ILIAS  release_8 Revision v8.23
class.ilRbacLog.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
26 class ilRbacLog
27 {
28  public const EDIT_PERMISSIONS = 1;
29  public const MOVE_OBJECT = 2;
30  public const LINK_OBJECT = 3;
31  public const COPY_OBJECT = 4;
32  public const CREATE_OBJECT = 5;
33  public const EDIT_TEMPLATE = 6;
34  public const EDIT_TEMPLATE_EXISTING = 7;
35  public const CHANGE_OWNER = 8;
36 
37  public static function isActive(): bool
38  {
39  return ilPrivacySettings::getInstance()->enabledRbacLog();
40  }
41 
42  public static function gatherFaPa(int $a_ref_id, array $a_role_ids, bool $a_add_action = false): array
43  {
44  global $DIC;
45 
46  $rbacreview = $DIC->rbac()->review();
47  $result = array();
48 
49  // #10946 - if result is written to log directly we need to add an "action" dimension
50  // if result is used as input to diffFaPa() we need "raw" data
51 
52  // roles
53  foreach ($a_role_ids as $role_id) {
54  if ($role_id != SYSTEM_ROLE_ID) {
55  if ($a_add_action) {
56  $result["ops"][$role_id]["add"] = $rbacreview->getRoleOperationsOnObject($role_id, $a_ref_id);
57  } else {
58  $result["ops"][$role_id] = $rbacreview->getRoleOperationsOnObject($role_id, $a_ref_id);
59  }
60  }
61  }
62 
63  // inheritance
64  if ($a_ref_id && $a_ref_id != ROLE_FOLDER_ID) {
65  if ($a_add_action) {
66  $result["inht"]["add"] = $rbacreview->getRolesOfRoleFolder($a_ref_id);
67  } else {
68  $result["inht"] = $rbacreview->getRolesOfRoleFolder($a_ref_id);
69  }
70  }
71 
72  return $result;
73  }
74 
75  public static function diffFaPa(array $a_old, array $a_new): array
76  {
77  $result = array();
78 
79  // roles
80  foreach ((array) $a_old["ops"] as $role_id => $ops) {
81  $diff = array_diff($ops, $a_new["ops"][$role_id]);
82  if ($diff !== []) {
83  $result["ops"][$role_id]["rmv"] = array_values($diff);
84  }
85  $diff = array_diff($a_new["ops"][$role_id], $ops);
86  if ($diff !== []) {
87  $result["ops"][$role_id]["add"] = array_values($diff);
88  }
89  }
90 
91  if (isset($a_old["inht"]) || isset($a_new["inht"])) {
92  if (isset($a_old["inht"]) && !isset($a_new["inht"])) {
93  $result["inht"]["rmv"] = $a_old["inht"];
94  } elseif (!isset($a_old["inht"]) && isset($a_new["inht"])) {
95  $result["inht"]["add"] = $a_new["inht"];
96  } else {
97  $diff = array_diff($a_old["inht"], $a_new["inht"]);
98  if ($diff !== []) {
99  $result["inht"]["rmv"] = array_values($diff);
100  }
101  $diff = array_diff($a_new["inht"], $a_old["inht"]);
102  if ($diff !== []) {
103  $result["inht"]["add"] = array_values($diff);
104  }
105  }
106  }
107  return $result;
108  }
109 
110  public static function gatherTemplate(int $a_role_ref_id, int $a_role_id): array
111  {
112  global $DIC;
113 
114  $rbacreview = $DIC->rbac()->review();
115  return $rbacreview->getAllOperationsOfRole($a_role_id, $a_role_ref_id);
116  }
117 
118  public static function diffTemplate(array $a_old, array $a_new): array
119  {
120  $result = array();
121  $types = array_unique(array_merge(array_keys($a_old), array_keys($a_new)));
122  foreach ($types as $type) {
123  if (!isset($a_old[$type])) {
124  $result[$type]["add"] = $a_new[$type];
125  } elseif (!isset($a_new[$type])) {
126  $result[$type]["rmv"] = $a_old[$type];
127  } else {
128  $diff = array_diff($a_old[$type], $a_new[$type]);
129  if ($diff !== []) {
130  $result[$type]["rmv"] = array_values($diff);
131  }
132  $diff = array_diff($a_new[$type], $a_old[$type]);
133  if ($diff !== []) {
134  $result[$type]["add"] = array_values($diff);
135  }
136  }
137  }
138  return $result;
139  }
140 
141  public static function add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id = false): bool
142  {
143  global $DIC;
144 
145  $ilUser = $DIC->user();
146  $ilDB = $DIC->database();
147 
148  if (self::isValidAction($a_action) && count($a_diff)) {
149  if ($a_source_ref_id) {
150  $a_diff["src"] = $a_source_ref_id;
151  }
152  $id = $ilDB->nextId('rbac_log');
153 
154  $ilDB->query("INSERT INTO rbac_log (log_id, user_id, created, ref_id, action, data)" .
155  " VALUES (" . $ilDB->quote($id, "integer") . "," . $ilDB->quote($ilUser->getId(), "integer") .
156  "," . $ilDB->quote(time(), "integer") .
157  "," . $ilDB->quote($a_ref_id, "integer") . "," . $ilDB->quote($a_action, "integer") .
158  "," . $ilDB->quote(serialize($a_diff), "text") . ")");
159  return true;
160  }
161  return false;
162  }
163 
164  protected static function isValidAction(int $a_action): bool
165  {
166  if (in_array(
167  $a_action,
168  [
169  self::EDIT_PERMISSIONS,
170  self::MOVE_OBJECT,
171  self::LINK_OBJECT,
172  self::COPY_OBJECT,
173  self::CREATE_OBJECT,
174  self::EDIT_TEMPLATE,
175  self::EDIT_TEMPLATE_EXISTING,
176  self::CHANGE_OWNER
177  ]
178  )) {
179  return true;
180  }
181  return false;
182  }
183 
184  public static function getLogItems(int $a_ref_id, int $a_limit, int $a_offset, array $a_filter = null): array
185  {
186  global $DIC;
187 
188  $ilDB = $DIC->database();
189  $rbacreview = $DIC->rbac()->review();
190 
191  $where = [];
192  if ($a_filter) {
193  if ($a_filter["action"]) {
194  $where[] = "action = " . $ilDB->quote($a_filter["action"], "integer");
195  }
196  if ($a_filter["date"]["from"]) {
197  $from = $a_filter["date"]["from"]->get(IL_CAL_UNIX);
198  $from = strtotime("00:00:00", $from);
199  $where[] = "created >= " . $ilDB->quote($from, "integer");
200  }
201  if ($a_filter["date"]["to"]) {
202  $to = $a_filter["date"]["to"]->get(IL_CAL_UNIX);
203  $to = strtotime("23:59:59", $to);
204  $where[] = "created <= " . $ilDB->quote($to, "integer");
205  }
206 
207  if (count($where) > 0) {
208  $where = array_merge([' AND '], [implode(' AND ', $where)]);
209  }
210  }
211 
212  $set = $ilDB->query("SELECT COUNT(*) FROM rbac_log WHERE ref_id = " . $ilDB->quote(
213  $a_ref_id,
214  "integer"
215  ) . implode('', $where));
216  $res = $ilDB->fetchAssoc($set);
217  $count = array_pop($res);
218 
219  $ilDB->setLimit($a_limit, $a_offset);
220  $set = $ilDB->query("SELECT * FROM rbac_log WHERE ref_id = " . $ilDB->quote($a_ref_id, "integer") .
221  implode('', $where) . " ORDER BY created DESC");
222  $result = array();
223  while ($row = $ilDB->fetchAssoc($set)) {
224  $row["data"] = unserialize($row["data"]);
225  $result[] = $row;
226  }
227  return ["cnt" => $count, "set" => $result];
228  }
229 
230  public static function delete(int $a_ref_id): void
231  {
232  global $DIC;
233 
234  $ilDB = $DIC->database();
235  $ilDB->query("DELETE FROM rbac_log WHERE ref_id = " . $ilDB->quote($a_ref_id, "integer"));
236  self::garbageCollection();
237  }
238 
239  public static function garbageCollection(): void
240  {
241  global $DIC;
242 
243  $ilDB = $DIC->database();
244 
245  $settings = ilPrivacySettings::getInstance();
246  $max = $settings->getRbacLogAge();
247 
248  $ilDB->query("DELETE FROM rbac_log WHERE created < " . $ilDB->quote(
249  strtotime("-" . $max . "months"),
250  "integer"
251  ));
252  }
253 }
ilRbacLog\gatherFaPa
static gatherFaPa(int $a_ref_id, array $a_role_ids, bool $a_add_action=false)
Definition: class.ilRbacLog.php:42
$res
$res
Definition: ltiservices.php:69
ILIAS\LTI\ToolProvider\$settings
array $settings
Setting values (LTI parameters, custom parameters and local parameters).
Definition: System.php:200
$type
$type
Definition: proxy_ylocal.php:10
ilRbacLog\garbageCollection
static garbageCollection()
Definition: class.ilRbacLog.php:239
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilRbacLog\CHANGE_OWNER
const CHANGE_OWNER
Definition: class.ilRbacLog.php:35
ilRbacLog\getLogItems
static getLogItems(int $a_ref_id, int $a_limit, int $a_offset, array $a_filter=null)
Definition: class.ilRbacLog.php:184
ilRbacLog\gatherTemplate
static gatherTemplate(int $a_role_ref_id, int $a_role_id)
Definition: class.ilRbacLog.php:110
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:37
IL_CAL_UNIX
const IL_CAL_UNIX
Definition: class.ilDateTime.php:9
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:75
$DIC
global $DIC
Definition: feed.php:28
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:28
ilRbacLog\CREATE_OBJECT
const CREATE_OBJECT
Definition: class.ilRbacLog.php:32
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilRbacLog\COPY_OBJECT
const COPY_OBJECT
Definition: class.ilRbacLog.php:31
ilRbacLog\LINK_OBJECT
const LINK_OBJECT
Definition: class.ilRbacLog.php:30
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
$ilUser
$ilUser
Definition: imgupload.php:34
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilRbacLog\diffTemplate
static diffTemplate(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:118
ilRbacLog\EDIT_TEMPLATE_EXISTING
const EDIT_TEMPLATE_EXISTING
Definition: class.ilRbacLog.php:34
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:33
ilRbacLog\MOVE_OBJECT
const MOVE_OBJECT
Definition: class.ilRbacLog.php:29
ilRbacLog
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRbacLog.php:26
ilRbacLog\isValidAction
static isValidAction(int $a_action)
Definition: class.ilRbacLog.php:164