ILIAS  trunk Revision v11.0_alpha-1831-g8615d53dadb
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Static Protected Attributes | Private Member Functions | Static Private Attributes
ilRbacReview Class Reference

class ilRbacReview Contains Review functions of core Rbac. More...

+ Collaboration diagram for ilRbacReview:

Public Member Functions

 __construct ()
 Constructor public. More...
 
 roleExists (string $a_title, int $a_id=0)
 Checks if a role already exists. More...
 
 getParentRoleIds (int $a_endnode_id, bool $a_templates=false)
 Get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates. More...
 
 getRoleListByObject (int $a_ref_id, bool $a_templates=false)
 Returns a list of roles in an container. More...
 
 getAssignableRoles (bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
 Returns a list of all assignable roles. More...
 
 getAssignableRolesInSubtree (int $ref_id)
 Returns a list of assignable roles in a subtree of the repository. More...
 
 getAssignableChildRoles (int $a_ref_id)
 Get all assignable roles directly under a specific node. More...
 
 getNumberOfAssignedUsers (array $a_roles)
 Get the number of assigned users to roles (not properly deleted user accounts are not counted) More...
 
 assignedUsers (int $a_rol_id)
 get all assigned users to a given role More...
 
 isAssigned (int $a_usr_id, int $a_role_id)
 check if a specific user is assigned to specific role More...
 
 isAssignedToAtLeastOneGivenRole (int $a_usr_id, array $a_role_ids)
 check if a specific user is assigned to at least one of the given role ids. More...
 
 assignedRoles (int $a_usr_id)
 get all assigned roles to a given user More...
 
 assignedGlobalRoles (int $a_usr_id)
 Get assigned global roles for an user. More...
 
 isAssignable (int $a_rol_id, int $a_ref_id)
 Check if its possible to assign users. More...
 
 hasMultipleAssignments (int $a_role_id)
 
 getFoldersAssignedToRole (int $a_rol_id, bool $a_assignable=false)
 Returns an array of objects assigned to a role. More...
 
 getRolesOfObject (int $a_ref_id, bool $a_assignable_only=false)
 Get roles of object. More...
 
 getRolesOfRoleFolder (int $a_ref_id, bool $a_nonassignable=true)
 get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids More...
 
 getGlobalRoles ()
 get only 'global' roles More...
 
 getLocalRoles (int $a_ref_id)
 Get local roles of object. More...
 
 getLocalPolicies (int $a_ref_id)
 Get all roles with local policies. More...
 
 getGlobalRolesArray ()
 get only 'global' roles More...
 
 getGlobalAssignableRoles ()
 get only 'global' roles (with flag 'assign_users') More...
 
 isRoleAssignedToObject (int $a_role_id, int $a_parent_id)
 Check if role is assigned to an object. More...
 
 getOperations ()
 get all possible operations More...
 
 getOperation (int $ops_id)
 get one operation by operation id More...
 
 getAllOperationsOfRole (int $a_rol_id, int $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles More...
 
 getActiveOperationsOfRole (int $a_ref_id, int $a_role_id)
 
 getOperationsOfRole (int $a_rol_id, string $a_type, int $a_parent=0)
 get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles More...
 
 getRoleOperationsOnObject (int $a_role_id, int $a_ref_id)
 
 getOperationsOnType (int $a_typ_id)
 all possible operations of a type More...
 
 getOperationsOnTypeString (string $a_type)
 all possible operations of a type More...
 
 getOperationsByTypeAndClass (string $a_type, string $a_class)
 Get operations by type and class. More...
 
 getObjectsWithStopedInheritance (int $a_rol_id, array $a_filter=[])
 get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder. More...
 
 isDeleted (int $a_node_id)
 Checks if a rolefolder is set as deleted (negative tree_id) More...
 
 isGlobalRole (int $a_role_id)
 Check if role is a global role. More...
 
 getRolesByFilter (int $a_filter=0, int $a_user_id=0, string $title_filter='')
 
 getTypeId (string $a_type)
 
 isProtected (int $a_ref_id, int $a_role_id)
 ref_id not used yet. More...
 
 isBlockedAtPosition (int $a_role_id, int $a_ref_id)
 
 isBlockedInUpperContext (int $a_role_id, int $a_ref_id)
 Check if role is blocked in upper context. More...
 
 getObjectOfRole (int $a_role_id)
 Get object id of objects a role is assigned to. More...
 
 getObjectReferenceOfRole (int $a_role_id)
 
 isRoleDeleted (int $a_role_id)
 return if role is only attached to deleted role folders More...
 
 getRolesForIDs (array $role_ids, bool $use_templates)
 
 getOperationAssignment ()
 get operation assignments More...
 
 isDeleteable (int $a_role_id, int $a_rolf_id)
 Check if role is deleteable at a specific position. More...
 
 isSystemGeneratedRole (int $a_role_id)
 Check if the role is system generate role or role template. More...
 
 getRoleFolderOfRole (int $a_role_id)
 
 getUserPermissionsOnObject (int $a_user_id, int $a_ref_id)
 Get all user permissions on an object. More...
 
 setAssignedCacheEntry (int $a_role_id, int $a_user_id, bool $a_value)
 set entry of assigned_chache More...
 
 getAssignedCacheEntry (int $a_role_id, int $a_user_id)
 
 clearCaches ()
 Clear assigned users caches. More...
 

Static Public Member Functions

static _getOperationIdsByName (array $operations)
 get ops_id's by name. More...
 
static _getOperationIdByName (string $a_operation)
 get operation id by name of operation More...
 
static lookupCreateOperationIds (array $a_type_arr)
 Lookup operation ids. More...
 
static _getOperationList (string $a_type='')
 get operation list by object type More...
 
static _groupOperationsByClass (array $a_ops_arr)
 
static _getCustomRBACOperationId (string $operation, ?\ilDBInterface $ilDB=null)
 
static _isRBACOperation (int $type_id, int $ops_id, ?\ilDBInterface $ilDB=null)
 

Data Fields

const FILTER_ALL = 1
 
const FILTER_ALL_GLOBAL = 2
 
const FILTER_ALL_LOCAL = 3
 
const FILTER_INTERNAL = 4
 
const FILTER_NOT_INTERNAL = 5
 
const FILTER_TEMPLATES = 6
 

Protected Member Functions

 __getParentRoles (array $a_path, bool $a_templates)
 Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan. More...
 
 __setTemplateFilter (bool $a_templates)
 get roles and templates or only roles; returns string for where clause More...
 
 __setRoleType (array $a_role_list)
 computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates More...
 
 __setProtectedStatus (array $a_parent_roles, array $a_role_hierarchy, int $a_ref_id)
 

Protected Attributes

ilLogger $log
 
ilDBInterface $db
 

Static Protected Attributes

static array $assigned_users_cache = []
 
static array $is_assigned_cache = []
 

Private Member Functions

 getAssignableRolesGenerator (bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
 
 setRoleTypeAndProtection (array $role_list_entry)
 
 buildRoleType (array $role_list_entry)
 
 buildProtectionByStringValue (string $value)
 

Static Private Attributes

static array $_opsCache = null
 

Detailed Description

class ilRbacReview Contains Review functions of core Rbac.

This class offers the possibility to view the contents of the user <-> role (UR) relation and the permission <-> role (PR) relation. For example, from the UA relation the administrator should have the facility to view all user assigned to a given role.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

-type RoleListEntry array{obj_id: int, rol_id: int, parent: int, user_id: int, owner: int, title: ?string, desc: string, description: string, create_date: ?string, last_update: ?string, import_id: ?string, tile_image_rid: ?string, role_type: string, offline: ?int, type: string, assign: string, protected: bool, blocked: int, rol_id: int}

Definition at line 33 of file class.ilRbacReview.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacReview::__construct ( )

Constructor public.

Definition at line 55 of file class.ilRbacReview.php.

References $DIC, and ilLoggerFactory\getLogger().

56  {
57  global $DIC;
58 
59  $this->log = ilLoggerFactory::getLogger('ac');
60  $this->db = $DIC->database();
61  }
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

Member Function Documentation

◆ __getParentRoles()

ilRbacReview::__getParentRoles ( array  $a_path,
bool  $a_templates 
)
protected

Note: This function performs faster than the new getParentRoles function, because it uses database indexes whereas getParentRoles needs a full table space scan.

Get parent roles in a path. If last parameter is set 'true' it delivers also all templates in the path

Parameters
arrayarray with path_ids
booltrue for role templates (default: false)
Returns
array array with all parent roles (obj_ids)

Definition at line 95 of file class.ilRbacReview.php.

References $id, $ref_id, __setProtectedStatus(), getRoleListByObject(), and ILIAS\Repository\int().

Referenced by getParentRoleIds().

95  : array
96  {
97  $parent_roles = [];
98  $role_hierarchy = [];
99  foreach ($a_path as $ref_id) {
100  $roles = $this->getRoleListByObject($ref_id, $a_templates);
101  foreach ($roles as $role) {
102  $id = (int) $role["obj_id"];
103  $role["parent"] = (int) $ref_id;
104  $parent_roles[$id] = $role;
105 
106  if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
107  $role_hierarchy[$id] = $ref_id;
108  }
109  }
110  }
111  return $this->__setProtectedStatus($parent_roles, $role_hierarchy, (int) reset($a_path));
112  }
ilRbacReview\getRoleListByObject
getRoleListByObject(int $a_ref_id, bool $a_templates=false)
Returns a list of roles in an container.
Definition: class.ilRbacReview.php:140
$ref_id
$ref_id
Definition: ltiauth.php:65
ilRbacReview\__setProtectedStatus
__setProtectedStatus(array $a_parent_roles, array $a_role_hierarchy, int $a_ref_id)
Definition: class.ilRbacReview.php:1107
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ __setProtectedStatus()

ilRbacReview::__setProtectedStatus ( array  $a_parent_roles,
array  $a_role_hierarchy,
int  $a_ref_id 
)
protected

Definition at line 1107 of file class.ilRbacReview.php.

References $DIC, assignedRoles(), and SYSTEM_ROLE_ID.

Referenced by __getParentRoles().

1107  : array
1108  {
1109  global $DIC;
1110 
1111  $rbacsystem = $DIC->rbac()->system();
1112  $ilUser = $DIC->user();
1113  if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1114  $leveladmin = true;
1115  } else {
1116  $leveladmin = false;
1117  }
1118  foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1119  if ($leveladmin == true) {
1120  $a_parent_roles[$role_id]['protected'] = false;
1121  continue;
1122  }
1123 
1124  if ($a_parent_roles[$role_id]['protected'] == true) {
1125  $arr_lvl_roles_user = array_intersect(
1126  $this->assignedRoles($ilUser->getId()),
1127  array_keys($a_role_hierarchy, $rolf_id)
1128  );
1129 
1130  foreach ($arr_lvl_roles_user as $lvl_role_id) {
1131  // check if role grants 'edit_permission' to parent
1132  $rolf = $a_parent_roles[$role_id]['parent'];
1133  if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1134  $a_parent_roles[$role_id]['protected'] = false;
1135  }
1136  }
1137  }
1138  }
1139  return $a_parent_roles;
1140  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$DIC
global $DIC
Definition: shib_login.php:22
ilRbacReview\assignedRoles
assignedRoles(int $a_usr_id)
get all assigned roles to a given user
Definition: class.ilRbacReview.php:411
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ __setRoleType()

ilRbacReview::__setRoleType ( array  $a_role_list)
protected

computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in other role folders linked: roles with stoppped inheritance template: role templates

Definition at line 286 of file class.ilRbacReview.php.

References setRoleTypeAndProtection().

Referenced by getRoleListByObject(), and getRolesForIDs().

286  : array
287  {
288  foreach ($a_role_list as $key => $val) {
289  $a_role_list[$key] = $this->setRoleTypeAndProtection($val);
290  }
291  return $a_role_list;
292  }
ilRbacReview\setRoleTypeAndProtection
setRoleTypeAndProtection(array $role_list_entry)
Definition: class.ilRbacReview.php:294
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ __setTemplateFilter()

ilRbacReview::__setTemplateFilter ( bool  $a_templates)
protected

get roles and templates or only roles; returns string for where clause

Definition at line 269 of file class.ilRbacReview.php.

Referenced by getAssignableRolesGenerator(), getRoleListByObject(), and getRolesForIDs().

269  : string
270  {
271  if ($a_templates) {
272  $where = "WHERE " . $this->db->in('object_data.type', ['role', 'rolt'], false, 'text') . " ";
273  } else {
274  $where = "WHERE " . $this->db->in('object_data.type', ['role'], false, 'text') . " ";
275  }
276  return $where;
277  }
+ Here is the caller graph for this function:

◆ _getCustomRBACOperationId()

static ilRbacReview::_getCustomRBACOperationId ( string  $operation,
?\ilDBInterface  $ilDB = null 
)
static

Definition at line 1421 of file class.ilRbacReview.php.

References $DIC, $ilDB, $res, and null.

Referenced by ILIAS\Wiki\Setup\AccessRBACOperationClonedObjective\achieve(), ILIAS\Setup\AccessRBACOperationClonedObjective\achieve(), ilAccessRolePermissionSetObjective\achieve(), ilAccessCustomRBACOperationAddedObjective\achieve(), ilAccessRbacStandardOperationsAddedObjective\achieve(), ilAccessInitialPermissionGuidelineAppliedObjective\achieve(), ilDBUpdateNewObjectType\addCustomRBACOperation(), ilDBUpdateNewObjectType\addRBACOperations(), ilDBUpdateNewObjectType\applyInitialPermissionGuideline(), ilAccessRbacStandardOperationsAddedObjective\isApplicable(), ilAccessCustomRBACOperationAddedObjective\isApplicable(), ilAccessInitialPermissionGuidelineAppliedObjective\isApplicable(), and ilDBUpdateNewObjectType\setRolePermission().

1421  : ?int
1422  {
1423  if (!$ilDB) {
1424  global $DIC;
1425  $ilDB = $DIC->database();
1426  }
1427 
1428  $sql =
1429  "SELECT ops_id" . PHP_EOL
1430  . "FROM rbac_operations" . PHP_EOL
1431  . "WHERE operation = " . $ilDB->quote($operation, "text") . PHP_EOL
1432  ;
1433 
1434  $res = $ilDB->query($sql);
1435  if ($ilDB->numRows($res) == 0) {
1436  return null;
1437  }
1438 
1439  $row = $ilDB->fetchAssoc($res);
1440  return (int) $row["ops_id"] ?? null;
1441  }
$res
$res
Definition: ltiservices.php:66
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ _getOperationIdByName()

static ilRbacReview::_getOperationIdByName ( string  $a_operation)
static

get operation id by name of operation

Definition at line 987 of file class.ilRbacReview.php.

References $DIC, $ilDB, $q, $r, ilDBConstants\FETCHMODE_OBJECT, and ILIAS\Repository\int().

Referenced by ilRepositoryObjectPlugin\beforeActivation(), ilRbacSystem\checkAccessOfUser(), and ilObjBlog\getRolesWithContributeOrRedact().

987  : int
988  {
989  global $DIC;
990 
991  $ilDB = $DIC->database();
992 
993  // Cache operation ids
994  if (!is_array(self::$_opsCache)) {
995  self::$_opsCache = [];
996 
997  $q = "SELECT ops_id, operation FROM rbac_operations";
998  $r = $ilDB->query($q);
999  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1000  self::$_opsCache[$row->operation] = (int) $row->ops_id;
1001  }
1002  }
1003 
1004  // Get operation ID by name from cache
1005  if (array_key_exists($a_operation, self::$_opsCache)) {
1006  return self::$_opsCache[$a_operation];
1007  }
1008  return 0;
1009  }
$DIC
global $DIC
Definition: shib_login.php:22
$q
$q
Definition: shib_logout.php:21
$r
$r
Definition: shib_logout.php:140
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getOperationIdsByName()

static ilRbacReview::_getOperationIdsByName ( array  $operations)
static

get ops_id's by name.

Example usage: $rbacadmin->grantPermission($roles,ilRbacReview::_getOperationIdsByName(array('visible','read'),$ref_id));

Parameters
list<string>$operations
Returns
list<int>

Definition at line 964 of file class.ilRbacReview.php.

References $DIC, $ilDB, $res, and ILIAS\Repository\int().

Referenced by ilUtil\_getObjectsByOperations(), ilLTIProviderObjectSettingGUI\checkLocalRole(), and ilECSObjectSettings\handlePermissionUpdate().

964  : array
965  {
966  global $DIC;
967 
968  $ilDB = $DIC->database();
969  if ($operations === []) {
970  return [];
971  }
972 
973  $query = 'SELECT ops_id FROM rbac_operations ' .
974  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
975 
976  $res = $ilDB->query($query);
977  $ops_ids = [];
978  while ($row = $ilDB->fetchObject($res)) {
979  $ops_ids[] = (int) $row->ops_id;
980  }
981  return $ops_ids;
982  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _getOperationList()

static ilRbacReview::_getOperationList ( string  $a_type = '')
static

get operation list by object type

Returns
list<array{obj_id: int, operation: ?string, desc: ?string, class: ?string, op_order: int}>

Definition at line 1146 of file class.ilRbacReview.php.

References $DIC, $ilDB, $res, and ILIAS\Repository\int().

Referenced by ilSettingsPermissionGUI\__construct(), ilObjTypeDefinitionGUI\editObject(), ilObjectPermissionStatusGUI\getAccessPermissionTableData(), ilObjectPermissionStatusGUI\getAssignedValidRoles(), and ilObjTypeDefinitionGUI\viewObject().

1146  : array
1147  {
1148  global $DIC;
1149 
1150  $ilDB = $DIC->database();
1151  $arr = [];
1152  if ($a_type) {
1153  $query = sprintf(
1154  'SELECT * FROM rbac_operations ' .
1155  'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1156  'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1157  'WHERE object_data.title = %s ' .
1158  'AND object_data.type = %s ' .
1159  'ORDER BY op_order ASC',
1160  $ilDB->quote($a_type, 'text'),
1161  $ilDB->quote('typ', 'text')
1162  );
1163  } else {
1164  $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1165  }
1166  $res = $ilDB->query($query);
1167  while ($row = $ilDB->fetchAssoc($res)) {
1168  $arr[] = [
1169  "ops_id" => (int) $row['ops_id'],
1170  "operation" => $row['operation'],
1171  "desc" => $row['description'],
1172  "class" => $row['class'],
1173  "order" => (int) $row['op_order']
1174  ];
1175  }
1176  return $arr;
1177  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _groupOperationsByClass()

static ilRbacReview::_groupOperationsByClass ( array  $a_ops_arr)
static
Returns
array<string, list<array{ops_id: int, name: ?string}>>

Definition at line 1182 of file class.ilRbacReview.php.

References ILIAS\Repository\int().

1182  : array
1183  {
1184  $arr = [];
1185  foreach ($a_ops_arr as $ops) {
1186  $arr[$ops['class']][] = ['ops_id' => (int) $ops['ops_id'],
1187  'name' => $ops['operation']
1188  ];
1189  }
1190  return $arr;
1191  }
+ Here is the call graph for this function:

◆ _isRBACOperation()

static ilRbacReview::_isRBACOperation ( int  $type_id,
int  $ops_id,
?\ilDBInterface  $ilDB = null 
)
static

Definition at line 1443 of file class.ilRbacReview.php.

References $DIC, and $ilDB.

Referenced by ilAccessRbacStandardOperationsAddedObjective\achieve(), ilTreeAdminNodeAddedObjective\achieve(), and ilAccessRbacStandardOperationsAddedObjective\isApplicable().

1443  : bool
1444  {
1445  if (!$ilDB) {
1446  global $DIC;
1447  $ilDB = $DIC->database();
1448  }
1449 
1450  $sql =
1451  "SELECT typ_id" . PHP_EOL
1452  . "FROM rbac_ta" . PHP_EOL
1453  . "WHERE typ_id = " . $ilDB->quote($type_id, "integer") . PHP_EOL
1454  . "AND ops_id = " . $ilDB->quote($ops_id, "integer") . PHP_EOL
1455  ;
1456 
1457  return (bool) $ilDB->numRows($ilDB->query($sql));
1458  }
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ assignedGlobalRoles()

ilRbacReview::assignedGlobalRoles ( int  $a_usr_id)

Get assigned global roles for an user.

Returns
list<int>

Definition at line 427 of file class.ilRbacReview.php.

References $res, ILIAS\Repository\int(), ROLE_FOLDER_ID, and ilDBConstants\T_INTEGER.

427  : array
428  {
429  $query = "SELECT ua.rol_id FROM rbac_ua ua " .
430  "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
431  "WHERE usr_id = " . $this->db->quote($a_usr_id, 'integer') . ' ' .
432  "AND parent = " . $this->db->quote(ROLE_FOLDER_ID, ilDBConstants::T_INTEGER) . " " .
433  "AND assign = 'y' ";
434 
435  $res = $this->db->query($query);
436  $role_arr = [];
437  while ($row = $this->db->fetchObject($res)) {
438  $role_arr[] = (int) $row->rol_id;
439  }
440 
441  return $role_arr;
442  }
$res
$res
Definition: ltiservices.php:66
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the call graph for this function:

◆ assignedRoles()

ilRbacReview::assignedRoles ( int  $a_usr_id)

get all assigned roles to a given user

Returns
list<int> all roles (id) the user is assigned to

Definition at line 411 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by __setProtectedStatus(), ILIAS\Portfolio\Administration\PortfolioRoleAssignmentManager\assignPortfoliosOnLogin(), ilObjCategoryGUI\assignRolesObject(), ilObjCategoryGUI\assignSaveObject(), ilObjCategoryGUI\checkGlobalRoles(), ilObjCategoryGUI\getAssignableRoles(), getRolesByFilter(), ilCalendarShared\getSharedCalendarsForUser(), ilCalendarShared\isSharedWithUser(), and ilObjCategoryGUI\listUsersObject().

411  : array
412  {
413  $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $this->db->quote($a_usr_id, 'integer');
414 
415  $res = $this->db->query($query);
416  $role_arr = [];
417  while ($row = $this->db->fetchObject($res)) {
418  $role_arr[] = (int) $row->rol_id;
419  }
420  return $role_arr;
421  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ assignedUsers()

ilRbacReview::assignedUsers ( int  $a_rol_id)

get all assigned users to a given role

Returns
list<int> all users (id) assigned to role

Definition at line 349 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by ilContributorTableGUI\getItems().

349  : array
350  {
351  if (isset(self::$assigned_users_cache[$a_rol_id])) {
352  return self::$assigned_users_cache[$a_rol_id];
353  }
354 
355  $result_arr = [];
356  $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $this->db->quote($a_rol_id, 'integer');
357  $res = $this->db->query($query);
358  while ($row = $this->db->fetchAssoc($res)) {
359  $result_arr[] = (int) $row["usr_id"];
360  }
361  self::$assigned_users_cache[$a_rol_id] = $result_arr;
362  return $result_arr;
363  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ buildProtectionByStringValue()

ilRbacReview::buildProtectionByStringValue ( string  $value)
private

Definition at line 318 of file class.ilRbacReview.php.

Referenced by setRoleTypeAndProtection().

318  : bool
319  {
320  if ($value === 'y') {
321  return true;
322  }
323  return false;
324  }
+ Here is the caller graph for this function:

◆ buildRoleType()

ilRbacReview::buildRoleType ( array  $role_list_entry)
private

Definition at line 301 of file class.ilRbacReview.php.

References ROLE_FOLDER_ID.

Referenced by setRoleTypeAndProtection().

301  : string
302  {
303  if ($role_list_entry['type'] === 'rolt') {
304  return 'template';
305  }
306 
307  if ($role_list_entry['assign'] !== 'y') {
308  return 'linked';
309  }
310 
311  if ($role_list_entry['parent'] === ROLE_FOLDER_ID) {
312  return 'global';
313  }
314 
315  return 'local';
316  }
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the caller graph for this function:

◆ clearCaches()

ilRbacReview::clearCaches ( )

Clear assigned users caches.

Definition at line 1415 of file class.ilRbacReview.php.

1415  : void
1416  {
1417  self::$is_assigned_cache = [];
1418  self::$assigned_users_cache = [];
1419  }

◆ getActiveOperationsOfRole()

ilRbacReview::getActiveOperationsOfRole ( int  $a_ref_id,
int  $a_role_id 
)
Returns
list<int>

Definition at line 692 of file class.ilRbacReview.php.

References $res, and ilDBConstants\FETCHMODE_ASSOC.

692  : array
693  {
694  $query = 'SELECT * FROM rbac_pa ' .
695  'WHERE ref_id = ' . $this->db->quote($a_ref_id, 'integer') . ' ' .
696  'AND rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ';
697 
698  $res = $this->db->query($query);
699  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
700  return array_map(
701  intval(...),
702  $row['ops_id'] === ':' ? [] : unserialize($row['ops_id'], ['allowed_classes' => false])
703  );
704  }
705  return [];
706  }
$res
$res
Definition: ltiservices.php:66
array_map

◆ getAllOperationsOfRole()

ilRbacReview::getAllOperationsOfRole ( int  $a_rol_id,
int  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles

Returns
array<string, list<int>>

Definition at line 672 of file class.ilRbacReview.php.

References $res, ILIAS\Repository\int(), and ROLE_FOLDER_ID.

672  : array
673  {
674  if (!$a_parent) {
675  $a_parent = ROLE_FOLDER_ID;
676  }
677  $query = "SELECT ops_id,type FROM rbac_templates " .
678  "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
679  "AND parent = " . $this->db->quote($a_parent, 'integer');
680  $res = $this->db->query($query);
681 
682  $ops_arr = [];
683  while ($row = $this->db->fetchObject($res)) {
684  $ops_arr[$row->type][] = (int) $row->ops_id;
685  }
686  return $ops_arr;
687  }
$res
$res
Definition: ltiservices.php:66
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the call graph for this function:

◆ getAssignableChildRoles()

ilRbacReview::getAssignableChildRoles ( int  $a_ref_id)

Get all assignable roles directly under a specific node.

Definition at line 246 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by ilObjCategoryGUI\getAssignableRoles().

246  : array
247  {
248  $query = "SELECT fa.*, rd.* " .
249  "FROM object_data rd " .
250  "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
251  "WHERE fa.assign = 'y' " .
252  "AND fa.parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
253 
254  $res = $this->db->query($query);
255  $roles_data = [];
256  while ($row = $this->db->fetchAssoc($res)) {
257  $row['rol_id'] = (int) $row['rol_id'];
258  $row['obj_id'] = (int) $row['obj_id'];
259 
260  $roles_data[] = $row;
261  }
262 
263  return $roles_data;
264  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignableRoles()

ilRbacReview::getAssignableRoles ( bool  $a_templates = false,
bool  $a_internal_roles = false,
string  $title_filter = '' 
)

Returns a list of all assignable roles.

Returns
list<RoleListEntry>

Definition at line 168 of file class.ilRbacReview.php.

References getAssignableRolesGenerator().

172  : array {
173  return iterator_to_array(
174  $this->getAssignableRolesGenerator(
175  $a_templates,
176  $a_internal_roles,
177  $title_filter
178  )
179  );
180  }
ilRbacReview\getAssignableRolesGenerator
getAssignableRolesGenerator(bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
Definition: class.ilRbacReview.php:185
+ Here is the call graph for this function:

◆ getAssignableRolesGenerator()

ilRbacReview::getAssignableRolesGenerator ( bool  $a_templates = false,
bool  $a_internal_roles = false,
string  $title_filter = '' 
)
private
Returns
Generator<RoleListEntry>

Definition at line 185 of file class.ilRbacReview.php.

References $res, __setTemplateFilter(), ILIAS\Repository\int(), and setRoleTypeAndProtection().

Referenced by getAssignableRoles(), and getRolesByFilter().

189  : Generator {
190  $where = $this->__setTemplateFilter($a_templates);
191  $query = "SELECT * FROM object_data " .
192  "JOIN rbac_fa ON obj_id = rol_id " .
193  $where .
194  "AND rbac_fa.assign = 'y' ";
195 
196  if (strlen($title_filter)) {
197  $query .= (' AND ' . $this->db->like(
198  'title',
199  'text',
200  $title_filter . '%'
201  ));
202  }
203  $res = $this->db->query($query);
204 
205  while ($row = $this->db->fetchAssoc($res)) {
206  $row["description"] = (string) $row["description"];
207  $row["desc"] = $row["description"];
208  $row["user_id"] = (int) $row["owner"];
209  $row['obj_id'] = (int) $row['obj_id'];
210  $row['parent'] = (int) $row['parent'];
211  yield $this->setRoleTypeAndProtection($row);
212  }
213  }
$res
$res
Definition: ltiservices.php:66
ilRbacReview\setRoleTypeAndProtection
setRoleTypeAndProtection(array $role_list_entry)
Definition: class.ilRbacReview.php:294
ilRbacReview\__setTemplateFilter
__setTemplateFilter(bool $a_templates)
get roles and templates or only roles; returns string for where clause
Definition: class.ilRbacReview.php:269
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAssignableRolesInSubtree()

ilRbacReview::getAssignableRolesInSubtree ( int  $ref_id)

Returns a list of assignable roles in a subtree of the repository.

Todo:
move tree to construct.

Currently this is not possible due to init sequence

Returns
list<int>

Definition at line 220 of file class.ilRbacReview.php.

References $DIC, $res, ilDBConstants\FETCHMODE_OBJECT, and ILIAS\Repository\int().

220  : array
221  {
222  global $DIC;
223 
224  $tree = $DIC->repositoryTree();
225  $query = 'SELECT rol_id FROM rbac_fa fa ' .
226  'JOIN tree t1 ON t1.child = fa.parent ' .
227  'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
228  'WHERE assign = ' . $this->db->quote('y', 'text') . ' ' .
229  'AND obd.type = ' . $this->db->quote('role', 'text') . ' ' .
230  'AND t1.child IN (' .
231  $tree->getSubTreeQuery($ref_id, ['child']) . ' ' .
232  ') ';
233 
234  $res = $this->db->query($query);
235 
236  $role_list = [];
237  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
238  $role_list[] = (int) $row->rol_id;
239  }
240  return $role_list;
241  }
$res
$res
Definition: ltiservices.php:66
$ref_id
$ref_id
Definition: ltiauth.php:65
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

◆ getAssignedCacheEntry()

ilRbacReview::getAssignedCacheEntry ( int  $a_role_id,
int  $a_user_id 
)

Definition at line 1407 of file class.ilRbacReview.php.

1407  : bool
1408  {
1409  return self::$is_assigned_cache[$a_role_id][$a_user_id];
1410  }

◆ getFoldersAssignedToRole()

ilRbacReview::getFoldersAssignedToRole ( int  $a_rol_id,
bool  $a_assignable = false 
)

Returns an array of objects assigned to a role.

A role with stopped inheritance may be assigned to more than one objects. To get only the original location of a role, set the second parameter to true public

Parameters
introle id
boolget only rolefolders where role is assignable (true)
Returns
list<int> reference IDs of role folders

Definition at line 481 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by isRoleDeleted().

481  : array
482  {
483  $where = '';
484  if ($a_assignable) {
485  $where = " AND assign ='y'";
486  }
487 
488  $query = "SELECT DISTINCT parent FROM rbac_fa " .
489  "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " . $where . " ";
490 
491  $res = $this->db->query($query);
492  $folders = [];
493  while ($row = $this->db->fetchObject($res)) {
494  $folders[] = (int) $row->parent;
495  }
496  return $folders;
497  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getGlobalAssignableRoles()

ilRbacReview::getGlobalAssignableRoles ( )

get only 'global' roles (with flag 'assign_users')

Returns
list<array{obj_id: int, role_type: string}>

Definition at line 606 of file class.ilRbacReview.php.

References ilObjRole\_getAssignUsersStatus(), and getGlobalRoles().

Referenced by ilObjCategoryGUI\checkGlobalRoles(), ilObjCategoryGUI\getAssignableRoles(), and ilObjCategoryGUI\listUsersObject().

606  : array
607  {
608  $ga = [];
609  foreach ($this->getGlobalRoles() as $role_id) {
610  if (ilObjRole::_getAssignUsersStatus($role_id)) {
611  $ga[] = ['obj_id' => $role_id,
612  'role_type' => 'global'
613  ];
614  }
615  }
616  return $ga;
617  }
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles
Definition: class.ilRbacReview.php:554
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getGlobalRoles()

ilRbacReview::getGlobalRoles ( )

get only 'global' roles

Returns
list<int> Array with rol_ids
Todo:
refactor rolf => DONE

Definition at line 554 of file class.ilRbacReview.php.

References getRolesOfRoleFolder(), and ROLE_FOLDER_ID.

Referenced by ilObjCategoryGUI\checkGlobalRoles(), ILIAS\Portfolio\Administration\PortfolioRoleAssignmentManager\getAvailableRoles(), getGlobalAssignableRoles(), getRolesByFilter(), and isGlobalRole().

554  : array
555  {
556  return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
557  }
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:529
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getGlobalRolesArray()

ilRbacReview::getGlobalRolesArray ( )

get only 'global' roles

Returns
list<array{obj_id: int, role_type: string}>

Definition at line 591 of file class.ilRbacReview.php.

References getRolesOfRoleFolder(), and ROLE_FOLDER_ID.

Referenced by ilObjCategoryGUI\checkGlobalRoles(), and ilObjCategoryGUI\getAssignableRoles().

591  : array
592  {
593  $ga = [];
594  foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
595  $ga[] = ['obj_id' => $role_id,
596  'role_type' => 'global'
597  ];
598  }
599  return $ga;
600  }
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:529
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getLocalPolicies()

ilRbacReview::getLocalPolicies ( int  $a_ref_id)

Get all roles with local policies.

Returns
list<int>

Definition at line 578 of file class.ilRbacReview.php.

References getRolesOfRoleFolder().

578  : array
579  {
580  $lroles = [];
581  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
582  $lroles[] = $role_id;
583  }
584  return $lroles;
585  }
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:529
+ Here is the call graph for this function:

◆ getLocalRoles()

ilRbacReview::getLocalRoles ( int  $a_ref_id)

Get local roles of object.

Returns
list<int>

Definition at line 563 of file class.ilRbacReview.php.

References getRolesOfRoleFolder(), and isAssignable().

563  : array
564  {
565  $lroles = [];
566  foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
567  if ($this->isAssignable($role_id, $a_ref_id)) {
568  $lroles[] = $role_id;
569  }
570  }
571  return $lroles;
572  }
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:529
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:447
+ Here is the call graph for this function:

◆ getNumberOfAssignedUsers()

ilRbacReview::getNumberOfAssignedUsers ( array  $a_roles)

Get the number of assigned users to roles (not properly deleted user accounts are not counted)

Parameters
int[]$a_roles

Definition at line 330 of file class.ilRbacReview.php.

References $res, ilDBConstants\FETCHMODE_OBJECT, and ILIAS\Repository\int().

330  : int
331  {
332  $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
333  'join object_data on ua.usr_id = obj_id ' .
334  'join usr_data ud on ua.usr_id = ud.usr_id ' .
335  'where ' . $this->db->in('rol_id', $a_roles, false, 'integer');
336 
337  $res = $this->db->query($query);
338  if ($res->numRows() > 0) {
339  $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
340  return isset($row->num) && is_numeric($row->num) ? (int) $row->num : 0;
341  }
342  return 0;
343  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:

◆ getObjectOfRole()

ilRbacReview::getObjectOfRole ( int  $a_role_id)

Get object id of objects a role is assigned to.

Todo:
refactor rolf (due to performance reasons the new version does not check for deleted roles only in object reference)

Definition at line 1197 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by ilLDAPRoleGroupMappingSettings\_deleteByServerId().

1197  : int
1198  {
1199  // internal cache
1200  static $obj_cache = [];
1201 
1202  if (isset($obj_cache[$a_role_id]) && $obj_cache[$a_role_id]) {
1203  return $obj_cache[$a_role_id];
1204  }
1205 
1206  $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1207  'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1208  'WHERE assign = ' . $this->db->quote('y', 'text') . ' ' .
1209  'AND rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1210  'AND deleted IS NULL';
1211 
1212  $res = $this->db->query($query);
1213  $obj_cache[$a_role_id] = 0;
1214  while ($row = $this->db->fetchObject($res)) {
1215  $obj_cache[$a_role_id] = (int) $row->obj_id;
1216  }
1217  return $obj_cache[$a_role_id];
1218  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getObjectReferenceOfRole()

ilRbacReview::getObjectReferenceOfRole ( int  $a_role_id)

Definition at line 1220 of file class.ilRbacReview.php.

References $res, and ilDBConstants\FETCHMODE_OBJECT.

1220  : int
1221  {
1222  $query = 'SELECT parent p_ref FROM rbac_fa ' .
1223  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1224  'AND assign = ' . $this->db->quote('y', 'text');
1225 
1226  $res = $this->db->query($query);
1227  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1228  return (int) $row->p_ref;
1229  }
1230  return 0;
1231  }
$res
$res
Definition: ltiservices.php:66

◆ getObjectsWithStopedInheritance()

ilRbacReview::getObjectsWithStopedInheritance ( int  $a_rol_id,
array  $a_filter = [] 
)

get all objects in which the inheritance of role with role_id was stopped the function returns all reference ids of objects containing a role folder.

Returns
list<int>

Definition at line 820 of file class.ilRbacReview.php.

References $res, ilDBConstants\FETCHMODE_OBJECT, and ILIAS\Repository\int().

820  : array
821  {
822  $query = 'SELECT parent p FROM rbac_fa ' .
823  'WHERE assign = ' . $this->db->quote('n', 'text') . ' ' .
824  'AND rol_id = ' . $this->db->quote($a_rol_id, 'integer') . ' ';
825 
826  if ($a_filter !== []) {
827  $query .= ('AND ' . $this->db->in('parent', (array) $a_filter, false, 'integer'));
828  }
829 
830  $res = $this->db->query($query);
831  $parent = [];
832  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
833  $parent[] = (int) $row->p;
834  }
835  return $parent;
836  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:

◆ getOperation()

ilRbacReview::getOperation ( int  $ops_id)

get one operation by operation id

Returns
array{}|array{ops_id: int, operation: ?string, description: ?string}

Definition at line 653 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

653  : array
654  {
655  $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $this->db->quote($ops_id, 'integer');
656  $res = $this->db->query($query);
657  $ops = [];
658  while ($row = $this->db->fetchObject($res)) {
659  $ops = ['ops_id' => (int) $row->ops_id,
660  'operation' => $row->operation,
661  'description' => $row->description
662  ];
663  }
664  return $ops;
665  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:

◆ getOperationAssignment()

ilRbacReview::getOperationAssignment ( )

get operation assignments

Returns
list<array{typ_id: int, type: ?string, ops_id: int, operation: ?string}>

Definition at line 1275 of file class.ilRbacReview.php.

References $DIC, $res, and ILIAS\Repository\int().

1275  : array
1276  {
1277  global $DIC;
1278 
1279  $this->db = $DIC['ilDB'];
1280 
1281  $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1282  'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1283  'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1284  $res = $this->db->query($query);
1285 
1286  $counter = 0;
1287  $info = [];
1288  while ($row = $this->db->fetchObject($res)) {
1289  $info[$counter]['typ_id'] = (int) $row->typ_id;
1290  $info[$counter]['type'] = $row->title;
1291  $info[$counter]['ops_id'] = (int) $row->ops_id;
1292  $info[$counter]['operation'] = $row->operation;
1293  $counter++;
1294  }
1295 
1296  return array_values($info);
1297  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

◆ getOperations()

ilRbacReview::getOperations ( )

get all possible operations

Returns
list<array{ops_id: int, operation: ?string, description: ?string}>

Definition at line 635 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by ILIAS\AccessControl\Log\Table\__construct().

635  : array
636  {
637  $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
638  $res = $this->db->query($query);
639  $ops = [];
640  while ($row = $this->db->fetchObject($res)) {
641  $ops[] = ['ops_id' => (int) $row->ops_id,
642  'operation' => $row->operation,
643  'description' => $row->description
644  ];
645  }
646  return $ops;
647  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getOperationsByTypeAndClass()

ilRbacReview::getOperationsByTypeAndClass ( string  $a_type,
string  $a_class 
)

Get operations by type and class.

Returns
list<int>

Definition at line 791 of file class.ilRbacReview.php.

References $res, ilDBConstants\FETCHMODE_OBJECT, and ILIAS\Repository\int().

791  : array
792  {
793  if ($a_class != 'create') {
794  $condition = "AND class != " . $this->db->quote('create', 'text');
795  } else {
796  $condition = "AND class = " . $this->db->quote('create', 'text');
797  }
798 
799  $query = "SELECT ro.ops_id FROM rbac_operations ro " .
800  "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
801  "JOIN object_data od ON rt.typ_id = od.obj_id " .
802  "WHERE type = " . $this->db->quote('typ', 'text') . " " .
803  "AND title = " . $this->db->quote($a_type, 'text') . " " .
804  $condition . " " .
805  "ORDER BY op_order ";
806 
807  $res = $this->db->query($query);
808  $ops = [];
809  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
810  $ops[] = (int) $row->ops_id;
811  }
812  return $ops;
813  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:

◆ getOperationsOfRole()

ilRbacReview::getOperationsOfRole ( int  $a_rol_id,
string  $a_type,
int  $a_parent = 0 
)

get all possible operations of a specific role The ref_id of the role folder (parent object) is necessary to distinguish local roles

Returns
list<int>

Definition at line 713 of file class.ilRbacReview.php.

References $res, and ROLE_FOLDER_ID.

713  : array
714  {
715  $ops_arr = [];
716  // if no rolefolder id is given, assume global role folder as target
717  if ($a_parent == 0) {
718  $a_parent = ROLE_FOLDER_ID;
719  }
720 
721  $query = "SELECT ops_id FROM rbac_templates " .
722  "WHERE type =" . $this->db->quote($a_type, 'text') . " " .
723  "AND rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
724  "AND parent = " . $this->db->quote($a_parent, 'integer');
725  $res = $this->db->query($query);
726  while ($row = $this->db->fetchObject($res)) {
727  $ops_arr[] = $row->ops_id;
728  }
729  return $ops_arr;
730  }
$res
$res
Definition: ltiservices.php:66
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34

◆ getOperationsOnType()

ilRbacReview::getOperationsOnType ( int  $a_typ_id)

all possible operations of a type

Returns
list<int>

Definition at line 759 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by getOperationsOnTypeString().

759  : array
760  {
761  $query = 'SELECT ta.ops_id FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
762  'WHERE typ_id = ' . $this->db->quote($a_typ_id, 'integer') . ' ' .
763  'ORDER BY op_order';
764 
765  $res = $this->db->query($query);
766  $ops_id = [];
767  while ($row = $this->db->fetchObject($res)) {
768  $ops_id[] = (int) $row->ops_id;
769  }
770  return $ops_id;
771  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getOperationsOnTypeString()

ilRbacReview::getOperationsOnTypeString ( string  $a_type)

all possible operations of a type

Returns
list<int>

Definition at line 777 of file class.ilRbacReview.php.

References $res, ilDBConstants\FETCHMODE_OBJECT, and getOperationsOnType().

777  : array
778  {
779  $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $this->db->quote($a_type, 'text') . " ";
780  $res = $this->db->query($query);
781  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
782  return $this->getOperationsOnType((int) $row->obj_id);
783  }
784  return [];
785  }
ilRbacReview\getOperationsOnType
getOperationsOnType(int $a_typ_id)
all possible operations of a type
Definition: class.ilRbacReview.php:759
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:

◆ getParentRoleIds()

ilRbacReview::getParentRoleIds ( int  $a_endnode_id,
bool  $a_templates = false 
)

Get an array of parent role ids of all parent roles, if last parameter is set true you get also all parent templates.

Parameters
intref_id of an object which is end node
booltrue for role templates (default: false)
Returns
array array(role_ids => role_data)
Todo:
move tree to construct. Currently this is not possible due to init sequence

Definition at line 122 of file class.ilRbacReview.php.

References $DIC, __getParentRoles(), and ROLE_FOLDER_ID.

Referenced by ilContainerGUI\performPasteIntoMultipleObjectsObject().

122  : array
123  {
124  global $DIC;
125 
126  $tree = $DIC->repositoryTree();
127 
128  $pathIds = $tree->getPathId($a_endnode_id);
129 
130  // add system folder since it may not in the path
131  //$pathIds[0] = SYSTEM_FOLDER_ID;
132  $pathIds[0] = ROLE_FOLDER_ID;
133  return $this->__getParentRoles($pathIds, $a_templates);
134  }
ilRbacReview\__getParentRoles
__getParentRoles(array $a_path, bool $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:95
$DIC
global $DIC
Definition: shib_login.php:22
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getRoleFolderOfRole()

ilRbacReview::getRoleFolderOfRole ( int  $a_role_id)

Definition at line 1352 of file class.ilRbacReview.php.

References $res, ilObject\_lookupType(), and ilDBConstants\FETCHMODE_OBJECT.

Referenced by isSystemGeneratedRole().

1352  : int
1353  {
1354  if (ilObject::_lookupType($a_role_id) == 'role') {
1355  $and = ('AND assign = ' . $this->db->quote('y', 'text'));
1356  } else {
1357  $and = '';
1358  }
1359 
1360  $query = 'SELECT * FROM rbac_fa ' .
1361  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1362  $and;
1363  $res = $this->db->query($query);
1364  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1365  return (int) $row->parent;
1366  }
1367  return 0;
1368  }
$res
$res
Definition: ltiservices.php:66
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getRoleListByObject()

ilRbacReview::getRoleListByObject ( int  $a_ref_id,
bool  $a_templates = false 
)

Returns a list of roles in an container.

Returns
list<RoleListEntry>

Definition at line 140 of file class.ilRbacReview.php.

References $res, __setRoleType(), __setTemplateFilter(), and ILIAS\Repository\int().

Referenced by __getParentRoles(), and isSystemGeneratedRole().

140  : array
141  {
142  $role_list = [];
143  $where = $this->__setTemplateFilter($a_templates);
144 
145  $query = "SELECT * FROM object_data " .
146  "JOIN rbac_fa ON obj_id = rol_id " .
147  $where .
148  "AND object_data.obj_id = rbac_fa.rol_id " .
149  "AND rbac_fa.parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
150 
151  $res = $this->db->query($query);
152  while ($row = $this->db->fetchAssoc($res)) {
153  $row["desc"] = $row["description"];
154  $row["user_id"] = (int) $row["owner"];
155  $row['obj_id'] = (int) $row['obj_id'];
156  $row['rol_id'] = (int) $row['rol_id'];
157  $row['parent'] = (int) $row['parent'];
158  $role_list[] = $row;
159  }
160 
161  return $this->__setRoleType($role_list);
162  }
$res
$res
Definition: ltiservices.php:66
ilRbacReview\__setTemplateFilter
__setTemplateFilter(bool $a_templates)
get roles and templates or only roles; returns string for where clause
Definition: class.ilRbacReview.php:269
ilRbacReview\__setRoleType
__setRoleType(array $a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:286
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getRoleOperationsOnObject()

ilRbacReview::getRoleOperationsOnObject ( int  $a_role_id,
int  $a_ref_id 
)
Returns
list<int>

Definition at line 735 of file class.ilRbacReview.php.

References $res.

735  : array
736  {
737  $query = "SELECT ops_id FROM rbac_pa " .
738  "WHERE rol_id = " . $this->db->quote($a_role_id, 'integer') . " " .
739  "AND ref_id = " . $this->db->quote($a_ref_id, 'integer') . " ";
740 
741  $res = $this->db->query($query);
742  $ops = [];
743  while ($row = $this->db->fetchObject($res)) {
744  if ($row->ops_id !== ':') {
745  $ops = array_map(
746  intval(...),
747  unserialize($row->ops_id, ['allowed_classes' => false])
748  );
749  }
750  }
751 
752  return $ops;
753  }
$res
$res
Definition: ltiservices.php:66
array_map

◆ getRolesByFilter()

ilRbacReview::getRolesByFilter ( int  $a_filter = 0,
int  $a_user_id = 0,
string  $title_filter = '' 
)
Returns
Generator<RoleListEntry>

Definition at line 871 of file class.ilRbacReview.php.

References $res, assignedRoles(), ILIAS\ResourceStorage\Flavour\Machine\DefaultMachines\from(), getAssignableRolesGenerator(), getGlobalRoles(), ILIAS\Repository\int(), and setRoleTypeAndProtection().

871  : Generator
872  {
873  $assign = "y";
874  switch ($a_filter) {
875  case self::FILTER_ALL:
876  return yield from $this->getAssignableRolesGenerator(true, true, $title_filter);
877 
878  case self::FILTER_ALL_GLOBAL:
879  $where = 'WHERE ' . $this->db->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
880  break;
881 
882  case self::FILTER_ALL_LOCAL:
883  case self::FILTER_INTERNAL:
884  case self::FILTER_NOT_INTERNAL:
885  $where = 'WHERE ' . $this->db->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
886  break;
887 
888  case self::FILTER_TEMPLATES:
889  $where = "WHERE object_data.type = 'rolt'";
890  $assign = "n";
891  break;
892 
893  case 0:
894  default:
895  if (!$a_user_id) {
896  return;
897  }
898 
899  $where = 'WHERE ' . $this->db->in(
900  'rbac_fa.rol_id',
901  $this->assignedRoles($a_user_id),
902  false,
903  'integer'
904  ) . ' ';
905  break;
906  }
907 
908  $query = "SELECT * FROM object_data " .
909  "JOIN rbac_fa ON obj_id = rol_id " .
910  $where .
911  "AND rbac_fa.assign = " . $this->db->quote($assign, 'text') . " ";
912 
913  if (strlen($title_filter)) {
914  $query .= (' AND ' . $this->db->like(
915  'title',
916  'text',
917  '%' . $title_filter . '%'
918  ));
919  }
920 
921  $res = $this->db->query($query);
922  while ($row = $this->db->fetchAssoc($res)) {
923  $row['title'] = $row['title'] ?? '';
924  $prefix = str_starts_with($row['title'], "il_");
925 
926  // all (assignable) internal local roles only
927  if ($a_filter == 4 && !$prefix) {
928  continue;
929  }
930 
931  // all (assignable) non internal local roles only
932  if ($a_filter == 5 && $prefix) {
933  continue;
934  }
935 
936  $row['description'] = $row['description'] ?? '';
937  $row["desc"] = $row["description"];
938  $row["user_id"] = (int) $row["owner"];
939  $row['obj_id'] = (int) $row['obj_id'];
940  $row['rol_id'] = (int) $row['rol_id'];
941  $row['parent'] = (int) $row['parent'];
942 
943  yield $this->setRoleTypeAndProtection($row);
944  }
945  }
$res
$res
Definition: ltiservices.php:66
ilRbacReview\setRoleTypeAndProtection
setRoleTypeAndProtection(array $role_list_entry)
Definition: class.ilRbacReview.php:294
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles
Definition: class.ilRbacReview.php:554
ilRbacReview\getAssignableRolesGenerator
getAssignableRolesGenerator(bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
Definition: class.ilRbacReview.php:185
ilRbacReview\assignedRoles
assignedRoles(int $a_usr_id)
get all assigned roles to a given user
Definition: class.ilRbacReview.php:411
+ Here is the call graph for this function:

◆ getRolesForIDs()

ilRbacReview::getRolesForIDs ( array  $role_ids,
bool  $use_templates 
)

Definition at line 1252 of file class.ilRbacReview.php.

References $res, __setRoleType(), __setTemplateFilter(), and ILIAS\Repository\int().

1252  : array
1253  {
1254  $where = $this->__setTemplateFilter($use_templates);
1255  $query = "SELECT * FROM object_data " .
1256  "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1257  $where .
1258  "AND rbac_fa.assign = 'y' " .
1259  'AND ' . $this->db->in('object_data.obj_id', $role_ids, false, 'integer');
1260 
1261  $res = $this->db->query($query);
1262  $role_list = [];
1263  while ($row = $this->db->fetchAssoc($res)) {
1264  $row["desc"] = $row["description"];
1265  $row["user_id"] = (int) $row["owner"];
1266  $role_list[] = $row;
1267  }
1268  return $this->__setRoleType($role_list);
1269  }
$res
$res
Definition: ltiservices.php:66
ilRbacReview\__setTemplateFilter
__setTemplateFilter(bool $a_templates)
get roles and templates or only roles; returns string for where clause
Definition: class.ilRbacReview.php:269
ilRbacReview\__setRoleType
__setRoleType(array $a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:286
+ Here is the call graph for this function:

◆ getRolesOfObject()

ilRbacReview::getRolesOfObject ( int  $a_ref_id,
bool  $a_assignable_only = false 
)

Get roles of object.

Returns
list<int>

Definition at line 503 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

503  : array
504  {
505  $and = '';
506  if ($a_assignable_only === true) {
507  $and = 'AND assign = ' . $this->db->quote('y', 'text');
508  }
509  $query = "SELECT rol_id FROM rbac_fa " .
510  "WHERE parent = " . $this->db->quote($a_ref_id, 'integer') . " " .
511  $and;
512 
513  $res = $this->db->query($query);
514 
515  $role_ids = [];
516  while ($row = $this->db->fetchObject($res)) {
517  $role_ids[] = (int) $row->rol_id;
518  }
519  return $role_ids;
520  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:

◆ getRolesOfRoleFolder()

ilRbacReview::getRolesOfRoleFolder ( int  $a_ref_id,
bool  $a_nonassignable = true 
)

get all roles of a role folder including linked local roles that are created due to stopped inheritance returns an array with role ids

Returns
list<int> Array with rol_ids
Deprecated:
since version 4.5.0
Todo:
refactor rolf => RENAME

Definition at line 529 of file class.ilRbacReview.php.

References $res, and ILIAS\Repository\int().

Referenced by ilObjSessionGUI\getDefaultMemberRole(), getGlobalRoles(), getGlobalRolesArray(), getLocalPolicies(), getLocalRoles(), and ilObjSessionGUI\getLocalRoles().

529  : array
530  {
531  $and = '';
532  if ($a_nonassignable === false) {
533  $and = " AND assign='y'";
534  }
535 
536  $query = "SELECT rol_id FROM rbac_fa " .
537  "WHERE parent = " . $this->db->quote($a_ref_id, 'integer') . " " .
538  $and;
539 
540  $res = $this->db->query($query);
541  $rol_id = [];
542  while ($row = $this->db->fetchObject($res)) {
543  $rol_id[] = (int) $row->rol_id;
544  }
545 
546  return $rol_id;
547  }
$res
$res
Definition: ltiservices.php:66
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getTypeId()

ilRbacReview::getTypeId ( string  $a_type)

Definition at line 947 of file class.ilRbacReview.php.

References $q, $r, and ilDBConstants\FETCHMODE_OBJECT.

947  : int
948  {
949  $q = "SELECT obj_id FROM object_data " .
950  "WHERE title=" . $this->db->quote($a_type, 'text') . " AND type='typ'";
951  $r = $this->db->query($q);
952  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
953  return (int) $row->obj_id;
954  }
955  return 0;
956  }
$q
$q
Definition: shib_logout.php:21
$r
$r
Definition: shib_logout.php:140

◆ getUserPermissionsOnObject()

ilRbacReview::getUserPermissionsOnObject ( int  $a_user_id,
int  $a_ref_id 
)

Get all user permissions on an object.

Returns
list<string>

Definition at line 1374 of file class.ilRbacReview.php.

References $res.

1374  : array
1375  {
1376  $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1377  "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1378  "WHERE rbac_ua.usr_id = " . $this->db->quote($a_user_id, 'integer') . " " .
1379  "AND rbac_pa.ref_id = " . $this->db->quote($a_ref_id, 'integer') . " ";
1380 
1381  $res = $this->db->query($query);
1382  $all_ops = [];
1383  while ($row = $this->db->fetchObject($res)) {
1384  $ops = unserialize($row->ops_id, ['allowed_classes' => false]);
1385  $all_ops = array_merge($all_ops, $ops);
1386  }
1387  $all_ops = array_unique($all_ops);
1388 
1389  $set = $this->db->query("SELECT operation FROM rbac_operations " .
1390  " WHERE " . $this->db->in("ops_id", $all_ops, false, "integer"));
1391  $perms = [];
1392  while ($rec = $this->db->fetchAssoc($set)) {
1393  $perms[] = $rec["operation"];
1394  }
1395 
1396  return array_values(array_filter($perms));
1397  }
$res
$res
Definition: ltiservices.php:66

◆ hasMultipleAssignments()

ilRbacReview::hasMultipleAssignments ( int  $a_role_id)

Definition at line 464 of file class.ilRbacReview.php.

References $res.

464  : bool
465  {
466  $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $this->db->quote($a_role_id, 'integer') . ' ' .
467  "AND assign = " . $this->db->quote('y', 'text');
468  $res = $this->db->query($query);
469  return $res->numRows() > 1;
470  }
$res
$res
Definition: ltiservices.php:66

◆ isAssignable()

ilRbacReview::isAssignable ( int  $a_rol_id,
int  $a_ref_id 
)

Check if its possible to assign users.

Definition at line 447 of file class.ilRbacReview.php.

References $res, and SYSTEM_ROLE_ID.

Referenced by getLocalRoles(), isDeleteable(), and ilRecommendedContentRoleConfigGUI\listItems().

447  : bool
448  {
449  // exclude system role from rbac
450  if ($a_rol_id == SYSTEM_ROLE_ID) {
451  return true;
452  }
453 
454  $query = "SELECT * FROM rbac_fa " .
455  "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
456  "AND parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
457  $res = $this->db->query($query);
458  while ($row = $this->db->fetchObject($res)) {
459  return $row->assign == 'y';
460  }
461  return false;
462  }
$res
$res
Definition: ltiservices.php:66
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
+ Here is the caller graph for this function:

◆ isAssigned()

ilRbacReview::isAssigned ( int  $a_usr_id,
int  $a_role_id 
)

check if a specific user is assigned to specific role

Definition at line 368 of file class.ilRbacReview.php.

References $res, and ilDBConstants\T_INTEGER.

Referenced by ilPortfolioAccessHandler\checkAccessOfUser(), and ilWorkspaceAccessHandler\checkAccessOfUser().

368  : bool
369  {
370  if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
371  return self::$is_assigned_cache[$a_role_id][$a_usr_id];
372  }
373  // Quickly determine if user is assigned to a role
374  $this->db->setLimit(1, 0);
375  $query = "SELECT usr_id FROM rbac_ua WHERE " .
376  "rol_id= " . $this->db->quote($a_role_id, 'integer') . " " .
377  "AND usr_id= " . $this->db->quote($a_usr_id, ilDBConstants::T_INTEGER);
378  $res = $this->db->query($query);
379  $is_assigned = $res->numRows() == 1;
380  self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
381  return $is_assigned;
382  }
$res
$res
Definition: ltiservices.php:66
+ Here is the caller graph for this function:

◆ isAssignedToAtLeastOneGivenRole()

ilRbacReview::isAssignedToAtLeastOneGivenRole ( int  $a_usr_id,
array  $a_role_ids 
)

check if a specific user is assigned to at least one of the given role ids.

This function is used to quickly check whether a user is member of a course or a group.

Parameters
intusr_id
int[]role_ids

Definition at line 392 of file class.ilRbacReview.php.

References $DIC, $res, and ilDBConstants\T_INTEGER.

392  : bool
393  {
394  global $DIC;
395 
396  $this->db = $DIC['ilDB'];
397 
398  $this->db->setLimit(1, 0);
399  $query = "SELECT usr_id FROM rbac_ua WHERE " .
400  $this->db->in('rol_id', $a_role_ids, false, 'integer') .
401  " AND usr_id= " . $this->db->quote($a_usr_id, ilDBConstants::T_INTEGER);
402  $res = $this->db->query($query);
403 
404  return $this->db->numRows($res) == 1;
405  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22

◆ isBlockedAtPosition()

ilRbacReview::isBlockedAtPosition ( int  $a_role_id,
int  $a_ref_id 
)

Definition at line 1062 of file class.ilRbacReview.php.

References $res, and ilDBConstants\FETCHMODE_OBJECT.

Referenced by isBlockedInUpperContext().

1062  : bool
1063  {
1064  $query = 'SELECT blocked from rbac_fa ' .
1065  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1066  'AND parent = ' . $this->db->quote($a_ref_id, 'integer');
1067  $res = $this->db->query($query);
1068  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1069  return (bool) $row->blocked;
1070  }
1071  return false;
1072  }
$res
$res
Definition: ltiservices.php:66
+ Here is the caller graph for this function:

◆ isBlockedInUpperContext()

ilRbacReview::isBlockedInUpperContext ( int  $a_role_id,
int  $a_ref_id 
)

Check if role is blocked in upper context.

Todo:
move tree to construct.

Currently this is not possible due to init sequence

Definition at line 1078 of file class.ilRbacReview.php.

References $DIC, $res, ilDBConstants\FETCHMODE_OBJECT, ILIAS\Repository\int(), and isBlockedAtPosition().

1078  : bool
1079  {
1080  global $DIC;
1081 
1082  $tree = $DIC['tree'];
1083 
1084  if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1085  return false;
1086  }
1087  $query = 'SELECT parent from rbac_fa ' .
1088  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1089  'AND blocked = ' . $this->db->quote(1, 'integer');
1090  $res = $this->db->query($query);
1091 
1092  $parent_ids = [];
1093  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1094  $parent_ids[] = (int) $row->parent;
1095  }
1096 
1097  foreach ($parent_ids as $parent_id) {
1098  if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1099  return true;
1100  }
1101  }
1102  return false;
1103  }
$res
$res
Definition: ltiservices.php:66
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:1062
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

◆ isDeleteable()

ilRbacReview::isDeleteable ( int  $a_role_id,
int  $a_rolf_id 
)

Check if role is deleteable at a specific position.

Definition at line 1302 of file class.ilRbacReview.php.

References ilObject\_lookupTitle(), ANONYMOUS_ROLE_ID, isAssignable(), and SYSTEM_ROLE_ID.

1302  : bool
1303  {
1304  if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1305  return false;
1306  }
1307  if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1308  return false;
1309  }
1310  if (str_starts_with(ilObject::_lookupTitle($a_role_id), 'il_')) {
1311  return false;
1312  }
1313  return true;
1314  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:447
+ Here is the call graph for this function:

◆ isDeleted()

ilRbacReview::isDeleted ( int  $a_node_id)

Checks if a rolefolder is set as deleted (negative tree_id)

Todo:
delete this method

Definition at line 842 of file class.ilRbacReview.php.

References $message, $q, $r, ilDBConstants\FETCHMODE_OBJECT, and ilDBConstants\T_INTEGER.

Referenced by isRoleDeleted().

842  : bool
843  {
844  $q = "SELECT tree FROM tree WHERE child =" . $this->db->quote($a_node_id, ilDBConstants::T_INTEGER) . " ";
845  $r = $this->db->query($q);
846  $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
847 
848  if (!$row) {
849  $message = sprintf(
850  '%s::isDeleted(): Role folder with ref_id %s not found!',
851  get_class($this),
852  $a_node_id
853  );
854  $this->log->warning($message);
855  return true;
856  }
857  return $row->tree < 0;
858  }
$q
$q
Definition: shib_logout.php:21
$message
$message
Definition: xapiexit.php:31
$r
$r
Definition: shib_logout.php:140
+ Here is the caller graph for this function:

◆ isGlobalRole()

ilRbacReview::isGlobalRole ( int  $a_role_id)

Check if role is a global role.

Definition at line 863 of file class.ilRbacReview.php.

References getGlobalRoles().

863  : bool
864  {
865  return in_array($a_role_id, $this->getGlobalRoles());
866  }
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only &#39;global&#39; roles
Definition: class.ilRbacReview.php:554
+ Here is the call graph for this function:

◆ isProtected()

ilRbacReview::isProtected ( int  $a_ref_id,
int  $a_role_id 
)

ref_id not used yet.

Protected permission acts 'global' for each role,

Definition at line 1049 of file class.ilRbacReview.php.

References $res, ilDBConstants\FETCHMODE_OBJECT, and ilDBConstants\T_INTEGER.

1049  : bool
1050  {
1051  $query = 'SELECT protected FROM rbac_fa ' .
1052  'WHERE rol_id = ' . $this->db->quote($a_role_id, ilDBConstants::T_INTEGER);
1053  $res = $this->db->query($query);
1054  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1055  if ($row->protected === 'y') {
1056  return true;
1057  }
1058  }
1059  return false;
1060  }
$res
$res
Definition: ltiservices.php:66

◆ isRoleAssignedToObject()

ilRbacReview::isRoleAssignedToObject ( int  $a_role_id,
int  $a_parent_id 
)

Check if role is assigned to an object.

Definition at line 622 of file class.ilRbacReview.php.

References $res.

622  : bool
623  {
624  $query = 'SELECT * FROM rbac_fa ' .
625  'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
626  'AND parent = ' . $this->db->quote($a_parent_id, 'integer');
627  $res = $this->db->query($query);
628  return (bool) $res->numRows();
629  }
$res
$res
Definition: ltiservices.php:66

◆ isRoleDeleted()

ilRbacReview::isRoleDeleted ( int  $a_role_id)

return if role is only attached to deleted role folders

Definition at line 1236 of file class.ilRbacReview.php.

References getFoldersAssignedToRole(), and isDeleted().

1236  : bool
1237  {
1238  $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1239  $deleted = true;
1240  if ($rolf_list !== []) {
1241  foreach ($rolf_list as $rolf) {
1242  // only list roles that are not set to status "deleted"
1243  if (!$this->isDeleted($rolf)) {
1244  $deleted = false;
1245  break;
1246  }
1247  }
1248  }
1249  return $deleted;
1250  }
ilRbacReview\isDeleted
isDeleted(int $a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id)
Definition: class.ilRbacReview.php:842
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole(int $a_rol_id, bool $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:481
+ Here is the call graph for this function:

◆ isSystemGeneratedRole()

ilRbacReview::isSystemGeneratedRole ( int  $a_role_id)

Check if the role is system generate role or role template.

Definition at line 1319 of file class.ilRbacReview.php.

References $DIC, $ref_id, ilObject\_lookupTitle(), getRoleFolderOfRole(), getRoleListByObject(), null, and ROLE_FOLDER_ID.

1319  : bool
1320  {
1321  $title = ilObject::_lookupTitle($a_role_id);
1322  return substr($title, 0, 3) == 'il_';
1323  }
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
+ Here is the call graph for this function:

◆ lookupCreateOperationIds()

static ilRbacReview::lookupCreateOperationIds ( array  $a_type_arr)
static

Lookup operation ids.

Parameters
list<string>$a_type_arr e.g array('cat','crs','grp'). The operation name (e.g. 'create_cat') is generated automatically
Returns
array<string, int> Array with operation ids

Definition at line 1016 of file class.ilRbacReview.php.

References $DIC, $ilDB, $res, and ILIAS\Repository\int().

Referenced by ilObjectXMLWriter\appendOperations(), ilObjectRoleTemplatePermissionTableGUI\parse(), ilObjectRolePermissionTableGUI\parse(), and ilPermissionGUI\savePermissions().

1016  : array
1017  {
1018  global $DIC;
1019 
1020  $ilDB = $DIC->database();
1021 
1022  $operations = [];
1023  foreach ($a_type_arr as $type) {
1024  $operations[] = ('create_' . $type);
1025  }
1026 
1027  if ($operations === []) {
1028  return [];
1029  }
1030 
1031  $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1032  'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1033 
1034  $res = $ilDB->query($query);
1035 
1036  $ops_ids = [];
1037  while ($row = $ilDB->fetchObject($res)) {
1038  $type_arr = explode('_', $row->operation);
1039  $type = $type_arr[1];
1040 
1041  $ops_ids[$type] = (int) $row->ops_id;
1042  }
1043  return $ops_ids;
1044  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ roleExists()

ilRbacReview::roleExists ( string  $a_title,
int  $a_id = 0 
)

Checks if a role already exists.

Role title should be unique public

Parameters
stringrole title
?intobj_id of role to exclude in the check. Commonly this is the current role you want to edit
Returns
bool

Definition at line 70 of file class.ilRbacReview.php.

References $q, $r, ilDBConstants\FETCHMODE_OBJECT, null, and ilDBConstants\T_TEXT.

70  : ?int
71  {
72  $clause = ($a_id) ? " AND obj_id != " . $this->db->quote($a_id, ilDBConstants::T_TEXT) . " " : "";
73 
74  $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
75  "WHERE title =" . $this->db->quote($a_title, ilDBConstants::T_TEXT) . " " .
76  "AND type IN('role','rolt')" .
77  $clause . " ";
78  $r = $this->db->query($q);
79  while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
80  return (int) $row->obj_id;
81  }
82  return null;
83  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$q
$q
Definition: shib_logout.php:21
$r
$r
Definition: shib_logout.php:140

◆ setAssignedCacheEntry()

ilRbacReview::setAssignedCacheEntry ( int  $a_role_id,
int  $a_user_id,
bool  $a_value 
)

set entry of assigned_chache

Definition at line 1402 of file class.ilRbacReview.php.

1402  : void
1403  {
1404  self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1405  }

◆ setRoleTypeAndProtection()

ilRbacReview::setRoleTypeAndProtection ( array  $role_list_entry)
private

Definition at line 294 of file class.ilRbacReview.php.

References buildProtectionByStringValue(), and buildRoleType().

Referenced by __setRoleType(), getAssignableRolesGenerator(), and getRolesByFilter().

294  : array
295  {
296  $role_list_entry['role_type'] = $this->buildRoleType($role_list_entry);
297  $role_list_entry['protected'] = $this->buildProtectionByStringValue($role_list_entry['protected']);
298  return $role_list_entry;
299  }
ilRbacReview\buildRoleType
buildRoleType(array $role_list_entry)
Definition: class.ilRbacReview.php:301
ilRbacReview\buildProtectionByStringValue
buildProtectionByStringValue(string $value)
Definition: class.ilRbacReview.php:318
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $_opsCache

array ilRbacReview::$_opsCache = null
staticprivate

Definition at line 43 of file class.ilRbacReview.php.

◆ $assigned_users_cache

array ilRbacReview::$assigned_users_cache = []
staticprotected

Definition at line 45 of file class.ilRbacReview.php.

◆ $db

ilDBInterface ilRbacReview::$db
protected

Definition at line 49 of file class.ilRbacReview.php.

◆ $is_assigned_cache

array ilRbacReview::$is_assigned_cache = []
staticprotected

Definition at line 46 of file class.ilRbacReview.php.

◆ $log

ilLogger ilRbacReview::$log
protected

Definition at line 48 of file class.ilRbacReview.php.

◆ FILTER_ALL

const ilRbacReview::FILTER_ALL = 1

Definition at line 35 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter(), and ilRoleTableGUI\parse().

◆ FILTER_ALL_GLOBAL

const ilRbacReview::FILTER_ALL_GLOBAL = 2

Definition at line 36 of file class.ilRbacReview.php.

Referenced by ilADNNotificationUIFormGUI\getHTML(), and ilRoleTableGUI\initFilter().

◆ FILTER_ALL_LOCAL

const ilRbacReview::FILTER_ALL_LOCAL = 3

Definition at line 37 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

◆ FILTER_INTERNAL

const ilRbacReview::FILTER_INTERNAL = 4

Definition at line 38 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

◆ FILTER_NOT_INTERNAL

const ilRbacReview::FILTER_NOT_INTERNAL = 5

Definition at line 39 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

◆ FILTER_TEMPLATES

const ilRbacReview::FILTER_TEMPLATES = 6

Definition at line 40 of file class.ilRbacReview.php.

Referenced by ilRoleTableGUI\initFilter().

The documentation for this class was generated from the following file: