ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilRbacReview.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
33class ilRbacReview
34{
35 public const FILTER_ALL = 1;
36 public const FILTER_ALL_GLOBAL = 2;
37 public const FILTER_ALL_LOCAL = 3;
38 public const FILTER_INTERNAL = 4;
39 public const FILTER_NOT_INTERNAL = 5;
40 public const FILTER_TEMPLATES = 6;
41
42 // Cache operation ids
43 private static ?array $_opsCache = null;
44
45 protected static array $assigned_users_cache = [];
46 protected static array $is_assigned_cache = [];
47
48 protected ilLogger $log;
49 protected ilDBInterface $db;
50
55 public function __construct()
56 {
57 global $DIC;
58
59 $this->log = ilLoggerFactory::getLogger('ac');
60 $this->db = $DIC->database();
61 }
62
70 public function roleExists(string $a_title, int $a_id = 0): ?int
71 {
72 $clause = ($a_id) ? " AND obj_id != " . $this->db->quote($a_id, ilDBConstants::T_TEXT) . " " : "";
73
74 $q = "SELECT DISTINCT(obj_id) obj_id FROM object_data " .
75 "WHERE title =" . $this->db->quote($a_title, ilDBConstants::T_TEXT) . " " .
76 "AND type IN('role','rolt')" .
77 $clause . " ";
78 $r = $this->db->query($q);
79 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
80 return (int) $row->obj_id;
81 }
82 return null;
83 }
84
95 protected function __getParentRoles(array $a_path, bool $a_templates): array
96 {
97 $parent_roles = [];
98 $role_hierarchy = [];
99 foreach ($a_path as $ref_id) {
100 $roles = $this->getRoleListByObject($ref_id, $a_templates);
101 foreach ($roles as $role) {
102 $id = (int) $role["obj_id"];
103 $role["parent"] = (int) $ref_id;
104 $parent_roles[$id] = $role;
105
106 if (!array_key_exists($role['obj_id'], $role_hierarchy)) {
107 $role_hierarchy[$id] = $ref_id;
108 }
109 }
110 }
111 return $this->__setProtectedStatus($parent_roles, $role_hierarchy, (int) reset($a_path));
112 }
113
122 public function getParentRoleIds(int $a_endnode_id, bool $a_templates = false): array
123 {
124 global $DIC;
125
126 $tree = $DIC->repositoryTree();
127
128 $pathIds = $tree->getPathId($a_endnode_id);
129
130 // add system folder since it may not in the path
131 //$pathIds[0] = SYSTEM_FOLDER_ID;
132 $pathIds[0] = ROLE_FOLDER_ID;
133 return $this->__getParentRoles($pathIds, $a_templates);
134 }
135
140 public function getRoleListByObject(int $a_ref_id, bool $a_templates = false): array
141 {
142 $role_list = [];
143 $where = $this->__setTemplateFilter($a_templates);
144
145 $query = "SELECT * FROM object_data " .
146 "JOIN rbac_fa ON obj_id = rol_id " .
147 $where .
148 "AND object_data.obj_id = rbac_fa.rol_id " .
149 "AND rbac_fa.parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
150
151 $res = $this->db->query($query);
152 while ($row = $this->db->fetchAssoc($res)) {
153 $row["desc"] = $row["description"];
154 $row["user_id"] = (int) $row["owner"];
155 $row['obj_id'] = (int) $row['obj_id'];
156 $row['rol_id'] = (int) $row['rol_id'];
157 $row['parent'] = (int) $row['parent'];
158 $role_list[] = $row;
159 }
160
161 return $this->__setRoleType($role_list);
162 }
163
168 public function getAssignableRoles(
169 bool $a_templates = false,
170 bool $a_internal_roles = false,
171 string $title_filter = ''
172 ): array {
173 return iterator_to_array(
174 $this->getAssignableRolesGenerator(
175 $a_templates,
176 $a_internal_roles,
177 $title_filter
178 )
179 );
180 }
181
185 private function getAssignableRolesGenerator(
186 bool $a_templates = false,
187 bool $a_internal_roles = false,
188 string $title_filter = ''
189 ): Generator {
190 $where = $this->__setTemplateFilter($a_templates);
191 $query = "SELECT * FROM object_data " .
192 "JOIN rbac_fa ON obj_id = rol_id " .
193 $where .
194 "AND rbac_fa.assign = 'y' ";
195
196 if (strlen($title_filter)) {
197 $query .= (' AND ' . $this->db->like(
198 'title',
199 'text',
200 $title_filter . '%'
201 ));
202 }
203 $res = $this->db->query($query);
204
205 while ($row = $this->db->fetchAssoc($res)) {
206 $row["description"] = (string) $row["description"];
207 $row["desc"] = $row["description"];
208 $row["user_id"] = (int) $row["owner"];
209 $row['obj_id'] = (int) $row['obj_id'];
210 $row['parent'] = (int) $row['parent'];
211 yield $this->setRoleTypeAndProtection($row);
212 }
213 }
214
220 public function getAssignableRolesInSubtree(int $ref_id): array
221 {
222 global $DIC;
223
224 $tree = $DIC->repositoryTree();
225 $query = 'SELECT rol_id FROM rbac_fa fa ' .
226 'JOIN tree t1 ON t1.child = fa.parent ' .
227 'JOIN object_data obd ON fa.rol_id = obd.obj_id ' .
228 'WHERE assign = ' . $this->db->quote('y', 'text') . ' ' .
229 'AND obd.type = ' . $this->db->quote('role', 'text') . ' ' .
230 'AND t1.child IN (' .
231 $tree->getSubTreeQuery($ref_id, ['child']) . ' ' .
232 ') ';
233
234 $res = $this->db->query($query);
235
236 $role_list = [];
237 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
238 $role_list[] = (int) $row->rol_id;
239 }
240 return $role_list;
241 }
242
246 public function getAssignableChildRoles(int $a_ref_id): array
247 {
248 $query = "SELECT fa.*, rd.* " .
249 "FROM object_data rd " .
250 "JOIN rbac_fa fa ON rd.obj_id = fa.rol_id " .
251 "WHERE fa.assign = 'y' " .
252 "AND fa.parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
253
254 $res = $this->db->query($query);
255 $roles_data = [];
256 while ($row = $this->db->fetchAssoc($res)) {
257 $row['rol_id'] = (int) $row['rol_id'];
258 $row['obj_id'] = (int) $row['obj_id'];
259
260 $roles_data[] = $row;
261 }
262
263 return $roles_data;
264 }
265
269 protected function __setTemplateFilter(bool $a_templates): string
270 {
271 if ($a_templates) {
272 $where = "WHERE " . $this->db->in('object_data.type', ['role', 'rolt'], false, 'text') . " ";
273 } else {
274 $where = "WHERE " . $this->db->in('object_data.type', ['role'], false, 'text') . " ";
275 }
276 return $where;
277 }
278
286 protected function __setRoleType(array $a_role_list): array
287 {
288 foreach ($a_role_list as $key => $val) {
289 $a_role_list[$key] = $this->setRoleTypeAndProtection($val);
290 }
291 return $a_role_list;
292 }
293
294 private function setRoleTypeAndProtection(array $role_list_entry): array
295 {
296 $role_list_entry['role_type'] = $this->buildRoleType($role_list_entry);
297 $role_list_entry['protected'] = $this->buildProtectionByStringValue($role_list_entry['protected']);
298 return $role_list_entry;
299 }
300
301 private function buildRoleType(array $role_list_entry): string
302 {
303 if ($role_list_entry['type'] === 'rolt') {
304 return 'template';
305 }
306
307 if ($role_list_entry['assign'] !== 'y') {
308 return 'linked';
309 }
310
311 if ($role_list_entry['parent'] === ROLE_FOLDER_ID) {
312 return 'global';
313 }
314
315 return 'local';
316 }
317
318 private function buildProtectionByStringValue(string $value): bool
319 {
320 if ($value === 'y') {
321 return true;
322 }
323 return false;
324 }
325
330 public function getNumberOfAssignedUsers(array $a_roles): int
331 {
332 $query = 'select count(distinct(ua.usr_id)) as num from rbac_ua ua ' .
333 'join object_data on ua.usr_id = obj_id ' .
334 'join usr_data ud on ua.usr_id = ud.usr_id ' .
335 'where ' . $this->db->in('rol_id', $a_roles, false, 'integer');
336
337 $res = $this->db->query($query);
338 if ($res->numRows() > 0) {
339 $row = $res->fetchRow(\ilDBConstants::FETCHMODE_OBJECT);
340 return isset($row->num) && is_numeric($row->num) ? (int) $row->num : 0;
341 }
342 return 0;
343 }
344
349 public function assignedUsers(int $a_rol_id): array
350 {
351 if (isset(self::$assigned_users_cache[$a_rol_id])) {
352 return self::$assigned_users_cache[$a_rol_id];
353 }
354
355 $result_arr = [];
356 $query = "SELECT usr_id FROM rbac_ua WHERE rol_id= " . $this->db->quote($a_rol_id, 'integer');
357 $res = $this->db->query($query);
358 while ($row = $this->db->fetchAssoc($res)) {
359 $result_arr[] = (int) $row["usr_id"];
360 }
361 self::$assigned_users_cache[$a_rol_id] = $result_arr;
362 return $result_arr;
363 }
364
368 public function isAssigned(int $a_usr_id, int $a_role_id): bool
369 {
370 if (isset(self::$is_assigned_cache[$a_role_id][$a_usr_id])) {
371 return self::$is_assigned_cache[$a_role_id][$a_usr_id];
372 }
373 // Quickly determine if user is assigned to a role
374 $this->db->setLimit(1, 0);
375 $query = "SELECT usr_id FROM rbac_ua WHERE " .
376 "rol_id= " . $this->db->quote($a_role_id, 'integer') . " " .
377 "AND usr_id= " . $this->db->quote($a_usr_id, ilDBConstants::T_INTEGER);
378 $res = $this->db->query($query);
379 $is_assigned = $res->numRows() == 1;
380 self::$is_assigned_cache[$a_role_id][$a_usr_id] = $is_assigned;
381 return $is_assigned;
382 }
383
392 public function isAssignedToAtLeastOneGivenRole(int $a_usr_id, array $a_role_ids): bool
393 {
394 global $DIC;
395
396 $this->db = $DIC['ilDB'];
397
398 $this->db->setLimit(1, 0);
399 $query = "SELECT usr_id FROM rbac_ua WHERE " .
400 $this->db->in('rol_id', $a_role_ids, false, 'integer') .
401 " AND usr_id= " . $this->db->quote($a_usr_id, ilDBConstants::T_INTEGER);
402 $res = $this->db->query($query);
403
404 return $this->db->numRows($res) == 1;
405 }
406
411 public function assignedRoles(int $a_usr_id): array
412 {
413 $query = "SELECT rol_id FROM rbac_ua WHERE usr_id = " . $this->db->quote($a_usr_id, 'integer');
414
415 $res = $this->db->query($query);
416 $role_arr = [];
417 while ($row = $this->db->fetchObject($res)) {
418 $role_arr[] = (int) $row->rol_id;
419 }
420 return $role_arr;
421 }
422
427 public function assignedGlobalRoles(int $a_usr_id): array
428 {
429 $query = "SELECT ua.rol_id FROM rbac_ua ua " .
430 "JOIN rbac_fa fa ON ua.rol_id = fa.rol_id " .
431 "WHERE usr_id = " . $this->db->quote($a_usr_id, 'integer') . ' ' .
432 "AND parent = " . $this->db->quote(ROLE_FOLDER_ID, ilDBConstants::T_INTEGER) . " " .
433 "AND assign = 'y' ";
434
435 $res = $this->db->query($query);
436 $role_arr = [];
437 while ($row = $this->db->fetchObject($res)) {
438 $role_arr[] = (int) $row->rol_id;
439 }
440
441 return $role_arr;
442 }
443
447 public function isAssignable(int $a_rol_id, int $a_ref_id): bool
448 {
449 // exclude system role from rbac
450 if ($a_rol_id == SYSTEM_ROLE_ID) {
451 return true;
452 }
453
454 $query = "SELECT * FROM rbac_fa " .
455 "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
456 "AND parent = " . $this->db->quote($a_ref_id, 'integer') . " ";
457 $res = $this->db->query($query);
458 while ($row = $this->db->fetchObject($res)) {
459 return $row->assign == 'y';
460 }
461 return false;
462 }
463
464 public function hasMultipleAssignments(int $a_role_id): bool
465 {
466 $query = "SELECT * FROM rbac_fa WHERE rol_id = " . $this->db->quote($a_role_id, 'integer') . ' ' .
467 "AND assign = " . $this->db->quote('y', 'text');
468 $res = $this->db->query($query);
469 return $res->numRows() > 1;
470 }
471
481 public function getFoldersAssignedToRole(int $a_rol_id, bool $a_assignable = false): array
482 {
483 $where = '';
484 if ($a_assignable) {
485 $where = " AND assign ='y'";
486 }
487
488 $query = "SELECT DISTINCT parent FROM rbac_fa " .
489 "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " . $where . " ";
490
491 $res = $this->db->query($query);
492 $folders = [];
493 while ($row = $this->db->fetchObject($res)) {
494 $folders[] = (int) $row->parent;
495 }
496 return $folders;
497 }
498
503 public function getRolesOfObject(int $a_ref_id, bool $a_assignable_only = false): array
504 {
505 $and = '';
506 if ($a_assignable_only === true) {
507 $and = 'AND assign = ' . $this->db->quote('y', 'text');
508 }
509 $query = "SELECT rol_id FROM rbac_fa " .
510 "WHERE parent = " . $this->db->quote($a_ref_id, 'integer') . " " .
511 $and;
512
513 $res = $this->db->query($query);
514
515 $role_ids = [];
516 while ($row = $this->db->fetchObject($res)) {
517 $role_ids[] = (int) $row->rol_id;
518 }
519 return $role_ids;
520 }
521
529 public function getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable = true): array
530 {
531 $and = '';
532 if ($a_nonassignable === false) {
533 $and = " AND assign='y'";
534 }
535
536 $query = "SELECT rol_id FROM rbac_fa " .
537 "WHERE parent = " . $this->db->quote($a_ref_id, 'integer') . " " .
538 $and;
539
540 $res = $this->db->query($query);
541 $rol_id = [];
542 while ($row = $this->db->fetchObject($res)) {
543 $rol_id[] = (int) $row->rol_id;
544 }
545
546 return $rol_id;
547 }
548
554 public function getGlobalRoles(): array
555 {
556 return $this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false);
557 }
558
563 public function getLocalRoles(int $a_ref_id): array
564 {
565 $lroles = [];
566 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
567 if ($this->isAssignable($role_id, $a_ref_id)) {
568 $lroles[] = $role_id;
569 }
570 }
571 return $lroles;
572 }
573
578 public function getLocalPolicies(int $a_ref_id): array
579 {
580 $lroles = [];
581 foreach ($this->getRolesOfRoleFolder($a_ref_id) as $role_id) {
582 $lroles[] = $role_id;
583 }
584 return $lroles;
585 }
586
591 public function getGlobalRolesArray(): array
592 {
593 $ga = [];
594 foreach ($this->getRolesOfRoleFolder(ROLE_FOLDER_ID, false) as $role_id) {
595 $ga[] = ['obj_id' => $role_id,
596 'role_type' => 'global'
597 ];
598 }
599 return $ga;
600 }
601
606 public function getGlobalAssignableRoles(): array
607 {
608 $ga = [];
609 foreach ($this->getGlobalRoles() as $role_id) {
610 if (ilObjRole::_getAssignUsersStatus($role_id)) {
611 $ga[] = [
612 'obj_id' => $role_id,
613 'role_type' => 'global'
614 ];
615 }
616 }
617 return $ga;
618 }
619
623 public function isRoleAssignedToObject(int $a_role_id, int $a_parent_id): bool
624 {
625 $query = 'SELECT * FROM rbac_fa ' .
626 'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
627 'AND parent = ' . $this->db->quote($a_parent_id, 'integer');
628 $res = $this->db->query($query);
629 return (bool) $res->numRows();
630 }
631
636 public function getOperations(): array
637 {
638 $query = 'SELECT * FROM rbac_operations ORDER BY ops_id ';
639 $res = $this->db->query($query);
640 $ops = [];
641 while ($row = $this->db->fetchObject($res)) {
642 $ops[] = ['ops_id' => (int) $row->ops_id,
643 'operation' => $row->operation,
644 'description' => $row->description
645 ];
646 }
647 return $ops;
648 }
649
654 public function getOperation(int $ops_id): array
655 {
656 $query = 'SELECT * FROM rbac_operations WHERE ops_id = ' . $this->db->quote($ops_id, 'integer');
657 $res = $this->db->query($query);
658 $ops = [];
659 while ($row = $this->db->fetchObject($res)) {
660 $ops = ['ops_id' => (int) $row->ops_id,
661 'operation' => $row->operation,
662 'description' => $row->description
663 ];
664 }
665 return $ops;
666 }
667
673 public function getAllOperationsOfRole(int $a_rol_id, int $a_parent = 0): array
674 {
675 if (!$a_parent) {
676 $a_parent = ROLE_FOLDER_ID;
677 }
678 $query = "SELECT ops_id,type FROM rbac_templates " .
679 "WHERE rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
680 "AND parent = " . $this->db->quote($a_parent, 'integer');
681 $res = $this->db->query($query);
682
683 $ops_arr = [];
684 while ($row = $this->db->fetchObject($res)) {
685 $ops_arr[$row->type][] = (int) $row->ops_id;
686 }
687 return $ops_arr;
688 }
689
693 public function getActiveOperationsOfRole(int $a_ref_id, int $a_role_id): array
694 {
695 $query = 'SELECT * FROM rbac_pa ' .
696 'WHERE ref_id = ' . $this->db->quote($a_ref_id, 'integer') . ' ' .
697 'AND rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ';
698
699 $res = $this->db->query($query);
700 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) {
701 return array_map(
702 intval(...),
703 $row['ops_id'] === ':' ? [] : unserialize($row['ops_id'], ['allowed_classes' => false])
704 );
705 }
706 return [];
707 }
708
714 public function getOperationsOfRole(int $a_rol_id, string $a_type, int $a_parent = 0): array
715 {
716 $ops_arr = [];
717 // if no rolefolder id is given, assume global role folder as target
718 if ($a_parent == 0) {
719 $a_parent = ROLE_FOLDER_ID;
720 }
721
722 $query = "SELECT ops_id FROM rbac_templates " .
723 "WHERE type =" . $this->db->quote($a_type, 'text') . " " .
724 "AND rol_id = " . $this->db->quote($a_rol_id, 'integer') . " " .
725 "AND parent = " . $this->db->quote($a_parent, 'integer');
726 $res = $this->db->query($query);
727 while ($row = $this->db->fetchObject($res)) {
728 $ops_arr[] = $row->ops_id;
729 }
730 return $ops_arr;
731 }
732
736 public function getRoleOperationsOnObject(int $a_role_id, int $a_ref_id): array
737 {
738 $query = "SELECT ops_id FROM rbac_pa " .
739 "WHERE rol_id = " . $this->db->quote($a_role_id, 'integer') . " " .
740 "AND ref_id = " . $this->db->quote($a_ref_id, 'integer') . " ";
741
742 $res = $this->db->query($query);
743 $ops = [];
744 while ($row = $this->db->fetchObject($res)) {
745 if ($row->ops_id !== ':') {
746 $ops = array_map(
747 intval(...),
748 unserialize($row->ops_id, ['allowed_classes' => false])
749 );
750 }
751 }
752
753 return $ops;
754 }
755
760 public function getOperationsOnType(int $a_typ_id): array
761 {
762 $query = 'SELECT ta.ops_id FROM rbac_ta ta JOIN rbac_operations o ON ta.ops_id = o.ops_id ' .
763 'WHERE typ_id = ' . $this->db->quote($a_typ_id, 'integer') . ' ' .
764 'ORDER BY op_order';
765
766 $res = $this->db->query($query);
767 $ops_id = [];
768 while ($row = $this->db->fetchObject($res)) {
769 $ops_id[] = (int) $row->ops_id;
770 }
771 return $ops_id;
772 }
773
778 public function getOperationsOnTypeString(string $a_type): array
779 {
780 $query = "SELECT * FROM object_data WHERE type = 'typ' AND title = " . $this->db->quote($a_type, 'text') . " ";
781 $res = $this->db->query($query);
782 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
783 return $this->getOperationsOnType((int) $row->obj_id);
784 }
785 return [];
786 }
787
792 public function getOperationsByTypeAndClass(string $a_type, string $a_class): array
793 {
794 if ($a_class != 'create') {
795 $condition = "AND class != " . $this->db->quote('create', 'text');
796 } else {
797 $condition = "AND class = " . $this->db->quote('create', 'text');
798 }
799
800 $query = "SELECT ro.ops_id FROM rbac_operations ro " .
801 "JOIN rbac_ta rt ON ro.ops_id = rt.ops_id " .
802 "JOIN object_data od ON rt.typ_id = od.obj_id " .
803 "WHERE type = " . $this->db->quote('typ', 'text') . " " .
804 "AND title = " . $this->db->quote($a_type, 'text') . " " .
805 $condition . " " .
806 "ORDER BY op_order ";
807
808 $res = $this->db->query($query);
809 $ops = [];
810 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
811 $ops[] = (int) $row->ops_id;
812 }
813 return $ops;
814 }
815
821 public function getObjectsWithStopedInheritance(int $a_rol_id, array $a_filter = []): array
822 {
823 $query = 'SELECT parent p FROM rbac_fa ' .
824 'WHERE assign = ' . $this->db->quote('n', 'text') . ' ' .
825 'AND rol_id = ' . $this->db->quote($a_rol_id, 'integer') . ' ';
826
827 if ($a_filter !== []) {
828 $query .= ('AND ' . $this->db->in('parent', (array) $a_filter, false, 'integer'));
829 }
830
831 $res = $this->db->query($query);
832 $parent = [];
833 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
834 $parent[] = (int) $row->p;
835 }
836 return $parent;
837 }
838
843 public function isDeleted(int $a_node_id): bool
844 {
845 $q = "SELECT tree FROM tree WHERE child =" . $this->db->quote($a_node_id, ilDBConstants::T_INTEGER) . " ";
846 $r = $this->db->query($q);
847 $row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT);
848
849 if (!$row) {
850 $message = sprintf(
851 '%s::isDeleted(): Role folder with ref_id %s not found!',
852 get_class($this),
853 $a_node_id
854 );
855 $this->log->warning($message);
856 return true;
857 }
858 return $row->tree < 0;
859 }
860
864 public function isGlobalRole(int $a_role_id): bool
865 {
866 return in_array($a_role_id, $this->getGlobalRoles());
867 }
868
872 public function getRolesByFilter(int $a_filter = 0, int $a_user_id = 0, string $title_filter = ''): Generator
873 {
874 $assign = "y";
875 switch ($a_filter) {
876 case self::FILTER_ALL:
877 return yield from $this->getAssignableRolesGenerator(true, true, $title_filter);
878
879 case self::FILTER_ALL_GLOBAL:
880 $where = 'WHERE ' . $this->db->in('rbac_fa.rol_id', $this->getGlobalRoles(), false, 'integer') . ' ';
881 break;
882
883 case self::FILTER_ALL_LOCAL:
884 case self::FILTER_INTERNAL:
885 case self::FILTER_NOT_INTERNAL:
886 $where = 'WHERE ' . $this->db->in('rbac_fa.rol_id', $this->getGlobalRoles(), true, 'integer');
887 break;
888
889 case self::FILTER_TEMPLATES:
890 $where = "WHERE object_data.type = 'rolt'";
891 $assign = "n";
892 break;
893
894 case 0:
895 default:
896 if (!$a_user_id) {
897 return;
898 }
899
900 $where = 'WHERE ' . $this->db->in(
901 'rbac_fa.rol_id',
902 $this->assignedRoles($a_user_id),
903 false,
904 'integer'
905 ) . ' ';
906 break;
907 }
908
909 $query = "SELECT * FROM object_data " .
910 "JOIN rbac_fa ON obj_id = rol_id " .
911 $where .
912 "AND rbac_fa.assign = " . $this->db->quote($assign, 'text') . " ";
913
914 if (strlen($title_filter)) {
915 $query .= (' AND ' . $this->db->like(
916 'title',
917 'text',
918 '%' . $title_filter . '%'
919 ));
920 }
921
922 $res = $this->db->query($query);
923 while ($row = $this->db->fetchAssoc($res)) {
924 $row['title'] = $row['title'] ?? '';
925 $prefix = str_starts_with($row['title'], "il_");
926
927 // all (assignable) internal local roles only
928 if ($a_filter == 4 && !$prefix) {
929 continue;
930 }
931
932 // all (assignable) non internal local roles only
933 if ($a_filter == 5 && $prefix) {
934 continue;
935 }
936
937 $row['description'] = $row['description'] ?? '';
938 $row["desc"] = $row["description"];
939 $row["user_id"] = (int) $row["owner"];
940 $row['obj_id'] = (int) $row['obj_id'];
941 $row['rol_id'] = (int) $row['rol_id'];
942 $row['parent'] = (int) $row['parent'];
943
944 yield $this->setRoleTypeAndProtection($row);
945 }
946 }
947
948 public function getTypeId(string $a_type): int
949 {
950 $q = "SELECT obj_id FROM object_data " .
951 "WHERE title=" . $this->db->quote($a_type, 'text') . " AND type='typ'";
952 $r = $this->db->query($q);
953 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
954 return (int) $row->obj_id;
955 }
956 return 0;
957 }
958
965 public static function _getOperationIdsByName(array $operations): array
966 {
967 global $DIC;
968
969 $ilDB = $DIC->database();
970 if ($operations === []) {
971 return [];
972 }
973
974 $query = 'SELECT ops_id FROM rbac_operations ' .
975 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
976
977 $res = $ilDB->query($query);
978 $ops_ids = [];
979 while ($row = $ilDB->fetchObject($res)) {
980 $ops_ids[] = (int) $row->ops_id;
981 }
982 return $ops_ids;
983 }
984
988 public static function _getOperationIdByName(string $a_operation): int
989 {
990 global $DIC;
991
992 $ilDB = $DIC->database();
993
994 // Cache operation ids
995 if (!is_array(self::$_opsCache)) {
996 self::$_opsCache = [];
997
998 $q = "SELECT ops_id, operation FROM rbac_operations";
999 $r = $ilDB->query($q);
1000 while ($row = $r->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1001 self::$_opsCache[$row->operation] = (int) $row->ops_id;
1002 }
1003 }
1004
1005 // Get operation ID by name from cache
1006 if (array_key_exists($a_operation, self::$_opsCache)) {
1007 return self::$_opsCache[$a_operation];
1008 }
1009 return 0;
1010 }
1011
1017 public static function lookupCreateOperationIds(array $a_type_arr): array
1018 {
1019 global $DIC;
1020
1021 $ilDB = $DIC->database();
1022
1023 $operations = [];
1024 foreach ($a_type_arr as $type) {
1025 $operations[] = ('create_' . $type);
1026 }
1027
1028 if ($operations === []) {
1029 return [];
1030 }
1031
1032 $query = 'SELECT ops_id, operation FROM rbac_operations ' .
1033 'WHERE ' . $ilDB->in('operation', $operations, false, 'text');
1034
1035 $res = $ilDB->query($query);
1036
1037 $ops_ids = [];
1038 while ($row = $ilDB->fetchObject($res)) {
1039 $type_arr = explode('_', $row->operation);
1040 $type = $type_arr[1];
1041
1042 $ops_ids[$type] = (int) $row->ops_id;
1043 }
1044 return $ops_ids;
1045 }
1046
1050 public function isProtected(int $a_ref_id, int $a_role_id): bool
1051 {
1052 $query = 'SELECT protected FROM rbac_fa ' .
1053 'WHERE rol_id = ' . $this->db->quote($a_role_id, ilDBConstants::T_INTEGER);
1054 $res = $this->db->query($query);
1055 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1056 if ($row->protected === 'y') {
1057 return true;
1058 }
1059 }
1060 return false;
1061 }
1062
1063 public function isBlockedAtPosition(int $a_role_id, int $a_ref_id): bool
1064 {
1065 $query = 'SELECT blocked from rbac_fa ' .
1066 'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1067 'AND parent = ' . $this->db->quote($a_ref_id, 'integer');
1068 $res = $this->db->query($query);
1069 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1070 return (bool) $row->blocked;
1071 }
1072 return false;
1073 }
1074
1079 public function isBlockedInUpperContext(int $a_role_id, int $a_ref_id): bool
1080 {
1081 global $DIC;
1082
1083 $tree = $DIC['tree'];
1084
1085 if ($this->isBlockedAtPosition($a_role_id, $a_ref_id)) {
1086 return false;
1087 }
1088 $query = 'SELECT parent from rbac_fa ' .
1089 'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1090 'AND blocked = ' . $this->db->quote(1, 'integer');
1091 $res = $this->db->query($query);
1092
1093 $parent_ids = [];
1094 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1095 $parent_ids[] = (int) $row->parent;
1096 }
1097
1098 foreach ($parent_ids as $parent_id) {
1099 if ($tree->isGrandChild($parent_id, $a_ref_id)) {
1100 return true;
1101 }
1102 }
1103 return false;
1104 }
1105
1106 // this method alters the protected status of role regarding the current user's role assignment
1107 // and current postion in the hierarchy.
1108 protected function __setProtectedStatus(array $a_parent_roles, array $a_role_hierarchy, int $a_ref_id): array
1109 {
1110 global $DIC;
1111
1112 $rbacsystem = $DIC->rbac()->system();
1113 $ilUser = $DIC->user();
1114 if (in_array(SYSTEM_ROLE_ID, $this->assignedRoles($ilUser->getId()))) {
1115 $leveladmin = true;
1116 } else {
1117 $leveladmin = false;
1118 }
1119 foreach ($a_role_hierarchy as $role_id => $rolf_id) {
1120 if ($leveladmin == true) {
1121 $a_parent_roles[$role_id]['protected'] = false;
1122 continue;
1123 }
1124
1125 if ($a_parent_roles[$role_id]['protected'] == true) {
1126 $arr_lvl_roles_user = array_intersect(
1127 $this->assignedRoles($ilUser->getId()),
1128 array_keys($a_role_hierarchy, $rolf_id)
1129 );
1130
1131 foreach ($arr_lvl_roles_user as $lvl_role_id) {
1132 // check if role grants 'edit_permission' to parent
1133 $rolf = $a_parent_roles[$role_id]['parent'];
1134 if ($rbacsystem->checkPermission($rolf, $lvl_role_id, 'edit_permission')) {
1135 $a_parent_roles[$role_id]['protected'] = false;
1136 }
1137 }
1138 }
1139 }
1140 return $a_parent_roles;
1141 }
1142
1147 public static function _getOperationList(string $a_type = ''): array
1148 {
1149 global $DIC;
1150
1151 $ilDB = $DIC->database();
1152 $arr = [];
1153 if ($a_type) {
1154 $query = sprintf(
1155 'SELECT * FROM rbac_operations ' .
1156 'JOIN rbac_ta ON rbac_operations.ops_id = rbac_ta.ops_id ' .
1157 'JOIN object_data ON rbac_ta.typ_id = object_data.obj_id ' .
1158 'WHERE object_data.title = %s ' .
1159 'AND object_data.type = %s ' .
1160 'ORDER BY op_order ASC',
1161 $ilDB->quote($a_type, 'text'),
1162 $ilDB->quote('typ', 'text')
1163 );
1164 } else {
1165 $query = 'SELECT * FROM rbac_operations ORDER BY op_order ASC';
1166 }
1167 $res = $ilDB->query($query);
1168 while ($row = $ilDB->fetchAssoc($res)) {
1169 $arr[] = [
1170 "ops_id" => (int) $row['ops_id'],
1171 "operation" => $row['operation'],
1172 "desc" => $row['description'],
1173 "class" => $row['class'],
1174 "order" => (int) $row['op_order']
1175 ];
1176 }
1177 return $arr;
1178 }
1179
1183 public static function _groupOperationsByClass(array $a_ops_arr): array
1184 {
1185 $arr = [];
1186 foreach ($a_ops_arr as $ops) {
1187 $arr[$ops['class']][] = ['ops_id' => (int) $ops['ops_id'],
1188 'name' => $ops['operation']
1189 ];
1190 }
1191 return $arr;
1192 }
1193
1198 public function getObjectOfRole(int $a_role_id): int
1199 {
1200 // internal cache
1201 static $obj_cache = [];
1202
1203 if (isset($obj_cache[$a_role_id]) && $obj_cache[$a_role_id]) {
1204 return $obj_cache[$a_role_id];
1205 }
1206
1207 $query = 'SELECT obr.obj_id FROM rbac_fa rfa ' .
1208 'JOIN object_reference obr ON rfa.parent = obr.ref_id ' .
1209 'WHERE assign = ' . $this->db->quote('y', 'text') . ' ' .
1210 'AND rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1211 'AND deleted IS NULL';
1212
1213 $res = $this->db->query($query);
1214 $obj_cache[$a_role_id] = 0;
1215 while ($row = $this->db->fetchObject($res)) {
1216 $obj_cache[$a_role_id] = (int) $row->obj_id;
1217 }
1218 return $obj_cache[$a_role_id];
1219 }
1220
1221 public function getObjectReferenceOfRole(int $a_role_id): int
1222 {
1223 $query = 'SELECT parent p_ref FROM rbac_fa ' .
1224 'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1225 'AND assign = ' . $this->db->quote('y', 'text');
1226
1227 $res = $this->db->query($query);
1228 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1229 return (int) $row->p_ref;
1230 }
1231 return 0;
1232 }
1233
1237 public function isRoleDeleted(int $a_role_id): bool
1238 {
1239 $rolf_list = $this->getFoldersAssignedToRole($a_role_id, false);
1240 $deleted = true;
1241 if ($rolf_list !== []) {
1242 foreach ($rolf_list as $rolf) {
1243 // only list roles that are not set to status "deleted"
1244 if (!$this->isDeleted($rolf)) {
1245 $deleted = false;
1246 break;
1247 }
1248 }
1249 }
1250 return $deleted;
1251 }
1252
1253 public function getRolesForIDs(array $role_ids, bool $use_templates): array
1254 {
1255 $where = $this->__setTemplateFilter($use_templates);
1256 $query = "SELECT * FROM object_data " .
1257 "JOIN rbac_fa ON object_data.obj_id = rbac_fa.rol_id " .
1258 $where .
1259 "AND rbac_fa.assign = 'y' " .
1260 'AND ' . $this->db->in('object_data.obj_id', $role_ids, false, 'integer');
1261
1262 $res = $this->db->query($query);
1263 $role_list = [];
1264 while ($row = $this->db->fetchAssoc($res)) {
1265 $row["desc"] = $row["description"];
1266 $row["user_id"] = (int) $row["owner"];
1267 $role_list[] = $row;
1268 }
1269 return $this->__setRoleType($role_list);
1270 }
1271
1276 public function getOperationAssignment(): array
1277 {
1278 global $DIC;
1279
1280 $this->db = $DIC['ilDB'];
1281
1282 $query = 'SELECT ta.typ_id, obj.title, ops.ops_id, ops.operation FROM rbac_ta ta ' .
1283 'JOIN object_data obj ON obj.obj_id = ta.typ_id ' .
1284 'JOIN rbac_operations ops ON ops.ops_id = ta.ops_id ';
1285 $res = $this->db->query($query);
1286
1287 $counter = 0;
1288 $info = [];
1289 while ($row = $this->db->fetchObject($res)) {
1290 $info[$counter]['typ_id'] = (int) $row->typ_id;
1291 $info[$counter]['type'] = $row->title;
1292 $info[$counter]['ops_id'] = (int) $row->ops_id;
1293 $info[$counter]['operation'] = $row->operation;
1294 $counter++;
1295 }
1296
1297 return array_values($info);
1298 }
1299
1303 public function isDeleteable(int $a_role_id, int $a_rolf_id): bool
1304 {
1305 if (!$this->isAssignable($a_role_id, $a_rolf_id)) {
1306 return false;
1307 }
1308 if ($a_role_id == SYSTEM_ROLE_ID or $a_role_id == ANONYMOUS_ROLE_ID) {
1309 return false;
1310 }
1311 if (str_starts_with(ilObject::_lookupTitle($a_role_id), 'il_')) {
1312 return false;
1313 }
1314 return true;
1315 }
1316
1320 public function isSystemGeneratedRole(int $a_role_id): bool
1321 {
1322 $title = ilObject::_lookupTitle($a_role_id);
1323 return substr($title, 0, 3) == 'il_';
1324 }
1325
1326 public function getParentOfRole(int $role_id, ?int $object_ref = null): ?int
1327 {
1328 global $DIC;
1330 $tree = $DIC['tree'];
1331
1332 if ($object_ref === null || $object_ref === ROLE_FOLDER_ID) {
1333 return $this->getRoleFolderOfRole($role_id);
1334 }
1335
1336
1337 $path_ids = $tree->getPathId($object_ref);
1338 array_unshift($path_ids, ROLE_FOLDER_ID);
1339
1340 while ($ref_id = array_pop($path_ids)) {
1341 $roles = $this->getRoleListByObject($ref_id, false);
1342 foreach ($roles as $role) {
1343 if ((int) $role['obj_id'] === $role_id) {
1344 return $ref_id;
1345 }
1346 }
1347 }
1348
1349 return null;
1350 }
1351
1352
1353 public function getRoleFolderOfRole(int $a_role_id): int
1354 {
1355 if (ilObject::_lookupType($a_role_id) == 'role') {
1356 $and = ('AND assign = ' . $this->db->quote('y', 'text'));
1357 } else {
1358 $and = '';
1359 }
1360
1361 $query = 'SELECT * FROM rbac_fa ' .
1362 'WHERE rol_id = ' . $this->db->quote($a_role_id, 'integer') . ' ' .
1363 $and;
1364 $res = $this->db->query($query);
1365 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1366 return (int) $row->parent;
1367 }
1368 return 0;
1369 }
1370
1375 public function getUserPermissionsOnObject(int $a_user_id, int $a_ref_id): array
1376 {
1377 $query = "SELECT ops_id FROM rbac_pa JOIN rbac_ua " .
1378 "ON (rbac_pa.rol_id = rbac_ua.rol_id) " .
1379 "WHERE rbac_ua.usr_id = " . $this->db->quote($a_user_id, 'integer') . " " .
1380 "AND rbac_pa.ref_id = " . $this->db->quote($a_ref_id, 'integer') . " ";
1381
1382 $res = $this->db->query($query);
1383 $all_ops = [];
1384 while ($row = $this->db->fetchObject($res)) {
1385 $ops = unserialize($row->ops_id, ['allowed_classes' => false]);
1386 $all_ops = array_merge($all_ops, $ops);
1387 }
1388 $all_ops = array_unique($all_ops);
1389
1390 $set = $this->db->query("SELECT operation FROM rbac_operations " .
1391 " WHERE " . $this->db->in("ops_id", $all_ops, false, "integer"));
1392 $perms = [];
1393 while ($rec = $this->db->fetchAssoc($set)) {
1394 $perms[] = $rec["operation"];
1395 }
1396
1397 return array_values(array_filter($perms));
1398 }
1399
1403 public function setAssignedCacheEntry(int $a_role_id, int $a_user_id, bool $a_value): void
1404 {
1405 self::$is_assigned_cache[$a_role_id][$a_user_id] = $a_value;
1406 }
1407
1408 public function getAssignedCacheEntry(int $a_role_id, int $a_user_id): bool
1409 {
1410 return self::$is_assigned_cache[$a_role_id][$a_user_id];
1411 }
1412
1416 public function clearCaches(): void
1417 {
1418 self::$is_assigned_cache = [];
1419 self::$assigned_users_cache = [];
1420 }
1421
1422 public static function _getCustomRBACOperationId(string $operation, ?\ilDBInterface $ilDB = null): ?int
1423 {
1424 if (!$ilDB) {
1425 global $DIC;
1426 $ilDB = $DIC->database();
1427 }
1428
1429 $sql =
1430 "SELECT ops_id" . PHP_EOL
1431 . "FROM rbac_operations" . PHP_EOL
1432 . "WHERE operation = " . $ilDB->quote($operation, "text") . PHP_EOL
1433 ;
1434
1435 $res = $ilDB->query($sql);
1436 if ($ilDB->numRows($res) == 0) {
1437 return null;
1438 }
1439
1440 $row = $ilDB->fetchAssoc($res);
1441 return (int) $row["ops_id"] ?? null;
1442 }
1443
1444 public static function _isRBACOperation(int $type_id, int $ops_id, ?\ilDBInterface $ilDB = null): bool
1445 {
1446 if (!$ilDB) {
1447 global $DIC;
1448 $ilDB = $DIC->database();
1449 }
1450
1451 $sql =
1452 "SELECT typ_id" . PHP_EOL
1453 . "FROM rbac_ta" . PHP_EOL
1454 . "WHERE typ_id = " . $ilDB->quote($type_id, "integer") . PHP_EOL
1455 . "AND ops_id = " . $ilDB->quote($ops_id, "integer") . PHP_EOL
1456 ;
1457
1458 return (bool) $ilDB->numRows($ilDB->query($sql));
1459 }
1460} // END class.ilRbacReview
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilObjRole\_getAssignUsersStatus
static _getAssignUsersStatus(int $a_role_id)
Definition: class.ilObjRole.php:141
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRbacReview\getAssignableRoles
getAssignableRoles(bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
Returns a list of all assignable roles.
Definition: class.ilRbacReview.php:168
ilRbacReview\buildRoleType
buildRoleType(array $role_list_entry)
Definition: class.ilRbacReview.php:301
ilRbacReview\getAssignableRolesGenerator
getAssignableRolesGenerator(bool $a_templates=false, bool $a_internal_roles=false, string $title_filter='')
Definition: class.ilRbacReview.php:185
ilRbacReview\getTypeId
getTypeId(string $a_type)
Definition: class.ilRbacReview.php:948
ilRbacReview\isDeleted
isDeleted(int $a_node_id)
Checks if a rolefolder is set as deleted (negative tree_id)
Definition: class.ilRbacReview.php:843
ilRbacReview\$assigned_users_cache
static array $assigned_users_cache
Definition: class.ilRbacReview.php:45
ilRbacReview\getAssignedCacheEntry
getAssignedCacheEntry(int $a_role_id, int $a_user_id)
Definition: class.ilRbacReview.php:1408
ilRbacReview\_getOperationIdsByName
static _getOperationIdsByName(array $operations)
get ops_id's by name.
Definition: class.ilRbacReview.php:965
ilRbacReview\getRolesForIDs
getRolesForIDs(array $role_ids, bool $use_templates)
Definition: class.ilRbacReview.php:1253
ilRbacReview\hasMultipleAssignments
hasMultipleAssignments(int $a_role_id)
Definition: class.ilRbacReview.php:464
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:1063
ilRbacReview\isRoleDeleted
isRoleDeleted(int $a_role_id)
return if role is only attached to deleted role folders
Definition: class.ilRbacReview.php:1237
ilRbacReview\getObjectReferenceOfRole
getObjectReferenceOfRole(int $a_role_id)
Definition: class.ilRbacReview.php:1221
ilRbacReview\$_opsCache
static array $_opsCache
Definition: class.ilRbacReview.php:43
ilRbacReview\__getParentRoles
__getParentRoles(array $a_path, bool $a_templates)
Note: This function performs faster than the new getParentRoles function, because it uses database in...
Definition: class.ilRbacReview.php:95
ilRbacReview\__setRoleType
__setRoleType(array $a_role_list)
computes role type in role list array: global: roles in ROLE_FOLDER_ID local: assignable roles in oth...
Definition: class.ilRbacReview.php:286
ilRbacReview\assignedRoles
assignedRoles(int $a_usr_id)
get all assigned roles to a given user
Definition: class.ilRbacReview.php:411
ilRbacReview\getAssignableRolesInSubtree
getAssignableRolesInSubtree(int $ref_id)
Returns a list of assignable roles in a subtree of the repository.
Definition: class.ilRbacReview.php:220
ilRbacReview\getGlobalRoles
getGlobalRoles()
get only 'global' roles
Definition: class.ilRbacReview.php:554
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds(array $a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1017
ilRbacReview\getObjectsWithStopedInheritance
getObjectsWithStopedInheritance(int $a_rol_id, array $a_filter=[])
get all objects in which the inheritance of role with role_id was stopped the function returns all re...
Definition: class.ilRbacReview.php:821
ilRbacReview\_getCustomRBACOperationId
static _getCustomRBACOperationId(string $operation, ?\ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1422
ilRbacReview\isProtected
isProtected(int $a_ref_id, int $a_role_id)
ref_id not used yet.
Definition: class.ilRbacReview.php:1050
ilRbacReview\isBlockedInUpperContext
isBlockedInUpperContext(int $a_role_id, int $a_ref_id)
Check if role is blocked in upper context.
Definition: class.ilRbacReview.php:1079
ilRbacReview\getAllOperationsOfRole
getAllOperationsOfRole(int $a_rol_id, int $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:673
ilRbacReview\setRoleTypeAndProtection
setRoleTypeAndProtection(array $role_list_entry)
Definition: class.ilRbacReview.php:294
ilRbacReview\getAssignableChildRoles
getAssignableChildRoles(int $a_ref_id)
Get all assignable roles directly under a specific node.
Definition: class.ilRbacReview.php:246
ilRbacReview\_groupOperationsByClass
static _groupOperationsByClass(array $a_ops_arr)
Definition: class.ilRbacReview.php:1183
ilRbacReview\$db
ilDBInterface $db
Definition: class.ilRbacReview.php:49
ilRbacReview\getRolesOfObject
getRolesOfObject(int $a_ref_id, bool $a_assignable_only=false)
Get roles of object.
Definition: class.ilRbacReview.php:503
ilRbacReview\getParentRoleIds
getParentRoleIds(int $a_endnode_id, bool $a_templates=false)
Get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:122
ilRbacReview\roleExists
roleExists(string $a_title, int $a_id=0)
Checks if a role already exists.
Definition: class.ilRbacReview.php:70
ilRbacReview\clearCaches
clearCaches()
Clear assigned users caches.
Definition: class.ilRbacReview.php:1416
ilRbacReview\__setProtectedStatus
__setProtectedStatus(array $a_parent_roles, array $a_role_hierarchy, int $a_ref_id)
Definition: class.ilRbacReview.php:1108
ilRbacReview\assignedUsers
assignedUsers(int $a_rol_id)
get all assigned users to a given role
Definition: class.ilRbacReview.php:349
ilRbacReview\isAssignedToAtLeastOneGivenRole
isAssignedToAtLeastOneGivenRole(int $a_usr_id, array $a_role_ids)
check if a specific user is assigned to at least one of the given role ids.
Definition: class.ilRbacReview.php:392
ilRbacReview\_isRBACOperation
static _isRBACOperation(int $type_id, int $ops_id, ?\ilDBInterface $ilDB=null)
Definition: class.ilRbacReview.php:1444
ilRbacReview\getUserPermissionsOnObject
getUserPermissionsOnObject(int $a_user_id, int $a_ref_id)
Get all user permissions on an object.
Definition: class.ilRbacReview.php:1375
ilRbacReview\getRoleFolderOfRole
getRoleFolderOfRole(int $a_role_id)
Definition: class.ilRbacReview.php:1353
ilRbacReview\isAssigned
isAssigned(int $a_usr_id, int $a_role_id)
check if a specific user is assigned to specific role
Definition: class.ilRbacReview.php:368
ilRbacReview\getFoldersAssignedToRole
getFoldersAssignedToRole(int $a_rol_id, bool $a_assignable=false)
Returns an array of objects assigned to a role.
Definition: class.ilRbacReview.php:481
ilRbacReview\getGlobalAssignableRoles
getGlobalAssignableRoles()
get only 'global' roles (with flag 'assign_users')
Definition: class.ilRbacReview.php:606
ilRbacReview\getRolesOfRoleFolder
getRolesOfRoleFolder(int $a_ref_id, bool $a_nonassignable=true)
get all roles of a role folder including linked local roles that are created due to stopped inheritan...
Definition: class.ilRbacReview.php:529
ilRbacReview\buildProtectionByStringValue
buildProtectionByStringValue(string $value)
Definition: class.ilRbacReview.php:318
ilRbacReview\isSystemGeneratedRole
isSystemGeneratedRole(int $a_role_id)
Check if the role is system generate role or role template.
Definition: class.ilRbacReview.php:1320
ilRbacReview\__setTemplateFilter
__setTemplateFilter(bool $a_templates)
get roles and templates or only roles; returns string for where clause
Definition: class.ilRbacReview.php:269
ilRbacReview\getOperationsOfRole
getOperationsOfRole(int $a_rol_id, string $a_type, int $a_parent=0)
get all possible operations of a specific role The ref_id of the role folder (parent object) is neces...
Definition: class.ilRbacReview.php:714
ilRbacReview\getNumberOfAssignedUsers
getNumberOfAssignedUsers(array $a_roles)
Get the number of assigned users to roles (not properly deleted user accounts are not counted)
Definition: class.ilRbacReview.php:330
ilRbacReview\isRoleAssignedToObject
isRoleAssignedToObject(int $a_role_id, int $a_parent_id)
Check if role is assigned to an object.
Definition: class.ilRbacReview.php:623
ilRbacReview\assignedGlobalRoles
assignedGlobalRoles(int $a_usr_id)
Get assigned global roles for an user.
Definition: class.ilRbacReview.php:427
ilRbacReview\getLocalPolicies
getLocalPolicies(int $a_ref_id)
Get all roles with local policies.
Definition: class.ilRbacReview.php:578
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:447
ilRbacReview\getRoleListByObject
getRoleListByObject(int $a_ref_id, bool $a_templates=false)
Returns a list of roles in an container.
Definition: class.ilRbacReview.php:140
ilRbacReview\$is_assigned_cache
static array $is_assigned_cache
Definition: class.ilRbacReview.php:46
ilRbacReview\getOperationsOnTypeString
getOperationsOnTypeString(string $a_type)
all possible operations of a type
Definition: class.ilRbacReview.php:778
ilRbacReview\getOperation
getOperation(int $ops_id)
get one operation by operation id
Definition: class.ilRbacReview.php:654
ilRbacReview\getGlobalRolesArray
getGlobalRolesArray()
get only 'global' roles
Definition: class.ilRbacReview.php:591
ilRbacReview\getRolesByFilter
getRolesByFilter(int $a_filter=0, int $a_user_id=0, string $title_filter='')
Definition: class.ilRbacReview.php:872
ilRbacReview\setAssignedCacheEntry
setAssignedCacheEntry(int $a_role_id, int $a_user_id, bool $a_value)
set entry of assigned_chache
Definition: class.ilRbacReview.php:1403
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass(string $a_type, string $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:792
ilRbacReview\getOperationAssignment
getOperationAssignment()
get operation assignments
Definition: class.ilRbacReview.php:1276
ilRbacReview\getActiveOperationsOfRole
getActiveOperationsOfRole(int $a_ref_id, int $a_role_id)
Definition: class.ilRbacReview.php:693
ilRbacReview\__construct
__construct()
Constructor @access public.
Definition: class.ilRbacReview.php:55
ilRbacReview\isGlobalRole
isGlobalRole(int $a_role_id)
Check if role is a global role.
Definition: class.ilRbacReview.php:864
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:736
ilRbacReview\getObjectOfRole
getObjectOfRole(int $a_role_id)
Get object id of objects a role is assigned to.
Definition: class.ilRbacReview.php:1198
ilRbacReview\getOperations
getOperations()
get all possible operations
Definition: class.ilRbacReview.php:636
ilRbacReview\getLocalRoles
getLocalRoles(int $a_ref_id)
Get local roles of object.
Definition: class.ilRbacReview.php:563
ilRbacReview\getOperationsOnType
getOperationsOnType(int $a_typ_id)
all possible operations of a type
Definition: class.ilRbacReview.php:760
ilRbacReview\_getOperationIdByName
static _getOperationIdByName(string $a_operation)
get operation id by name of operation
Definition: class.ilRbacReview.php:988
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1147
ilRbacReview\isDeleteable
isDeleteable(int $a_role_id, int $a_rolf_id)
Check if role is deleteable at a specific position.
Definition: class.ilRbacReview.php:1303
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
return
return['delivery_method'=> 'php',]
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: delivery_method.php:21
$info
$info
Definition: entry_point.php:21
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30
$ref_id
$ref_id
Definition: ltiauth.php:66
$res
$res
Definition: ltiservices.php:69
$DIC
global $DIC
Definition: shib_login.php:26
$q
$q
Definition: shib_logout.php:23
$counter
$counter
Definition: shib_logout.php:170
$message
$message
Definition: xapiexit.php:31