref_id)) {
441  $ilLog->logStack();
442  $message = get_class($this) . "::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
443  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
444  }
445 
446  // bypass protected status of roles
447  if ($a_keep_protected != true) {
448  // exclude system role from rbac
449  if ($a_rol_id == SYSTEM_ROLE_ID) {
450  return true;
451  }
452 
453  if ($a_rol_id) {
454  $and1 = " AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
455  } else {
456  $and1 = "";
457  }
458 
459  $query = "DELETE FROM rbac_pa " .
460  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') .
461  $and1;
462 
463  $res = $ilDB->manipulate($query);
464 
465  return true;
466  }
467 
468  // consider protected status of roles
469 
470  // in any case, get all roles in scope first
471  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
472 
473  if (!$a_rol_id) {
474  $role_ids = [];
475 
476  foreach ($roles_in_scope as $role) {
477  if ($role['protected'] == true) {
478  continue;
479  }
480 
481  $role_ids[] = $role['obj_id'];
482  }
483 
484  // return if no role in array
485  if (!$role_ids) {
486  return true;
487  }
488 
489  $query = 'DELETE FROM rbac_pa ' .
490  'WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' ' .
491  'AND ref_id = ' . $ilDB->quote($a_ref_id, 'integer');
492  $res = $ilDB->manipulate($query);
493  } else {
494  // exclude system role from rbac
495  if ($a_rol_id == SYSTEM_ROLE_ID) {
496  return true;
497  }
498 
499  // exclude protected permission settings from revoking
500  if ($roles_in_scope[$a_rol_id]['protected'] == true) {
501  return true;
502  }
503 
504  $query = "DELETE FROM rbac_pa " .
505  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " " .
506  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
507  $res = $ilDB->manipulate($query);
508  }
509 
510  return true;
511  }
512 
519  public function revokeSubtreePermissions($a_ref_id, $a_role_id)
520  {
521  global $DIC;
522 
523  $ilDB = $DIC['ilDB'];
524 
525  $query = 'DELETE FROM rbac_pa ' .
526  'WHERE ref_id IN ' .
527  '( ' . $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
528  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer');
529 
530  $ilDB->manipulate($query);
531  return true;
532  }
533 
540  public function deleteSubtreeTemplates($a_ref_id, $a_rol_id)
541  {
542  global $DIC;
543 
544  $ilDB = $DIC['ilDB'];
545 
546  $query = 'DELETE FROM rbac_templates ' .
547  'WHERE parent IN ( ' .
548  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
549  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
550 
551  $ilDB->manipulate($query);
552 
553  $query = 'DELETE FROM rbac_fa ' .
554  'WHERE parent IN ( ' .
555  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
556  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
557 
558  $ilDB->manipulate($query);
559 
560  return true;
561  }
562 
570  public function revokePermissionList($a_ref_ids, $a_rol_id)
571  {
572  global $DIC;
573 
574  $ilDB = $DIC['ilDB'];
575 
576  if (!isset($a_ref_ids) || !is_array($a_ref_ids)) {
577  $message = get_class($this) . "::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
578  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
579  }
580 
581  if (!isset($a_rol_id)) {
582  $message = get_class($this) . "::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
583  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
584  }
585 
586  // exclude system role from rbac
587  if ($a_rol_id == SYSTEM_ROLE_ID) {
588  return true;
589  }
590 
591  $query = "DELETE FROM rbac_pa " .
592  "WHERE " . $ilDB->in('ref_id', $a_ref_ids, false, 'integer') . ' ' .
593  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer');
594  $res = $ilDB->manipulate($query);
595 
596  return true;
597  }
598 
609  public function copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = true)
610  {
611  global $DIC;
612 
613  $tree = $DIC['tree'];
614  $rbacreview = $DIC['rbacreview'];
615 
616  // Copy template permissions
617  $this->copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected);
618 
619  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
620 
621  $this->revokePermission($a_dest_parent, $a_dest_id);
622  $this->grantPermission($a_dest_id, $ops, $a_dest_parent);
623  return true;
624  }
625 
636  public function copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected = true)
637  {
638  global $DIC;
639 
640  $rbacreview = $DIC['rbacreview'];
641  $ilDB = $DIC['ilDB'];
642 
643  if (!isset($a_source_id) || !isset($a_source_parent) || !isset($a_dest_id) || !isset($a_dest_parent)) {
644  $message = __METHOD__ . ": Missing parameter! source_id: " . $a_source_id .
645  " source_parent_id: " . $a_source_parent .
646  " dest_id : " . $a_dest_id .
647  " dest_parent_id: " . $a_dest_parent;
648  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
649  }
650 
651  // exclude system role from rbac
652  if ($a_dest_id == SYSTEM_ROLE_ID) {
653  return true;
654  }
655 
656  // Read operations
657  $query = 'SELECT * FROM rbac_templates ' .
658  'WHERE rol_id = ' . $ilDB->quote($a_source_id, 'integer') . ' ' .
659  'AND parent = ' . $ilDB->quote($a_source_parent, 'integer');
660  $res = $ilDB->query($query);
661  $operations = [];
662  $rownum = 0;
663  while ($row = $ilDB->fetchObject($res)) {
664  $operations[$rownum]['type'] = $row->type;
665  $operations[$rownum]['ops_id'] = $row->ops_id;
666  $rownum++;
667  }
668 
669  // Delete target permissions
670  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
671  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
672  $res = $ilDB->manipulate($query);
673 
674  foreach ($operations as $row => $op) {
675  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
676  'VALUES (' .
677  $ilDB->quote($a_dest_id, 'integer') . "," .
678  $ilDB->quote($op['type'], 'text') . "," .
679  $ilDB->quote($op['ops_id'], 'integer') . "," .
680  $ilDB->quote($a_dest_parent, 'integer') . ")";
681  $ilDB->manipulate($query);
682  }
683 
684  // copy also protection status if applicable
685  if ($a_consider_protected == true) {
686  if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
687  $this->setProtected($a_dest_parent, $a_dest_id, 'y');
688  }
689  }
690 
691  return true;
692  }
706  public function copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
707  {
708  global $DIC;
709 
710  $rbacreview = $DIC['rbacreview'];
711  $ilDB = $DIC['ilDB'];
712 
713  if (!isset($a_source1_id) || !isset($a_source1_parent)
714  || !isset($a_source2_id) || !isset($a_source2_parent)
715  || !isset($a_dest_id) || !isset($a_dest_parent)) {
716  $message = get_class($this) . "::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
717  " source1_parent: " . $a_source1_parent .
718  " source2_id: " . $a_source2_id .
719  " source2_parent: " . $a_source2_parent .
720  " dest_id: " . $a_dest_id .
721  " dest_parent_id: " . $a_dest_parent;
722  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
723  }
724 
725  // exclude system role from rbac
726  if ($a_dest_id == SYSTEM_ROLE_ID) {
727  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
728  return true;
729  }
730 
731  if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
732  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': Role is protected');
733  return true;
734  }
735 
736  $query = "SELECT s1.type, s1.ops_id " .
737  "FROM rbac_templates s1, rbac_templates s2 " .
738  "WHERE s1.rol_id = " . $ilDB->quote($a_source1_id, 'integer') . " " .
739  "AND s1.parent = " . $ilDB->quote($a_source1_parent, 'integer') . " " .
740  "AND s2.rol_id = " . $ilDB->quote($a_source2_id, 'integer') . " " .
741  "AND s2.parent = " . $ilDB->quote($a_source2_parent, 'integer') . " " .
742  "AND s1.type = s2.type " .
743  "AND s1.ops_id = s2.ops_id";
744 
745  ilLoggerFactory::getLogger('ac')->dump($query);
746 
747  $res = $ilDB->query($query);
748  $operations = [];
749  $rowNum = 0;
750  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
751  $operations[$rowNum]['type'] = $row->type;
752  $operations[$rowNum]['ops_id'] = $row->ops_id;
753 
754  $rowNum++;
755  }
756 
757  // Delete template permissions of target
758  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
759  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
760  $res = $ilDB->manipulate($query);
761 
762  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
763  'VALUES (?,?,?,?)';
764  $sta = $ilDB->prepareManip($query, array('integer','text','integer','integer'));
765  foreach ($operations as $key => $set) {
766  $ilDB->execute($sta, array(
767  $a_dest_id,
768  $set['type'],
769  $set['ops_id'],
770  $a_dest_parent));
771  }
772  return true;
773  }
774 
786  public function copyRolePermissionUnion(
787  $a_source1_id,
788  $a_source1_parent,
789  $a_source2_id,
790  $a_source2_parent,
791  $a_dest_id,
792  $a_dest_parent
793  ) {
794  global $DIC;
795 
796  $ilDB = $DIC['ilDB'];
797  $rbacreview = $DIC['rbacreview'];
798 
799 
800  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
801  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
802 
803  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
804 
805  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s1_ops, true));
806  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s2_ops, true));
807 
808  foreach ($s1_ops as $type => $ops) {
809  foreach ($ops as $op) {
810  // insert all permission of source 1
811  // #15469
812  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
813  'VALUES( ' .
814  $ilDB->quote($a_dest_id, 'integer') . ', ' .
815  $ilDB->quote($type, 'text') . ', ' .
816  $ilDB->quote($op, 'integer') . ', ' .
817  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
818  ')';
819  $ilDB->manipulate($query);
820  }
821  }
822 
823  // and the other direction...
824  foreach ($s2_ops as $type => $ops) {
825  foreach ($ops as $op) {
826  if (!isset($s1_ops[$type]) || !in_array($op, $s1_ops[$type])) {
827  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
828  'VALUES( ' .
829  $ilDB->quote($a_dest_id, 'integer') . ', ' .
830  $ilDB->quote($type, 'text') . ', ' .
831  $ilDB->quote($op, 'integer') . ', ' .
832  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
833  ')';
834  $ilDB->manipulate($query);
835  }
836  }
837  }
838 
839  return true;
840  }
841 
849  public function copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
850  {
851  global $DIC;
852 
853  $rbacreview = $DIC['rbacreview'];
854  $ilDB = $DIC['ilDB'];
855 
856  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
857  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
858 
859  foreach ($s1_ops as $type => $ops) {
860  foreach ($ops as $op) {
861  if (isset($d_ops[$type]) && in_array($op, $d_ops[$type])) {
862  $query = 'DELETE FROM rbac_templates ' .
863  'WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
864  'AND type = ' . $ilDB->quote($type, 'text') . ' ' .
865  'AND ops_id = ' . $ilDB->quote($op, 'integer') . ' ' .
866  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
867  $ilDB->manipulate($query);
868  }
869  }
870  }
871  return true;
872  }
873 
874 
885  public function deleteRolePermission($a_rol_id, $a_ref_id, $a_type = false)
886  {
887  global $DIC;
888 
889  $ilDB = $DIC['ilDB'];
890 
891  if (!isset($a_rol_id) || !isset($a_ref_id)) {
892  $message = get_class($this) . "::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . " ref_id: " . $a_ref_id;
893  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
894  }
895 
896  // exclude system role from rbac
897  if ($a_rol_id == SYSTEM_ROLE_ID) {
898  return true;
899  }
900 
901  if ($a_type !== false) {
902  $and_type = " AND type=" . $ilDB->quote($a_type, 'text') . " ";
903  }
904 
905  $query = 'DELETE FROM rbac_templates ' .
906  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
907  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
908  $and_type;
909 
910  $res = $ilDB->manipulate($query);
911 
912  return true;
913  }
914 
925  public function setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
926  {
927  global $DIC;
928 
929  $ilDB = $DIC['ilDB'];
930 
931  if (!isset($a_rol_id) || !isset($a_type) || !isset($a_ops) || !isset($a_ref_id)) {
932  $message = get_class($this) . "::setRolePermission(): Missing parameter!" .
933  " role_id: " . $a_rol_id .
934  " type: " . $a_type .
935  " operations: " . $a_ops .
936  " ref_id: " . $a_ref_id;
937  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
938  }
939 
940  if (!is_string($a_type) || empty($a_type)) {
941  $message = get_class($this) . "::setRolePermission(): a_type is no string or empty!";
942  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
943  }
944 
945  if (!is_array($a_ops) || empty($a_ops)) {
946  $message = get_class($this) . "::setRolePermission(): a_ops is no array or empty!";
947  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
948  }
949 
950  // exclude system role from rbac
951  if ($a_rol_id == SYSTEM_ROLE_ID) {
952  return true;
953  }
954 
955  foreach ($a_ops as $op) {
956  $ilDB->replace(
957  'rbac_templates',
958  [
959  'rol_id' => ['integer', $a_rol_id],
960  'type' => ['text', $a_type],
961  'ops_id' => ['integer', $op],
962  'parent' => ['integer', $a_ref_id]
963  ],
964  []
965  );
966  }
967  return true;
968  }
969 
983  public function assignRoleToFolder($a_rol_id, $a_parent, $a_assign = "y")
984  {
985  global $DIC;
986  $ilDB = $DIC['ilDB'];
987 
988  if (!isset($a_rol_id) || !isset($a_parent)) {
989  $message = get_class($this) . "::assignRoleToFolder(): Missing Parameter!" .
990  " role_id: " . $a_rol_id .
991  " parent_id: " . $a_parent .
992  " assign: " . $a_assign;
993  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
994  }
995 
996  // exclude system role from rbac
997  if ($a_rol_id == SYSTEM_ROLE_ID) {
998  return true;
999  }
1000 
1001  // if a wrong value is passed, always set assign to "n"
1002  if ($a_assign != "y") {
1003  $a_assign = "n";
1004  }
1005 
1006  // check if already assigned
1007  $query = 'SELECT rol_id FROM rbac_fa ' .
1008  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
1009  'AND parent = ' . $ilDB->quote($a_parent, 'integer');
1010  $res = $ilDB->query($query);
1011  if ($res->numRows()) {
1012  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
1013  return false;
1014  }
1015 
1016  $query = sprintf(
1017  'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
1018  'VALUES (%s,%s,%s,%s)',
1019  $ilDB->quote($a_rol_id, 'integer'),
1020  $ilDB->quote($a_parent, 'integer'),
1021  $ilDB->quote($a_assign, 'text'),
1022  $ilDB->quote('n', 'text')
1023  );
1024  $res = $ilDB->manipulate($query);
1025 
1026  return true;
1027  }
1028 
1037  public function assignOperationToObject($a_type_id, $a_ops_id)
1038  {
1039  global $DIC;
1040 
1041  $ilDB = $DIC['ilDB'];
1042 
1043  if (!isset($a_type_id) || !isset($a_ops_id)) {
1044  $message = get_class($this) . "::assignOperationToObject(): Missing parameter!" .
1045  "type_id: " . $a_type_id .
1046  "ops_id: " . $a_ops_id;
1047  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1048  }
1049 
1050  $query = "INSERT INTO rbac_ta (typ_id, ops_id) " .
1051  "VALUES(" . $ilDB->quote($a_type_id, 'integer') . "," . $ilDB->quote($a_ops_id, 'integer') . ")";
1052  $res = $ilDB->manipulate($query);
1053  return true;
1054  }
1055 
1064  public function deassignOperationFromObject($a_type_id, $a_ops_id)
1065  {
1066  global $DIC;
1067 
1068  $ilDB = $DIC['ilDB'];
1069 
1070  if (!isset($a_type_id) || !isset($a_ops_id)) {
1071  $message = get_class($this) . "::deassignPermissionFromObject(): Missing parameter!" .
1072  "type_id: " . $a_type_id .
1073  "ops_id: " . $a_ops_id;
1074  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1075  }
1076 
1077  $query = "DELETE FROM rbac_ta " .
1078  "WHERE typ_id = " . $ilDB->quote($a_type_id, 'integer') . " " .
1079  "AND ops_id = " . $ilDB->quote($a_ops_id, 'integer');
1080  $res = $ilDB->manipulate($query);
1081 
1082  return true;
1083  }
1084 
1093  public function setProtected($a_ref_id, $a_role_id, $a_value)
1094  {
1095  global $DIC;
1096 
1097  $ilDB = $DIC['ilDB'];
1098 
1099  // ref_id not used yet. protected permission acts 'global' for each role,
1100  // regardless of any broken inheritance before
1101  $query = 'UPDATE rbac_fa ' .
1102  'SET protected = ' . $ilDB->quote($a_value, 'text') . ' ' .
1103  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer');
1104  $res = $ilDB->manipulate($query);
1105  return true;
1106  }
1107 
1118  public function copyLocalRoles($a_source_id, $a_target_id)
1119  {
1120  global $DIC;
1121 
1122  $rbacreview = $DIC['rbacreview'];
1123  $ilLog = $DIC['ilLog'];
1124  $ilObjDataCache = $DIC['ilObjDataCache'];
1125 
1126  $real_local = [];
1127  foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
1128  $title = $ilObjDataCache->lookupTitle($role_data);
1129  if (substr($title, 0, 3) == 'il_') {
1130  continue;
1131  }
1132  $real_local[] = $role_data;
1133  }
1134  if (!count($real_local)) {
1135  return true;
1136  }
1137  // Create role folder
1138  foreach ($real_local as $role) {
1139  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
1140  $orig = new ilObjRole($role);
1141  $orig->read();
1142 
1143  $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
1144  $roleObj = new ilObjRole();
1145  $roleObj->setTitle($orig->getTitle());
1146  $roleObj->setDescription($orig->getDescription());
1147  $roleObj->setImportId($orig->getImportId());
1148  $roleObj->create();
1149 
1150  $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
1151  $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
1152  $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
1153  }
1154  }
1155 
1166  public function initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
1167  {
1168  global $DIC;
1169 
1170  $rbacreview = $DIC['rbacreview'];
1171 
1172  if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
1173  // Assign object permissions
1174  $new_ops = $rbacreview->getOperationsOfRole(
1175  $a_role_id,
1176  ilObject::_lookupType($a_ref_id, true),
1177  $a_role_parent
1178  );
1179 
1180  // set new permissions for object
1181  $this->grantPermission(
1182  $a_role_id,
1183  (array) $new_ops,
1184  $a_ref_id
1185  );
1186  return;
1187  }
1188  if (!$a_template_id) {
1189  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1190  return;
1191  }
1192  // create template permission intersection
1193  $this->copyRolePermissionIntersection(
1194  $a_template_id,
1195  $a_template_parent,
1196  $a_role_id,
1197  $a_role_parent,
1198  $a_ref_id,
1199  $a_role_id
1200  );
1201 
1202  // assign role to folder
1203  $this->assignRoleToFolder(
1204  $a_role_id,
1205  $a_ref_id,
1206  'n'
1207  );
1208 
1209  // Assign object permissions
1210  $new_ops = $rbacreview->getOperationsOfRole(
1211  $a_role_id,
1212  ilObject::_lookupType($a_ref_id, true),
1213  $a_ref_id
1214  );
1215 
1216  // revoke existing permissions
1217  $this->revokePermission($a_ref_id, $a_role_id);
1218 
1219  // set new permissions for object
1220  $this->grantPermission(
1221  $a_role_id,
1222  (array) $new_ops,
1223  $a_ref_id
1224  );
1225 
1226  return;
1227  }
1228 
1236  protected function applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
1237  {
1238  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1239  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1240  if (!$tpl_id) {
1241  return;
1242  }
1243  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1244  foreach (ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1245  if ($action instanceof ilDidacticTemplateLocalRoleAction) {
1246  continue;
1247  }
1248  $action->setRefId($a_ref_id);
1249  $action->apply();
1250  }
1251  return;
1252  }
1253 
1254 
1266  public function adjustMovedObjectPermissions($ref_id, $old_parent)
1267  {
1268  global $DIC;
1269 
1270  $rbacreview = $DIC['rbacreview'];
1271  $tree = $DIC['tree'];
1272  $ilLog = $DIC['ilLog'];
1273 
1274  $new_parent = $tree->getParentId($ref_id);
1275  $old_context_roles = $rbacreview->getParentRoleIds($old_parent, false);
1276  $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
1277 
1283  $tree->useCache(false);
1284 
1285  $for_addition = $for_deletion = [];
1286  foreach ($new_context_roles as $new_role_id => $new_role) {
1287  if (!isset($old_context_roles[$new_role_id])) {
1288  $for_addition[] = $new_role_id;
1289  } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
1290  // handle stopped inheritance
1291  $for_deletion[] = $new_role_id;
1292  $for_addition[] = $new_role_id;
1293  }
1294  }
1295  foreach ($old_context_roles as $old_role_id => $old_role) {
1296  if (!isset($new_context_roles[$old_role_id])) {
1297  $for_deletion[] = $old_role_id;
1298  }
1299  }
1300 
1301  if (!count($for_deletion) && !count($for_addition)) {
1302  $this->applyMovedObjectDidacticTemplates($ref_id, $old_parent);
1303  return true;
1304  }
1305 
1306  $rbac_log_active = ilRbacLog::isActive();
1307  if ($rbac_log_active) {
1308  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1309  }
1310 
1311  foreach ($tree->getSubTree($tree->getNodeData($ref_id), true) as $node_data) {
1312  $node_id = $node_data['child'];
1313 
1314  if ($rbac_log_active) {
1315  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1316  }
1317 
1318  // If $node_data['type'] is not set, this means there is a tree entry without
1319  // object_reference and/or object_data entry
1320  // Continue in this case
1321  if (!$node_data['type']) {
1322  $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
1323  continue;
1324  }
1325 
1326  if (!$node_id) {
1327  $ilLog->write(__METHOD__ . ': Missing subtree node_id');
1328  continue;
1329  }
1330 
1331  foreach ($for_deletion as $role_id) {
1332  $this->deleteLocalRole($role_id, $node_id);
1333  $this->revokePermission($node_id, $role_id, false);
1334  }
1335  foreach ($for_addition as $role_id) {
1336  $role_parent_id = $rbacreview->getParentOfRole($role_id, $ref_id);
1337  switch ($node_data['type']) {
1338  case 'grp':
1339  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1340  $this->initIntersectionPermissions(
1341  $node_data['child'],
1342  $role_id,
1343  $role_parent_id,
1344  $tpl_id,
1345  ROLE_FOLDER_ID
1346  );
1347  break;
1348 
1349  case 'crs':
1350  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1351  $this->initIntersectionPermissions(
1352  $node_data['child'],
1353  $role_id,
1354  $role_parent_id,
1355  $tpl_id,
1356  ROLE_FOLDER_ID
1357  );
1358  break;
1359 
1360  default:
1361  $this->grantPermission(
1362  $role_id,
1363  $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_parent_id),
1364  $node_id
1365  );
1366  break;
1367 
1368  }
1369  }
1370 
1371  if ($rbac_log_active) {
1372  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1373  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1374  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1375  }
1376  }
1377 
1381  $tree->useCache();
1382 
1383  $this->applyMovedObjectDidacticTemplates($ref_id, $old_parent);
1384  }
1385 } // END class.ilRbacAdmin
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1501
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1236
ilRbacAdmin\removeUser
removeUser($a_usr_id)
deletes a user from rbac_ua all user <-> role relations are deleted public
Definition: class.ilRbacAdmin.php:69
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:885
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
$type
$type
Definition: proxy_ylocal.php:10
ilRbacAdmin\deassignOperationFromObject
deassignOperationFromObject($a_type_id, $a_ops_id)
Deassign an existing operation from an object Update of rbac_ta public.
Definition: class.ilRbacAdmin.php:1064
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1721
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
ilRbacAdmin\revokeSubtreePermissions
revokeSubtreePermissions($a_ref_id, $a_role_id)
Revoke subtree permissions.
Definition: class.ilRbacAdmin.php:519
ilRbacAdmin\setBlockedStatus
setBlockedStatus($a_role_id, $a_ref_id, $a_blocked_status)
Set blocked status.
Definition: class.ilRbacAdmin.php:49
ilDBInterface\in
in($field, $values, $negate=false, $type="")
ilRbacAdmin\copyRolePermissionUnion
copyRolePermissionUnion( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
<type> $ilDB
Definition: class.ilRbacAdmin.php:786
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRbacAdmin\deleteSubtreeTemplates
deleteSubtreeTemplates($a_ref_id, $a_rol_id)
Delete all template permissions of subtree nodes.
Definition: class.ilRbacAdmin.php:540
ilRbacAdmin\assignUser
assignUser($a_rol_id, $a_usr_id)
Assigns an user to a role.
Definition: class.ilRbacAdmin.php:264
ilRbacAdmin\setRolePermission
setRolePermission($a_rol_id, $a_type, $a_ops, $a_ref_id)
Inserts template permissions in rbac_templates for an specific object type.
Definition: class.ilRbacAdmin.php:925
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:636
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
$ilErr
$ilErr
Definition: raiseError.php:18
ilRbacAdmin\deassignUser
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
Definition: class.ilRbacAdmin.php:322
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:174
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1166
ilDBInterface\quote
quote($value, $type)
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$lng
$lng
Definition: save_question_post_data.php:23
$log
$log
Definition: result.php:15
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1093
ilRbacAdmin\adjustMovedObjectPermissions
adjustMovedObjectPermissions($ref_id, $old_parent)
Adjust permissions of moved objects.
Definition: class.ilRbacAdmin.php:1266
ilRbacAdmin\copyLocalRoles
copyLocalRoles($a_source_id, $a_target_id)
Copy local roles This method creates a copy of all local role.
Definition: class.ilRbacAdmin.php:1118
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1110
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:706
$query
$query
Definition: proxy_ylocal.php:13
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:370
ilRbacAdmin\revokePermissionList
revokePermissionList($a_ref_ids, $a_rol_id)
Revokes permissions of a LIST of objects of ONE role.
Definition: class.ilRbacAdmin.php:570
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:32
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
ilRbacAdmin\copyRolePermissionSubtract
copyRolePermissionSubtract($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
Subtract role permissions.
Definition: class.ilRbacAdmin.php:849
ilRbacAdmin\__construct
__construct()
Constructor public.
Definition: class.ilRbacAdmin.php:24
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:609
ilRbacAdmin\deleteRole
deleteRole($a_rol_id, $a_ref_id)
Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.
Definition: class.ilRbacAdmin.php:98
ilRbacAdmin\assignUserLimited
assignUserLimited($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=[])
Assign user limited.
Definition: class.ilRbacAdmin.php:212
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilRbacAdmin\assignOperationToObject
assignOperationToObject($a_type_id, $a_ops_id)
Assign an existing operation to an object Update of rbac_ta.
Definition: class.ilRbacAdmin.php:1037
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:431
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
Run a (read-only) Query on the database.
ilRbacAdmin\deleteTemplate
deleteTemplate($a_obj_id)
Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public...
Definition: class.ilRbacAdmin.php:145
$message
$message
Definition: xapiexit.php:14
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:18
ilDBInterface\manipulate
manipulate($query)
Run a (write) Query on the database.
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:983
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:65