/** * Get the number of users who may access the object but don't have yet a license * * @access public * @return int number of potential accesses */ function getPotentialAccesses() { global $ilDB; // get the operation id for read access $ops_ids = ilRbacReview::_getOperationIdsByName(array('read')); // first get all roles with read access $role_ids = array(); $query = 'SELECT DISTINCT pa.rol_id' . ' FROM rbac_pa pa' . ' INNER JOIN object_reference ob ON ob.ref_id = pa.ref_id' . ' WHERE ' . $ilDB->like('pa.ops_id', 'text', '%%i:' . $ops_ids[0] . ';%%') . ' AND ob.obj_id = ' . $ilDB->quote($this->obj_id, 'integer'); $result = $ilDB->query($query); while ($row = $ilDB->fetchObject($result)) { $role_ids[] = $row->rol_id; } if (!count($role_ids)) { return 0; } // then count all users of these roles without read events $query = 'SELECT COUNT(DISTINCT(usr_id)) accesses ' . ' FROM rbac_ua' . ' WHERE ' . $ilDB->in('rol_id', $role_ids, false, 'integer') . ' AND usr_id NOT IN' . ' (SELECT usr_id FROM read_event' . ' WHERE obj_id = ' . $ilDB->quote($this->obj_id, 'integer') . ')'; $result = $ilDB->query($query); $row = $ilDB->fetchObject($result); return $row->accesses; }
protected function handlePermissionUpdate(ilECSSetting $server) { if ($this->content_obj->getType() == 'crs') { $GLOBALS['ilLog']->write(__METHOD__ . ': Permission update'); if ($this->content_obj->getType() == 'crs') { $GLOBALS['rbacadmin']->grantPermission($server->getGlobalRole(), ilRbacReview::_getOperationIdsByName(array('join', 'visible')), $this->content_obj->getRefId()); } } }
/** * Get all objects of a specific type and check access * This function is not recursive, instead it parses the serialized rbac_pa entries * * Get all objects of a specific type where access is granted for the given * operation. This function does a checkAccess call for all objects * in the object hierarchy and return only the objects of the given type. * Please note if access is not granted to any object in the hierarchy * the function skips all objects under it. * Example: * You want a list of all Courses that are visible and readable for the user. * The function call would be: * $your_list = IlUtil::getObjectsByOperation ("crs", "visible"); * Lets say there is a course A where the user would have access to according to * his role assignments. Course A lies within a group object which is not readable * for the user. Therefore course A won't appear in the result list although * the queried operations 'read' would actually permit the user * to access course A. * * @access public * @param string/array object type 'lm' or array('lm','sahs') * @param string permission to check e.g. 'visible' or 'read' * @param int id of user in question * @param int limit of results. if not given it defaults to search max hits.If limit is -1 limit is unlimited * @return array of ref_ids * @static * */ public static function _getObjectsByOperations($a_obj_type, $a_operation, $a_usr_id = 0, $limit = 0) { global $ilDB, $rbacreview, $ilAccess, $ilUser, $ilias, $tree; if (!is_array($a_obj_type)) { $where = "WHERE type = " . $ilDB->quote($a_obj_type, "text") . " "; } else { $where = "WHERE " . $ilDB->in("type", $a_obj_type, false, "text") . " "; } // limit number of results default is search result limit if (!$limit) { $limit = $ilias->getSetting('search_max_hits', 100); } if ($limit == -1) { $limit = 10000; } // default to logged in usr $a_usr_id = $a_usr_id ? $a_usr_id : $ilUser->getId(); $a_roles = $rbacreview->assignedRoles($a_usr_id); // Since no rbac_pa entries are available for the system role. This function returns !all! ref_ids in the case the user // is assigned to the system role if ($rbacreview->isAssigned($a_usr_id, SYSTEM_ROLE_ID)) { $query = "SELECT ref_id FROM object_reference obr LEFT JOIN object_data obd ON obr.obj_id = obd.obj_id " . "LEFT JOIN tree ON obr.ref_id = tree.child " . $where . "AND tree = 1"; $res = $ilDB->query($query); $counter = 0; while ($row = $ilDB->fetchObject($res)) { // Filter recovery folder if ($tree->isGrandChild(RECOVERY_FOLDER_ID, $row->ref_id)) { continue; } if ($counter++ >= $limit) { break; } $ref_ids[] = $row->ref_id; } return $ref_ids ? $ref_ids : array(); } // End Administrators // Check ownership if it is not asked for edit_permission or a create permission if ($a_operation == 'edit_permissions' or strpos($a_operation, 'create') !== false) { $check_owner = ") "; } else { $check_owner = "OR owner = " . $ilDB->quote($a_usr_id, "integer") . ") "; } $ops_ids = ilRbacReview::_getOperationIdsByName(array($a_operation)); $ops_id = $ops_ids[0]; $and = "AND ((" . $ilDB->in("rol_id", $a_roles, false, "integer") . " "; $query = "SELECT DISTINCT(obr.ref_id),obr.obj_id,type FROM object_reference obr " . "JOIN object_data obd ON obd.obj_id = obr.obj_id " . "LEFT JOIN rbac_pa ON obr.ref_id = rbac_pa.ref_id " . $where . $and . "AND (" . $ilDB->like("ops_id", "text", "%i:" . $ops_id . "%") . " " . "OR " . $ilDB->like("ops_id", "text", "%:\"" . $ops_id . "\";%") . ")) " . $check_owner; $res = $ilDB->query($query); $counter = 0; while ($row = $res->fetchRow(DB_FETCHMODE_OBJECT)) { if ($counter >= $limit) { break; } // Filter objects in recovery folder if ($tree->isGrandChild(RECOVERY_FOLDER_ID, $row->ref_id)) { continue; } // Check deleted, hierarchical access ... if ($ilAccess->checkAccessOfUser($a_usr_id, $a_operation, '', $row->ref_id, $row->type, $row->obj_id)) { $counter++; $ref_ids[] = $row->ref_id; } } return $ref_ids ? $ref_ids : array(); }
$tree = new ilTree(ROOT_FOLDER_ID); $tree->insertNode($ref_id, $chatfolder_ref_id); $rolf_obj_id = $ilDB->nextId('object_data'); // Create role folder $ilDB->manipulateF("INSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($rolf_obj_id, "rolf", $obj_id, "(ref_id " . $ref_id . ")", -1, ilUtil::now(), ilUtil::now())); $rolf_ref_id = $ilDB->nextId('object_reference'); // Create reference $ilDB->manipulateF("INSERT INTO object_reference (ref_id, obj_id) VALUES (%s, %s)", array('integer', 'integer'), array($rolf_ref_id, $rolf_obj_id)); // put in tree $tree->insertNode($rolf_ref_id, $ref_id); $role_obj_id = $ilDB->nextId('object_data'); // Create role $ilDB->manipulateF("INSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($role_obj_id, "role", "il_chat_moderator_" . $ref_id, "Moderator of chat obj_no." . $obj_id, -1, ilUtil::now(), ilUtil::now())); // Insert role_data $ilDB->manipulateF('INSERT INTO role_data (role_id) VALUES (%s)', array('integer'), array($role_obj_id)); $permissions = ilRbacReview::_getOperationIdsByName(array('visible', 'read', 'moderate')); $rbacadmin = new ilRbacAdmin(); $rbacadmin->grantPermission($role_obj_id, $permissions, $ref_id); $rbacadmin->assignRoleToFolder($role_obj_id, $rolf_ref_id); $id = $ilDB->nextId('chatroom_settings'); $ilDB->insert('chatroom_settings', array('room_id' => array('integer', $id), 'object_id' => array('integer', $obj_id), 'room_type' => array('text', 'default'), 'allow_anonymous' => array('integer', 0), 'allow_custom_usernames' => array('integer', 0), 'enable_history' => array('integer', 0), 'restrict_history' => array('integer', 0), 'autogen_usernames' => array('text', 'Anonymous #'), 'allow_private_rooms' => array('integer', 1))); $settings = new ilSetting('chatroom'); $settings->set('public_room_ref', $ref_id); } ?> <#3461> <?php $chat_modetator_tpl_id = $ilDB->nextId('object_data'); $ilDB->manipulateF("\n\t\tINSERT INTO object_data (obj_id, type, title, description, owner, create_date, last_update) " . "VALUES (%s, %s, %s, %s, %s, %s, %s)", array("integer", "text", "text", "text", "integer", "timestamp", "timestamp"), array($chat_modetator_tpl_id, "rolt", "il_chat_moderator", "Moderator template for chat moderators", -1, ilUtil::now(), ilUtil::now())); $query = 'SELECT ops_id FROM rbac_operations WHERE operation = ' . $ilDB->quote('moderate', 'text'); $rset = $ilDB->query($query);
/** * Update properties */ public function updateProperties() { global $tpl, $lng, $ilCtrl, $ScormCloudService; if ($_FILES["scormcloudfile"]["name"]) { // First, process SCORM Cloud upload if ($_FILES["scormcloudfile"]["error"] > 0) { error_log("Error: " . $_FILES["scormcloudfile"]["error"]); } else { $id = $this->object->getId(); if ($this->isPackageImportedInScormCloud()) { $mode = "update"; } else { $mode = "new"; } $courseService = $ScormCloudService->getCourseService(); $uploadService = $ScormCloudService->getUploadService(); $courseId = $id; // Where the file is going to be placed $target_path = "uploads/"; $target_path = $_FILES["scormcloudfile"]["tmp_name"] . '.zip'; $tempFile = $_FILES["scormcloudfile"]["tmp_name"]; move_uploaded_file($_FILES['scormcloudfile']['tmp_name'], $target_path); $absoluteFilePathToZip = $target_path; try { //now upload the file and save the resulting location $location = $uploadService->UploadFile($absoluteFilePathToZip, null); if ($mode == 'update') { //version the uploaded course $ir = $courseService->VersionUploadedCourse($courseId, $location, null); } else { //import the uploaded course $ir = $courseService->ImportUploadedCourse($courseId, $location, null); } } catch (Exception $e) { // unlink deletes file unlink($absoluteFilePathToZip); throw $e; } // unlink deletes uploaded file unlink($absoluteFilePathToZip); //TODO: Expose and view import result object // if ($ir->getWasSuccessful()) // { // $this->object->setTitle($ir->getTitle()); // $this->object->update(); // // } // Don't have $ir now... so by virtue of it existing in this next call we'll call it good if ($this->isPackageImportedInScormCloud()) { $allResults = $courseService->GetCourseList(); $xmlstring = ''; $courseTitle = ''; foreach ($allResults as $course) { if ($course->getCourseId() == $this->object->getId()) { $courseTitle = $course->getTitle(); $versionCount = $course->getNumberOfVersions(); $xmlstring = $courseService->GetMetadata($courseId, $versionCount - 1, 0, 'xml'); error_log("xmlString : " . $xmlstring); $this->object->setTitle($courseTitle); $this->object->setExistsOnCloud(true); $this->object->setVersion($versionCount); $this->object->update(); //$this->object->refreshMetaData(); break; } } // Here's where we set the default permissions. Here's a spot where we have a good // refId so use it to set the initial permissions. if ($mode == "new") { // Looks like a good spot to modify permissions since the object has been created global $rbacadmin, $rbacreview; $user_role_id = 4; $guest_role_id = 5; $ref_id = $this->object->getRefId(); $rbacadmin->grantPermission($guest_role_id, ilRbacReview::_getOperationIdsByName(array("visible")), $ref_id); $rbacadmin->grantPermission($user_role_id, ilRbacReview::_getOperationIdsByName(array("visible", "read")), $ref_id); } } } } $this->initPropertiesForm(); if ($this->form->checkInput()) { //$this->object->setTitle($this->form->getInput("title")); $this->object->setDescription($this->form->getInput("desc")); $this->object->setOnline($this->form->getInput("online")); $this->object->setLearnersSeeRptDetails($this->form->getInput("learners_see_rpt_details")); $this->object->update(); ilUtil::sendSuccess($lng->txt("msg_obj_modified"), true); $ilCtrl->redirect($this, "editProperties"); } $this->form->setValuesByPost(); $tpl->setContent($this->form->getHtml()); }