ILIAS  trunk Revision v11.0_alpha-1769-g99a433fe2dc
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Static Public Member Functions | Data Fields | Static Protected Member Functions | Private Member Functions | Private Attributes
ilRbacLog Class Reference

class ilRbacLog Log changes in Rbac-related settings More...

+ Collaboration diagram for ilRbacLog:

Public Member Functions

 __construct (private readonly ilDBInterface $db)
 
 getLogItems (int $ref_id, Range $range, Order $order, ?array $filter)
 
 getLogItemsCount (int $ref_id, array $filter)
 

Static Public Member Functions

static isActive ()
 
static gatherFaPa (int $ref_id, array $role_ids, bool $add_action=false)
 
static diffFaPa (array $old, array $new)
 
static gatherTemplate (int $role_ref_id, int $role_id)
 
static diffTemplate (array $old, array $new)
 
static add (int $action, int $ref_id, array $diff, bool $source_ref_id=false)
 
static delete (int $ref_id)
 
static garbageCollection ()
 

Data Fields

const EDIT_PERMISSIONS = 1
 
const MOVE_OBJECT = 2
 
const LINK_OBJECT = 3
 
const COPY_OBJECT = 4
 
const CREATE_OBJECT = 5
 
const EDIT_TEMPLATE = 6
 
const EDIT_TEMPLATE_EXISTING = 7
 
const CHANGE_OWNER = 8
 

Static Protected Member Functions

static isValidAction (int $action)
 

Private Member Functions

 getWhereForFilter (?array $filter)
 

Private Attributes

const LOG_TABLE_NAME = 'rbac_log'
 

Detailed Description

class ilRbacLog Log changes in Rbac-related settings

Author
Jörg Lützenkirchen luetz.nosp@m.enki.nosp@m.rchen.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 30 of file class.ilRbacLog.php.

Constructor & Destructor Documentation

◆ __construct()

ilRbacLog::__construct ( private readonly ilDBInterface  $db)

Definition at line 42 of file class.ilRbacLog.php.

44  {
45  }

Member Function Documentation

◆ add()

static ilRbacLog::add ( int  $action,
int  $ref_id,
array  $diff,
bool  $source_ref_id = false 
)
static

Definition at line 226 of file class.ilRbacLog.php.

References $DIC, $id, and $ilDB.

Referenced by ilRbacAdmin\adjustMovedObjectPermissions(), ilObjRole\adjustPermissions(), ilPermissionGUI\changeOwner(), ilSoapUtils\cloneNode(), ilObjChatroom\cloneObject(), ilObjectCopyGUI\copyMultipleNonContainer(), ilSoapUtils\internalLinkNode(), ilSoapUtils\linkNode(), ilContainerGUI\performPasteIntoMultipleObjectsObject(), ilObjRoleGUI\permSaveObject(), ilObject2GUI\putObjectInTree(), ilObjectGUI\putObjectInTree(), and ilPermissionGUI\savePermissions().

226  : bool
227  {
228  global $DIC;
229 
230  $ilUser = $DIC->user();
231  $ilDB = $DIC->database();
232 
233  if (self::isValidAction($action) && count($diff)) {
234  if ($source_ref_id) {
235  $diff["src"] = $source_ref_id;
236  }
237  $id = $ilDB->nextId(self::LOG_TABLE_NAME);
238 
239  $ilDB->query('INSERT INTO ' . self::LOG_TABLE_NAME . ' (log_id, user_id, created, ref_id, action, data)' .
240  " VALUES (" . $ilDB->quote($id, "integer") . "," . $ilDB->quote($ilUser->getId(), "integer") .
241  "," . $ilDB->quote(time(), "integer") .
242  "," . $ilDB->quote($ref_id, "integer") . "," . $ilDB->quote($action, "integer") .
243  "," . $ilDB->quote(serialize($diff), "text") . ")");
244  return true;
245  }
246  return false;
247  }
$ref_id
$ref_id
Definition: ltiauth.php:65
$DIC
global $DIC
Definition: shib_login.php:22
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the caller graph for this function:

◆ delete()

static ilRbacLog::delete ( int  $ref_id)
static

Definition at line 269 of file class.ilRbacLog.php.

References $DIC, $ilDB, and $ref_id.

Referenced by ilObject\delete().

269  : void
270  {
271  global $DIC;
272 
273  $ilDB = $DIC->database();
274  $ilDB->query('DELETE FROM ' . self::LOG_TABLE_NAME . ' WHERE ref_id = ' . $ilDB->quote($ref_id, 'integer'));
275  self::garbageCollection();
276  }
$ref_id
$ref_id
Definition: ltiauth.php:65
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ diffFaPa()

static ilRbacLog::diffFaPa ( array  $old,
array  $new 
)
static

Definition at line 160 of file class.ilRbacLog.php.

Referenced by ilRbacAdmin\adjustMovedObjectPermissions(), ilObjRole\adjustPermissions(), and ilPermissionGUI\savePermissions().

160  : array
161  {
162  $result = [];
163 
164  // roles
165  foreach ((array) $old["ops"] as $role_id => $ops) {
166  $diff = array_diff($ops, $new["ops"][$role_id]);
167  if ($diff !== []) {
168  $result["ops"][$role_id]["rmv"] = array_values($diff);
169  }
170  $diff = array_diff($new["ops"][$role_id], $ops);
171  if ($diff !== []) {
172  $result["ops"][$role_id]["add"] = array_values($diff);
173  }
174  }
175 
176  if (isset($old["inht"]) || isset($new["inht"])) {
177  if (isset($old["inht"]) && !isset($new["inht"])) {
178  $result["inht"]["rmv"] = $old["inht"];
179  } elseif (!isset($old["inht"]) && isset($new["inht"])) {
180  $result["inht"]["add"] = $new["inht"];
181  } else {
182  $diff = array_diff($old["inht"], $new["inht"]);
183  if ($diff !== []) {
184  $result["inht"]["rmv"] = array_values($diff);
185  }
186  $diff = array_diff($new["inht"], $old["inht"]);
187  if ($diff !== []) {
188  $result["inht"]["add"] = array_values($diff);
189  }
190  }
191  }
192  return $result;
193  }
+ Here is the caller graph for this function:

◆ diffTemplate()

static ilRbacLog::diffTemplate ( array  $old,
array  $new 
)
static

Definition at line 203 of file class.ilRbacLog.php.

Referenced by ilObjRoleGUI\permSaveObject().

203  : array
204  {
205  $result = [];
206  $types = array_unique(array_merge(array_keys($old), array_keys($new)));
207  foreach ($types as $type) {
208  if (!isset($old[$type])) {
209  $result[$type]["add"] = $new[$type];
210  } elseif (!isset($new[$type])) {
211  $result[$type]["rmv"] = $old[$type];
212  } else {
213  $diff = array_diff($old[$type], $new[$type]);
214  if ($diff !== []) {
215  $result[$type]["rmv"] = array_values($diff);
216  }
217  $diff = array_diff($new[$type], $old[$type]);
218  if ($diff !== []) {
219  $result[$type]["add"] = array_values($diff);
220  }
221  }
222  }
223  return $result;
224  }
+ Here is the caller graph for this function:

◆ garbageCollection()

static ilRbacLog::garbageCollection ( )
static

Definition at line 278 of file class.ilRbacLog.php.

References $DIC, $ilDB, and ilPrivacySettings\getInstance().

278  : void
279  {
280  global $DIC;
281 
282  $ilDB = $DIC->database();
283 
284  $settings = ilPrivacySettings::getInstance();
285  $max = $settings->getRbacLogAge();
286 
287  $ilDB->query('DELETE FROM ' . self::LOG_TABLE_NAME . ' WHERE created < ' . $ilDB->quote(
288  strtotime("-" . $max . "months"),
289  "integer"
290  ));
291  }
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

◆ gatherFaPa()

static ilRbacLog::gatherFaPa ( int  $ref_id,
array  $role_ids,
bool  $add_action = false 
)
static

Definition at line 127 of file class.ilRbacLog.php.

References $DIC, ROLE_FOLDER_ID, and SYSTEM_ROLE_ID.

Referenced by ilRbacAdmin\adjustMovedObjectPermissions(), ilObjRole\adjustPermissions(), ilSoapUtils\cloneNode(), ilObjChatroom\cloneObject(), ilObjectCopyGUI\copyMultipleNonContainer(), ilSoapUtils\internalLinkNode(), ilSoapUtils\linkNode(), ilContainerGUI\performPasteIntoMultipleObjectsObject(), ilObject2GUI\putObjectInTree(), ilObjectGUI\putObjectInTree(), and ilPermissionGUI\savePermissions().

127  : array
128  {
129  global $DIC;
130 
131  $rbacreview = $DIC->rbac()->review();
132  $result = [];
133 
134  // #10946 - if result is written to log directly we need to add an "action" dimension
135  // if result is used as input to diffFaPa() we need "raw" data
136 
137  // roles
138  foreach ($role_ids as $role_id) {
139  if ($role_id != SYSTEM_ROLE_ID) {
140  if ($add_action) {
141  $result["ops"][$role_id]["add"] = $rbacreview->getRoleOperationsOnObject($role_id, $ref_id);
142  } else {
143  $result["ops"][$role_id] = $rbacreview->getRoleOperationsOnObject($role_id, $ref_id);
144  }
145  }
146  }
147 
148  // inheritance
149  if ($ref_id && $ref_id != ROLE_FOLDER_ID) {
150  if ($add_action) {
151  $result["inht"]["add"] = $rbacreview->getRolesOfRoleFolder($ref_id);
152  } else {
153  $result["inht"] = $rbacreview->getRolesOfRoleFolder($ref_id);
154  }
155  }
156 
157  return $result;
158  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$ref_id
$ref_id
Definition: ltiauth.php:65
$DIC
global $DIC
Definition: shib_login.php:22
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the caller graph for this function:

◆ gatherTemplate()

static ilRbacLog::gatherTemplate ( int  $role_ref_id,
int  $role_id 
)
static

Definition at line 195 of file class.ilRbacLog.php.

References $DIC.

Referenced by ilObjRoleGUI\permSaveObject().

195  : array
196  {
197  global $DIC;
198 
199  $rbacreview = $DIC->rbac()->review();
200  return $rbacreview->getAllOperationsOfRole($role_id, $role_ref_id);
201  }
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ getLogItems()

ilRbacLog::getLogItems ( int  $ref_id,
Range  $range,
Order  $order,
?array  $filter 
)

Definition at line 47 of file class.ilRbacLog.php.

References ILIAS\Data\Range\getLength(), ILIAS\Data\Range\getStart(), getWhereForFilter(), ILIAS\Data\Order\join(), and ilDBConstants\T_INTEGER.

52  : array {
53  $this->db->setLimit($range->getLength(), $range->getStart());
54  $set = $this->db->query(
55  'SELECT * FROM ' . self::LOG_TABLE_NAME
56  . ' WHERE ref_id = ' . $this->db->quote($ref_id, ilDBConstants::T_INTEGER)
57  . $this->getWhereForFilter($filter)
58  . $order->join(
59  ' ORDER BY ',
60  static fn(string $ret, string $key, string $value): string =>
61  $ret === ' ORDER BY ' ? "{$ret} {$key} {$value}" : "{$ret}, {$key} {$value} "
62  )
63  );
64  $result = [];
65  while ($row = $this->db->fetchAssoc($set)) {
66  $row['data'] = unserialize($row['data'], [false]);
67  $result[] = $row;
68  }
69  return $result;
70  }
ILIAS\Data\Order\join
join($init, callable $fn)
Definition: Order.php:75
ilRbacLog\getWhereForFilter
getWhereForFilter(?array $filter)
Definition: class.ilRbacLog.php:88
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:

◆ getLogItemsCount()

ilRbacLog::getLogItemsCount ( int  $ref_id,
array  $filter 
)

Definition at line 72 of file class.ilRbacLog.php.

References getWhereForFilter(), and ilDBConstants\T_INTEGER.

75  : int {
76  $result = $this->db->fetchObject(
77  $this->db->query(
78  'SELECT COUNT(*) as cnt FROM ' . self::LOG_TABLE_NAME . ' WHERE ref_id = '
79  . $this->db->quote(
80  $ref_id,
81  ilDBConstants::T_INTEGER
82  ) . $this->getWhereForFilter($filter)
83  )
84  );
85  return $result->cnt;
86  }
ilRbacLog\getWhereForFilter
getWhereForFilter(?array $filter)
Definition: class.ilRbacLog.php:88
$ref_id
$ref_id
Definition: ltiauth.php:65
+ Here is the call graph for this function:

◆ getWhereForFilter()

ilRbacLog::getWhereForFilter ( ?array  $filter)
private

Definition at line 88 of file class.ilRbacLog.php.

References null, and ilDBConstants\T_INTEGER.

Referenced by getLogItems(), and getLogItemsCount().

88  : string
89  {
90  if ($filter === null) {
91  return '';
92  }
93 
94  $where = [];
95  if (isset($filter['action'])) {
96  $where[] = ' ' . $this->db->in(
97  'action',
98  $filter['action'],
99  false,
100  ilDBConstants::T_INTEGER
101  );
102  }
103  if (isset($filter['from'])) {
104  $where[] = ' created >= ' . $this->db->quote(
105  $filter['from'],
106  ilDBConstants::T_INTEGER
107  );
108  }
109  if (isset($filter['to'])) {
110  $where[] = ' created <= ' . $this->db->quote(
111  $filter['to'],
112  ilDBConstants::T_INTEGER
113  );
114  }
115 
116  if (count($where) > 0) {
117  $where = array_merge([' AND '], [implode(' AND ', $where)]);
118  }
119  return implode('', $where);
120  }
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
+ Here is the caller graph for this function:

◆ isActive()

static ilRbacLog::isActive ( )
static

Definition at line 122 of file class.ilRbacLog.php.

References ilPrivacySettings\getInstance().

Referenced by ilPermissionGUI\__initSubTabs(), ilRbacAdmin\adjustMovedObjectPermissions(), ilObjRole\adjustPermissions(), ilPermissionGUI\changeOwner(), ilObjectCopyGUI\copyMultipleNonContainer(), ilPermissionGUI\log(), ilContainerGUI\performPasteIntoMultipleObjectsObject(), and ilObjRoleGUI\permSaveObject().

122  : bool
123  {
124  return ilPrivacySettings::getInstance()->enabledRbacLog();
125  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isValidAction()

static ilRbacLog::isValidAction ( int  $action)
staticprotected

Definition at line 249 of file class.ilRbacLog.php.

249  : bool
250  {
251  if (in_array(
252  $action,
253  [
254  self::EDIT_PERMISSIONS,
255  self::MOVE_OBJECT,
256  self::LINK_OBJECT,
257  self::COPY_OBJECT,
258  self::CREATE_OBJECT,
259  self::EDIT_TEMPLATE,
260  self::EDIT_TEMPLATE_EXISTING,
261  self::CHANGE_OWNER
262  ]
263  )) {
264  return true;
265  }
266  return false;
267  }

Field Documentation

◆ CHANGE_OWNER

const ilRbacLog::CHANGE_OWNER = 8

Definition at line 40 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ILIAS\AccessControl\Log\Table\buildChangeColumn(), and ilPermissionGUI\changeOwner().

◆ COPY_OBJECT

const ilRbacLog::COPY_OBJECT = 4

Definition at line 36 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ilSoapUtils\cloneNode(), and ilObjectCopyGUI\copyMultipleNonContainer().

◆ CREATE_OBJECT

const ilRbacLog::CREATE_OBJECT = 5

Definition at line 37 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ilObjChatroom\cloneObject(), ilObject2GUI\putObjectInTree(), and ilObjectGUI\putObjectInTree().

◆ EDIT_PERMISSIONS

const ilRbacLog::EDIT_PERMISSIONS = 1

Definition at line 33 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), and ilPermissionGUI\savePermissions().

◆ EDIT_TEMPLATE

const ilRbacLog::EDIT_TEMPLATE = 6

Definition at line 38 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ILIAS\AccessControl\Log\Table\buildChangeColumn(), and ilObjRoleGUI\permSaveObject().

◆ EDIT_TEMPLATE_EXISTING

const ilRbacLog::EDIT_TEMPLATE_EXISTING = 7

Definition at line 39 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), and ilObjRole\adjustPermissions().

◆ LINK_OBJECT

const ilRbacLog::LINK_OBJECT = 3

Definition at line 35 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), ilSoapUtils\internalLinkNode(), ilSoapUtils\linkNode(), and ilContainerGUI\performPasteIntoMultipleObjectsObject().

◆ LOG_TABLE_NAME

const ilRbacLog::LOG_TABLE_NAME = 'rbac_log'
private

Definition at line 32 of file class.ilRbacLog.php.

◆ MOVE_OBJECT

const ilRbacLog::MOVE_OBJECT = 2

Definition at line 34 of file class.ilRbacLog.php.

Referenced by ILIAS\AccessControl\Log\Table\__construct(), and ilRbacAdmin\adjustMovedObjectPermissions().

The documentation for this class was generated from the following file: