ILIAS  trunk Revision v11.0_alpha-1769-g99a433fe2dc
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes | Private Attributes
ilObjRole Class Reference

Class ilObjRole. More...

+ Inheritance diagram for ilObjRole:
+ Collaboration diagram for ilObjRole:

Public Member Functions

 __construct (int $a_id=0, bool $a_call_by_reference=false)
 Constructor public. More...
 
 validate ()
 
 getPresentationTitle ()
 
 toggleAssignUsersStatus (bool $a_assign_users)
 
 getAssignUsersStatus ()
 
 read ()
 loads "role" from database private More...
 
 update ()
 
 create ()
 
 setAllowRegister (bool $a_allow_register)
 
 getAllowRegister ()
 
 setParent (int $a_parent_ref)
 set reference id of parent object this is neccessary for non RBAC protected objects!!! More...
 
 getParent ()
 get reference id of parent object More...
 
 delete ()
 delete role and all related data public More...
 
 getCountMembers ()
 Get number of users assigned to role. More...
 
 __getPermissionDefinitions ()
 
 isAutoGenerated ()
 
 changeExistingObjects (int $a_start_node, int $a_mode, array $a_filter, array $a_exclusion_filter=[], int $a_operation_mode=self::MODE_READ_OPERATIONS, array $a_operation_stack=[])
 Change existing objects. More...
 
- Public Member Functions inherited from ilObject
 getObjectProperties ()
 
 flushObjectProperties ()
 
 withReferences ()
 determines whether objects are referenced or not (got ref ids or not) More...
 
 processAutoRating ()
 
 read ()
 
 getId ()
 
 setId (int $id)
 
 setRefId (int $ref_id)
 
 getRefId ()
 
 getType ()
 
 setType (string $type)
 
 getPresentationTitle ()
 get presentation title Normally same as title Overwritten for sessions More...
 
 getTitle ()
 
 getUntranslatedTitle ()
 Get untranslated object title WebDAV needs to access the untranslated title of an object. More...
 
 setTitle (string $title)
 
 getDescription ()
 
 setDescription (string $description)
 
 getLongDescription ()
 get object long description (stored in object_description) More...
 
 getImportId ()
 
 setImportId (string $import_id)
 
 setOfflineStatus (bool $status)
 
 getOfflineStatus ()
 
 supportsOfflineHandling ()
 
 getOwner ()
 
 getOwnerName ()
 get full name of object owner More...
 
 setOwner (int $usr_id)
 
 getCreateDate ()
 Get create date in YYYY-MM-DD HH-MM-SS format. More...
 
 getLastUpdateDate ()
 Get last update date in YYYY-MM-DD HH-MM-SS format. More...
 
 create ()
 note: title, description and type should be set when this function is called More...
 
 update ()
 
 MDUpdateListener (string $element)
 Metadata update listener. More...
 
 createMetaData ()
 
 updateMetaData ()
 
 deleteMetaData ()
 
 updateOwner ()
 update owner of object in db More...
 
 putInTree (int $parent_ref_id)
 maybe this method should be in tree object!? More...
 
 setPermissions (int $parent_ref_id)
 
 setParentRolePermissions (int $parent_ref_id)
 Initialize the permissions of parent roles (local roles of categories, global roles...) This method is overwritten in e.g. More...
 
 createReference ()
 creates reference for object More...
 
 countReferences ()
 
 delete ()
 delete object or referenced object (in the case of a referenced object, object data is only deleted if last reference is deleted) This function removes an object entirely from system!! More...
 
 initDefaultRoles ()
 init default roles settings Purpose of this function is to create a local role folder and local roles, that are needed depending on the object type. More...
 
 applyDidacticTemplate (int $tpl_id)
 
 getXMLZip ()
 
 getHTMLDirectory ()
 
 appendCopyInfo (int $target_id, int $copy_id)
 Prepend Copy info if object with same name exists in that container. More...
 
 cloneDependencies (int $target_id, int $copy_id)
 Clone object dependencies. More...
 
 cloneMetaData (ilObject $target_obj)
 Copy meta data. More...
 
 selfOrParentWithRatingEnabled ()
 
 getPossibleSubObjects (bool $filter=true)
 get all possible sub objects of this type the object can decide which types of sub objects are possible jut in time overwrite if the decision distinguish from standard model More...
 

Static Public Member Functions

static createDefaultRole (string $a_title, string $a_description, string $a_tpl_name, int $a_ref_id)
 
static _getAssignUsersStatus (int $a_role_id)
 
static _lookupRegisterAllowed ()
 get all roles that are activated in user registration More...
 
static _lookupAllowRegister (int $a_role_id)
 check whether role is allowed in user registration or not More...
 
static _getTranslation (string $a_role_title)
 
static _removeObjectId (string $a_role_title)
 
static _updateAuthMode (array $a_roles)
 
static _getAuthMode (int $a_role_id)
 
static _getRolesByAuthMode (string $a_auth_mode)
 Get roles by auth mode public. More...
 
static _resetAuthMode (string $a_auth_mode)
 Reset auth mode to default. More...
 
- Static Public Member Functions inherited from ilObject
static _lookupObjIdByImportId (string $import_id)
 Get (latest) object id for an import id. More...
 
static _lookupImportId (int $obj_id)
 
static _lookupOwnerName (int $owner_id)
 Lookup owner name for owner id. More...
 
static _getIdForImportId (string $import_id)
 
static _getAllReferences (int $id)
 get all reference ids for object ID More...
 
static _lookupTitle (int $obj_id)
 
static lookupOfflineStatus (int $obj_id)
 Lookup offline status using objectDataCache. More...
 
static _lookupOwner (int $obj_id)
 Lookup owner user ID for object ID. More...
 
static _getIdsForTitle (string $title, string $type='', bool $partial_match=false)
 
static _lookupDescription (int $obj_id)
 
static _lookupLastUpdate (int $obj_id, bool $formatted=false)
 
static _getLastUpdateOfObjects (array $obj_ids)
 
static _lookupObjId (int $ref_id)
 
static _setDeletedDate (int $ref_id, int $deleted_by)
 
static setDeletedDates (array $ref_ids, int $user_id)
 
static _resetDeletedDate (int $ref_id)
 
static _lookupDeletedDate (int $ref_id)
 
static _writeTitle (int $obj_id, string $title)
 write title to db (static) More...
 
static _writeDescription (int $obj_id, string $desc)
 write description to db (static) More...
 
static _writeImportId (int $obj_id, string $import_id)
 write import id to db (static) More...
 
static _lookupType (int $id, bool $reference=false)
 
static _isInTrash (int $ref_id)
 
static _hasUntrashedReference (int $obj_id)
 checks whether an object has at least one reference that is not in trash More...
 
static _lookupObjectId (int $ref_id)
 
static _getObjectsDataForType (string $type, bool $omit_trash=false)
 get all objects of a certain type More...
 
static _exists (int $id, bool $reference=false, ?string $type=null)
 checks if an object exists in object_data More...
 
static _getObjectsByType (string $obj_type="", ?int $owner=null)
 
static _prepareCloneSelection (array $ref_ids, string $new_type, bool $show_path=true)
 Prepare copy wizard object selection. More...
 
static getIconForType (string $type)
 
static _getIcon (int $obj_id=0, string $size="big", string $type="", bool $offline=false)
 Get icon for repository item. More...
 
static collectDeletionDependencies (array &$deps, int $ref_id, int $obj_id, string $type, int $depth=0)
 Collect deletion dependencies. More...
 
static getDeletionDependencies (int $obj_id)
 Get deletion dependencies. More...
 
static getLongDescriptions (array $obj_ids)
 
static getAllOwnedRepositoryObjects (int $user_id)
 
static fixMissingTitles ($type, array &$obj_title_map)
 Try to fix missing object titles. More...
 
static _lookupCreationDate (int $obj_id)
 
static _getObjectTypeIdByTitle (string $type, ?\ilDBInterface $ilDB=null)
 

Data Fields

const MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1
 
const MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2
 
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3
 
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4
 
const MODE_ADD_OPERATIONS = 1
 
const MODE_READ_OPERATIONS = 2
 
const MODE_REMOVE_OPERATIONS = 3
 
int $parent = null
 
- Data Fields inherited from ilObject
const TITLE_LENGTH = 255
 
const DESC_LENGTH = 128
 
const LONG_DESC_LENGTH = 4000
 
const TABLE_OBJECT_DATA = "object_data"
 
array $objectList
 
string $untranslatedTitle
 

Protected Member Functions

 deleteLocalPolicies (int $a_start, array $a_policies, array $a_filter)
 
 adjustPermissions (int $a_mode, array $a_nodes, array $a_policies, array $a_filter, array $a_exclusion_filter=[], int $a_operation_mode=self::MODE_READ_OPERATIONS, array $a_operation_stack=[])
 
 changeExistingObjectsGrantPermissions (int $a_role_id, array $a_permissions, int $a_ref_id, int $a_operation_mode)
 
 isHandledObjectType (array $a_filter, array $a_exclusion_filter, string $a_type)
 
 updateOperationStack (array &$a_stack, int $a_node, bool $a_init=false)
 Update operation stack. More...
 
 updatePolicyStack (array &$a_stack, int $a_node)
 
 createPermissionIntersection (array $policy_stack, array $a_current_ops, int $a_id, string $a_type)
 Create permission intersection. More...
 
- Protected Member Functions inherited from ilObject
 doMDUpdateListener (string $a_element)
 
 beforeMDUpdateListener (string $a_element)
 
 doCreateMetaData ()
 
 beforeCreateMetaData ()
 
 doUpdateMetaData ()
 
 beforeUpdateMetaData ()
 
 doDeleteMetaData ()
 
 beforeDeleteMetaData ()
 
 handleAutoRating ()
 
 hasAutoRating ()
 

Protected Attributes

bool $allow_register = false
 
bool $assign_users = false
 
- Protected Attributes inherited from ilObject
ilLogger $obj_log
 
ILIAS $ilias
 
ilObjectDefinition $obj_definition
 
ilDBInterface $db
 
ilLogger $log
 
ilErrorHandling $error
 
ilTree $tree
 
ilAppEventHandler $app_event_handler
 
ilRbacAdmin $rbac_admin
 
ilRbacReview $rbac_review
 
ilObjUser $user
 
ilLanguage $lng
 
LOMServices $lom_services
 
bool $call_by_reference
 
int $max_title = self::TITLE_LENGTH
 
int $max_desc = self::DESC_LENGTH
 
bool $add_dots = true
 
int $ref_id = null
 
string $type = ""
 
string $title = ""
 
string $desc = ""
 
string $long_desc = ""
 
int $owner = 0
 
string $create_date = ""
 
string $last_update = ""
 
string $import_id = ""
 
bool $register = false
 

Private Attributes

ilLogger $logger
 

Detailed Description

Class ilObjRole.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 26 of file class.ilObjRole.php.

Constructor & Destructor Documentation

◆ __construct()

ilObjRole::__construct ( int  $a_id = 0,
bool  $a_call_by_reference = false 
)

Constructor public.

Parameters
intreference_id or object_id
booltreat the id as reference_id (true) or object_id (false)

Definition at line 50 of file class.ilObjRole.php.

References $DIC, ILIAS\GlobalScreen\Provider\__construct(), and ILIAS\Repository\logger().

51  {
52  global $DIC;
53 
54  $this->logger = $DIC->logger()->ac();
55  $this->type = "role";
56  parent::__construct($a_id, $a_call_by_reference);
57  }
$DIC
global $DIC
Definition: shib_login.php:22
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
+ Here is the call graph for this function:

Member Function Documentation

◆ __getPermissionDefinitions()

ilObjRole::__getPermissionDefinitions ( )

Definition at line 501 of file class.ilObjRole.php.

References $txt, ILIAS\Repository\lng(), and ilObjectPlugin\lookupTxtById().

501  : array
502  {
503  $operation_info = $this->rbac_review->getOperationAssignment();
504  $rbac_objects = $rbac_operations = [];
505  foreach ($operation_info as $info) {
506  if ($this->obj_definition->getDevMode($info['type'])) {
507  continue;
508  }
509  $rbac_objects[$info['typ_id']] = ["obj_id" => $info['typ_id'],
510  "type" => $info['type']
511  ];
512 
513  // handle plugin permission texts
514  $txt = $this->obj_definition->isPlugin($info['type'])
515  ? ilObjectPlugin::lookupTxtById($info['type'], $info['type'] . "_" . $info['operation'])
516  : $this->lng->txt($info['type'] . "_" . $info['operation']);
517  if (substr($info['operation'], 0, 7) == "create_" &&
518  $this->obj_definition->isPlugin(substr($info['operation'], 7))) {
519  $txt = ilObjectPlugin::lookupTxtById(
520  substr($info['operation'], 7),
521  $info['type'] . "_" . $info['operation']
522  );
523  }
524  $rbac_operations[$info['typ_id']][$info['ops_id']] = [
525  "ops_id" => $info['ops_id'],
526  "title" => $info['operation'],
527  "name" => $txt
528  ];
529  }
530  return [$rbac_objects, $rbac_operations];
531  }
$txt
$txt
Definition: error.php:31
ilObjectPlugin\lookupTxtById
static lookupTxtById(string $plugin_id, string $lang_var)
Definition: class.ilObjectPlugin.php:55
+ Here is the call graph for this function:

◆ _getAssignUsersStatus()

static ilObjRole::_getAssignUsersStatus ( int  $a_role_id)
static

Definition at line 141 of file class.ilObjRole.php.

References $DIC, $ilDB, and $res.

Referenced by ilRbacReview\getGlobalAssignableRoles(), ilSoapUserAdministration\importUsers(), ilObjUserGUI\initCreate(), ilObjUserFolderGUI\initUserRoleAssignmentForm(), ilSoapUserAdministration\isPermittedRole(), and ilObjUserFolderGUI\redirectOnRoleWithMissingWrite().

141  : bool
142  {
143  global $DIC;
144 
145  $ilDB = $DIC->database();
146  $query = "SELECT assign_users FROM role_data WHERE role_id = " . $ilDB->quote($a_role_id, 'integer') . " ";
147  $res = $ilDB->query($query);
148  while ($row = $ilDB->fetchObject($res)) {
149  return (bool) $row->assign_users;
150  }
151  return false;
152  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ _getAuthMode()

static ilObjRole::_getAuthMode ( int  $a_role_id)
static

Definition at line 452 of file class.ilObjRole.php.

References $DIC, $ilDB, and $res.

452  : string
453  {
454  global $DIC;
455 
456  $ilDB = $DIC['ilDB'];
457 
458  $query = "SELECT auth_mode FROM role_data " .
459  "WHERE role_id= " . $ilDB->quote($a_role_id, 'integer') . " ";
460  $res = $ilDB->query($query);
461  $row = $ilDB->fetchAssoc($res);
462 
463  return $row['auth_mode'];
464  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22

◆ _getRolesByAuthMode()

static ilObjRole::_getRolesByAuthMode ( string  $a_auth_mode)
static

Get roles by auth mode public.

Parameters
stringauth mode
Returns
int[]

Definition at line 472 of file class.ilObjRole.php.

References $DIC, $ilDB, and $res.

472  : array
473  {
474  global $DIC;
475 
476  $ilDB = $DIC['ilDB'];
477 
478  $query = "SELECT * FROM role_data " .
479  "WHERE auth_mode = " . $ilDB->quote($a_auth_mode, 'text');
480  $res = $ilDB->query($query);
481  $roles = [];
482  while ($row = $ilDB->fetchObject($res)) {
483  $roles[] = $row->role_id;
484  }
485  return $roles;
486  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22

◆ _getTranslation()

static ilObjRole::_getTranslation ( string  $a_role_title)
static

Definition at line 364 of file class.ilObjRole.php.

References $DIC, ilObject\$lng, ilObject\$type, ilObjectPlugin\lookupTxtById(), and ilLanguage\txt().

Referenced by ilRecommendedContentRoleTableGUI\__construct(), ilCourseEditParticipantsTableGUI\__construct(), ilObjRoleTemplateGUI\addAdminLocatorItems(), ilObjRoleGUI\addAdminLocatorItems(), ilObjRoleGUI\addLocatorItems(), ilObjRoleGUI\adoptPermObject(), ilObjRoleGUI\adoptPermSaveObject(), ilMailMemberSearchDataProvider\buildRoleTitle(), ilObjRoleFolderGUI\confirmDeleteObject(), ilObjRoleGUI\confirmDeleteRoleObject(), ILIAS\Skill\Profile\SkillProfileManager\countUsers(), ilObjectRolePermissionTableGUI\createTitle(), ilRoleAssignmentTableGUI\fillRow(), ilObjBlog\getAllLocalRoles(), ilObjectPermissionStatusGUI\getAssignedValidRoles(), ilObjectPermissionStatusGUI\getAvailableRolesTableData(), ilObjCourse\getLocalCourseRoles(), ilObjGroup\getLocalGroupRoles(), ilLearningSequenceRoles\getLocalLearningSequenceRoles(), ilObjLearningSequenceGUI\getLocalRoles(), ilObjGroupGUI\getLocalRoles(), ilObjCourseGUI\getLocalRoles(), ilSessionParticipantsTableGUI\getParentLocalRoles(), ilObjRoleTemplate\getPresentationTitle(), getPresentationTitle(), ilLTIProviderObjectSettingGUI\getRoleSelection(), ilObjBlog\getRolesWithContributeOrRedact(), ilObjRoleTemplateGUI\getRoleTemplateForm(), ilUserRoleStartingPointTableGUI\getTitleForCriterium(), ilDclTableViewEditFormGUI\initForm(), ilSettingsPermissionGUI\initPermissionForm(), ilPermissionGUI\initRoleForm(), ilRoleAssignmentTableGUI\parse(), ilRoleTableGUI\parse(), ILIAS\AccessControl\Log\Table\parseChangesFaPa(), ilPermissionGUI\showConfirmBlockRole(), and ilSoapRoleObjectXMLWriter\start().

364  : string
365  {
366  global $DIC;
367 
368  $lng = $DIC->language();
369  $objDefinition = $DIC['objDefinition'];
370 
371  $role_title = self::_removeObjectId($a_role_title);
372 
373  if (preg_match("/^il_([a-z]{1,4})_./", $role_title, $type)) {
374  //BT ID 0032909: language variables for roles from plugins were not resolved properly
375  if ($objDefinition->isPlugin($type[1])) {
376  return ilObjectPlugin::lookupTxtById($type[1], $role_title);
377  }
378  return $lng->txt($role_title);
379  }
380  return $a_role_title;
381  }
ilObject\$type
string $type
Definition: class.ilObject.php:61
ilLanguage\txt
txt(string $a_topic, string $a_default_lang_fallback_mod="")
gets the text for a given topic if the topic is not in the list, the topic itself with "-" will be re...
Definition: class.ilLanguage.php:170
ilObject\$lng
ilLanguage $lng
Definition: class.ilObject.php:52
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectPlugin\lookupTxtById
static lookupTxtById(string $plugin_id, string $lang_var)
Definition: class.ilObjectPlugin.php:55
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _lookupAllowRegister()

static ilObjRole::_lookupAllowRegister ( int  $a_role_id)
static

check whether role is allowed in user registration or not

Definition at line 240 of file class.ilObjRole.php.

References $DIC, $ilDB, and $res.

Referenced by ilRegistrationSettingsGUI\initRolesForm(), and ilAccountRegistrationGUI\saveForm().

240  : bool
241  {
242  global $DIC;
243 
244  $ilDB = $DIC['ilDB'];
245 
246  $query = "SELECT * FROM role_data " .
247  " WHERE role_id =" . $ilDB->quote($a_role_id, 'integer');
248 
249  $res = $ilDB->query($query);
250  if ($role_rec = $ilDB->fetchAssoc($res)) {
251  if ($role_rec["allow_register"]) {
252  return true;
253  }
254  }
255  return false;
256  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ _lookupRegisterAllowed()

static ilObjRole::_lookupRegisterAllowed ( )
static

get all roles that are activated in user registration

Definition at line 217 of file class.ilObjRole.php.

References $DIC, $ilDB, $res, and ILIAS\Repository\int().

Referenced by ilObjAuthSettingsGUI\buildRegistrationRoleMappingForm(), ilUserProfile\getRolesInput(), ilRegistrationSettingsGUI\initRoleAccessForm(), ilRegistrationSettingsGUI\prepareAccessLimitationRoleList(), ilRegistrationSettingsGUI\prepareRoleList(), and ilRegistrationSettingsGUI\saveRoleAccessLimitations().

217  : array
218  {
219  global $DIC;
220 
221  $ilDB = $DIC->database();
222  $query = "SELECT * FROM role_data " .
223  "JOIN object_data ON object_data.obj_id = role_data.role_id " .
224  "WHERE allow_register = 1";
225  $res = $ilDB->query($query);
226 
227  $roles = [];
228  while ($role = $ilDB->fetchAssoc($res)) {
229  $roles[] = ["id" => (int) $role["obj_id"],
230  "title" => (string) $role["title"],
231  "auth_mode" => (string) $role['auth_mode']
232  ];
233  }
234  return $roles;
235  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _removeObjectId()

static ilObjRole::_removeObjectId ( string  $a_role_title)
static
Todo:
rename of remove method

Definition at line 386 of file class.ilObjRole.php.

References $DIC, ilObject\$lng, ilECSSetting\ecsConfigured(), ilECSUtils\getPossibleRemoteTypes(), ILIAS\Repository\int(), ilObjectPlugin\lookupTxtById(), ilArrayUtil\sortArray(), and ilLanguage\txt().

Referenced by ilObjectRolePermissionTableGUI\createTitle(), and ilObjectPermissionStatusGUI\getAvailableRolesTableData().

386  : string
387  {
388  $role_title_parts = explode('_', $a_role_title);
389 
390  $test2 = (int) ($role_title_parts[3] ?? 0);
391  if ($test2 > 0) {
392  unset($role_title_parts[3]);
393  }
394 
395  return implode('_', $role_title_parts);
396  }
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _resetAuthMode()

static ilObjRole::_resetAuthMode ( string  $a_auth_mode)
static

Reset auth mode to default.

Definition at line 491 of file class.ilObjRole.php.

References $DIC, $ilDB, and $res.

491  : void
492  {
493  global $DIC;
494 
495  $ilDB = $DIC['ilDB'];
496 
497  $query = "UPDATE role_data SET auth_mode = 'default' WHERE auth_mode = " . $ilDB->quote($a_auth_mode, 'text');
498  $res = $ilDB->manipulate($query);
499  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22

◆ _updateAuthMode()

static ilObjRole::_updateAuthMode ( array  $a_roles)
static

Definition at line 439 of file class.ilObjRole.php.

References $DIC, $ilDB, and $res.

Referenced by ilObjAuthSettingsGUI\updateRegistrationRoleMappingObject().

439  : void
440  {
441  global $DIC;
442 
443  $ilDB = $DIC->database();
444  foreach ($a_roles as $role_id => $auth_mode) {
445  $query = "UPDATE role_data SET " .
446  "auth_mode= " . $ilDB->quote($auth_mode, 'text') . " " .
447  "WHERE role_id= " . $ilDB->quote($role_id, 'integer') . " ";
448  $res = $ilDB->manipulate($query);
449  }
450  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the caller graph for this function:

◆ adjustPermissions()

ilObjRole::adjustPermissions ( int  $a_mode,
array  $a_nodes,
array  $a_policies,
array  $a_filter,
array  $a_exclusion_filter = [],
int  $a_operation_mode = self::MODE_READ_OPERATIONS,
array  $a_operation_stack = [] 
)
protected

Definition at line 607 of file class.ilObjRole.php.

References $relation, ilRbacLog\add(), changeExistingObjectsGrantPermissions(), createPermissionIntersection(), ilLogLevel\DEBUG, ilRbacLog\diffFaPa(), ilRbacLog\EDIT_TEMPLATE_EXISTING, ilRbacLog\gatherFaPa(), ilObject\getId(), ilRbacLog\isActive(), isHandledObjectType(), ILIAS\Repository\logger(), ilTree\RELATION_CHILD, ilTree\RELATION_EQUALS, ilTree\RELATION_NONE, ilTree\RELATION_PARENT, ilTree\RELATION_SIBLING, SYSTEM_FOLDER_ID, updateOperationStack(), and updatePolicyStack().

Referenced by changeExistingObjects().

615  : void {
616  $operation_stack = [];
617  $policy_stack = [];
618  $node_stack = [];
619 
620  $start_node = current($a_nodes);
621  $node_stack[] = $start_node;
622  $this->updatePolicyStack($policy_stack, $start_node['child']);
623 
624  if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
625  $this->updateOperationStack($operation_stack, $start_node['child'], true);
626  } else {
627  $operation_stack = $a_operation_stack;
628  }
629 
630  $this->logger->debug('adjust permissions operation stack');
631  $this->logger->dump($operation_stack, ilLogLevel::DEBUG);
632 
633  $rbac_log_active = ilRbacLog::isActive();
634 
635  $local_policy = false;
636  foreach ($a_nodes as $node) {
637  $cmp_node = end($node_stack);
638  while ($relation = $this->tree->getRelationOfNodes($node, $cmp_node)) {
639  switch ($relation) {
640  case ilTree::RELATION_NONE:
641  case ilTree::RELATION_SIBLING:
642  $this->logger->debug('Handling sibling/none relation.');
643  array_pop($operation_stack);
644  array_pop($policy_stack);
645  array_pop($node_stack);
646  $cmp_node = end($node_stack);
647  $local_policy = false;
648  break;
649 
650  case ilTree::RELATION_CHILD:
651  case ilTree::RELATION_EQUALS:
652  case ilTree::RELATION_PARENT:
653  default:
654  $this->logger->debug('Handling child/equals/parent ' . $relation);
655  break 2;
656  }
657  }
658 
659  if ($local_policy) {
660  continue;
661  }
662 
663  // Start node => set permissions and continue
664  if ($node['child'] == $start_node['child']) {
665  if ($this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
666  if ($rbac_log_active) {
667  $rbac_log_roles = $this->rbac_review->getParentRoleIds($node['child'], false);
668  $rbac_log_old = ilRbacLog::gatherFaPa((int) $node['child'], array_keys($rbac_log_roles));
669  }
670 
671  // Set permissions
672  $perms = end($operation_stack);
673  $this->changeExistingObjectsGrantPermissions(
674  $this->getId(),
675  (array) ($perms[$node['type']] ?? []),
676  $node['child'],
677  $a_operation_mode
678  );
679 
680  if ($rbac_log_active) {
681  $rbac_log_new = ilRbacLog::gatherFaPa((int) $node['child'], array_keys($rbac_log_roles));
682  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
683  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
684  }
685  }
686  continue;
687  }
688 
689  // Node has local policies => update permission stack and continue
690  if (in_array($node['child'], $a_policies) && $node['child'] != SYSTEM_FOLDER_ID) {
691  $local_policy = true;
692  $this->updatePolicyStack($policy_stack, $node['child']);
693  $this->updateOperationStack($operation_stack, $node['child']);
694  $node_stack[] = $node;
695  continue;
696  }
697 
698  // Continue if this object type is not in filter
699  if (!$this->isHandledObjectType($a_filter, $a_exclusion_filter, $node['type'])) {
700  continue;
701  }
702 
703  if ($rbac_log_active) {
704  $rbac_log_roles = $this->rbac_review->getParentRoleIds($node['child'], false);
705  $rbac_log_old = ilRbacLog::gatherFaPa((int) $node['child'], array_keys($rbac_log_roles));
706  }
707 
708  // Node is course or group => create permission intersection
709  if (
710  ($a_mode == self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES || $a_mode == self::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES) &&
711  ($node['type'] == 'crs' || $node['type'] == 'grp')
712  ) {
713  // Copy role permission intersection
714  $perms = end($operation_stack);
715  $this->createPermissionIntersection(
716  $policy_stack,
717  $perms[$node['type']] ?? [],
718  $node['child'],
719  $node['type']
720  );
721  if ($this->updateOperationStack($operation_stack, $node['child'])) {
722  $this->updatePolicyStack($policy_stack, $node['child']);
723  $node_stack[] = $node;
724  }
725  }
726 
727  // Set permission
728  $perms = end($operation_stack);
729  $this->changeExistingObjectsGrantPermissions(
730  $this->getId(),
731  (array) ($perms[$node['type']] ?? []),
732  $node['child'],
733  $a_operation_mode
734  );
735  if ($rbac_log_active) {
736  $rbac_log_new = ilRbacLog::gatherFaPa((int) $node['child'], array_keys($rbac_log_roles));
737  $rbac_log = ilRbacLog::diffFaPa($rbac_log_old, $rbac_log_new);
738  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE_EXISTING, $node['child'], $rbac_log);
739  }
740  }
741  }
$relation
$relation
Definition: LOMStructure.php:417
ilObjRole\changeExistingObjectsGrantPermissions
changeExistingObjectsGrantPermissions(int $a_role_id, array $a_permissions, int $a_ref_id, int $a_operation_mode)
Definition: class.ilObjRole.php:743
ilObjRole\createPermissionIntersection
createPermissionIntersection(array $policy_stack, array $a_current_ops, int $a_id, string $a_type)
Create permission intersection.
Definition: class.ilObjRole.php:869
ilTree\RELATION_PARENT
const RELATION_PARENT
Definition: class.ilTree.php:38
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:122
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ilRbacLog\gatherFaPa
static gatherFaPa(int $ref_id, array $role_ids, bool $add_action=false)
Definition: class.ilRbacLog.php:127
ilObjRole\isHandledObjectType
isHandledObjectType(array $a_filter, array $a_exclusion_filter, string $a_type)
Definition: class.ilObjRole.php:794
ilTree\RELATION_EQUALS
const RELATION_EQUALS
Definition: class.ilTree.php:40
ilObjRole\updateOperationStack
updateOperationStack(array &$a_stack, int $a_node, bool $a_init=false)
Update operation stack.
Definition: class.ilObjRole.php:809
ilTree\RELATION_CHILD
const RELATION_CHILD
Definition: class.ilTree.php:37
ilTree\RELATION_NONE
const RELATION_NONE
Definition: class.ilTree.php:41
ilRbacLog\add
static add(int $action, int $ref_id, array $diff, bool $source_ref_id=false)
Definition: class.ilRbacLog.php:226
ilRbacLog\diffFaPa
static diffFaPa(array $old, array $new)
Definition: class.ilRbacLog.php:160
ilRbacLog\EDIT_TEMPLATE_EXISTING
const EDIT_TEMPLATE_EXISTING
Definition: class.ilRbacLog.php:39
ilTree\RELATION_SIBLING
const RELATION_SIBLING
Definition: class.ilTree.php:39
ilObjRole\updatePolicyStack
updatePolicyStack(array &$a_stack, int $a_node)
Definition: class.ilObjRole.php:846
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ changeExistingObjects()

ilObjRole::changeExistingObjects ( int  $a_start_node,
int  $a_mode,
array  $a_filter,
array  $a_exclusion_filter = [],
int  $a_operation_mode = self::MODE_READ_OPERATIONS,
array  $a_operation_stack = [] 
)

Change existing objects.

Parameters
arrayfilter Filter of object types (array('all') => change all objects

Definition at line 542 of file class.ilObjRole.php.

References adjustPermissions(), deleteLocalPolicies(), and ilObject\getId().

549  : void {
550  // Get node info of subtree
551  $nodes = $this->tree->getRbacSubtreeInfo($a_start_node);
552 
553  // get local policies
554  $all_local_policies = $this->rbac_review->getObjectsWithStopedInheritance($this->getId());
555 
556  // filter relevant roles
557  $local_policies = [];
558  foreach ($all_local_policies as $lp) {
559  if (isset($nodes[$lp])) {
560  $local_policies[] = $lp;
561  }
562  }
563 
564  // Delete deprecated policies
565  switch ($a_mode) {
566  case self::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES:
567  case self::MODE_PROTECTED_DELETE_LOCAL_POLICIES:
568  $local_policies = $this->deleteLocalPolicies($a_start_node, $local_policies, $a_filter);
569  break;
570  }
571  $this->adjustPermissions(
572  $a_mode,
573  $nodes,
574  $local_policies,
575  $a_filter,
576  $a_exclusion_filter,
577  $a_operation_mode,
578  $a_operation_stack
579  );
580  }
ilObjRole\deleteLocalPolicies
deleteLocalPolicies(int $a_start, array $a_policies, array $a_filter)
Definition: class.ilObjRole.php:582
ilObjRole\adjustPermissions
adjustPermissions(int $a_mode, array $a_nodes, array $a_policies, array $a_filter, array $a_exclusion_filter=[], int $a_operation_mode=self::MODE_READ_OPERATIONS, array $a_operation_stack=[])
Definition: class.ilObjRole.php:607
+ Here is the call graph for this function:

◆ changeExistingObjectsGrantPermissions()

ilObjRole::changeExistingObjectsGrantPermissions ( int  $a_role_id,
array  $a_permissions,
int  $a_ref_id,
int  $a_operation_mode 
)
protected

Definition at line 743 of file class.ilObjRole.php.

References $DIC, and ILIAS\Repository\logger().

Referenced by adjustPermissions().

748  : void {
749  global $DIC;
750 
751  $admin = $DIC->rbac()->admin();
752  $review = $DIC->rbac()->review();
753  if ($a_operation_mode == self::MODE_READ_OPERATIONS) {
754  $admin->grantPermission(
755  $a_role_id,
756  $a_permissions,
757  $a_ref_id
758  );
759  } elseif ($a_operation_mode == self::MODE_ADD_OPERATIONS) {
760  $current_operations = $review->getRoleOperationsOnObject(
761  $a_role_id,
762  $a_ref_id
763  );
764  $this->logger->debug('Current operations');
765  $this->logger->dump($current_operations);
766 
767  $new_ops = array_unique(array_merge($a_permissions, $current_operations));
768  $this->logger->debug('New operations');
769  $this->logger->dump($new_ops);
770 
771  $admin->grantPermission(
772  $a_role_id,
773  $new_ops,
774  $a_ref_id
775  );
776  } elseif ($a_operation_mode == self::MODE_REMOVE_OPERATIONS) {
777  $current_operations = $review->getRoleOperationsOnObject(
778  $a_role_id,
779  $a_ref_id
780  );
781  $this->logger->debug('Current operations');
782  $this->logger->dump($current_operations);
783 
784  $new_ops = array_diff($current_operations, $a_permissions);
785 
786  $admin->grantPermission(
787  $a_role_id,
788  $new_ops,
789  $a_ref_id
790  );
791  }
792  }
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ create()

ilObjRole::create ( )

Definition at line 188 of file class.ilObjRole.php.

References $DIC, $id, $res, getAllowRegister(), and getAssignUsersStatus().

188  : int
189  {
190  global $DIC;
191 
192  $this->id = parent::create();
193  $query = "INSERT INTO role_data " .
194  "(role_id,allow_register,assign_users) " .
195  "VALUES " .
196  "(" . $this->db->quote($this->id, 'integer') . "," .
197  $this->db->quote($this->getAllowRegister(), 'integer') . "," .
198  $this->db->quote($this->getAssignUsersStatus(), 'integer') . ")";
199  $res = $this->db->query($query);
200 
201  return $this->id;
202  }
$res
$res
Definition: ltiservices.php:66
$DIC
global $DIC
Definition: shib_login.php:22
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
+ Here is the call graph for this function:

◆ createDefaultRole()

static ilObjRole::createDefaultRole ( string  $a_title,
string  $a_description,
string  $a_tpl_name,
int  $a_ref_id 
)
static

Definition at line 59 of file class.ilObjRole.php.

References $DIC, $GLOBALS, $ilDB, $res, ilObject\_lookupType(), ilDBConstants\FETCHMODE_OBJECT, ILIAS\Repository\int(), null, and ROLE_FOLDER_ID.

Referenced by ilObjChatroom\createDefaultRole(), ilLearningSequenceRoles\initDefaultRoles(), ilObjSession\initDefaultRoles(), ilObjBlog\initDefaultRoles(), ilObjForum\initDefaultRoles(), ilObjGroup\initDefaultRoles(), ilObjCourse\initDefaultRoles(), and ilIndividualAssessmentAccessHandler\initDefaultRolesForObject().

64  : ?ilObjRole {
65  global $DIC;
66 
67  $ilDB = $DIC->database();
68 
69  // SET PERMISSION TEMPLATE OF NEW LOCAL CONTRIBUTOR ROLE
70  $res = $ilDB->query("SELECT obj_id FROM object_data " .
71  " WHERE type=" . $ilDB->quote("rolt", "text") .
72  " AND title=" . $ilDB->quote($a_tpl_name, "text"));
73  $tpl_id = 0;
74  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
75  $tpl_id = (int) $row->obj_id;
76  }
77  if (!$tpl_id) {
78  return null;
79  }
80 
81  $role = new ilObjRole();
82  $role->setTitle($a_title);
83  $role->setDescription($a_description);
84  $role->create();
85 
86  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $a_ref_id, 'y');
87  $GLOBALS['DIC']['rbacadmin']->copyRoleTemplatePermissions(
88  $tpl_id,
89  ROLE_FOLDER_ID,
90  $a_ref_id,
91  $role->getId()
92  );
93 
94  $ops = $GLOBALS['DIC']['rbacreview']->getOperationsOfRole(
95  $role->getId(),
96  ilObject::_lookupType($a_ref_id, true),
97  $a_ref_id
98  );
99  $GLOBALS['DIC']['rbacadmin']->grantPermission(
100  $role->getId(),
101  $ops,
102  $a_ref_id
103  );
104  return $role;
105  }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
$res
$res
Definition: ltiservices.php:66
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
$DIC
global $DIC
Definition: shib_login.php:22
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ createPermissionIntersection()

ilObjRole::createPermissionIntersection ( array  $policy_stack,
array  $a_current_ops,
int  $a_id,
string  $a_type 
)
protected

Create permission intersection.

Definition at line 869 of file class.ilObjRole.php.

References $GLOBALS, $res, ilObject\$type, ilObject\_lookupObjId(), ilDBConstants\FETCHMODE_OBJECT, ilObject\getId(), ilGroupConstants\GRP_TYPE_CLOSED, ilGroupConstants\GRP_TYPE_OPEN, ILIAS\Repository\int(), ilObjGroup\lookupGroupTye(), null, and ROLE_FOLDER_ID.

Referenced by adjustPermissions().

874  : void {
875  static $course_non_member_id = null;
876  static $group_non_member_id = null;
877  static $group_open_id = null;
878  static $group_closed_id = null;
879 
880  $template_id = 0;
881  // Get template id
882  switch ($a_type) {
883  case 'grp':
884  $type = ilObjGroup::lookupGroupTye(ilObject::_lookupObjId($a_id));
885  switch ($type) {
886  case ilGroupConstants::GRP_TYPE_CLOSED:
887  if (!$group_closed_id) {
888  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_closed'";
889  $res = $this->db->query($query);
890  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
891  $group_closed_id = (int) $row->obj_id;
892  }
893  }
894  $template_id = $group_closed_id;
895  #var_dump("GROUP CLOSED id:" . $template_id);
896  break;
897 
898  case ilGroupConstants::GRP_TYPE_OPEN:
899  default:
900  if (!$group_open_id) {
901  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_grp_status_open'";
902  $res = $this->db->query($query);
903  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
904  $group_open_id = (int) $row->obj_id;
905  }
906  }
907  $template_id = $group_open_id;
908  break;
909  }
910  break;
911 
912  case 'crs':
913  if (!$course_non_member_id) {
914  $query = "SELECT obj_id FROM object_data WHERE type='rolt' AND title='il_crs_non_member'";
915  $res = $this->db->query($query);
916  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
917  $course_non_member_id = (int) $row->obj_id;
918  }
919  }
920  $template_id = $course_non_member_id;
921  break;
922  }
923 
924  // Create intersection template permissions
925  if ($template_id && $policy_stack !== []) {
926  $this->rbac_admin->copyRolePermissionIntersection(
927  $template_id,
928  ROLE_FOLDER_ID,
929  $this->getId(),
930  end($policy_stack),
931  $a_id,
932  $this->getId()
933  );
934  } else {
935  }
936  if ($a_id && !$GLOBALS['DIC']['rbacreview']->isRoleAssignedToObject($this->getId(), $a_id)) {
937  $this->rbac_admin->assignRoleToFolder($this->getId(), $a_id, "n");
938  }
939  }
$res
$res
Definition: ltiservices.php:66
ilObject\$type
string $type
Definition: class.ilObject.php:61
ilObjGroup\lookupGroupTye
static lookupGroupTye(int $a_id)
Definition: class.ilObjGroup.php:118
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:923
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ delete()

ilObjRole::delete ( )

delete role and all related data public

Returns
bool true if all object data were removed; false if only a references were removed

Definition at line 280 of file class.ilObjRole.php.

References $DIC, $res, $user_id, ilLDAPRoleGroupMappingSettings\_deleteByRole(), ilObjUser\_lookupLogin(), ilObject\getId(), ilLoggerFactory\getLogger(), getParent(), ILIAS\Repository\lng(), ILIAS\Repository\logger(), and ROLE_FOLDER_ID.

280  : bool
281  {
282  global $DIC;
283 
284  // Temporary bugfix
285  if ($this->rbac_review->hasMultipleAssignments($this->getId())) {
286  $this->logger->warning('Found role with multiple assignments: role_id: ' . $this->getId());
287  $this->logger->warning('Aborted deletion of role.');
288  return false;
289  }
290 
291  if ($this->rbac_review->isAssignable($this->getId(), $this->getParent())) {
292  $this->logger->debug('Handling assignable role...');
293  // do not delete a global role, if the role is the last
294  // role a user is assigned to.
295  //
296  // Performance improvement: In the code section below, we
297  // only need to consider _global_ roles. We don't need
298  // to check for _local_ roles, because a user who has
299  // a local role _always_ has a global role too.
300  $last_role_user_ids = [];
301  if ($this->getParent() == ROLE_FOLDER_ID) {
302  ilLoggerFactory::getLogger('ac')->debug('Handling global role...');
303  // The role is a global role: check if
304  // we find users who aren't assigned to any
305  // other global role than this one.
306  $user_ids = $this->rbac_review->assignedUsers($this->getId());
307 
308  foreach ($user_ids as $user_id) {
309  // get all roles each user has
310  $role_ids = $this->rbac_review->assignedRoles($user_id);
311 
312  // is last role?
313  if (count($role_ids) == 1) {
314  $last_role_user_ids[] = $user_id;
315  }
316  }
317  }
318 
319  // users with last role found?
320  if ($last_role_user_ids !== []) {
321  $user_names = [];
322  foreach ($last_role_user_ids as $user_id) {
323  // GET OBJECT TITLE
324  $user_names[] = ilObjUser::_lookupLogin($user_id);
325  }
326 
327  // TODO: This check must be done in rolefolder object because if multiple
328  // roles were selected the other roles are still deleted and the system does not
329  // give any feedback about this.
330  $users = implode(', ', $user_names);
331  $this->logger->info('Cannot delete last global role of users.');
332  $this->ilias->raiseError($this->lng->txt("msg_user_last_role1") . " " .
333  $users . "<br/>" . $this->lng->txt("msg_user_last_role2"), $this->ilias->error_obj->WARNING);
334  } else {
335  $this->logger->debug('Starting deletion of assignable role: role_id: ' . $this->getId());
336  $this->rbac_admin->deleteRole($this->getId(), $this->getParent());
337 
338  // Delete ldap role group mappings
339  ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
340 
341  // delete object_data entry
342  parent::delete();
343 
344  // delete role_data entry
345  $query = "DELETE FROM role_data WHERE role_id = " . $this->db->quote($this->getId(), 'integer');
346  $res = $this->db->manipulate($query);
347  }
348  } else {
349  $this->logger->debug('Starting deletion of linked role: role_id ' . $this->getId());
350  // linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
351  $this->rbac_admin->deleteLocalRole($this->getId(), $this->getParent());
352  }
353  return true;
354  }
$res
$res
Definition: ltiservices.php:66
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$DIC
global $DIC
Definition: shib_login.php:22
ilias
Class ilObjForumAdministration.
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObjRole\getParent
getParent()
get reference id of parent object
Definition: class.ilObjRole.php:270
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:678
+ Here is the call graph for this function:

◆ deleteLocalPolicies()

ilObjRole::deleteLocalPolicies ( int  $a_start,
array  $a_policies,
array  $a_filter 
)
protected

Definition at line 582 of file class.ilObjRole.php.

References $DIC, ilObject\_lookupObjId(), ilObject\_lookupType(), ilObject\getId(), and SYSTEM_FOLDER_ID.

Referenced by changeExistingObjects().

582  : array
583  {
584  global $DIC;
585  $rbacadmin = $DIC['rbacadmin'];
586 
587  $local_policies = [];
588  foreach ($a_policies as $policy) {
589  if ($policy == $a_start || $policy == SYSTEM_FOLDER_ID) {
590  $local_policies[] = $policy;
591  continue;
592  }
593  if (!in_array('all', $a_filter) && !in_array(
594  ilObject::_lookupType(ilObject::_lookupObjId($policy)),
595  $a_filter
596  )) {
597  $local_policies[] = $policy;
598  continue;
599  }
600  $rbacadmin->deleteLocalRole($this->getId(), $policy);
601  }
602  return $local_policies;
603  }
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:923
$DIC
global $DIC
Definition: shib_login.php:22
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAllowRegister()

ilObjRole::getAllowRegister ( )

Definition at line 209 of file class.ilObjRole.php.

References $allow_register.

Referenced by create().

209  : bool
210  {
211  return $this->allow_register;
212  }
ilObjRole\$allow_register
bool $allow_register
Definition: class.ilObjRole.php:41
+ Here is the caller graph for this function:

◆ getAssignUsersStatus()

ilObjRole::getAssignUsersStatus ( )

Definition at line 136 of file class.ilObjRole.php.

References $assign_users.

Referenced by create(), and update().

136  : bool
137  {
138  return $this->assign_users;
139  }
ilObjRole\$assign_users
bool $assign_users
Definition: class.ilObjRole.php:42
+ Here is the caller graph for this function:

◆ getCountMembers()

ilObjRole::getCountMembers ( )

Get number of users assigned to role.

Definition at line 359 of file class.ilObjRole.php.

359  : int
360  {
361  return count($this->rbac_review->assignedUsers($this->getId()));
362  }

◆ getParent()

ilObjRole::getParent ( )

get reference id of parent object

Definition at line 270 of file class.ilObjRole.php.

References $parent.

Referenced by delete().

270  : ?int
271  {
272  return $this->parent;
273  }
+ Here is the caller graph for this function:

◆ getPresentationTitle()

ilObjRole::getPresentationTitle ( )

Definition at line 120 of file class.ilObjRole.php.

References $r, _getTranslation(), ilObject\getTitle(), and ilObject\getUntranslatedTitle().

120  : string
121  {
122  $r = ilObjRole::_getTranslation($this->getTitle());
123 
124  if ($r === $this->getUntranslatedTitle()) {
125  return $r;
126  }
127 
128  return $r . ' (' . $this->getUntranslatedTitle() . ')';
129  }
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObject\getUntranslatedTitle
getUntranslatedTitle()
Get untranslated object title WebDAV needs to access the untranslated title of an object...
Definition: class.ilObject.php:344
$r
$r
Definition: shib_logout.php:140
+ Here is the call graph for this function:

◆ isAutoGenerated()

ilObjRole::isAutoGenerated ( )

Definition at line 533 of file class.ilObjRole.php.

533  : bool
534  {
535  return substr($this->title, 0, 3) == 'il_';
536  }

◆ isHandledObjectType()

ilObjRole::isHandledObjectType ( array  $a_filter,
array  $a_exclusion_filter,
string  $a_type 
)
protected

Definition at line 794 of file class.ilObjRole.php.

Referenced by adjustPermissions().

794  : bool
795  {
796  if (in_array($a_type, $a_exclusion_filter)) {
797  return false;
798  }
799 
800  if (in_array('all', $a_filter)) {
801  return true;
802  }
803  return in_array($a_type, $a_filter);
804  }
+ Here is the caller graph for this function:

◆ read()

ilObjRole::read ( )

loads "role" from database private

Definition at line 158 of file class.ilObjRole.php.

References $res, ilLogLevel\ERROR, ILIAS\Repository\logger(), setAllowRegister(), and toggleAssignUsersStatus().

Referenced by update().

158  : void
159  {
160  $query = "SELECT * FROM role_data WHERE role_id= " . $this->db->quote($this->id, 'integer') . " ";
161  $res = $this->db->query($query);
162  if ($res->numRows() > 0) {
163  $row = $this->db->fetchAssoc($res);
164  $this->setAllowRegister((bool) $row['allow_register']);
165  $this->toggleAssignUsersStatus((bool) ($row['assign_users'] ?? false));
166  } else {
167  $this->logger->logStack(ilLogLevel::ERROR);
168  throw new ilObjectException('There is no dataset with id: ' . $this->id);
169  }
170  parent::read();
171  }
$res
$res
Definition: ltiservices.php:66
ilObjRole\setAllowRegister
setAllowRegister(bool $a_allow_register)
Definition: class.ilObjRole.php:204
ilObjectException
Base exception class for object service.
Definition: class.ilObjectException.php:26
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus(bool $a_assign_users)
Definition: class.ilObjRole.php:131
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAllowRegister()

ilObjRole::setAllowRegister ( bool  $a_allow_register)

Definition at line 204 of file class.ilObjRole.php.

Referenced by read().

204  : void
205  {
206  $this->allow_register = $a_allow_register;
207  }
+ Here is the caller graph for this function:

◆ setParent()

ilObjRole::setParent ( int  $a_parent_ref)

set reference id of parent object this is neccessary for non RBAC protected objects!!!

Definition at line 262 of file class.ilObjRole.php.

262  : void
263  {
264  $this->parent = $a_parent_ref;
265  }

◆ toggleAssignUsersStatus()

ilObjRole::toggleAssignUsersStatus ( bool  $a_assign_users)

Definition at line 131 of file class.ilObjRole.php.

Referenced by read().

131  : void
132  {
133  $this->assign_users = $a_assign_users;
134  }
+ Here is the caller graph for this function:

◆ update()

ilObjRole::update ( )

Definition at line 173 of file class.ilObjRole.php.

References $res, getAssignUsersStatus(), and read().

173  : bool
174  {
175  $query = "UPDATE role_data SET " .
176  "allow_register= " . $this->db->quote($this->allow_register, 'integer') . ", " .
177  "assign_users = " . $this->db->quote($this->getAssignUsersStatus(), 'integer') . " " .
178  "WHERE role_id= " . $this->db->quote($this->id, 'integer') . " ";
179  $res = $this->db->manipulate($query);
180 
181  parent::update();
182 
183  $this->read();
184 
185  return true;
186  }
$res
$res
Definition: ltiservices.php:66
ilObjRole\read
read()
loads "role" from database private
Definition: class.ilObjRole.php:158
+ Here is the call graph for this function:

◆ updateOperationStack()

ilObjRole::updateOperationStack ( array &  $a_stack,
int  $a_node,
bool  $a_init = false 
)
protected

Update operation stack.

Definition at line 809 of file class.ilObjRole.php.

References ilObject\getId(), null, ROLE_FOLDER_ID, and ROOT_FOLDER_ID.

Referenced by adjustPermissions().

813  : bool {
814  $has_policies = null;
815 
816  if ($a_node == ROOT_FOLDER_ID) {
817  $has_policies = true;
818  $policy_origin = ROLE_FOLDER_ID;
819  } else {
820  $has_policies = $this->rbac_review->getLocalPolicies($a_node);
821  $policy_origin = $a_node;
822 
823  if ($a_init) {
824  $parent_roles = $this->rbac_review->getParentRoleIds($a_node, false);
825  if ($parent_roles[$this->getId()]) {
826  $a_stack[] = $this->rbac_review->getAllOperationsOfRole(
827  $this->getId(),
828  $parent_roles[$this->getId()]['parent']
829  );
830  }
831  return true;
832  }
833  }
834 
835  if (!$has_policies) {
836  return false;
837  }
838 
839  $a_stack[] = $this->rbac_review->getAllOperationsOfRole(
840  $this->getId(),
841  $policy_origin
842  );
843  return true;
844  }
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updatePolicyStack()

ilObjRole::updatePolicyStack ( array &  $a_stack,
int  $a_node 
)
protected

Definition at line 846 of file class.ilObjRole.php.

References null, ROLE_FOLDER_ID, and ROOT_FOLDER_ID.

Referenced by adjustPermissions().

846  : bool
847  {
848  $has_policies = null;
849 
850  if ($a_node == ROOT_FOLDER_ID) {
851  $has_policies = true;
852  $policy_origin = ROLE_FOLDER_ID;
853  } else {
854  $has_policies = $this->rbac_review->getLocalPolicies($a_node);
855  $policy_origin = $a_node;
856  }
857 
858  if (!$has_policies) {
859  return false;
860  }
861 
862  $a_stack[] = $policy_origin;
863  return true;
864  }
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
+ Here is the caller graph for this function:

◆ validate()

ilObjRole::validate ( )

Definition at line 107 of file class.ilObjRole.php.

References $DIC, $ilErr, and ilObject\getTitle().

107  : bool
108  {
109  global $DIC;
110 
111  $ilErr = $DIC['ilErr'];
112 
113  if (substr($this->getTitle(), 0, 3) == 'il_') {
114  $ilErr->setMessage('msg_role_reserved_prefix');
115  return false;
116  }
117  return true;
118  }
$ilErr
$ilErr
Definition: raiseError.php:33
$DIC
global $DIC
Definition: shib_login.php:22
+ Here is the call graph for this function:

Field Documentation

◆ $allow_register

bool ilObjRole::$allow_register = false
protected

Definition at line 41 of file class.ilObjRole.php.

Referenced by getAllowRegister().

◆ $assign_users

bool ilObjRole::$assign_users = false
protected

Definition at line 42 of file class.ilObjRole.php.

Referenced by getAssignUsersStatus().

◆ $logger

ilLogger ilObjRole::$logger
private

Definition at line 37 of file class.ilObjRole.php.

◆ $parent

int ilObjRole::$parent = null

Definition at line 39 of file class.ilObjRole.php.

Referenced by getParent().

◆ MODE_ADD_OPERATIONS

const ilObjRole::MODE_ADD_OPERATIONS = 1

Definition at line 33 of file class.ilObjRole.php.

Referenced by ilObjRoleFolderGUI\adjustRoleObject().

◆ MODE_PROTECTED_DELETE_LOCAL_POLICIES

const ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES = 1

Definition at line 28 of file class.ilObjRole.php.

Referenced by ilDidacticTemplateLocalPolicyAction\createLocalPolicy(), ilDidacticTemplateLocalPolicyAction\revert(), ilDidacticTemplateLocalPolicyAction\revertLocalPolicy(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

◆ MODE_PROTECTED_KEEP_LOCAL_POLICIES

const ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES = 2

Definition at line 29 of file class.ilObjRole.php.

Referenced by ilPermissionGUI\addRole(), ilObjRoleFolderGUI\doChangeExistingObjects(), ilObjRoleGUI\permSaveObject(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

◆ MODE_READ_OPERATIONS

const ilObjRole::MODE_READ_OPERATIONS = 2

Definition at line 34 of file class.ilObjRole.php.

Referenced by ilObjRoleFolderGUI\adjustRoleObject(), and ilObjRoleFolderGUI\doChangeExistingObjects().

◆ MODE_REMOVE_OPERATIONS

const ilObjRole::MODE_REMOVE_OPERATIONS = 3

Definition at line 35 of file class.ilObjRole.php.

Referenced by ilObjRoleFolderGUI\adjustRoleObject().

◆ MODE_UNPROTECTED_DELETE_LOCAL_POLICIES

const ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES = 3

Definition at line 30 of file class.ilObjRole.php.

Referenced by ilDidacticTemplateLocalPolicyAction\createLocalPolicy(), ilDidacticTemplateBlockRoleAction\deleteLocalPolicy(), ilDidacticTemplateLocalPolicyAction\revert(), ilDidacticTemplateLocalPolicyAction\revertLocalPolicy(), and ilObjRoleGUI\showChangeExistingObjectsConfirmation().

◆ MODE_UNPROTECTED_KEEP_LOCAL_POLICIES

const ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES = 4

Definition at line 31 of file class.ilObjRole.php.

Referenced by ilPermissionGUI\addRole(), ilObjLTIAdministrationGUI\createLtiUserRole(), ilObjRoleFolderGUI\doChangeExistingObjects(), ilObjRoleGUI\permSaveObject(), ilObjRoleGUI\showChangeExistingObjectsConfirmation(), and ilPermissionGUI\unblockRoles().

The documentation for this class was generated from the following file: