ILIAS  release_7 Revision v7.30-3-g800a261c036
Public Member Functions | Protected Member Functions
ilRbacAdmin Class Reference

Class ilRbacAdmin Core functions for role based access control. More...

+ Collaboration diagram for ilRbacAdmin:

Public Member Functions

 __construct ()
 Constructor public. More...
 
 setBlockedStatus ($a_role_id, $a_ref_id, $a_blocked_status)
 Set blocked status. More...
 
 removeUser ($a_usr_id)
 deletes a user from rbac_ua all user <-> role relations are deleted public More...
 
 deleteRole ($a_rol_id, $a_ref_id)
 Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public. More...
 
 deleteTemplate ($a_obj_id)
 Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public. More...
 
 deleteLocalRole ($a_rol_id, $a_ref_id=0)
 Deletes a local role and entries in rbac_fa and rbac_templates public. More...
 
 assignUserLimited ($a_role_id, $a_usr_id, $a_limit, $a_limited_roles=[])
 Assign user limited. More...
 
 assignUser ($a_rol_id, $a_usr_id)
 Assigns an user to a role. More...
 
 deassignUser ($a_rol_id, $a_usr_id)
 Deassigns a user from a role. More...
 
 grantPermission ($a_rol_id, $a_ops, $a_ref_id)
 Grants a permission to an object and a specific role. More...
 
 revokePermission ($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
 Revokes permissions of an object of one role. More...
 
 revokeSubtreePermissions ($a_ref_id, $a_role_id)
 Revoke subtree permissions. More...
 
 deleteSubtreeTemplates ($a_ref_id, $a_rol_id)
 Delete all template permissions of subtree nodes. More...
 
 revokePermissionList ($a_ref_ids, $a_rol_id)
 Revokes permissions of a LIST of objects of ONE role. More...
 
 copyRolePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions and permission of one role to another. More...
 
 copyRoleTemplatePermissions ($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
 Copies template permissions of one role to another. More...
 
 copyRolePermissionIntersection ($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
 Copies the intersection of the template permissions of two roles to a third role. More...
 
 copyRolePermissionUnion ( $a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_id, $a_dest_parent)
 <type> $ilDB More...
 
 copyRolePermissionSubtract ($a_source_id, $a_source_parent, $a_dest_id, $a_dest_parent)
 Subtract role permissions. More...
 
 deleteRolePermission ($a_rol_id, $a_ref_id, $a_type=false)
 Deletes all entries of a template. More...
 
 setRolePermission ($a_rol_id, $a_type, $a_ops, $a_ref_id)
 Inserts template permissions in rbac_templates for an specific object type. More...
 
 assignRoleToFolder ($a_rol_id, $a_parent, $a_assign="y")
 Assigns a role to an role folder A role folder is an object to store roles. More...
 
 assignOperationToObject ($a_type_id, $a_ops_id)
 Assign an existing operation to an object Update of rbac_ta. More...
 
 deassignOperationFromObject ($a_type_id, $a_ops_id)
 Deassign an existing operation from an object Update of rbac_ta public. More...
 
 setProtected ($a_ref_id, $a_role_id, $a_value)
 Set protected $ilDB. More...
 
 copyLocalRoles ($a_source_id, $a_target_id)
 Copy local roles This method creates a copy of all local role. More...
 
 initIntersectionPermissions ($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
 Init intersection permissions. More...
 
 adjustMovedObjectPermissions ($ref_id, $old_parent)
 Adjust permissions of moved objects. More...
 

Protected Member Functions

 applyMovedObjectDidacticTemplates ($a_ref_id, $a_old_parent)
 Apply didactic templates after object movement. More...
 

Detailed Description

Class ilRbacAdmin Core functions for role based access control.

Creation and maintenance of Relations. The main relations of Rbac are user <-> role (UR) assignment relation and the permission <-> role (PR) assignment relation. This class contains methods to 'create' and 'delete' instances of the (UR) relation e.g.: assignUser(), deassignUser() Required methods for the PR relation are grantPermission(), revokePermission()

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 18 of file class.ilRbacAdmin.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacAdmin::__construct ( )

Constructor public.

Definition at line 24 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $ilErr, if, and PEAR_ERROR_CALLBACK.

25  {
26  global $DIC;
27 
28  $ilDB = $DIC['ilDB'];
29  $ilErr = $DIC['ilErr'];
30  $ilias = $DIC['ilias'];
31 
32  // set db & error handler
33  (isset($ilDB)) ? $this->ilDB = &$ilDB : $this->ilDB = &$ilias->db;
34 
35  if (!isset($ilErr)) {
36  $ilErr = new ilErrorHandling();
37  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr,'errorHandler'));
38  } else {
39  $this->ilErr = &$ilErr;
40  }
41  }
PEAR_ERROR_CALLBACK
const PEAR_ERROR_CALLBACK
Definition: PEAR.php:35
$ilErr
$ilErr
Definition: raiseError.php:18
if
if(!file_exists(getcwd() . '/ilias.ini.php'))
registration confirmation script for ilias
Definition: confirmReg.php:12
$DIC
global $DIC
Definition: goto.php:24
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

Member Function Documentation

◆ adjustMovedObjectPermissions()

ilRbacAdmin::adjustMovedObjectPermissions (   $ref_id,
  $old_parent 
)

Adjust permissions of moved objects.

  • Delete permissions of parent roles that do not exist in new context
  • Delete role templates of parent roles that do not exist in new context
  • Add permissions for parent roles that did not exist in old context

public

Parameters
intref id of moved object
intref_id of old parent

2023-08-15 sk: We need to switch off the cache here, as otherwise there seems to be no way to get an adequate reading of the new path. We switch it back on again at the end of this function.

We switch the cache back on again. See above.

Definition at line 1266 of file class.ilRbacAdmin.php.

References $DIC, $log, ilRbacLog\add(), applyMovedObjectDidacticTemplates(), deleteLocalRole(), ilRbacLog\diffFaPa(), ilRbacLog\gatherFaPa(), grantPermission(), initIntersectionPermissions(), ilRbacLog\isActive(), ilObjCourse\lookupCourseNonMemberTemplatesId(), ilObjGroup\lookupGroupStatusTemplateId(), ilRbacLog\MOVE_OBJECT, revokePermission(), and ROLE_FOLDER_ID.

1267  {
1268  global $DIC;
1269 
1270  $rbacreview = $DIC['rbacreview'];
1271  $tree = $DIC['tree'];
1272  $ilLog = $DIC['ilLog'];
1273 
1274  $new_parent = $tree->getParentId($ref_id);
1275  $old_context_roles = $rbacreview->getParentRoleIds($old_parent, false);
1276  $new_context_roles = $rbacreview->getParentRoleIds($new_parent, false);
1277 
1283  $tree->useCache(false);
1284 
1285  $for_addition = $for_deletion = [];
1286  foreach ($new_context_roles as $new_role_id => $new_role) {
1287  if (!isset($old_context_roles[$new_role_id])) {
1288  $for_addition[] = $new_role_id;
1289  } elseif ($new_role['parent'] != $old_context_roles[$new_role_id]['parent']) {
1290  // handle stopped inheritance
1291  $for_deletion[] = $new_role_id;
1292  $for_addition[] = $new_role_id;
1293  }
1294  }
1295  foreach ($old_context_roles as $old_role_id => $old_role) {
1296  if (!isset($new_context_roles[$old_role_id])) {
1297  $for_deletion[] = $old_role_id;
1298  }
1299  }
1300 
1301  if (!count($for_deletion) && !count($for_addition)) {
1302  $this->applyMovedObjectDidacticTemplates($ref_id, $old_parent);
1303  return true;
1304  }
1305 
1306  $rbac_log_active = ilRbacLog::isActive();
1307  if ($rbac_log_active) {
1308  $role_ids = array_unique(array_merge(array_keys($for_deletion), array_keys($for_addition)));
1309  }
1310 
1311  foreach ($tree->getSubTree($tree->getNodeData($ref_id), true) as $node_data) {
1312  $node_id = $node_data['child'];
1313 
1314  if ($rbac_log_active) {
1315  $log_old = ilRbacLog::gatherFaPa($node_id, $role_ids);
1316  }
1317 
1318  // If $node_data['type'] is not set, this means there is a tree entry without
1319  // object_reference and/or object_data entry
1320  // Continue in this case
1321  if (!$node_data['type']) {
1322  $ilLog->write(__METHOD__ . ': No type give. Choosing next tree entry.');
1323  continue;
1324  }
1325 
1326  if (!$node_id) {
1327  $ilLog->write(__METHOD__ . ': Missing subtree node_id');
1328  continue;
1329  }
1330 
1331  foreach ($for_deletion as $role_id) {
1332  $this->deleteLocalRole($role_id, $node_id);
1333  $this->revokePermission($node_id, $role_id, false);
1334  }
1335  foreach ($for_addition as $role_id) {
1336  $role_parent_id = $rbacreview->getParentOfRole($role_id, $ref_id);
1337  switch ($node_data['type']) {
1338  case 'grp':
1339  $tpl_id = ilObjGroup::lookupGroupStatusTemplateId($node_data['obj_id']);
1340  $this->initIntersectionPermissions(
1341  $node_data['child'],
1342  $role_id,
1343  $role_parent_id,
1344  $tpl_id,
1345  ROLE_FOLDER_ID
1346  );
1347  break;
1348 
1349  case 'crs':
1350  $tpl_id = ilObjCourse::lookupCourseNonMemberTemplatesId();
1351  $this->initIntersectionPermissions(
1352  $node_data['child'],
1353  $role_id,
1354  $role_parent_id,
1355  $tpl_id,
1356  ROLE_FOLDER_ID
1357  );
1358  break;
1359 
1360  default:
1361  $this->grantPermission(
1362  $role_id,
1363  $rbacreview->getOperationsOfRole($role_id, $node_data['type'], $role_parent_id),
1364  $node_id
1365  );
1366  break;
1367 
1368  }
1369  }
1370 
1371  if ($rbac_log_active) {
1372  $log_new = ilRbacLog::gatherFaPa($node_id, $role_ids);
1373  $log = ilRbacLog::diffFaPa($log_old, $log_new);
1374  ilRbacLog::add(ilRbacLog::MOVE_OBJECT, $node_id, $log);
1375  }
1376  }
1377 
1381  $tree->useCache();
1382 
1383  $this->applyMovedObjectDidacticTemplates($ref_id, $old_parent);
1384  }
ilObjGroup\lookupGroupStatusTemplateId
static lookupGroupStatusTemplateId($a_obj_id)
$ilDB $ilDB
Definition: class.ilObjGroup.php:1501
ilRbacAdmin\applyMovedObjectDidacticTemplates
applyMovedObjectDidacticTemplates($a_ref_id, $a_old_parent)
Apply didactic templates after object movement.
Definition: class.ilRbacAdmin.php:1236
ilObjCourse\lookupCourseNonMemberTemplatesId
static lookupCourseNonMemberTemplatesId()
Lookup course non member id.
Definition: class.ilObjCourse.php:1721
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:174
ilRbacAdmin\initIntersectionPermissions
initIntersectionPermissions($a_ref_id, $a_role_id, $a_role_parent, $a_template_id, $a_template_parent)
Init intersection permissions.
Definition: class.ilRbacAdmin.php:1166
$log
$log
Definition: result.php:15
$DIC
global $DIC
Definition: goto.php:24
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:370
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:32
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:431
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:17
+ Here is the call graph for this function:

◆ applyMovedObjectDidacticTemplates()

ilRbacAdmin::applyMovedObjectDidacticTemplates (   $a_ref_id,
  $a_old_parent 
)
protected

Apply didactic templates after object movement.

Parameters
int$a_ref_id
int$a_old_parent
Deprecated:
since version 5.1.0 will be removed with 5.4 and implemented using event handler

Definition at line 1236 of file class.ilRbacAdmin.php.

References ilDidacticTemplateActionFactory\getActionsByTemplateId(), and ilDidacticTemplateObjSettings\lookupTemplateId().

Referenced by adjustMovedObjectPermissions().

1237  {
1238  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateObjSettings.php';
1239  $tpl_id = ilDidacticTemplateObjSettings::lookupTemplateId($a_ref_id);
1240  if (!$tpl_id) {
1241  return;
1242  }
1243  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateActionFactory.php';
1244  foreach (ilDidacticTemplateActionFactory::getActionsByTemplateId($tpl_id) as $action) {
1245  if ($action instanceof ilDidacticTemplateLocalRoleAction) {
1246  continue;
1247  }
1248  $action->setRefId($a_ref_id);
1249  $action->apply();
1250  }
1251  return;
1252  }
ilDidacticTemplateObjSettings\lookupTemplateId
static lookupTemplateId($a_ref_id)
Lookup template id ilDB $ilDB.
Definition: class.ilDidacticTemplateObjSettings.php:19
ilDidacticTemplateLocalRoleAction
represents a creation of local roles action
Definition: class.ilDidacticTemplateLocalRoleAction.php:12
ilDidacticTemplateActionFactory\getActionsByTemplateId
static getActionsByTemplateId($a_tpl_id)
Get actions of one template.
Definition: class.ilDidacticTemplateActionFactory.php:65
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignOperationToObject()

ilRbacAdmin::assignOperationToObject (   $a_type_id,
  $a_ops_id 
)

Assign an existing operation to an object Update of rbac_ta.

public

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1037 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

1038  {
1039  global $DIC;
1040 
1041  $ilDB = $DIC['ilDB'];
1042 
1043  if (!isset($a_type_id) || !isset($a_ops_id)) {
1044  $message = get_class($this) . "::assignOperationToObject(): Missing parameter!" .
1045  "type_id: " . $a_type_id .
1046  "ops_id: " . $a_ops_id;
1047  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1048  }
1049 
1050  $query = "INSERT INTO rbac_ta (typ_id, ops_id) " .
1051  "VALUES(" . $ilDB->quote($a_type_id, 'integer') . "," . $ilDB->quote($a_ops_id, 'integer') . ")";
1052  $res = $ilDB->manipulate($query);
1053  return true;
1054  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14

◆ assignRoleToFolder()

ilRbacAdmin::assignRoleToFolder (   $a_rol_id,
  $a_parent,
  $a_assign = "y" 
)

Assigns a role to an role folder A role folder is an object to store roles.

Every role is assigned to minimum one role folder If the inheritance of a role is stopped, a new role template will created, and the role is assigned to minimum two role folders. All roles with stopped inheritance need the flag '$a_assign = false'

public

Parameters
integerobject id of role
integerref_id of role folder
stringassignable('y','n'); default: 'y'
Returns
boolean

Definition at line 983 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, ilLoggerFactory\getLogger(), and SYSTEM_ROLE_ID.

Referenced by copyLocalRoles(), and initIntersectionPermissions().

984  {
985  global $DIC;
986  $ilDB = $DIC['ilDB'];
987 
988  if (!isset($a_rol_id) || !isset($a_parent)) {
989  $message = get_class($this) . "::assignRoleToFolder(): Missing Parameter!" .
990  " role_id: " . $a_rol_id .
991  " parent_id: " . $a_parent .
992  " assign: " . $a_assign;
993  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
994  }
995 
996  // exclude system role from rbac
997  if ($a_rol_id == SYSTEM_ROLE_ID) {
998  return true;
999  }
1000 
1001  // if a wrong value is passed, always set assign to "n"
1002  if ($a_assign != "y") {
1003  $a_assign = "n";
1004  }
1005 
1006  // check if already assigned
1007  $query = 'SELECT rol_id FROM rbac_fa ' .
1008  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
1009  'AND parent = ' . $ilDB->quote($a_parent, 'integer');
1010  $res = $ilDB->query($query);
1011  if ($res->numRows()) {
1012  ilLoggerFactory::getLogger('ac')->info('Role already assigned to object');
1013  return false;
1014  }
1015 
1016  $query = sprintf(
1017  'INSERT INTO rbac_fa (rol_id, parent, assign, protected) ' .
1018  'VALUES (%s,%s,%s,%s)',
1019  $ilDB->quote($a_rol_id, 'integer'),
1020  $ilDB->quote($a_parent, 'integer'),
1021  $ilDB->quote($a_assign, 'text'),
1022  $ilDB->quote('n', 'text')
1023  );
1024  $res = $ilDB->manipulate($query);
1025 
1026  return true;
1027  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignUser()

ilRbacAdmin::assignUser (   $a_rol_id,
  $a_usr_id 
)

Assigns an user to a role.

Update of table rbac_ua

Parameters
int$a_rol_idObject-ID of role
int$a_usr_idObject-ID of user
Returns
boolean

Definition at line 264 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $message, $query, $res, $type, ilLDAPRoleGroupMapping\_getInstance(), ilObject\_lookupObjId(), ilObject\_lookupType(), and ilLoggerFactory\getInstance().

265  {
266  global $DIC;
267 
268  $ilDB = $DIC['ilDB'];
269  $rbacreview = $DIC['rbacreview'];
270 
271  if (!isset($a_rol_id) || !isset($a_usr_id)) {
272  $message = get_class($this) . "::assignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
273  #$this->ilErr->raiseError($message,$this->ilErr->WARNING);
274  }
275 
276  // check if already assigned user id and role_id
277  $alreadyAssigned = $rbacreview->isAssigned($a_usr_id, $a_rol_id);
278 
279  // enhanced: only if we haven't had this role for this user
280  if (!$alreadyAssigned) {
281  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
282  "VALUES (" . $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_rol_id, 'integer') . ")";
283  $res = $ilDB->manipulate($query);
284 
285  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, true);
286  }
287 
288  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
289  $mapping = ilLDAPRoleGroupMapping::_getInstance();
290  $mapping->assign($a_rol_id, $a_usr_id);
291 
292 
293  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
294  $obj_id = ilObject::_lookupObjId($ref_id);
295  $type = ilObject::_lookupType($obj_id);
296 
297  if (!$alreadyAssigned) {
298  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event assign user');
299  $GLOBALS['DIC']['ilAppEventHandler']->raise(
300  'Services/AccessControl',
301  'assignUser',
302  array(
303  'obj_id' => $obj_id,
304  'usr_id' => $a_usr_id,
305  'role_id' => $a_rol_id,
306  'type' => $type
307  )
308  );
309  }
310  return true;
311  }
$type
$type
Definition: proxy_ylocal.php:10
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1110
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the call graph for this function:

◆ assignUserLimited()

ilRbacAdmin::assignUserLimited (   $a_role_id,
  $a_usr_id,
  $a_limit,
  $a_limited_roles = [] 
)

Assign user limited.

Parameters
type$a_role_id
type$a_usr_id
type$a_limit

Definition at line 212 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $query, $res, $ret, ilLDAPRoleGroupMapping\_getInstance(), ilDBConstants\FETCHMODE_OBJECT, ilDBInterface\in(), ilDBInterface\manipulate(), ilDBInterface\query(), and ilDBInterface\quote().

213  {
214  global $DIC;
215 
216  $ilDB = $DIC['ilDB'];
217 
218  $ilAtomQuery = $ilDB->buildAtomQuery();
219  $ilAtomQuery->addTableLock('rbac_ua');
220 
221  $ilAtomQuery->addQueryCallable(
222  function (ilDBInterface $ilDB) use (&$ret, $a_role_id, $a_usr_id, $a_limit, $a_limited_roles) {
223  $ret = true;
224  $limit_query = 'SELECT COUNT(*) num FROM rbac_ua ' .
225  'WHERE ' . $ilDB->in('rol_id', (array) $a_limited_roles, false, 'integer');
226  $res = $ilDB->query($limit_query);
227  $row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
228  if ($row->num >= $a_limit) {
229  $ret = false;
230  return;
231  }
232 
233  $query = "INSERT INTO rbac_ua (usr_id, rol_id) " .
234  "VALUES (" .
235  $ilDB->quote($a_usr_id, 'integer') . "," . $ilDB->quote($a_role_id, 'integer') .
236  ")";
237  $res = $ilDB->manipulate($query);
238  }
239  );
240 
241  $ilAtomQuery->run();
242 
243  if (!$ret) {
244  return false;
245  }
246 
247  $GLOBALS['DIC']['rbacreview']->setAssignedCacheEntry($a_role_id, $a_usr_id, true);
248 
249  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
250  $mapping = ilLDAPRoleGroupMapping::_getInstance();
251  $mapping->assign($a_role_id, $a_usr_id);
252  return true;
253  }
ilDBInterface\in
in($field, $values, $negate=false, $type="")
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
ilDBInterface\quote
quote($value, $type)
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$ret
$ret
Definition: parser.php:6
ilDBInterface\query
query($query)
Run a (read-only) Query on the database.
ilDBInterface\manipulate
manipulate($query)
Run a (write) Query on the database.
+ Here is the call graph for this function:

◆ copyLocalRoles()

ilRbacAdmin::copyLocalRoles (   $a_source_id,
  $a_target_id 
)

Copy local roles This method creates a copy of all local role.

Note: auto generated roles are excluded

public

Parameters
intsource id of object (not role folder)
inttarget id of object

Definition at line 1118 of file class.ilRbacAdmin.php.

References $DIC, assignRoleToFolder(), and copyRolePermissions().

1119  {
1120  global $DIC;
1121 
1122  $rbacreview = $DIC['rbacreview'];
1123  $ilLog = $DIC['ilLog'];
1124  $ilObjDataCache = $DIC['ilObjDataCache'];
1125 
1126  $real_local = [];
1127  foreach ($rbacreview->getRolesOfRoleFolder($a_source_id, false) as $role_data) {
1128  $title = $ilObjDataCache->lookupTitle($role_data);
1129  if (substr($title, 0, 3) == 'il_') {
1130  continue;
1131  }
1132  $real_local[] = $role_data;
1133  }
1134  if (!count($real_local)) {
1135  return true;
1136  }
1137  // Create role folder
1138  foreach ($real_local as $role) {
1139  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
1140  $orig = new ilObjRole($role);
1141  $orig->read();
1142 
1143  $ilLog->write(__METHOD__ . ': Start copying of role ' . $orig->getTitle());
1144  $roleObj = new ilObjRole();
1145  $roleObj->setTitle($orig->getTitle());
1146  $roleObj->setDescription($orig->getDescription());
1147  $roleObj->setImportId($orig->getImportId());
1148  $roleObj->create();
1149 
1150  $this->assignRoleToFolder($roleObj->getId(), $a_target_id, "y");
1151  $this->copyRolePermissions($role, $a_source_id, $a_target_id, $roleObj->getId(), true);
1152  $ilLog->write(__METHOD__ . ': Added new local role, id ' . $roleObj->getId());
1153  }
1154  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
$DIC
global $DIC
Definition: goto.php:24
ilRbacAdmin\copyRolePermissions
copyRolePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions and permission of one role to another.
Definition: class.ilRbacAdmin.php:609
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:983
+ Here is the call graph for this function:

◆ copyRolePermissionIntersection()

ilRbacAdmin::copyRolePermissionIntersection (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_parent,
  $a_dest_id 
)

Copies the intersection of the template permissions of two roles to a third role.

public

Parameters
integer$a_source1_idrole_id source
integer$a_source1_parentparent_id source
integer$a_source2_idrole_id source
integer$a_source2_parentparent_id source
integer$a_dest_idrole_id destination
integer$a_dest_parentparent_id destination
Returns
boolean

Definition at line 706 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $message, $query, $res, ilDBConstants\FETCHMODE_OBJECT, ilLoggerFactory\getLogger(), and SYSTEM_ROLE_ID.

Referenced by initIntersectionPermissions().

707  {
708  global $DIC;
709 
710  $rbacreview = $DIC['rbacreview'];
711  $ilDB = $DIC['ilDB'];
712 
713  if (!isset($a_source1_id) || !isset($a_source1_parent)
714  || !isset($a_source2_id) || !isset($a_source2_parent)
715  || !isset($a_dest_id) || !isset($a_dest_parent)) {
716  $message = get_class($this) . "::copyRolePermissionIntersection(): Missing parameter! source1_id: " . $a_source1_id .
717  " source1_parent: " . $a_source1_parent .
718  " source2_id: " . $a_source2_id .
719  " source2_parent: " . $a_source2_parent .
720  " dest_id: " . $a_dest_id .
721  " dest_parent_id: " . $a_dest_parent;
722  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
723  }
724 
725  // exclude system role from rbac
726  if ($a_dest_id == SYSTEM_ROLE_ID) {
727  ilLoggerFactory::getLogger('ac')->debug('Ignoring system role.');
728  return true;
729  }
730 
731  if ($rbacreview->isProtected($a_source2_parent, $a_source2_id)) {
732  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': Role is protected');
733  return true;
734  }
735 
736  $query = "SELECT s1.type, s1.ops_id " .
737  "FROM rbac_templates s1, rbac_templates s2 " .
738  "WHERE s1.rol_id = " . $ilDB->quote($a_source1_id, 'integer') . " " .
739  "AND s1.parent = " . $ilDB->quote($a_source1_parent, 'integer') . " " .
740  "AND s2.rol_id = " . $ilDB->quote($a_source2_id, 'integer') . " " .
741  "AND s2.parent = " . $ilDB->quote($a_source2_parent, 'integer') . " " .
742  "AND s1.type = s2.type " .
743  "AND s1.ops_id = s2.ops_id";
744 
745  ilLoggerFactory::getLogger('ac')->dump($query);
746 
747  $res = $ilDB->query($query);
748  $operations = [];
749  $rowNum = 0;
750  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
751  $operations[$rowNum]['type'] = $row->type;
752  $operations[$rowNum]['ops_id'] = $row->ops_id;
753 
754  $rowNum++;
755  }
756 
757  // Delete template permissions of target
758  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
759  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
760  $res = $ilDB->manipulate($query);
761 
762  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
763  'VALUES (?,?,?,?)';
764  $sta = $ilDB->prepareManip($query, array('integer','text','integer','integer'));
765  foreach ($operations as $key => $set) {
766  $ilDB->execute($sta, array(
767  $a_dest_id,
768  $set['type'],
769  $set['ops_id'],
770  $a_dest_parent));
771  }
772  return true;
773  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissions()

ilRbacAdmin::copyRolePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions and permission of one role to another.

public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 609 of file class.ilRbacAdmin.php.

References $DIC, copyRoleTemplatePermissions(), grantPermission(), and revokePermission().

Referenced by copyLocalRoles().

610  {
611  global $DIC;
612 
613  $tree = $DIC['tree'];
614  $rbacreview = $DIC['rbacreview'];
615 
616  // Copy template permissions
617  $this->copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected);
618 
619  $ops = $rbacreview->getRoleOperationsOnObject($a_source_id, $a_source_parent);
620 
621  $this->revokePermission($a_dest_parent, $a_dest_id);
622  $this->grantPermission($a_dest_id, $ops, $a_dest_parent);
623  return true;
624  }
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions($a_source_id, $a_source_parent, $a_dest_parent, $a_dest_id, $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:636
$DIC
global $DIC
Definition: goto.php:24
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:370
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:431
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ copyRolePermissionSubtract()

ilRbacAdmin::copyRolePermissionSubtract (   $a_source_id,
  $a_source_parent,
  $a_dest_id,
  $a_dest_parent 
)

Subtract role permissions.

Parameters
type$a_source_id
type$a_source_parent
type$a_dest_id
type$a_dest_parent

Definition at line 849 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, and $type.

850  {
851  global $DIC;
852 
853  $rbacreview = $DIC['rbacreview'];
854  $ilDB = $DIC['ilDB'];
855 
856  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source_id, $a_source_parent);
857  $d_ops = $rbacreview->getAllOperationsOfRole($a_dest_id, $a_dest_parent);
858 
859  foreach ($s1_ops as $type => $ops) {
860  foreach ($ops as $op) {
861  if (isset($d_ops[$type]) && in_array($op, $d_ops[$type])) {
862  $query = 'DELETE FROM rbac_templates ' .
863  'WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
864  'AND type = ' . $ilDB->quote($type, 'text') . ' ' .
865  'AND ops_id = ' . $ilDB->quote($op, 'integer') . ' ' .
866  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
867  $ilDB->manipulate($query);
868  }
869  }
870  }
871  return true;
872  }
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ copyRolePermissionUnion()

ilRbacAdmin::copyRolePermissionUnion (   $a_source1_id,
  $a_source1_parent,
  $a_source2_id,
  $a_source2_parent,
  $a_dest_id,
  $a_dest_parent 
)

<type> $ilDB

Parameters
<type>$a_source1_id
<type>$a_source1_parent
<type>$a_source2_id
<type>$a_source2_parent
<type>$a_dest_id
<type>$a_dest_parent
Returns
<type>

Definition at line 786 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $query, $type, and deleteRolePermission().

793  {
794  global $DIC;
795 
796  $ilDB = $DIC['ilDB'];
797  $rbacreview = $DIC['rbacreview'];
798 
799 
800  $s1_ops = $rbacreview->getAllOperationsOfRole($a_source1_id, $a_source1_parent);
801  $s2_ops = $rbacreview->getAlloperationsOfRole($a_source2_id, $a_source2_parent);
802 
803  $this->deleteRolePermission($a_dest_id, $a_dest_parent);
804 
805  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s1_ops, true));
806  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': ' . print_r($s2_ops, true));
807 
808  foreach ($s1_ops as $type => $ops) {
809  foreach ($ops as $op) {
810  // insert all permission of source 1
811  // #15469
812  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
813  'VALUES( ' .
814  $ilDB->quote($a_dest_id, 'integer') . ', ' .
815  $ilDB->quote($type, 'text') . ', ' .
816  $ilDB->quote($op, 'integer') . ', ' .
817  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
818  ')';
819  $ilDB->manipulate($query);
820  }
821  }
822 
823  // and the other direction...
824  foreach ($s2_ops as $type => $ops) {
825  foreach ($ops as $op) {
826  if (!isset($s1_ops[$type]) || !in_array($op, $s1_ops[$type])) {
827  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
828  'VALUES( ' .
829  $ilDB->quote($a_dest_id, 'integer') . ', ' .
830  $ilDB->quote($type, 'text') . ', ' .
831  $ilDB->quote($op, 'integer') . ', ' .
832  $ilDB->quote($a_dest_parent, 'integer') . ' ' .
833  ')';
834  $ilDB->manipulate($query);
835  }
836  }
837  }
838 
839  return true;
840  }
ilRbacAdmin\deleteRolePermission
deleteRolePermission($a_rol_id, $a_ref_id, $a_type=false)
Deletes all entries of a template.
Definition: class.ilRbacAdmin.php:885
$type
$type
Definition: proxy_ylocal.php:10
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the call graph for this function:

◆ copyRoleTemplatePermissions()

ilRbacAdmin::copyRoleTemplatePermissions (   $a_source_id,
  $a_source_parent,
  $a_dest_parent,
  $a_dest_id,
  $a_consider_protected = true 
)

Copies template permissions of one role to another.

It's also possible to copy template permissions from/to RoleTemplateObject public

Parameters
integer$a_source_idrole_id source
integer$a_source_parentparent_id source
integer$a_dest_parentparent_id destination
integer$a_dest_idrole_id destination
Returns
boolean

Definition at line 636 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, setProtected(), and SYSTEM_ROLE_ID.

Referenced by copyRolePermissions().

637  {
638  global $DIC;
639 
640  $rbacreview = $DIC['rbacreview'];
641  $ilDB = $DIC['ilDB'];
642 
643  if (!isset($a_source_id) || !isset($a_source_parent) || !isset($a_dest_id) || !isset($a_dest_parent)) {
644  $message = __METHOD__ . ": Missing parameter! source_id: " . $a_source_id .
645  " source_parent_id: " . $a_source_parent .
646  " dest_id : " . $a_dest_id .
647  " dest_parent_id: " . $a_dest_parent;
648  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
649  }
650 
651  // exclude system role from rbac
652  if ($a_dest_id == SYSTEM_ROLE_ID) {
653  return true;
654  }
655 
656  // Read operations
657  $query = 'SELECT * FROM rbac_templates ' .
658  'WHERE rol_id = ' . $ilDB->quote($a_source_id, 'integer') . ' ' .
659  'AND parent = ' . $ilDB->quote($a_source_parent, 'integer');
660  $res = $ilDB->query($query);
661  $operations = [];
662  $rownum = 0;
663  while ($row = $ilDB->fetchObject($res)) {
664  $operations[$rownum]['type'] = $row->type;
665  $operations[$rownum]['ops_id'] = $row->ops_id;
666  $rownum++;
667  }
668 
669  // Delete target permissions
670  $query = 'DELETE FROM rbac_templates WHERE rol_id = ' . $ilDB->quote($a_dest_id, 'integer') . ' ' .
671  'AND parent = ' . $ilDB->quote($a_dest_parent, 'integer');
672  $res = $ilDB->manipulate($query);
673 
674  foreach ($operations as $row => $op) {
675  $query = 'INSERT INTO rbac_templates (rol_id,type,ops_id,parent) ' .
676  'VALUES (' .
677  $ilDB->quote($a_dest_id, 'integer') . "," .
678  $ilDB->quote($op['type'], 'text') . "," .
679  $ilDB->quote($op['ops_id'], 'integer') . "," .
680  $ilDB->quote($a_dest_parent, 'integer') . ")";
681  $ilDB->manipulate($query);
682  }
683 
684  // copy also protection status if applicable
685  if ($a_consider_protected == true) {
686  if ($rbacreview->isProtected($a_source_parent, $a_source_id)) {
687  $this->setProtected($a_dest_parent, $a_dest_id, 'y');
688  }
689  }
690 
691  return true;
692  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilRbacAdmin\setProtected
setProtected($a_ref_id, $a_role_id, $a_value)
Set protected $ilDB.
Definition: class.ilRbacAdmin.php:1093
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deassignOperationFromObject()

ilRbacAdmin::deassignOperationFromObject (   $a_type_id,
  $a_ops_id 
)

Deassign an existing operation from an object Update of rbac_ta public.

Parameters
integerobject type
integeroperation_id
Returns
boolean

Definition at line 1064 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

1065  {
1066  global $DIC;
1067 
1068  $ilDB = $DIC['ilDB'];
1069 
1070  if (!isset($a_type_id) || !isset($a_ops_id)) {
1071  $message = get_class($this) . "::deassignPermissionFromObject(): Missing parameter!" .
1072  "type_id: " . $a_type_id .
1073  "ops_id: " . $a_ops_id;
1074  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
1075  }
1076 
1077  $query = "DELETE FROM rbac_ta " .
1078  "WHERE typ_id = " . $ilDB->quote($a_type_id, 'integer') . " " .
1079  "AND ops_id = " . $ilDB->quote($a_ops_id, 'integer');
1080  $res = $ilDB->manipulate($query);
1081 
1082  return true;
1083  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14

◆ deassignUser()

ilRbacAdmin::deassignUser (   $a_rol_id,
  $a_usr_id 
)

Deassigns a user from a role.

Update of table rbac_ua

Parameters
int$a_rol_idObject-ID of role
int$a_usr_idObject-ID of user
Returns
boolean true on success

Definition at line 322 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, $message, $query, $res, $type, ilLDAPRoleGroupMapping\_getInstance(), ilObject\_lookupObjId(), ilObject\_lookupType(), and ilLoggerFactory\getInstance().

Referenced by removeUser().

323  {
324  global $DIC;
325 
326  $ilDB = $DIC['ilDB'];
327  $rbacreview = $DIC->rbac()->review();
328 
329  if (!isset($a_rol_id) || !isset($a_usr_id)) {
330  $message = get_class($this) . "::deassignUser(): Missing parameter! role_id: " . $a_rol_id . " usr_id: " . $a_usr_id;
331  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
332  }
333 
334  $query = "DELETE FROM rbac_ua " .
335  "WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer') . " " .
336  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
337  $res = $ilDB->manipulate($query);
338 
339  $rbacreview->setAssignedCacheEntry($a_rol_id, $a_usr_id, false);
340 
341  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
342  $mapping = ilLDAPRoleGroupMapping::_getInstance();
343  $mapping->deassign($a_rol_id, $a_usr_id);
344 
345  if ($res) {
346  $ref_id = $GLOBALS['DIC']['rbacreview']->getObjectReferenceOfRole($a_rol_id);
347  $obj_id = ilObject::_lookupObjId($ref_id);
348  $type = ilObject::_lookupType($obj_id);
349 
350  ilLoggerFactory::getInstance()->getLogger('ac')->debug('Raise event deassign user');
351  $GLOBALS['DIC']['ilAppEventHandler']->raise('Services/AccessControl', 'deassignUser', array(
352  'obj_id' => $obj_id,
353  'usr_id' => $a_usr_id,
354  'role_id' => $a_rol_id,
355  'type' => $type,
356  ));
357  }
358 
359  return true;
360  }
$type
$type
Definition: proxy_ylocal.php:10
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1110
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ deleteLocalRole()

ilRbacAdmin::deleteLocalRole (   $a_rol_id,
  $a_ref_id = 0 
)

Deletes a local role and entries in rbac_fa and rbac_templates public.

Parameters
integerobject_id of role
integerref_id of role folder (optional)
Returns
boolean true on success

Definition at line 174 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, and SYSTEM_ROLE_ID.

Referenced by adjustMovedObjectPermissions(), and deleteRole().

175  {
176  global $DIC;
177 
178  $ilDB = $DIC['ilDB'];
179 
180  if (!isset($a_rol_id)) {
181  $message = get_class($this) . "::deleteLocalRole(): Missing parameter! role_id: '" . $a_rol_id . "'";
182  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
183  }
184 
185  // exclude system role from rbac
186  if ($a_rol_id == SYSTEM_ROLE_ID) {
187  return true;
188  }
189 
190  if ($a_ref_id != 0) {
191  $clause = 'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ';
192  }
193 
194  $query = 'DELETE FROM rbac_fa ' .
195  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
196  $clause;
197  $res = $ilDB->manipulate($query);
198 
199  $query = 'DELETE FROM rbac_templates ' .
200  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
201  $clause;
202  $res = $ilDB->manipulate($query);
203  return true;
204  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the caller graph for this function:

◆ deleteRole()

ilRbacAdmin::deleteRole (   $a_rol_id,
  $a_ref_id 
)

Deletes a role and deletes entries in object_data, rbac_pa, rbac_templates, rbac_ua, rbac_fa public.

Parameters
integerobj_id of role (role_id)
integerref_id of role folder (ref_id)
Returns
boolean true on success

Definition at line 98 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $lng, $message, $query, $res, ilLDAPRoleGroupMapping\_getInstance(), deleteLocalRole(), and SYSTEM_ROLE_ID.

99  {
100  global $DIC;
101 
102  $lng = $DIC['lng'];
103  $ilDB = $DIC['ilDB'];
104 
105  if (!isset($a_rol_id) || !isset($a_ref_id)) {
106  $message = get_class($this) . "::deleteRole(): Missing parameter! role_id: " . $a_rol_id . " ref_id of role folder: " . $a_ref_id;
107  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
108  }
109 
110  // exclude system role from rbac
111  if ($a_rol_id == SYSTEM_ROLE_ID) {
112  $this->ilErr->raiseError($lng->txt("msg_sysrole_not_deletable"), $this->ilErr->MESSAGE);
113  }
114 
115  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMapping.php');
116  $mapping = ilLDAPRoleGroupMapping::_getInstance();
117  $mapping->deleteRole($a_rol_id);
118 
119 
120  // TODO: check assigned users before deletion
121  // This is done in ilObjRole. Should be better moved to this place?
122 
123  // delete user assignements
124  $query = "DELETE FROM rbac_ua " .
125  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer');
126  $res = $ilDB->manipulate($query);
127 
128  // delete permission assignments
129  $query = "DELETE FROM rbac_pa " .
130  "WHERE rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
131  $res = $ilDB->manipulate($query);
132 
133  //delete rbac_templates and rbac_fa
134  $this->deleteLocalRole($a_rol_id);
135 
136  return true;
137  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
ilRbacAdmin\deleteLocalRole
deleteLocalRole($a_rol_id, $a_ref_id=0)
Deletes a local role and entries in rbac_fa and rbac_templates public.
Definition: class.ilRbacAdmin.php:174
ilLDAPRoleGroupMapping\_getInstance
static _getInstance()
Get singleton instance of this class.
Definition: class.ilLDAPRoleGroupMapping.php:73
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$lng
$lng
Definition: save_question_post_data.php:23
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the call graph for this function:

◆ deleteRolePermission()

ilRbacAdmin::deleteRolePermission (   $a_rol_id,
  $a_ref_id,
  $a_type = false 
)

Deletes all entries of a template.

If an object type is given for third parameter only the entries for that object type are deleted Update of table rbac_templates. public

Parameters
integerobject id of role
integerref_id of role folder
stringobject type (optional)
Returns
boolean

Definition at line 885 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, and SYSTEM_ROLE_ID.

Referenced by copyRolePermissionUnion().

886  {
887  global $DIC;
888 
889  $ilDB = $DIC['ilDB'];
890 
891  if (!isset($a_rol_id) || !isset($a_ref_id)) {
892  $message = get_class($this) . "::deleteRolePermission(): Missing parameter! role_id: " . $a_rol_id . " ref_id: " . $a_ref_id;
893  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
894  }
895 
896  // exclude system role from rbac
897  if ($a_rol_id == SYSTEM_ROLE_ID) {
898  return true;
899  }
900 
901  if ($a_type !== false) {
902  $and_type = " AND type=" . $ilDB->quote($a_type, 'text') . " ";
903  }
904 
905  $query = 'DELETE FROM rbac_templates ' .
906  'WHERE rol_id = ' . $ilDB->quote($a_rol_id, 'integer') . ' ' .
907  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer') . ' ' .
908  $and_type;
909 
910  $res = $ilDB->manipulate($query);
911 
912  return true;
913  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the caller graph for this function:

◆ deleteSubtreeTemplates()

ilRbacAdmin::deleteSubtreeTemplates (   $a_ref_id,
  $a_rol_id 
)

Delete all template permissions of subtree nodes.

Parameters
object$a_ref_id
object$a_rol_id
Returns

Definition at line 540 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, and $query.

541  {
542  global $DIC;
543 
544  $ilDB = $DIC['ilDB'];
545 
546  $query = 'DELETE FROM rbac_templates ' .
547  'WHERE parent IN ( ' .
548  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
549  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
550 
551  $ilDB->manipulate($query);
552 
553  $query = 'DELETE FROM rbac_fa ' .
554  'WHERE parent IN ( ' .
555  $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
556  'AND rol_id = ' . $ilDB->quote($a_rol_id, 'integer');
557 
558  $ilDB->manipulate($query);
559 
560  return true;
561  }
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ deleteTemplate()

ilRbacAdmin::deleteTemplate (   $a_obj_id)

Deletes a template from role folder and deletes all entries in rbac_templates, rbac_fa public.

Parameters
integerobject_id of role template
Returns
boolean

Definition at line 145 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, and $res.

146  {
147  global $DIC;
148 
149  $ilDB = $DIC['ilDB'];
150 
151  if (!isset($a_obj_id)) {
152  $message = get_class($this) . "::deleteTemplate(): No obj_id given!";
153  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
154  }
155 
156  $query = 'DELETE FROM rbac_templates ' .
157  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
158  $res = $ilDB->manipulate($query);
159 
160  $query = 'DELETE FROM rbac_fa ' .
161  'WHERE rol_id = ' . $ilDB->quote($a_obj_id, 'integer');
162  $res = $ilDB->manipulate($query);
163 
164  return true;
165  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14

◆ grantPermission()

ilRbacAdmin::grantPermission (   $a_rol_id,
  $a_ops,
  $a_ref_id 
)

Grants a permission to an object and a specific role.

Update of table rbac_pa public

Parameters
integerobject id of role
arrayarray of operation ids
integerreference id of that object which is granted the permissions
Returns
boolean

Definition at line 370 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, $res, and SYSTEM_ROLE_ID.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

371  {
372  global $DIC;
373 
374  $ilDB = $DIC['ilDB'];
375 
376  if (!isset($a_rol_id) || !isset($a_ops) || !isset($a_ref_id)) {
377  $this->ilErr->raiseError(get_class($this) . "::grantPermission(): Missing parameter! " .
378  "role_id: " . $a_rol_id . " ref_id: " . $a_ref_id . " operations: ", $this->ilErr->WARNING);
379  }
380 
381  if (!is_array($a_ops)) {
382  $this->ilErr->raiseError(
383  get_class($this) . "::grantPermission(): Wrong datatype for operations!",
384  $this->ilErr->WARNING
385  );
386  }
387 
388  // exclude system role from rbac
389  if ($a_rol_id == SYSTEM_ROLE_ID) {
390  return true;
391  }
392 
393  // convert all values to integer
394  foreach ($a_ops as $key => $operation) {
395  $a_ops[$key] = (int) $operation;
396  }
397 
398  // Serialization des ops_id Arrays
399  $ops_ids = serialize($a_ops);
400 
401  $query = 'DELETE FROM rbac_pa ' .
402  'WHERE rol_id = %s ' .
403  'AND ref_id = %s';
404  $res = $ilDB->queryF(
405  $query,
406  array('integer','integer'),
407  array($a_rol_id,$a_ref_id)
408  );
409 
410  if (!count($a_ops)) {
411  return false;
412  }
413 
414  $query = "INSERT INTO rbac_pa (rol_id, ops_id, ref_id) " .
415  "VALUES " .
416  "(" . $ilDB->quote($a_rol_id, 'integer') . ", " . $ilDB->quote($ops_ids, 'text') . ", " . $ilDB->quote($a_ref_id, 'integer') . ")";
417  $res = $ilDB->manipulate($query);
418 
419  return true;
420  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ initIntersectionPermissions()

ilRbacAdmin::initIntersectionPermissions (   $a_ref_id,
  $a_role_id,
  $a_role_parent,
  $a_template_id,
  $a_template_parent 
)

Init intersection permissions.

type $rbacreview

Parameters
type$a_ref_id
type$a_role_id
type$a_role_parent
type$a_template_id
type$a_template_parent
Returns
type

Definition at line 1166 of file class.ilRbacAdmin.php.

References $DIC, ilObject\_lookupType(), assignRoleToFolder(), copyRolePermissionIntersection(), ilLoggerFactory\getLogger(), grantPermission(), and revokePermission().

Referenced by adjustMovedObjectPermissions().

1167  {
1168  global $DIC;
1169 
1170  $rbacreview = $DIC['rbacreview'];
1171 
1172  if ($rbacreview->isProtected($a_role_parent, $a_role_id)) {
1173  // Assign object permissions
1174  $new_ops = $rbacreview->getOperationsOfRole(
1175  $a_role_id,
1176  ilObject::_lookupType($a_ref_id, true),
1177  $a_role_parent
1178  );
1179 
1180  // set new permissions for object
1181  $this->grantPermission(
1182  $a_role_id,
1183  (array) $new_ops,
1184  $a_ref_id
1185  );
1186  return;
1187  }
1188  if (!$a_template_id) {
1189  ilLoggerFactory::getLogger('ac')->info('No template id given. Aborting.');
1190  return;
1191  }
1192  // create template permission intersection
1193  $this->copyRolePermissionIntersection(
1194  $a_template_id,
1195  $a_template_parent,
1196  $a_role_id,
1197  $a_role_parent,
1198  $a_ref_id,
1199  $a_role_id
1200  );
1201 
1202  // assign role to folder
1203  $this->assignRoleToFolder(
1204  $a_role_id,
1205  $a_ref_id,
1206  'n'
1207  );
1208 
1209  // Assign object permissions
1210  $new_ops = $rbacreview->getOperationsOfRole(
1211  $a_role_id,
1212  ilObject::_lookupType($a_ref_id, true),
1213  $a_ref_id
1214  );
1215 
1216  // revoke existing permissions
1217  $this->revokePermission($a_ref_id, $a_role_id);
1218 
1219  // set new permissions for object
1220  $this->grantPermission(
1221  $a_role_id,
1222  (array) $new_ops,
1223  $a_ref_id
1224  );
1225 
1226  return;
1227  }
$DIC
global $DIC
Definition: goto.php:24
ilRbacAdmin\copyRolePermissionIntersection
copyRolePermissionIntersection($a_source1_id, $a_source1_parent, $a_source2_id, $a_source2_parent, $a_dest_parent, $a_dest_id)
Copies the intersection of the template permissions of two roles to a third role. ...
Definition: class.ilRbacAdmin.php:706
ilRbacAdmin\grantPermission
grantPermission($a_rol_id, $a_ops, $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:370
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
ilRbacAdmin\revokePermission
revokePermission($a_ref_id, $a_rol_id=0, $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:431
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder($a_rol_id, $a_parent, $a_assign="y")
Assigns a role to an role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:983
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeUser()

ilRbacAdmin::removeUser (   $a_usr_id)

deletes a user from rbac_ua all user <-> role relations are deleted public

Parameters
intuser_id
Returns
boolean true on success

Definition at line 69 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, and deassignUser().

70  {
71  global $DIC;
72 
73  $ilDB = $DIC->database();
74  $review = $DIC->rbac()->review();
75 
76  if (!isset($a_usr_id)) {
77  $message = get_class($this) . "::removeUser(): No usr_id given!";
78  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
79  }
80 
81  foreach ($review->assignedRoles($a_usr_id) as $role_id) {
82  $this->deassignUser($role_id, $a_usr_id);
83  }
84 
85  $query = "DELETE FROM rbac_ua WHERE usr_id = " . $ilDB->quote($a_usr_id, 'integer');
86  $res = $ilDB->manipulate($query);
87 
88  return true;
89  }
ilRbacAdmin\deassignUser
deassignUser($a_rol_id, $a_usr_id)
Deassigns a user from a role.
Definition: class.ilRbacAdmin.php:322
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the call graph for this function:

◆ revokePermission()

ilRbacAdmin::revokePermission (   $a_ref_id,
  $a_rol_id = 0,
  $a_keep_protected = true 
)

Revokes permissions of an object of one role.

Update of table rbac_pa. Revokes all permission for all roles for that object (with this reference). When a role_id is given this applies only to that role public

Parameters
integerreference id of object where permissions should be revoked
integerrole_id (optional: if you want to revoke permissions of object only for a specific role)
Returns
boolean

Definition at line 431 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $log, $message, $query, $res, and SYSTEM_ROLE_ID.

Referenced by adjustMovedObjectPermissions(), copyRolePermissions(), and initIntersectionPermissions().

432  {
433  global $DIC;
434 
435  $rbacreview = $DIC['rbacreview'];
436  $log = $DIC['log'];
437  $ilDB = $DIC['ilDB'];
438  $ilLog = $DIC['ilLog'];
439 
440  if (!isset($a_ref_id)) {
441  $ilLog->logStack();
442  $message = get_class($this) . "::revokePermission(): Missing parameter! ref_id: " . $a_ref_id;
443  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
444  }
445 
446  // bypass protected status of roles
447  if ($a_keep_protected != true) {
448  // exclude system role from rbac
449  if ($a_rol_id == SYSTEM_ROLE_ID) {
450  return true;
451  }
452 
453  if ($a_rol_id) {
454  $and1 = " AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
455  } else {
456  $and1 = "";
457  }
458 
459  $query = "DELETE FROM rbac_pa " .
460  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') .
461  $and1;
462 
463  $res = $ilDB->manipulate($query);
464 
465  return true;
466  }
467 
468  // consider protected status of roles
469 
470  // in any case, get all roles in scope first
471  $roles_in_scope = $rbacreview->getParentRoleIds($a_ref_id);
472 
473  if (!$a_rol_id) {
474  $role_ids = [];
475 
476  foreach ($roles_in_scope as $role) {
477  if ($role['protected'] == true) {
478  continue;
479  }
480 
481  $role_ids[] = $role['obj_id'];
482  }
483 
484  // return if no role in array
485  if (!$role_ids) {
486  return true;
487  }
488 
489  $query = 'DELETE FROM rbac_pa ' .
490  'WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' ' .
491  'AND ref_id = ' . $ilDB->quote($a_ref_id, 'integer');
492  $res = $ilDB->manipulate($query);
493  } else {
494  // exclude system role from rbac
495  if ($a_rol_id == SYSTEM_ROLE_ID) {
496  return true;
497  }
498 
499  // exclude protected permission settings from revoking
500  if ($roles_in_scope[$a_rol_id]['protected'] == true) {
501  return true;
502  }
503 
504  $query = "DELETE FROM rbac_pa " .
505  "WHERE ref_id = " . $ilDB->quote($a_ref_id, 'integer') . " " .
506  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer') . " ";
507  $res = $ilDB->manipulate($query);
508  }
509 
510  return true;
511  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$log
$log
Definition: result.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
+ Here is the caller graph for this function:

◆ revokePermissionList()

ilRbacAdmin::revokePermissionList (   $a_ref_ids,
  $a_rol_id 
)

Revokes permissions of a LIST of objects of ONE role.

Update of table rbac_pa. public

Parameters
arraylist of reference_ids to revoke permissions
integerrole_id
Returns
boolean

Definition at line 570 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, $query, $res, and SYSTEM_ROLE_ID.

571  {
572  global $DIC;
573 
574  $ilDB = $DIC['ilDB'];
575 
576  if (!isset($a_ref_ids) || !is_array($a_ref_ids)) {
577  $message = get_class($this) . "::revokePermissionList(): Missing parameter or parameter is not an array! reference_list: " . var_dump($a_ref_ids);
578  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
579  }
580 
581  if (!isset($a_rol_id)) {
582  $message = get_class($this) . "::revokePermissionList(): Missing parameter! rol_id: " . $a_rol_id;
583  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
584  }
585 
586  // exclude system role from rbac
587  if ($a_rol_id == SYSTEM_ROLE_ID) {
588  return true;
589  }
590 
591  $query = "DELETE FROM rbac_pa " .
592  "WHERE " . $ilDB->in('ref_id', $a_ref_ids, false, 'integer') . ' ' .
593  "AND rol_id = " . $ilDB->quote($a_rol_id, 'integer');
594  $res = $ilDB->manipulate($query);
595 
596  return true;
597  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14

◆ revokeSubtreePermissions()

ilRbacAdmin::revokeSubtreePermissions (   $a_ref_id,
  $a_role_id 
)

Revoke subtree permissions.

Parameters
object$a_ref_id
object$a_role_id
Returns

Definition at line 519 of file class.ilRbacAdmin.php.

References $DIC, $GLOBALS, $ilDB, and $query.

520  {
521  global $DIC;
522 
523  $ilDB = $DIC['ilDB'];
524 
525  $query = 'DELETE FROM rbac_pa ' .
526  'WHERE ref_id IN ' .
527  '( ' . $GLOBALS['DIC']['tree']->getSubTreeQuery($a_ref_id, array('child')) . ' ) ' .
528  'AND rol_id = ' . $ilDB->quote($a_role_id, 'integer');
529 
530  $ilDB->manipulate($query);
531  return true;
532  }
$DIC
global $DIC
Definition: goto.php:24
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16

◆ setBlockedStatus()

ilRbacAdmin::setBlockedStatus (   $a_role_id,
  $a_ref_id,
  $a_blocked_status 
)

Set blocked status.

Parameters
type$a_role_id
type$a_ref_id
type$a_blocked_status

Definition at line 49 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, and ilLoggerFactory\getLogger().

50  {
51  global $DIC;
52 
53  $ilDB = $DIC['ilDB'];
54 
55  ilLoggerFactory::getLogger('crs')->logStack();
56  $query = 'UPDATE rbac_fa set blocked = ' . $ilDB->quote($a_blocked_status, 'integer') . ' ' .
57  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer') . ' ' .
58  'AND parent = ' . $ilDB->quote($a_ref_id, 'integer');
59  $ilDB->manipulate($query);
60  }
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
+ Here is the call graph for this function:

◆ setProtected()

ilRbacAdmin::setProtected (   $a_ref_id,
  $a_role_id,
  $a_value 
)

Set protected $ilDB.

Parameters
type$a_ref_id
type$a_role_id
type$a_valuey or n
Returns
boolean

Definition at line 1093 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $query, and $res.

Referenced by copyRoleTemplatePermissions().

1094  {
1095  global $DIC;
1096 
1097  $ilDB = $DIC['ilDB'];
1098 
1099  // ref_id not used yet. protected permission acts 'global' for each role,
1100  // regardless of any broken inheritance before
1101  $query = 'UPDATE rbac_fa ' .
1102  'SET protected = ' . $ilDB->quote($a_value, 'text') . ' ' .
1103  'WHERE rol_id = ' . $ilDB->quote($a_role_id, 'integer');
1104  $res = $ilDB->manipulate($query);
1105  return true;
1106  }
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$DIC
global $DIC
Definition: goto.php:24
$query
$query
Definition: proxy_ylocal.php:13
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
+ Here is the caller graph for this function:

◆ setRolePermission()

ilRbacAdmin::setRolePermission (   $a_rol_id,
  $a_type,
  $a_ops,
  $a_ref_id 
)

Inserts template permissions in rbac_templates for an specific object type.

Update of table rbac_templates public

Parameters
integerrole_id
stringobject type
arrayoperation_ids
integerref_id of role folder object
Returns
boolean

Definition at line 925 of file class.ilRbacAdmin.php.

References $DIC, $ilDB, $message, and SYSTEM_ROLE_ID.

926  {
927  global $DIC;
928 
929  $ilDB = $DIC['ilDB'];
930 
931  if (!isset($a_rol_id) || !isset($a_type) || !isset($a_ops) || !isset($a_ref_id)) {
932  $message = get_class($this) . "::setRolePermission(): Missing parameter!" .
933  " role_id: " . $a_rol_id .
934  " type: " . $a_type .
935  " operations: " . $a_ops .
936  " ref_id: " . $a_ref_id;
937  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
938  }
939 
940  if (!is_string($a_type) || empty($a_type)) {
941  $message = get_class($this) . "::setRolePermission(): a_type is no string or empty!";
942  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
943  }
944 
945  if (!is_array($a_ops) || empty($a_ops)) {
946  $message = get_class($this) . "::setRolePermission(): a_ops is no array or empty!";
947  $this->ilErr->raiseError($message, $this->ilErr->WARNING);
948  }
949 
950  // exclude system role from rbac
951  if ($a_rol_id == SYSTEM_ROLE_ID) {
952  return true;
953  }
954 
955  foreach ($a_ops as $op) {
956  $ilDB->replace(
957  'rbac_templates',
958  [
959  'rol_id' => ['integer', $a_rol_id],
960  'type' => ['text', $a_type],
961  'ops_id' => ['integer', $op],
962  'parent' => ['integer', $a_ref_id]
963  ],
964  []
965  );
966  }
967  return true;
968  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
$DIC
global $DIC
Definition: goto.php:24
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
$message
$message
Definition: xapiexit.php:14
The documentation for this class was generated from the following file: