ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilRbacReview.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
33 class ilRbacReview
34 {
35  public const FILTER_ALL = 1;
36  public const FILTER_ALL_GLOBAL = 2;
37  public const FILTER_ALL_LOCAL = 3;
38  public const FILTER_INTERNAL = 4;
39  public const FILTER_NOT_INTERNAL = 5;
40  public const FILTER_TEMPLATES = 6;
41 
42  // Cache operation ids
43  private static ?array $_opsCache = null;
44 
45  protected static array $assigned_users_cache = [];
46  protected static array $is_assigned_cache = [];
47 
48  protected ilLogger $log;
49  protected ilDBInterface $db;
50 
55  public function __construct()
56  {
57  global $DIC;
58 
59  $this->log = ilLoggerFactory::getLogger('ac');
60  $this->db = $DIC->database();
61  }
62 
70  public function roleExists(string $a_title, int $a_id = 0): ?int
71  {
72  $clause = ($a_id) ? " AND obj_id != " . $this->db->quote($a_id, ilDBConstants::T_TEXT) . " " : "";
73 
74  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
75  "WHERE title =" . $this->db->quote($a_title, ilDBConstants::T_TEXT) . " " .
76  "AND type IN('role','rolt')" .
77  $clause . " ";
78  $r = $this->db->query($q);
79  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
80  return (int) $row->obj_id;
81  }
82  return null;
83  }
84 
95  protected function __getParentRoles(array $a_path, bool $a_templates): array
96  {
97  $parent_roles = [];
98  $role_hierarchy = [];
99  foreach ($a_path as $ref_id) {
100  $roles = $this->getRoleListByObject($ref_id, $a_templates);
101  foreach ($roles as $role) {
102  $id = (int) $role["obj_id"];
103  $role["parent"] = (int) $ref_id;
104  $parent_roles[$id] = $role;
105 
106  if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
107  $role_hierarchy[$id] = $ref_id;
108  }
109  }
110  }
111  return $this->__setProtectedStatus($parent_roles, $role_hierarchy, (int) reset($a_path));
112  }
113 
122  public function getParentRoleIds(int $a_endnode_id, bool $a_templates = false): array
123  {
124  global $DIC;
125 
126  $tree = $DIC->repositoryTree();
127 
128  $pathIds = $tree->getPathId($a_endnode_id);
129 
130  // add system folder since it may not in the path
131  $pathIds[0] = ROLE_FOLDER_ID;
132  return $this->__getParentRoles($pathIds, $a_templates);
133  }
134 
139  public function getRoleListByObject(int $a_ref_id, bool $a_templates = false): array
140  {
141  $role_list = [];
142  $where = $this->__setTemplateFilter($a_templates);
143 
144  $query = "SELECT * FROM object_data " .
145  "JOIN rbac_fa ON obj_id = rol_id " .
146  $where .
147  "AND object_data.obj_id = rbac_fa.rol_id " .
148  "AND rbac_fa.parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
149 
150  $res = $this->db->query($query);
151  while ($row = $this->db->fetchAssoc($res)) {
152  $row["desc"] = $row["description"];
153  $row["user_id"] = (int) $row["owner"];
154  $row['obj_id'] = (int) $row['obj_id'];
155  $row['rol_id'] = (int) $row['rol_id'];
156  $row['parent'] = (int) $row['parent'];
157  $role_list[] = $row;
158  }
159 
160  return $this->__setRoleType($role_list);
161  }
162 
167  public function getAssignableRoles(
168  bool $a_templates = false,
169  bool $a_internal_roles = false,
170  string $title_filter = ''
171  ): array {
172  return iterator_to_array(
173  $this->getAssignableRolesGenerator(
174  $a_templates,
175  $a_internal_roles,
176  $title_filter
177  )
178  );
179  }
180 
184  private function getAssignableRolesGenerator(
185  bool $a_templates = false,
186  bool $a_internal_roles = false,
187  string $title_filter = ''
188  ): Generator {
189  $where = $this->__setTemplateFilter($a_templates);
190  $query = "SELECT * FROM object_data " .
191  "JOIN rbac_fa ON obj_id = rol_id " .
192  $where .
193  "AND rbac_fa.assign = 'y' ";
194 
195  if (strlen($title_filter)) {
196  $query .= (' AND ' . $this->db->like(
197  'title',
198  'text',
199  $title_filter . '%'
200  ));
201  }
202  $res = $this->db->query($query);
203 
204  while ($row = $this->db->fetchAssoc($res)) {
205  $row["description"] = (string) $row["description"];
206  $row["desc"] = $row["description"];
207  $row["user_id"] = (int) $row["owner"];
208  $row['obj_id'] = (int) $row['obj_id'];
209  $row['parent'] = (int) $row['parent'];
210  yield $this->setRoleTypeAndProtection($row);
211  }
212  }
213 
218  public function getAssignableRolesInSubtree(int $ref_id): array
219  {
220  global $DIC;
221 
222  $tree = $DIC->repositoryTree();
223  $query = 'SELECT rol_id FROM rbac_fa fa ' .
224  'JOIN tree t1 ON t1.child = fa.parent ' .
225  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
226  'WHERE assign = ' . $this->db->quote('y', 'text') . ' ' .
227  'AND obd.type = ' . $this->db->quote('role', 'text') . ' ' .
228  'AND t1.child IN (' .
229  $tree->getSubTreeQuery($ref_id, array('child')) . ' ' .
230  ') ';
231 
232  $res = $this->db->query($query);
233 
234  $role_list = [];
235  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
236  $role_list[] = (int) $row->rol_id;
237  }
238  return $role_list;
239  }
240 
244  public function getAssignableChildRoles(int $a_ref_id): array
245  {
246  $query = "SELECT fa.*, rd.* " .
247  "FROM object_data rd " .
248  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
249  "WHERE fa.assign = 'y' " .
250  "AND fa.parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
251 
252  $res = $this->db->query($query);
253  $roles_data = [];
254  while ($row = $this->db->fetchAssoc($res)) {
255  $row['rol_id'] = (int) $row['rol_id'];
256  $row['obj_id'] = (int) $row['obj_id'];
257 
258  $roles_data[] = $row;
259  }
260 
261  return $roles_data;
262  }
263 
267  protected function __setTemplateFilter(bool $a_templates): string
268  {
269  if ($a_templates) {
270  $where = "WHERE " . $this->db->in('object_data.type', array('role', 'rolt'), false, 'text') . " ";
271  } else {
272  $where = "WHERE " . $this->db->in('object_data.type', array('role'), false, 'text') . " ";
273  }
274  return $where;
275  }
276 
284  protected function __setRoleType(array $a_role_list): array
285  {
286  foreach ($a_role_list as $key => $val) {
287  $a_role_list[$key] = $this->setRoleTypeAndProtection($val);
288  }
289  return $a_role_list;
290  }
291 
292  private function setRoleTypeAndProtection(array $role_list_entry): array
293  {
294  $role_list_entry['role_type'] = $this->buildRoleType($role_list_entry);
295  $role_list_entry['protected'] = $this->buildProtectionByStringValue($role_list_entry['protected']);
296  return $role_list_entry;
297  }
298 
299  private function buildRoleType(array $role_list_entry): string
300  {
301  if ($role_list_entry['type'] === 'rolt') {
302  return 'template';
303  }
304 
305  if ($role_list_entry['assign'] !== 'y') {
306  return 'linked';
307  }
308 
309  if ($role_list_entry['parent'] === ROLE_FOLDER_ID) {
310  return 'global';
311  }
312 
313  return 'local';
314  }
315 
316  private function buildProtectionByStringValue(string $value): bool
317  {
318  if ($value === 'y') {
319  return true;
320  }
321  return false;
322  }
323 
328  public function getNumberOfAssignedUsers(array $a_roles): int
329  {
330  $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
331  'join object_data on ua.usr_id = obj_id ' .
332  'join usr_data ud on ua.usr_id = ud.usr_id ' .
333  'where ' . $this->db->in('rol_id', $a_roles, false, 'integer');
334 
335  $res = $this->db->query($query);
336  if ($res->numRows() > 0) {
337  $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
338  return isset($row->num) && is_numeric($row->num) ? (int) $row->num : 0;
339  }
340  return 0;
341  }
342 
349  public function assignedUsers(int $a_rol_id): array
350  {
351  if (isset(self::$assigned_users_cache[$a_rol_id])) {
352  return self::$assigned_users_cache[$a_rol_id];
353  }
354 
355  $result_arr = [];
356  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $this->db->quote($a_rol_id, 'integer');
357  $res = $this->db->query($query);
358  while ($row = $this->db->fetchAssoc($res)) {
359  $result_arr[] = (int) $row["usr_id"];
360  }
361  self::$assigned_users_cache[$a_rol_id] = $result_arr;
362  return $result_arr;
363  }
364 
368  public function isAssigned(int $a_usr_id, int $a_role_id): bool
369  {
370  if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
371  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
372  }
373  // Quickly determine if user is assigned to a role
374  $this->db->setLimit(1, 0);
375  $query = "SELECT usr_id FROM rbac_ua WHERE " .
376  "rol_id= " . $this->db->quote($a_role_id, 'integer') . " " .
377  "AND usr_id= " . $this->db->quote($a_usr_id, ilDBConstants::T_INTEGER);
378  $res = $this->db->query($query);
379  $is_assigned = $res->numRows() == 1;
380  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
381  return $is_assigned;
382  }
383 
392  public function isAssignedToAtLeastOneGivenRole(int $a_usr_id, array $a_role_ids): bool
393  {
394  global $DIC;
395 
396  $this->db = $DIC['ilDB'];
397 
398  $this->db->setLimit(1, 0);
399  $query = "SELECT usr_id FROM rbac_ua WHERE " .
400  $this->db->in('rol_id', $a_role_ids, false, 'integer') .
401  " AND usr_id= " . $this->db->quote($a_usr_id, ilDBConstants::T_INTEGER);
402  $res = $this->db->query($query);
403 
404  return $this->db->numRows($res) == 1;
405  }
406 
412  public function assignedRoles(int $a_usr_id): array
413  {
414  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $this->db->quote($a_usr_id, 'integer');
415 
416  $res = $this->db->query($query);
417  $role_arr = [];
418  while ($row = $this->db->fetchObject($res)) {
419  $role_arr[] = (int) $row->rol_id;
420  }
421  return $role_arr;
422  }
423 
427  public function assignedGlobalRoles(int $a_usr_id): array
428  {
429  $query = "SELECT ua.rol_id FROM rbac_ua ua " .
430  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
431  "WHERE usr_id = " . $this->db->quote($a_usr_id, 'integer') . ' ' .
432  "AND parent = " . $this->db->quote(ROLE_FOLDER_ID, ilDBConstants::T_INTEGER) . " " .
433  "AND assign = 'y' ";
434 
435  $res = $this->db->query($query);
436  $role_arr = [];
437  while ($row = $this->db->fetchObject($res)) {
438  $role_arr[] = $row->rol_id;
439  }
440  return $role_arr !== [] ? $role_arr : [];
441  }
442 
446  public function isAssignable(int $a_rol_id, int $a_ref_id): bool
447  {
448  // exclude system role from rbac
449  if ($a_rol_id == SYSTEM_ROLE_ID) {
450  return true;
451  }
452 
453  $query = "SELECT * FROM rbac_fa " .
454  "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
455  "AND parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
456  $res = $this->db->query($query);
457  while ($row = $this->db->fetchObject($res)) {
458  return $row->assign == 'y';
459  }
460  return false;
461  }
462 
463  public function hasMultipleAssignments(int $a_role_id): bool
464  {
465  $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $this->db->quote($a_role_id, 'integer') . ' ' .
466  "AND assign = " . $this->db->quote('y', 'text');
467  $res = $this->db->query($query);
468  return $res->numRows() > 1;
469  }
470 
480  public function getFoldersAssignedToRole(int $a_rol_id, bool $a_assignable = false): array
481  {
482  $where = '';
483  if ($a_assignable) {
484  $where = " AND assign ='y'";
485  }
486 
487  $query = "SELECT DISTINCT parent FROM rbac_fa " .
488  "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " . $where . " ";
489 
490  $res = $this->db->query($query);
491  $folders = [];
492  while ($row = $this->db->fetchObject($res)) {
493  $folders[] = (int) $row->parent;
494  }
495  return $folders;
496  }
497 
501  public function getRolesOfObject(int $a_ref_id, bool $a_assignable_only = false): array
502  {
503  $and = '';
504  if ($a_assignable_only === true) {
505  $and = 'AND assign = ' . $this->db->quote('y', 'text');
506  }
507  $query = "SELECT rol_id FROM rbac_fa " .
508  "WHERE parent = " . $this->db->quote($a_ref_id, 'integer') . " " .
509  $and;
510 
511  $res = $this->db->query($query);
512 
513  $role_ids = [];
514  while ($row = $this->db->fetchObject($res)) {
515  $role_ids[] = (int) $row->rol_id;
516  }
517  return $role_ids;
518  }
519 
530  public function getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable = true): array
531  {
532  $and = '';
533  if ($a_nonassignable === false) {
534  $and = " AND assign='y'";
535  }
536 
537  $query = "SELECT rol_id FROM rbac_fa " .
538  "WHERE parent = " . $this->db->quote($a_ref_id, 'integer') . " " .
539  $and;
540 
541  $res = $this->db->query($query);
542  $rol_id = [];
543  while ($row = $this->db->fetchObject($res)) {
544  $rol_id[] = (int) $row->rol_id;
545  }
546 
547  return $rol_id;
548  }
549 
555  public function getGlobalRoles(): array
556  {
557  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
558  }
559 
563  public function getLocalRoles(int $a_ref_id): array
564  {
565  $lroles = [];
566  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
567  if ($this->isAssignable($role_id, $a_ref_id)) {
568  $lroles[] = $role_id;
569  }
570  }
571  return $lroles;
572  }
573 
578  public function getLocalPolicies(int $a_ref_id): array
579  {
580  $lroles = [];
581  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
582  $lroles[] = $role_id;
583  }
584  return $lroles;
585  }
586 
590  public function getGlobalRolesArray(): array
591  {
592  $ga = [];
593  foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
594  $ga[] = array('obj_id' => $role_id,
595  'role_type' => 'global'
596  );
597  }
598  return $ga;
599  }
600 
604  public function getGlobalAssignableRoles(): array
605  {
606  $ga = [];
607  foreach ($this->getGlobalRoles() as $role_id) {
608  if (ilObjRole::_getAssignUsersStatus($role_id)) {
609  $ga[] = array('obj_id' => $role_id,
610  'role_type' => 'global'
611  );
612  }
613  }
614  return $ga;
615  }
616 
620  public function isRoleAssignedToObject(int $a_role_id, int $a_parent_id): bool
621  {
622  $query = 'SELECT * FROM rbac_fa ' .
623  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
624  'AND parent = ' . $this->db->quote($a_parent_id, 'integer');
625  $res = $this->db->query($query);
626  return (bool) $res->numRows();
627  }
628 
632  public function getOperations(): array
633  {
634  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
635  $res = $this->db->query($query);
636  $ops = [];
637  while ($row = $this->db->fetchObject($res)) {
638  $ops[] = array('ops_id' => (int) $row->ops_id,
639  'operation' => $row->operation,
640  'description' => $row->description
641  );
642  }
643  return $ops;
644  }
645 
649  public function getOperation(int $ops_id): array
650  {
651  $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $this->db->quote($ops_id, 'integer');
652  $res = $this->db->query($query);
653  $ops = [];
654  while ($row = $this->db->fetchObject($res)) {
655  $ops = array('ops_id' => (int) $row->ops_id,
656  'operation' => $row->operation,
657  'description' => $row->description
658  );
659  }
660  return $ops;
661  }
662 
667  public function getAllOperationsOfRole(int $a_rol_id, int $a_parent = 0): array
668  {
669  if (!$a_parent) {
670  $a_parent = ROLE_FOLDER_ID;
671  }
672  $query = "SELECT ops_id,type FROM rbac_templates " .
673  "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
674  "AND parent = " . $this->db->quote($a_parent, 'integer');
675  $res = $this->db->query($query);
676 
677  $ops_arr = [];
678  while ($row = $this->db->fetchObject($res)) {
679  $ops_arr[$row->type][] = (int) $row->ops_id;
680  }
681  return $ops_arr;
682  }
683 
687  public function getActiveOperationsOfRole(int $a_ref_id, int $a_role_id): array
688  {
689  $query = 'SELECT * FROM rbac_pa ' .
690  'WHERE ref_id = ' . $this->db->quote($a_ref_id, 'integer') . ' ' .
691  'AND rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ';
692 
693  $res = $this->db->query($query);
694  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
695  return unserialize($row['ops_id']);
696  }
697  return [];
698  }
699 
704  public function getOperationsOfRole(int $a_rol_id, string $a_type, int $a_parent = 0): array
705  {
706  $ops_arr = [];
707  // if no rolefolder id is given, assume global role folder as target
708  if ($a_parent == 0) {
709  $a_parent = ROLE_FOLDER_ID;
710  }
711 
712  $query = "SELECT ops_id FROM rbac_templates " .
713  "WHERE type =" . $this->db->quote($a_type, 'text') . " " .
714  "AND rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
715  "AND parent = " . $this->db->quote($a_parent, 'integer');
716  $res = $this->db->query($query);
717  while ($row = $this->db->fetchObject($res)) {
718  $ops_arr[] = $row->ops_id;
719  }
720  return $ops_arr;
721  }
722 
723  public function getRoleOperationsOnObject(int $a_role_id, int $a_ref_id): array
724  {
725  $query = "SELECT * FROM rbac_pa " .
726  "WHERE rol_id = " . $this->db->quote($a_role_id, 'integer') . " " .
727  "AND ref_id = " . $this->db->quote($a_ref_id, 'integer') . " ";
728 
729  $res = $this->db->query($query);
730  $ops = [];
731  while ($row = $this->db->fetchObject($res)) {
732  $ops = (array) unserialize($row->ops_id);
733  }
734  return $ops;
735  }
736 
740  public function getOperationsOnType(int $a_typ_id): array
741  {
742  $query = 'SELECT * FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
743  'WHERE typ_id = ' . $this->db->quote($a_typ_id, 'integer') . ' ' .
744  'ORDER BY op_order';
745 
746  $res = $this->db->query($query);
747  $ops_id = [];
748  while ($row = $this->db->fetchObject($res)) {
749  $ops_id[] = (int) $row->ops_id;
750  }
751  return $ops_id;
752  }
753 
757  public function getOperationsOnTypeString(string $a_type): array
758  {
759  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $this->db->quote($a_type, 'text') . " ";
760  $res = $this->db->query($query);
761  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
762  return $this->getOperationsOnType((int) $row->obj_id);
763  }
764  return [];
765  }
766 
770  public function getOperationsByTypeAndClass(string $a_type, string $a_class): array
771  {
772  if ($a_class != 'create') {
773  $condition = "AND class != " . $this->db->quote('create', 'text');
774  } else {
775  $condition = "AND class = " . $this->db->quote('create', 'text');
776  }
777 
778  $query = "SELECT ro.ops_id FROM rbac_operations ro " .
779  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
780  "JOIN object_data od ON rt.typ_id = od.obj_id " .
781  "WHERE type = " . $this->db->quote('typ', 'text') . " " .
782  "AND title = " . $this->db->quote($a_type, 'text') . " " .
783  $condition . " " .
784  "ORDER BY op_order ";
785 
786  $res = $this->db->query($query);
787  $ops = [];
788  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
789  $ops[] = (int) $row->ops_id;
790  }
791  return $ops;
792  }
793 
798  public function getObjectsWithStopedInheritance(int $a_rol_id, array $a_filter = []): array
799  {
800  $query = 'SELECT parent p FROM rbac_fa ' .
801  'WHERE assign = ' . $this->db->quote('n', 'text') . ' ' .
802  'AND rol_id = ' . $this->db->quote($a_rol_id, 'integer') . ' ';
803 
804  if ($a_filter !== []) {
805  $query .= ('AND ' . $this->db->in('parent', (array) $a_filter, false, 'integer'));
806  }
807 
808  $res = $this->db->query($query);
809  $parent = [];
810  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
811  $parent[] = (int) $row->p;
812  }
813  return $parent;
814  }
815 
820  public function isDeleted(int $a_node_id): bool
821  {
822  $q = "SELECT tree FROM tree WHERE child =" . $this->db->quote($a_node_id, ilDBConstants::T_INTEGER) . " ";
823  $r = $this->db->query($q);
824  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
825 
826  if (!$row) {
827  $message = sprintf(
828  '%s::isDeleted(): Role folder with ref_id %s not found!',
829  get_class($this),
830  $a_node_id
831  );
832  $this->log->warning($message);
833  return true;
834  }
835  return $row->tree < 0;
836  }
837 
841  public function isGlobalRole(int $a_role_id): bool
842  {
843  return in_array($a_role_id, $this->getGlobalRoles());
844  }
845 
849  public function getRolesByFilter(int $a_filter = 0, int $a_user_id = 0, string $title_filter = ''): Generator
850  {
851  $assign = "y";
852  switch ($a_filter) {
853  // all (assignable) roles
854  case self::FILTER_ALL:
855  yield from $this->getAssignableRolesGenerator(true, true, $title_filter);
856 
857  // all (assignable) global roles
858  // no break
859  case self::FILTER_ALL_GLOBAL:
860  $where = 'WHERE ' . $this->db->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
861  break;
862 
863  // all (assignable) local roles
864  case self::FILTER_ALL_LOCAL:
865  case self::FILTER_INTERNAL:
866  case self::FILTER_NOT_INTERNAL:
867  $where = 'WHERE ' . $this->db->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
868  break;
869 
870  case self::FILTER_TEMPLATES:
871  $where = "WHERE object_data.type = 'rolt'";
872  $assign = "n";
873  break;
874 
875  // only assigned roles, handled by ilObjUserGUI::roleassignmentObject()
876  case 0:
877  default:
878  if (!$a_user_id) {
879  return [];
880  }
881 
882  $where = 'WHERE ' . $this->db->in(
883  'rbac_fa.rol_id',
884  $this->assignedRoles($a_user_id),
885  false,
886  'integer'
887  ) . ' ';
888  break;
889  }
890 
891  $query = "SELECT * FROM object_data " .
892  "JOIN rbac_fa ON obj_id = rol_id " .
893  $where .
894  "AND rbac_fa.assign = " . $this->db->quote($assign, 'text') . " ";
895 
896  if (strlen($title_filter)) {
897  $query .= (' AND ' . $this->db->like(
898  'title',
899  'text',
900  '%' . $title_filter . '%'
901  ));
902  }
903 
904  $res = $this->db->query($query);
905  while ($row = $this->db->fetchAssoc($res)) {
906  $row['title'] = $row['title'] ?? '';
907  $prefix = substr($row['title'], 0, 3) == "il_";
908 
909  // all (assignable) internal local roles only
910  if ($a_filter == 4 && !$prefix) {
911  continue;
912  }
913 
914  // all (assignable) non internal local roles only
915  if ($a_filter == 5 && $prefix) {
916  continue;
917  }
918 
919  $row['description'] = $row['description'] ?? '';
920  $row["desc"] = $row["description"];
921  $row["user_id"] = (int) $row["owner"];
922  $row['obj_id'] = (int) $row['obj_id'];
923  $row['rol_id'] = (int) $row['rol_id'];
924  $row['parent'] = (int) $row['parent'];
925 
926  yield $this->setRoleTypeAndProtection($row);
927  }
928  }
929 
930  public function getTypeId(string $a_type): int
931  {
932  $q = "SELECT obj_id FROM object_data " .
933  "WHERE title=" . $this->db->quote($a_type, 'text') . " AND type='typ'";
934  $r = $this->db->query($q);
935  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
936  return (int) $row->obj_id;
937  }
938  return 0;
939  }
940 
945  public static function _getOperationIdsByName(array $operations): array
946  {
947  global $DIC;
948 
949  $ilDB = $DIC->database();
950  if ($operations === []) {
951  return [];
952  }
953 
954  $query = 'SELECT ops_id FROM rbac_operations ' .
955  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
956 
957  $res = $ilDB->query($query);
958  $ops_ids = [];
959  while ($row = $ilDB->fetchObject($res)) {
960  $ops_ids[] = (int) $row->ops_id;
961  }
962  return $ops_ids;
963  }
964 
968  public static function _getOperationIdByName(string $a_operation): int
969  {
970  global $DIC;
971 
972  $ilDB = $DIC->database();
973 
974  // Cache operation ids
975  if (!is_array(self::$_opsCache)) {
976  self::$_opsCache = [];
977 
978  $q = "SELECT ops_id, operation FROM rbac_operations";
979  $r = $ilDB->query($q);
980  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
981  self::$_opsCache[$row->operation] = (int) $row->ops_id;
982  }
983  }
984 
985  // Get operation ID by name from cache
986  if (array_key_exists($a_operation, self::$_opsCache)) {
987  return self::$_opsCache[$a_operation];
988  }
989  return 0;
990  }
991 
997  public static function lookupCreateOperationIds(array $a_type_arr): array
998  {
999  global $DIC;
1000 
1001  $ilDB = $DIC->database();
1002 
1003  $operations = [];
1004  foreach ($a_type_arr as $type) {
1005  $operations[] = ('create_' . $type);
1006  }
1007 
1008  if ($operations === []) {
1009  return [];
1010  }
1011 
1012  $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1013  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1014 
1015  $res = $ilDB->query($query);
1016 
1017  $ops_ids = [];
1018  while ($row = $ilDB->fetchObject($res)) {
1019  $type_arr = explode('_', $row->operation);
1020  $type = $type_arr[1];
1021 
1022  $ops_ids[$type] = (int) $row->ops_id;
1023  }
1024  return $ops_ids;
1025  }
1026 
1030  public function isProtected(int $a_ref_id, int $a_role_id): bool
1031  {
1032  $query = 'SELECT protected FROM rbac_fa ' .
1033  'WHERE rol_id = ' . $this->db->quote($a_role_id, ilDBConstants::T_INTEGER);
1034  $res = $this->db->query($query);
1035  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1036  if ($row->protected === 'y') {
1037  return true;
1038  }
1039  }
1040  return false;
1041  }
1042 
1043  public function isBlockedAtPosition(int $a_role_id, int $a_ref_id): bool
1044  {
1045  $query = 'SELECT blocked from rbac_fa ' .
1046  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1047  'AND parent = ' . $this->db->quote($a_ref_id, 'integer');
1048  $res = $this->db->query($query);
1049  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1050  return (bool) $row->blocked;
1051  }
1052  return false;
1053  }
1054 
1059  public function isBlockedInUpperContext(int $a_role_id, int $a_ref_id): bool
1060  {
1061  global $DIC;
1062 
1063  $tree = $DIC['tree'];
1064 
1065  if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1066  return false;
1067  }
1068  $query = 'SELECT parent from rbac_fa ' .
1069  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1070  'AND blocked = ' . $this->db->quote(1, 'integer');
1071  $res = $this->db->query($query);
1072 
1073  $parent_ids = [];
1074  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1075  $parent_ids[] = (int) $row->parent;
1076  }
1077 
1078  foreach ($parent_ids as $parent_id) {
1079  if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1080  return true;
1081  }
1082  }
1083  return false;
1084  }
1085 
1086  // this method alters the protected status of role regarding the current user's role assignment
1087  // and current postion in the hierarchy.
1088  protected function __setProtectedStatus(array $a_parent_roles, array $a_role_hierarchy, int $a_ref_id): array
1089  {
1090  global $DIC;
1091 
1092  $rbacsystem = $DIC->rbac()->system();
1093  $ilUser = $DIC->user();
1094  if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1095  $leveladmin = true;
1096  } else {
1097  $leveladmin = false;
1098  }
1099  foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1100  if ($leveladmin == true) {
1101  $a_parent_roles[$role_id]['protected'] = false;
1102  continue;
1103  }
1104 
1105  if ($a_parent_roles[$role_id]['protected'] == true) {
1106  $arr_lvl_roles_user = array_intersect(
1107  $this->assignedRoles($ilUser->getId()),
1108  array_keys($a_role_hierarchy, $rolf_id)
1109  );
1110 
1111  foreach ($arr_lvl_roles_user as $lvl_role_id) {
1112  // check if role grants 'edit_permission' to parent
1113  $rolf = $a_parent_roles[$role_id]['parent'];
1114  if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1115  $a_parent_roles[$role_id]['protected'] = false;
1116  }
1117  }
1118  }
1119  }
1120  return $a_parent_roles;
1121  }
1122 
1126  public static function _getOperationList(string $a_type = ''): array
1127  {
1128  global $DIC;
1129 
1130  $ilDB = $DIC->database();
1131  $arr = [];
1132  if ($a_type) {
1133  $query = sprintf(
1134  'SELECT * FROM rbac_operations ' .
1135  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1136  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1137  'WHERE object_data.title = %s ' .
1138  'AND object_data.type = %s ' .
1139  'ORDER BY op_order ASC',
1140  $ilDB->quote($a_type, 'text'),
1141  $ilDB->quote('typ', 'text')
1142  );
1143  } else {
1144  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1145  }
1146  $res = $ilDB->query($query);
1147  while ($row = $ilDB->fetchAssoc($res)) {
1148  $arr[] = array(
1149  "ops_id" => (int) $row['ops_id'],
1150  "operation" => $row['operation'],
1151  "desc" => $row['description'],
1152  "class" => $row['class'],
1153  "order" => (int) $row['op_order']
1154  );
1155  }
1156  return $arr;
1157  }
1158 
1159  public static function _groupOperationsByClass(array $a_ops_arr): array
1160  {
1161  $arr = [];
1162  foreach ($a_ops_arr as $ops) {
1163  $arr[$ops['class']][] = array('ops_id' => (int) $ops['ops_id'],
1164  'name' => $ops['operation']
1165  );
1166  }
1167  return $arr;
1168  }
1169 
1174  public function getObjectOfRole(int $a_role_id): int
1175  {
1176  // internal cache
1177  static $obj_cache = [];
1178 
1179  if (isset($obj_cache[$a_role_id]) && $obj_cache[$a_role_id]) {
1180  return $obj_cache[$a_role_id];
1181  }
1182 
1183  $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1184  'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1185  'WHERE assign = ' . $this->db->quote('y', 'text') . ' ' .
1186  'AND rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1187  'AND deleted IS NULL';
1188 
1189  $res = $this->db->query($query);
1190  $obj_cache[$a_role_id] = 0;
1191  while ($row = $this->db->fetchObject($res)) {
1192  $obj_cache[$a_role_id] = (int) $row->obj_id;
1193  }
1194  return $obj_cache[$a_role_id];
1195  }
1196 
1197  public function getObjectReferenceOfRole(int $a_role_id): int
1198  {
1199  $query = 'SELECT parent p_ref FROM rbac_fa ' .
1200  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1201  'AND assign = ' . $this->db->quote('y', 'text');
1202 
1203  $res = $this->db->query($query);
1204  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1205  return (int) $row->p_ref;
1206  }
1207  return 0;
1208  }
1209 
1213  public function isRoleDeleted(int $a_role_id): bool
1214  {
1215  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1216  $deleted = true;
1217  if ($rolf_list !== []) {
1218  foreach ($rolf_list as $rolf) {
1219  // only list roles that are not set to status "deleted"
1220  if (!$this->isDeleted($rolf)) {
1221  $deleted = false;
1222  break;
1223  }
1224  }
1225  }
1226  return $deleted;
1227  }
1228 
1229  public function getRolesForIDs(array $role_ids, bool $use_templates): array
1230  {
1231  $where = $this->__setTemplateFilter($use_templates);
1232  $query = "SELECT * FROM object_data " .
1233  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1234  $where .
1235  "AND rbac_fa.assign = 'y' " .
1236  'AND ' . $this->db->in('object_data.obj_id', $role_ids, false, 'integer');
1237 
1238  $res = $this->db->query($query);
1239  $role_list = [];
1240  while ($row = $this->db->fetchAssoc($res)) {
1241  $row["desc"] = $row["description"];
1242  $row["user_id"] = (int) $row["owner"];
1243  $role_list[] = $row;
1244  }
1245  return $this->__setRoleType($role_list);
1246  }
1247 
1252  public function getOperationAssignment(): array
1253  {
1254  global $DIC;
1255 
1256  $this->db = $DIC['ilDB'];
1257 
1258  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1259  'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1260  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1261  $res = $this->db->query($query);
1262 
1263  $counter = 0;
1264  $info = [];
1265  while ($row = $this->db->fetchObject($res)) {
1266  $info[$counter]['typ_id'] = (int) $row->typ_id;
1267  $info[$counter]['type'] = $row->title;
1268  $info[$counter]['ops_id'] = (int) $row->ops_id;
1269  $info[$counter]['operation'] = $row->operation;
1270  $counter++;
1271  }
1272  return $info;
1273  }
1274 
1278  public function isDeleteable(int $a_role_id, int $a_rolf_id): bool
1279  {
1280  if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1281  return false;
1282  }
1283  if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1284  return false;
1285  }
1286  if (substr(ilObject::_lookupTitle($a_role_id), 0, 3) == 'il_') {
1287  return false;
1288  }
1289  return true;
1290  }
1291 
1295  public function isSystemGeneratedRole(int $a_role_id): bool
1296  {
1297  $title = ilObject::_lookupTitle($a_role_id);
1298  return substr($title, 0, 3) == 'il_';
1299  }
1300 
1301  public function getParentOfRole(int $role_id, ?int $object_ref = null): ?int
1302  {
1303  global $DIC;
1305  $tree = $DIC['tree'];
1306 
1307  if ($object_ref === null || $object_ref === ROLE_FOLDER_ID) {
1308  return $this->getRoleFolderOfRole($role_id);
1309  }
1310 
1311 
1312  $path_ids = $tree->getPathId($object_ref);
1313  array_unshift($path_ids, ROLE_FOLDER_ID);
1314 
1315  while ($ref_id = array_pop($path_ids)) {
1316  $roles = $this->getRoleListByObject($ref_id, false);
1317  foreach ($roles as $role) {
1318  if ((int) $role['obj_id'] === $role_id) {
1319  return $ref_id;
1320  }
1321  }
1322  }
1323 
1324  return null;
1325  }
1326 
1327 
1328  public function getRoleFolderOfRole(int $a_role_id): int
1329  {
1330  if (ilObject::_lookupType($a_role_id) == 'role') {
1331  $and = ('AND assign = ' . $this->db->quote('y', 'text'));
1332  } else {
1333  $and = '';
1334  }
1335 
1336  $query = 'SELECT * FROM rbac_fa ' .
1337  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1338  $and;
1339  $res = $this->db->query($query);
1340  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1341  return (int) $row->parent;
1342  }
1343  return 0;
1344  }
1345 
1349  public function getUserPermissionsOnObject(int $a_user_id, int $a_ref_id): array
1350  {
1351  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1352  "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1353  "WHERE rbac_ua.usr_id = " . $this->db->quote($a_user_id, 'integer') . " " .
1354  "AND rbac_pa.ref_id = " . $this->db->quote($a_ref_id, 'integer') . " ";
1355 
1356  $res = $this->db->query($query);
1357  $all_ops = [];
1358  while ($row = $this->db->fetchObject($res)) {
1359  $ops = unserialize($row->ops_id);
1360  $all_ops = array_merge($all_ops, $ops);
1361  }
1362  $all_ops = array_unique($all_ops);
1363 
1364  $set = $this->db->query("SELECT operation FROM rbac_operations " .
1365  " WHERE " . $this->db->in("ops_id", $all_ops, false, "integer"));
1366  $perms = [];
1367  while ($rec = $this->db->fetchAssoc($set)) {
1368  $perms[] = $rec["operation"];
1369  }
1370  return $perms;
1371  }
1372 
1376  public function setAssignedCacheEntry(int $a_role_id, int $a_user_id, bool $a_value): void
1377  {
1378  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1379  }
1380 
1381  public function getAssignedCacheEntry(int $a_role_id, int $a_user_id): bool
1382  {
1383  return self::$is_assigned_cache[$a_role_id][$a_user_id];
1384  }
1385 
1389  public function clearCaches(): void
1390  {
1391  self::$is_assigned_cache = [];
1392  self::$assigned_users_cache = [];
1393  }
1394 
1395  public static function _getCustomRBACOperationId(string $operation, \ilDBInterface $ilDB = null): ?int
1396  {
1397  if (!$ilDB) {
1398  global $DIC;
1399  $ilDB = $DIC->database();
1400  }
1401 
1402  $sql =
1403  "SELECT ops_id" . PHP_EOL
1404  . "FROM rbac_operations" . PHP_EOL
1405  . "WHERE operation = " . $ilDB->quote($operation, "text") . PHP_EOL
1406  ;
1407 
1408  $res = $ilDB->query($sql);
1409  if ($ilDB->numRows($res) == 0) {
1410  return null;
1411  }
1412 
1413  $row = $ilDB->fetchAssoc($res);
1414  return (int) $row["ops_id"] ?? null;
1415  }
1416 
1417  public static function _isRBACOperation(int $type_id, int $ops_id, \ilDBInterface $ilDB = null): bool
1418  {
1419  if (!$ilDB) {
1420  global $DIC;
1421  $ilDB = $DIC->database();
1422  }
1423 
1424  $sql =
1425  "SELECT typ_id" . PHP_EOL
1426  . "FROM rbac_ta" . PHP_EOL
1427  . "WHERE typ_id = " . $ilDB->quote($type_id, "integer") . PHP_EOL
1428  . "AND ops_id = " . $ilDB->quote($ops_id, "integer") . PHP_EOL
1429  ;
1430 
1431  return (bool) $ilDB->numRows($ilDB->query($sql));
1432  }
1433 }
ilRbacReview\getRoleListByObject
getRoleListByObject(int $a_ref_id, bool $a_templates=false)
Returns a list of roles in an container.
Definition: class.ilRbacReview.php:139
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1389
ilRbacReview\getOperationsOnType
getOperationsOnType(int $a_typ_id)
all possible operations of a type
Definition: class.ilRbacReview.php:740
$res
$res
Definition: ltiservices.php:69
ilRbacReview\getRolesForIDs
getRolesForIDs(array $role_ids, bool $use_templates)
Definition: class.ilRbacReview.php:1229
ilRbacReview\roleExists
roleExists(string $a_title, int $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:70
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:723
ilRbacReview\assignedUsers
assignedUsers(int $a_rol_id)
get all assigned users to a given role public
Definition: class.ilRbacReview.php:349
$type
$type
Definition: proxy_ylocal.php:10
ilRbacReview\getOperation
getOperation(int $ops_id)
get one operation by operation id
Definition: class.ilRbacReview.php:649
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:1043
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject(int $a_user_id, int $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1349
ilRbacReview\getRolesOfObject
getRolesOfObject(int $a_ref_id, bool $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:501
ilRbacReview\setRoleTypeAndProtection
setRoleTypeAndProtection(array $role_list_entry)
Definition: class.ilRbacReview.php:292
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString(string $a_type)
all possible operations of a type
Definition: class.ilRbacReview.php:757
ilRbacReview\getLocalRoles
getLocalRoles(int $a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:563
ilRbacReview\__setTemplateFilter
__setTemplateFilter(bool $a_templates)
get roles and templates or only roles; returns string for where clause
Definition: class.ilRbacReview.php:267
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole(int $a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1295
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName(array $operations)
get ops_id&#39;s by name.
Definition: class.ilRbacReview.php:945
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole(int $a_role_id)
Definition: class.ilRbacReview.php:1197
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1252
ilRbacReview\__setRoleType
__setRoleType(array $a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:284
ilRbacReview\isDeleted
isDeleted(int $a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id)
Definition: class.ilRbacReview.php:820
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole(int $a_rol_id, int $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:667
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry(int $a_role_id, int $a_user_id, bool $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1376
ilRbacReview\getLocalPolicies
getLocalPolicies(int $a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:578
$DIC
global $DIC
Definition: feed.php:28
ilRbacReview\__getParentRoles
__getParentRoles(array $a_path, bool $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:95
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1126
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds(array $a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:997
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass(string $a_type, string $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:770
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole(int $a_rol_id, bool $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:480
ilRbacReview\$is_assigned_cache
static array $is_assigned_cache
Definition: class.ilRbacReview.php:46
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only &#39;global&#39; roles
Definition: class.ilRbacReview.php:590
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles(int $a_ref_id)
Get all assignable roles directly under a specific node.
Definition: class.ilRbacReview.php:244
$ref_id
$ref_id
Definition: ltiauth.php:67
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject(int $a_role_id, int $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:620
ilRbacReview\$db
ilDBInterface $db
Definition: class.ilRbacReview.php:49
ilRbacReview\getTypeId
getTypeId(string $a_type)
Definition: class.ilRbacReview.php:930
ilRbacReview\buildRoleType
buildRoleType(array $role_list_entry)
Definition: class.ilRbacReview.php:299
ilRbacReview\getParentRoleIds
getParentRoleIds(int $a_endnode_id, bool $a_templates=false)
Get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:122
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilRbacReview\isAssigned
isAssigned(int $a_usr_id, int $a_role_id)
check if a specific user is assigned to specific role
Definition: class.ilRbacReview.php:368
ilRbacReview\isDeleteable
isDeleteable(int $a_role_id, int $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1278
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles
Definition: class.ilRbacReview.php:555
$query
$query
Definition: proxy_ylocal.php:13
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree(int $ref_id)
Returns a list of assignable roles in a subtree of the repository.
Definition: class.ilRbacReview.php:218
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles (not properly deleted user accounts are not counted) ...
Definition: class.ilRbacReview.php:328
ilRbacReview\__setProtectedStatus
__setProtectedStatus(array $a_parent_roles, array $a_role_hierarchy, int $a_ref_id)
Definition: class.ilRbacReview.php:1088
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments(int $a_role_id)
Definition: class.ilRbacReview.php:463
ilRbacReview\_getCustomRBACOperationId
static _getCustomRBACOperationId(string $operation, \ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1395
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext(int $a_role_id, int $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1059
ilRbacReview\isGlobalRole
isGlobalRole(int $a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:841
ilRbacReview\_getOperationIdByName
static _getOperationIdByName(string $a_operation)
get operation id by name of operation
Definition: class.ilRbacReview.php:968
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only &#39;global&#39; roles (with flag &#39;assign_users&#39;)
Definition: class.ilRbacReview.php:604
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilRbacReview\__construct
__construct()
Constructor public.
Definition: class.ilRbacReview.php:55
ilRbacReview\getOperations
getOperations()
get all possible operations
Definition: class.ilRbacReview.php:632
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass(array $a_ops_arr)
Definition: class.ilRbacReview.php:1159
ilRbacReview\getAssignableRolesGenerator
getAssignableRolesGenerator(bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
Definition: class.ilRbacReview.php:184
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry(int $a_role_id, int $a_user_id)
Definition: class.ilRbacReview.php:1381
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:530
$ilUser
$ilUser
Definition: imgupload.php:34
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles(int $a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:427
$message
$message
Definition: xapiexit.php:32
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole(int $a_ref_id, int $a_role_id)
Get active operations for a role.
Definition: class.ilRbacReview.php:687
ilRbacReview\$_opsCache
static array $_opsCache
Definition: class.ilRbacReview.php:43
ilRbacReview\isRoleDeleted
isRoleDeleted(int $a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1213
ilRbacReview\_isRBACOperation
static _isRBACOperation(int $type_id, int $ops_id, \ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1417
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:446
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilRbacReview\getRolesByFilter
getRolesByFilter(int $a_filter=0, int $a_user_id=0, string $title_filter='')
Definition: class.ilRbacReview.php:849
ilRbacReview\getOperationsOfRole
getOperationsOfRole(int $a_rol_id, string $a_type, int $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:704
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole(int $a_role_id)
Definition: class.ilRbacReview.php:1328
ilRbacReview\getAssignableRoles
getAssignableRoles(bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
Returns a list of all assignable roles.
Definition: class.ilRbacReview.php:167
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance(int $a_rol_id, array $a_filter=[])
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:798
ilRbacReview\buildProtectionByStringValue
buildProtectionByStringValue(string $value)
Definition: class.ilRbacReview.php:316
ilRbacReview\assignedRoles
assignedRoles(int $a_usr_id)
get all assigned roles to a given user
Definition: class.ilRbacReview.php:412
ilRbacReview\getObjectOfRole
getObjectOfRole(int $a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1174
ilRbacReview\$assigned_users_cache
static array $assigned_users_cache
Definition: class.ilRbacReview.php:45
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole(int $a_usr_id, array $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:392
ilRbacReview\isProtected
isProtected(int $a_ref_id, int $a_role_id)
ref_id not used yet.
Definition: class.ilRbacReview.php:1030