19declare(strict_types=1);
50 public function __construct(
int $a_id = 0,
bool $a_call_by_reference =
false)
54 $this->
logger = $DIC->logger()->ac();
61 string $a_description,
70 $res =
$ilDB->query(
"SELECT obj_id FROM object_data " .
71 " WHERE type=" .
$ilDB->quote(
"rolt",
"text") .
72 " AND title=" .
$ilDB->quote($a_tpl_name,
"text"));
75 $tpl_id = (
int) $row->obj_id;
82 $role->setTitle($a_title);
83 $role->setDescription($a_description);
86 $GLOBALS[
'DIC'][
'rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id,
'y');
87 $GLOBALS[
'DIC'][
'rbacadmin']->copyRoleTemplatePermissions(
94 $ops =
$GLOBALS[
'DIC'][
'rbacreview']->getOperationsOfRole(
99 $GLOBALS[
'DIC'][
'rbacadmin']->grantPermission(
113 if (substr($this->
getTitle(), 0, 3) ==
'il_') {
114 $ilErr->setMessage(
'msg_role_reserved_prefix');
124 if ($r === $this->getUntranslatedTitle()) {
128 return $r .
' (' . $this->getUntranslatedTitle() .
')';
133 $this->assign_users = $a_assign_users;
138 return $this->assign_users;
146 $query =
"SELECT assign_users FROM role_data WHERE role_id = " .
$ilDB->quote($a_role_id,
'integer') .
" ";
148 while ($row =
$ilDB->fetchObject(
$res)) {
149 return (
bool) $row->assign_users;
160 $query =
"SELECT * FROM role_data WHERE role_id= " . $this->db->quote($this->
id,
'integer') .
" ";
161 $res = $this->db->query($query);
162 if (
$res->numRows() > 0) {
163 $row = $this->db->fetchAssoc(
$res);
164 $this->setAllowRegister((
bool) $row[
'allow_register']);
165 $this->toggleAssignUsersStatus((
bool) ($row[
'assign_users'] ??
false));
175 $query =
"UPDATE role_data SET " .
176 "allow_register= " . $this->db->quote($this->allow_register,
'integer') .
", " .
177 "assign_users = " . $this->db->quote($this->getAssignUsersStatus(),
'integer') .
" " .
178 "WHERE role_id= " . $this->db->quote($this->
id,
'integer') .
" ";
179 $res = $this->db->manipulate($query);
192 $this->
id = parent::create();
193 $query =
"INSERT INTO role_data " .
194 "(role_id,allow_register,assign_users) " .
196 "(" . $this->db->quote($this->
id,
'integer') .
"," .
197 $this->db->quote($this->getAllowRegister(),
'integer') .
"," .
198 $this->db->quote($this->getAssignUsersStatus(),
'integer') .
")";
199 $res = $this->db->query($query);
206 $this->allow_register = $a_allow_register;
211 return $this->allow_register;
222 $query =
"SELECT * FROM role_data " .
223 "JOIN object_data ON object_data.obj_id = role_data.role_id " .
224 "WHERE allow_register = 1";
228 while ($role =
$ilDB->fetchAssoc(
$res)) {
229 $roles[] = [
"id" => (
int) $role[
"obj_id"],
230 "title" => (
string) $role[
"title"],
231 "auth_mode" => (string) $role[
'auth_mode']
246 $query =
"SELECT * FROM role_data " .
247 " WHERE role_id =" .
$ilDB->quote($a_role_id,
'integer');
250 if ($role_rec =
$ilDB->fetchAssoc(
$res)) {
251 if ($role_rec[
"allow_register"]) {
264 $this->parent = $a_parent_ref;
272 return $this->parent;
280 public function delete():
bool
285 if ($this->rbac_review->hasMultipleAssignments($this->getId())) {
286 $this->
logger->warning(
'Found role with multiple assignments: role_id: ' . $this->
getId());
287 $this->
logger->warning(
'Aborted deletion of role.');
291 if ($this->rbac_review->isAssignable($this->getId(), $this->getParent())) {
292 $this->
logger->debug(
'Handling assignable role...');
300 $last_role_user_ids = [];
306 $user_ids = $this->rbac_review->assignedUsers($this->
getId());
310 $role_ids = $this->rbac_review->assignedRoles(
$user_id);
313 if (count($role_ids) == 1) {
320 if ($last_role_user_ids !== []) {
322 foreach ($last_role_user_ids as
$user_id) {
330 $users = implode(
', ', $user_names);
331 $this->
logger->info(
'Cannot delete last global role of users.');
332 $this->
ilias->raiseError($this->
lng->txt(
"msg_user_last_role1") .
" " .
333 $users .
"<br/>" . $this->lng->txt(
"msg_user_last_role2"), $this->ilias->error_obj->WARNING);
335 $this->
logger->debug(
'Starting deletion of assignable role: role_id: ' . $this->
getId());
336 $this->rbac_admin->deleteRole($this->
getId(), $this->getParent());
345 $query =
"DELETE FROM role_data WHERE role_id = " . $this->db->quote($this->
getId(),
'integer');
346 $res = $this->db->manipulate($query);
349 $this->
logger->debug(
'Starting deletion of linked role: role_id ' . $this->
getId());
351 $this->rbac_admin->deleteLocalRole($this->
getId(), $this->getParent());
361 return count($this->rbac_review->assignedUsers($this->getId()));
369 $objDefinition =
$DIC[
'objDefinition'];
371 $role_title = self::_removeObjectId($a_role_title);
373 if (preg_match(
"/^il_([a-z]{1,4})_./", $role_title, $type)) {
375 if ($objDefinition->isPlugin($type[1])) {
378 return $lng->txt($role_title);
380 return $a_role_title;
388 $role_title_parts = explode(
'_', $a_role_title);
390 $test2 = (
int) ($role_title_parts[3] ?? 0);
392 unset($role_title_parts[3]);
395 return implode(
'_', $role_title_parts);
401 public static function getSubObjects(
string $a_obj_type,
bool $a_add_admin_objects): array
407 $objDefinition =
$DIC[
'objDefinition'];
409 $subs = $objDefinition->getSubObjectsRecursively($a_obj_type,
true, $a_add_admin_objects);
419 foreach ($subs as $subtype => $def) {
420 if (in_array($def[
"name"], $filter)) {
424 if ($objDefinition->isPlugin($subtype)) {
426 } elseif ($objDefinition->isSystemObject($subtype)) {
427 $translation =
$lng->txt(
"obj_" . $subtype);
429 $translation =
$lng->txt(
'objs_' . $subtype);
432 $sorted[$subtype] = $def;
433 $sorted[$subtype][
'translation'] = $translation;
444 foreach ($a_roles as $role_id => $auth_mode) {
445 $query =
"UPDATE role_data SET " .
446 "auth_mode= " .
$ilDB->quote($auth_mode,
'text') .
" " .
447 "WHERE role_id= " .
$ilDB->quote($role_id,
'integer') .
" ";
458 $query =
"SELECT auth_mode FROM role_data " .
459 "WHERE role_id= " .
$ilDB->quote($a_role_id,
'integer') .
" ";
463 return $row[
'auth_mode'];
478 $query =
"SELECT * FROM role_data " .
479 "WHERE auth_mode = " .
$ilDB->quote($a_auth_mode,
'text');
482 while ($row =
$ilDB->fetchObject(
$res)) {
483 $roles[] = $row->role_id;
497 $query =
"UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " .
$ilDB->quote($a_auth_mode,
'text');
503 $operation_info = $this->rbac_review->getOperationAssignment();
504 $rbac_objects = $rbac_operations = [];
505 foreach ($operation_info as
$info) {
506 if ($this->obj_definition->getDevMode(
$info[
'type'])) {
509 $rbac_objects[
$info[
'typ_id']] = [
"obj_id" =>
$info[
'typ_id'],
510 "type" =>
$info[
'type']
514 $txt = $this->obj_definition->isPlugin(
$info[
'type'])
516 : $this->
lng->txt($info[
'type'] .
"_" .
$info[
'operation']);
517 if (substr(
$info[
'operation'], 0, 7) ==
"create_" &&
518 $this->obj_definition->isPlugin(substr(
$info[
'operation'], 7))) {
520 substr(
$info[
'operation'], 7),
524 $rbac_operations[
$info[
'typ_id']][
$info[
'ops_id']] = [
525 "ops_id" =>
$info[
'ops_id'],
526 "title" =>
$info[
'operation'],
530 return [$rbac_objects, $rbac_operations];
535 return substr($this->title, 0, 3) ==
'il_';
546 array $a_exclusion_filter = [],
547 int $a_operation_mode = self::MODE_READ_OPERATIONS,
548 array $a_operation_stack = []
551 $nodes = $this->tree->getRbacSubtreeInfo($a_start_node);
554 $all_local_policies = $this->rbac_review->getObjectsWithStopedInheritance($this->
getId());
557 $local_policies = [];
558 foreach ($all_local_policies as $lp) {
559 if (isset($nodes[$lp])) {
560 $local_policies[] = $lp;
566 case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
567 case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
568 $local_policies = $this->deleteLocalPolicies($a_start_node, $local_policies, $a_filter);
571 $this->adjustPermissions(
585 $rbacadmin =
$DIC[
'rbacadmin'];
587 $local_policies = [];
588 foreach ($a_policies as $policy) {
590 $local_policies[] = $policy;
593 if (!in_array(
'all', $a_filter) && !in_array(
597 $local_policies[] = $policy;
600 $rbacadmin->deleteLocalRole($this->
getId(), $policy);
602 return $local_policies;
612 array $a_exclusion_filter = [],
613 int $a_operation_mode = self::MODE_READ_OPERATIONS,
614 array $a_operation_stack = []
616 $operation_stack = [];
620 $start_node = current($a_nodes);
621 $node_stack[] = $start_node;
622 $this->updatePolicyStack($policy_stack, $start_node[
'child']);
624 if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
625 $this->updateOperationStack($operation_stack, $start_node[
'child'],
true);
627 $operation_stack = $a_operation_stack;
630 $this->
logger->debug(
'adjust permissions operation stack');
635 $local_policy =
false;
636 foreach ($a_nodes as $node) {
637 $cmp_node = end($node_stack);
638 while (
$relation = $this->tree->getRelationOfNodes($node, $cmp_node)) {
642 $this->
logger->debug(
'Handling sibling/none relation.');
643 array_pop($operation_stack);
644 array_pop($policy_stack);
645 array_pop($node_stack);
646 $cmp_node = end($node_stack);
647 $local_policy =
false;
664 if ($node[
'child'] == $start_node[
'child']) {
665 if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node[
'type'])) {
666 if ($rbac_log_active) {
667 $rbac_log_roles = $this->rbac_review->getParentRoleIds($node[
'child'],
false);
672 $perms = end($operation_stack);
673 $this->changeExistingObjectsGrantPermissions(
675 (array) ($perms[$node[
'type']] ?? []),
680 if ($rbac_log_active) {
690 if (in_array($node[
'child'], $a_policies) && $node[
'child'] !=
SYSTEM_FOLDER_ID) {
691 $local_policy =
true;
692 $this->updatePolicyStack($policy_stack, $node[
'child']);
693 $this->updateOperationStack($operation_stack, $node[
'child']);
694 $node_stack[] = $node;
699 if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node[
'type'])) {
703 if ($rbac_log_active) {
704 $rbac_log_roles = $this->rbac_review->getParentRoleIds($node[
'child'],
false);
710 ($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES || $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) &&
711 ($node[
'type'] ==
'crs' || $node[
'type'] ==
'grp')
714 $perms = end($operation_stack);
715 $this->createPermissionIntersection(
717 $perms[$node[
'type']] ?? [],
721 if ($this->updateOperationStack($operation_stack, $node[
'child'])) {
722 $this->updatePolicyStack($policy_stack, $node[
'child']);
723 $node_stack[] = $node;
728 $perms = end($operation_stack);
729 $this->changeExistingObjectsGrantPermissions(
731 (array) ($perms[$node[
'type']] ?? []),
735 if ($rbac_log_active) {
745 array $a_permissions,
747 int $a_operation_mode
751 $admin =
$DIC->rbac()->admin();
752 $review =
$DIC->rbac()->review();
753 if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
754 $admin->grantPermission(
759 } elseif ($a_operation_mode == self::MODE_ADD_OPERATIONS) {
760 $current_operations = $review->getRoleOperationsOnObject(
764 $this->
logger->debug(
'Current operations');
765 $this->
logger->dump($current_operations);
767 $new_ops = array_unique(array_merge($a_permissions, $current_operations));
768 $this->
logger->debug(
'New operations');
769 $this->
logger->dump($new_ops);
771 $admin->grantPermission(
776 } elseif ($a_operation_mode == self::MODE_REMOVE_OPERATIONS) {
777 $current_operations = $review->getRoleOperationsOnObject(
781 $this->
logger->debug(
'Current operations');
782 $this->
logger->dump($current_operations);
784 $new_ops = array_diff($current_operations, $a_permissions);
786 $admin->grantPermission(
796 if (in_array($a_type, $a_exclusion_filter)) {
800 if (in_array(
'all', $a_filter)) {
803 return in_array($a_type, $a_filter);
814 $has_policies = null;
817 $has_policies =
true;
820 $has_policies = $this->rbac_review->getLocalPolicies($a_node);
821 $policy_origin = $a_node;
824 $parent_roles = $this->rbac_review->getParentRoleIds($a_node,
false);
825 if ($parent_roles[$this->
getId()]) {
826 $a_stack[] = $this->rbac_review->getAllOperationsOfRole(
828 $parent_roles[$this->
getId()][
'parent']
835 if (!$has_policies) {
839 $a_stack[] = $this->rbac_review->getAllOperationsOfRole(
848 $has_policies =
null;
851 $has_policies =
true;
854 $has_policies = $this->rbac_review->getLocalPolicies($a_node);
855 $policy_origin = $a_node;
858 if (!$has_policies) {
862 $a_stack[] = $policy_origin;
871 array $a_current_ops,
875 static $course_non_member_id = null;
876 static $group_non_member_id =
null;
877 static $group_open_id =
null;
878 static $group_closed_id =
null;
887 if (!$group_closed_id) {
888 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
889 $res = $this->db->query($query);
891 $group_closed_id = (
int) $row->obj_id;
894 $template_id = $group_closed_id;
895 #var_dump("GROUP CLOSED id:" . $template_id);
900 if (!$group_open_id) {
901 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
902 $res = $this->db->query($query);
904 $group_open_id = (
int) $row->obj_id;
907 $template_id = $group_open_id;
913 if (!$course_non_member_id) {
914 $query =
"SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
915 $res = $this->db->query($query);
917 $course_non_member_id = (
int) $row->obj_id;
920 $template_id = $course_non_member_id;
925 if ($template_id && $policy_stack !== []) {
926 $this->rbac_admin->copyRolePermissionIntersection(
936 if ($a_id && !
$GLOBALS[
'DIC'][
'rbacreview']->isRoleAssignedToObject($this->
getId(), $a_id)) {
937 $this->rbac_admin->assignRoleToFolder($this->
getId(), $a_id,
"n");
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
static sortArray(array $array, string $a_array_sortby_key, string $a_array_sortorder="asc", bool $a_numeric=false, bool $a_keep_keys=false)
static ecsConfigured()
Checks if an ecs server is configured.
static getPossibleRemoteTypes(bool $a_with_captions=false)
Get all possible remote object types.
static _deleteByRole(int $a_role_id)
static getLogger(string $a_component_id)
Get component logger.
Component logger with individual log levels by component id.
static lookupGroupTye(int $a_id)
__construct(int $a_id=0, bool $a_call_by_reference=false)
Constructor @access public.
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
toggleAssignUsersStatus(bool $a_assign_users)
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
__getPermissionDefinitions()
create()
note: title, description and type should be set when this function is called
deleteLocalPolicies(int $a_start, array $a_policies, array $a_filter)
changeExistingObjects(int $a_start_node, int $a_mode, array $a_filter, array $a_exclusion_filter=[], int $a_operation_mode=self::MODE_READ_OPERATIONS, array $a_operation_stack=[])
Change existing objects.
static _removeObjectId(string $a_role_title)
isHandledObjectType(array $a_filter, array $a_exclusion_filter, string $a_type)
getCountMembers()
Get number of users assigned to role.
static _updateAuthMode(array $a_roles)
static _resetAuthMode(string $a_auth_mode)
Reset auth mode to default.
adjustPermissions(int $a_mode, array $a_nodes, array $a_policies, array $a_filter, array $a_exclusion_filter=[], int $a_operation_mode=self::MODE_READ_OPERATIONS, array $a_operation_stack=[])
const MODE_REMOVE_OPERATIONS
updatePolicyStack(array &$a_stack, int $a_node)
static _getAuthMode(int $a_role_id)
createPermissionIntersection(array $policy_stack, array $a_current_ops, int $a_id, string $a_type)
Create permission intersection.
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
read()
loads "role" from database @access private
static _getRolesByAuthMode(string $a_auth_mode)
Get roles by auth mode @access public.
static _lookupRegisterAllowed()
get all roles that are activated in user registration
const MODE_ADD_OPERATIONS
getPresentationTitle()
get presentation title Normally same as title Overwritten for sessions
changeExistingObjectsGrantPermissions(int $a_role_id, array $a_permissions, int $a_ref_id, int $a_operation_mode)
const MODE_READ_OPERATIONS
static _lookupAllowRegister(int $a_role_id)
check whether role is allowed in user registration or not
setParent(int $a_parent_ref)
set reference id of parent object this is neccessary for non RBAC protected objects!...
static createDefaultRole(string $a_title, string $a_description, string $a_tpl_name, int $a_ref_id)
static _getAssignUsersStatus(int $a_role_id)
getParent()
get reference id of parent object
updateOperationStack(array &$a_stack, int $a_node, bool $a_init=false)
Update operation stack.
setAllowRegister(bool $a_allow_register)
static _getTranslation(string $a_role_title)
static _lookupLogin(int $a_user_id)
Base exception class for object service.
static lookupTxtById(string $plugin_id, string $lang_var)
Class ilObject Basic functions for all objects.
static _lookupType(int $id, bool $reference=false)
static _lookupObjId(int $ref_id)
static add(int $action, int $ref_id, array $diff, bool $source_ref_id=false)
const EDIT_TEMPLATE_EXISTING
static gatherFaPa(int $ref_id, array $role_ids, bool $add_action=false)
static diffFaPa(array $old, array $new)
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Class ilObjForumAdministration.
1.9.4 (using Doxyfile)