ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
Public Member Functions | Static Public Member Functions | Data Fields | Static Protected Member Functions | Private Member Functions | Private Attributes
ilRbacLog Class Reference

class ilRbacLog Log changes in Rbac-related settings More...

+ Collaboration diagram for ilRbacLog:

Public Member Functions

 __construct (private readonly ilDBInterface $db)
 
 getLogItems (int $ref_id, Range $range, Order $order, ?array $filter)
 
 getLogItemsCount (int $ref_id, array $filter)
 

Static Public Member Functions

static isActive ()
 
static gatherFaPa (int $ref_id, array $role_ids, bool $add_action=false)
 
static diffFaPa (array $old, array $new)
 
static gatherTemplate (int $role_ref_id, int $role_id)
 
static diffTemplate (array $old, array $new)
 
static add (int $action, int $ref_id, array $diff, bool $source_ref_id=false)
 
static delete (int $ref_id)
 
static garbageCollection ()
 

Data Fields

const EDIT_PERMISSIONS = 1
 
const MOVE_OBJECT = 2
 
const LINK_OBJECT = 3
 
const COPY_OBJECT = 4
 
const CREATE_OBJECT = 5
 
const EDIT_TEMPLATE = 6
 
const EDIT_TEMPLATE_EXISTING = 7
 
const CHANGE_OWNER = 8
 

Static Protected Member Functions

static isValidAction (int $action)
 

Private Member Functions

 getWhereForFilter (?array $filter)
 

Private Attributes

const LOG_TABLE_NAME = 'rbac_log'
 

Detailed Description

class ilRbacLog Log changes in Rbac-related settings

Author
Jörg Lützenkirchen luetz.nosp@m.enki.nosp@m.rchen.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 30 of file class.ilRbacLog.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacLog::__construct ( private readonly ilDBInterface  $db)

Definition at line 42 of file class.ilRbacLog.php.

44 {
45 }

Member Function Documentation

◆ add()

static ilRbacLog::add ( int  $action,
int  $ref_id,
array  $diff,
bool  $source_ref_id = false 
)
static

Definition at line 226 of file class.ilRbacLog.php.

226 : bool
227 {
228 global $DIC;
229
230 $ilUser = $DIC->user();
231 $ilDB = $DIC->database();
232
233 if (self::isValidAction($action) && count($diff)) {
234 if ($source_ref_id) {
235 $diff["src"] = $source_ref_id;
236 }
237 $id = $ilDB->nextId(self::LOG_TABLE_NAME);
238
239 $ilDB->query('INSERT INTO ' . self::LOG_TABLE_NAME . ' (log_id, user_id, created, ref_id, action, data)' .
240 " VALUES (" . $ilDB->quote($id, "integer") . "," . $ilDB->quote($ilUser->getId(), "integer") .
241 "," . $ilDB->quote(time(), "integer") .
242 "," . $ilDB->quote($ref_id, "integer") . "," . $ilDB->quote($action, "integer") .
243 "," . $ilDB->quote(serialize($diff), "text") . ")");
244 return true;
245 }
246 return false;
247 }
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
$ref_id
$ref_id
Definition: ltiauth.php:66
$DIC
global $DIC
Definition: shib_login.php:26

References $DIC, $id, $ilDB, and $ref_id.

Referenced by ilRbacAdmin\adjustMovedObjectPermissions(), ilPermissionGUI\changeOwner(), ilSoapUtils\cloneNode(), ilObjChatroom\cloneObject(), ilObjectCopyGUI\copyMultipleNonContainer(), ilSoapUtils\internalLinkNode(), ilSoapUtils\linkNode(), ilContainerGUI\performPasteIntoMultipleObjectsObject(), ilObjRoleGUI\permSaveObject(), ilObject2GUI\putObjectInTree(), ilObjectGUI\putObjectInTree(), and ilPermissionGUI\savePermissions().

+ Here is the caller graph for this function:

◆ delete()

static ilRbacLog::delete ( int  $ref_id)
static

Definition at line 269 of file class.ilRbacLog.php.

269 : void
270 {
271 global $DIC;
272
273 $ilDB = $DIC->database();
274 $ilDB->query('DELETE FROM ' . self::LOG_TABLE_NAME . ' WHERE ref_id = ' . $ilDB->quote($ref_id, 'integer'));
275 self::garbageCollection();
276 }
ilRbacLog\garbageCollection
static garbageCollection()
Definition: class.ilRbacLog.php:278

References $DIC, $ilDB, and $ref_id.

Referenced by ilObject\delete().

+ Here is the caller graph for this function:

◆ diffFaPa()

static ilRbacLog::diffFaPa ( array  $old,
array  $new 
)
static

Definition at line 160 of file class.ilRbacLog.php.

160 : array
161 {
162 $result = [];
163
164 // roles
165 foreach ((array) $old["ops"] as $role_id => $ops) {
166 $diff = array_diff($ops, $new["ops"][$role_id]);
167 if ($diff !== []) {
168 $result["ops"][$role_id]["rmv"] = array_values($diff);
169 }
170 $diff = array_diff($new["ops"][$role_id], $ops);
171 if ($diff !== []) {
172 $result["ops"][$role_id]["add"] = array_values($diff);
173 }
174 }
175
176 if (isset($old["inht"]) || isset($new["inht"])) {
177 if (isset($old["inht"]) && !isset($new["inht"])) {
178 $result["inht"]["rmv"] = $old["inht"];
179 } elseif (!isset($old["inht"]) && isset($new["inht"])) {
180 $result["inht"]["add"] = $new["inht"];
181 } else {
182 $diff = array_diff($old["inht"], $new["inht"]);
183 if ($diff !== []) {
184 $result["inht"]["rmv"] = array_values($diff);
185 }
186 $diff = array_diff($new["inht"], $old["inht"]);
187 if ($diff !== []) {
188 $result["inht"]["add"] = array_values($diff);
189 }
190 }
191 }
192 return $result;
193 }

Referenced by ilRbacAdmin\adjustMovedObjectPermissions(), and ilPermissionGUI\savePermissions().

+ Here is the caller graph for this function:

◆ diffTemplate()

static ilRbacLog::diffTemplate ( array  $old,
array  $new 
)
static

Definition at line 203 of file class.ilRbacLog.php.

203 : array
204 {
205 $result = [];
206 $types = array_unique(array_merge(array_keys($old), array_keys($new)));
207 foreach ($types as $type) {
208 if (!isset($old[$type])) {
209 $result[$type]["add"] = $new[$type];
210 } elseif (!isset($new[$type])) {
211 $result[$type]["rmv"] = $old[$type];
212 } else {
213 $diff = array_diff($old[$type], $new[$type]);
214 if ($diff !== []) {
215 $result[$type]["rmv"] = array_values($diff);
216 }
217 $diff = array_diff($new[$type], $old[$type]);
218 if ($diff !== []) {
219 $result[$type]["add"] = array_values($diff);
220 }
221 }
222 }
223 return $result;
224 }

Referenced by ilObjRoleGUI\permSaveObject().

+ Here is the caller graph for this function:

◆ garbageCollection()

static ilRbacLog::garbageCollection ( )
static

Definition at line 278 of file class.ilRbacLog.php.

278 : void
279 {
280 global $DIC;
281
282 $ilDB = $DIC->database();
283
284 $settings = ilPrivacySettings::getInstance();
285 $max = $settings->getRbacLogAge();
286
287 $ilDB->query('DELETE FROM ' . self::LOG_TABLE_NAME . ' WHERE created < ' . $ilDB->quote(
288 strtotime("-" . $max . "months"),
289 "integer"
290 ));
291 }

References $DIC, $ilDB, and ilPrivacySettings\getInstance().

+ Here is the call graph for this function:

◆ gatherFaPa()

static ilRbacLog::gatherFaPa ( int  $ref_id,
array  $role_ids,
bool  $add_action = false 
)
static

Definition at line 127 of file class.ilRbacLog.php.

127 : array
128 {
129 global $DIC;
130
131 $rbacreview = $DIC->rbac()->review();
132 $result = [];
133
134 // #10946 - if result is written to log directly we need to add an "action" dimension
135 // if result is used as input to diffFaPa() we need "raw" data
136
137 // roles
138 foreach ($role_ids as $role_id) {
139 if ($role_id != SYSTEM_ROLE_ID) {
140 if ($add_action) {
141 $result["ops"][$role_id]["add"] = $rbacreview->getRoleOperationsOnObject($role_id, $ref_id);
142 } else {
143 $result["ops"][$role_id] = $rbacreview->getRoleOperationsOnObject($role_id, $ref_id);
144 }
145 }
146 }
147
148 // inheritance
149 if ($ref_id && $ref_id != ROLE_FOLDER_ID) {
150 if ($add_action) {
151 $result["inht"]["add"] = $rbacreview->getRolesOfRoleFolder($ref_id);
152 } else {
153 $result["inht"] = $rbacreview->getRolesOfRoleFolder($ref_id);
154 }
155 }
156
157 return $result;
158 }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34

References $DIC, $ref_id, ROLE_FOLDER_ID, and SYSTEM_ROLE_ID.

Referenced by ilRbacAdmin\adjustMovedObjectPermissions(), ilSoapUtils\cloneNode(), ilObjChatroom\cloneObject(), ilObjectCopyGUI\copyMultipleNonContainer(), ilSoapUtils\internalLinkNode(), ilSoapUtils\linkNode(), ilContainerGUI\performPasteIntoMultipleObjectsObject(), ilObject2GUI\putObjectInTree(), ilObjectGUI\putObjectInTree(), and ilPermissionGUI\savePermissions().

+ Here is the caller graph for this function:

◆ gatherTemplate()

static ilRbacLog::gatherTemplate ( int  $role_ref_id,
int  $role_id 
)
static

Definition at line 195 of file class.ilRbacLog.php.

195 : array
196 {
197 global $DIC;
198
199 $rbacreview = $DIC->rbac()->review();
200 return $rbacreview->getAllOperationsOfRole($role_id, $role_ref_id);
201 }

References $DIC.

Referenced by ilObjRoleGUI\permSaveObject().

+ Here is the caller graph for this function:

◆ getLogItems()

ilRbacLog::getLogItems ( int  $ref_id,
Range  $range,
Order  $order,
?array  $filter 
)

Definition at line 47 of file class.ilRbacLog.php.

52 : array {
53 $this->db->setLimit($range->getLength(), $range->getStart());
54 $set = $this->db->query(
55 'SELECT * FROM ' . self::LOG_TABLE_NAME
56 . ' WHERE ref_id = ' . $this->db->quote($ref_id, ilDBConstants::T_INTEGER)
57 . $this->getWhereForFilter($filter)
58 . $order->join(
59 ' ORDER BY ',
60 static fn(string $ret, string $key, string $value): string =>
61 $ret === ' ORDER BY ' ? "{$ret} {$key} {$value}" : "{$ret}, {$key} {$value} "
62 )
63 );
64 $result = [];
65 while ($row = $this->db->fetchAssoc($set)) {
66 $row['data'] = unserialize($row['data'], [false]);
67 $result[] = $row;
68 }
69 return $result;
70 }
ILIAS\Data\Order\join
join($init, callable $fn)
Definition: Order.php:75

◆ getLogItemsCount()

ilRbacLog::getLogItemsCount ( int  $ref_id,
array  $filter 
)

Definition at line 72 of file class.ilRbacLog.php.

75 : int {
76 $result = $this->db->fetchObject(
77 $this->db->query(
78 'SELECT COUNT(*) as cnt FROM ' . self::LOG_TABLE_NAME . ' WHERE ref_id = '
79 . $this->db->quote(
80 $ref_id,
81 ilDBConstants::T_INTEGER
82 ) . $this->getWhereForFilter($filter)
83 )
84 );
85 return $result->cnt;
86 }

◆ getWhereForFilter()

ilRbacLog::getWhereForFilter ( ?array  $filter)
private

Definition at line 88 of file class.ilRbacLog.php.

88 : string
89 {
90 if ($filter === null) {
91 return '';
92 }
93
94 $where = [];
95 if (isset($filter['action'])) {
96 $where[] = ' ' . $this->db->in(
97 'action',
98 $filter['action'],
99 false,
100 ilDBConstants::T_INTEGER
101 );
102 }
103 if (isset($filter['from'])) {
104 $where[] = ' created >= ' . $this->db->quote(
105 $filter['from'],
106 ilDBConstants::T_INTEGER
107 );
108 }
109 if (isset($filter['to'])) {
110 $where[] = ' created <= ' . $this->db->quote(
111 $filter['to'],
112 ilDBConstants::T_INTEGER
113 );
114 }
115
116 if (count($where) > 0) {
117 $where = array_merge([' AND '], [implode(' AND ', $where)]);
118 }
119 return implode('', $where);
120 }

References ilDBConstants\T_INTEGER.

◆ isActive()

static ilRbacLog::isActive ( )
static

Definition at line 122 of file class.ilRbacLog.php.

122 : bool
123 {
124 return ilPrivacySettings::getInstance()->enabledRbacLog();
125 }

References ilPrivacySettings\getInstance().

Referenced by ilPermissionGUI\__initSubTabs(), ilRbacAdmin\adjustMovedObjectPermissions(), ilPermissionGUI\changeOwner(), ilObjectCopyGUI\copyMultipleNonContainer(), ilPermissionGUI\log(), ilContainerGUI\performPasteIntoMultipleObjectsObject(), and ilObjRoleGUI\permSaveObject().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isValidAction()

static ilRbacLog::isValidAction ( int  $action)
staticprotected

Definition at line 249 of file class.ilRbacLog.php.

249 : bool
250 {
251 if (in_array(
252 $action,
253 [
254 self::EDIT_PERMISSIONS,
255 self::MOVE_OBJECT,
256 self::LINK_OBJECT,
257 self::COPY_OBJECT,
258 self::CREATE_OBJECT,
259 self::EDIT_TEMPLATE,
260 self::EDIT_TEMPLATE_EXISTING,
261 self::CHANGE_OWNER
262 ]
263 )) {
264 return true;
265 }
266 return false;
267 }

Field Documentation

◆ CHANGE_OWNER

const ilRbacLog::CHANGE_OWNER = 8

Definition at line 40 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ILIAS\AccessControl\Log\Table\buildChangeColumn(), and ilPermissionGUI\changeOwner().

◆ COPY_OBJECT

const ilRbacLog::COPY_OBJECT = 4

Definition at line 36 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ilSoapUtils\cloneNode(), and ilObjectCopyGUI\copyMultipleNonContainer().

◆ CREATE_OBJECT

const ilRbacLog::CREATE_OBJECT = 5

Definition at line 37 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ilObjChatroom\cloneObject(), ilObject2GUI\putObjectInTree(), and ilObjectGUI\putObjectInTree().

◆ EDIT_PERMISSIONS

const ilRbacLog::EDIT_PERMISSIONS = 1

Definition at line 33 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), and ilPermissionGUI\savePermissions().

◆ EDIT_TEMPLATE

const ilRbacLog::EDIT_TEMPLATE = 6

Definition at line 38 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ILIAS\AccessControl\Log\Table\buildChangeColumn(), and ilObjRoleGUI\permSaveObject().

◆ EDIT_TEMPLATE_EXISTING

const ilRbacLog::EDIT_TEMPLATE_EXISTING = 7

Definition at line 39 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct().

◆ LINK_OBJECT

const ilRbacLog::LINK_OBJECT = 3

Definition at line 35 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ilSoapUtils\internalLinkNode(), ilSoapUtils\linkNode(), and ilContainerGUI\performPasteIntoMultipleObjectsObject().

◆ LOG_TABLE_NAME

const ilRbacLog::LOG_TABLE_NAME = 'rbac_log'
private

Definition at line 32 of file class.ilRbacLog.php.

◆ MOVE_OBJECT

const ilRbacLog::MOVE_OBJECT = 2

Definition at line 34 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), and ilRbacAdmin\adjustMovedObjectPermissions().

The documentation for this class was generated from the following file: