/**
* delete role and all related data
*
* @access public
* @return boolean true if all object data were removed; false if only a references were removed
*/
function delete()
{
global $rbacadmin, $rbacreview, $ilDB;
$role_folders = $rbacreview->getFoldersAssignedToRole($this->getId());
// Temporary bugfix
if ($rbacreview->hasMultipleAssignments($this->getId())) {
$GLOBALS['ilLog']->write(__METHOD__ . ': Found role with multiple assignments: ' . $this->getId());
return false;
}
if ($rbacreview->isAssignable($this->getId(), $this->getParent())) {
// do not delete a global role, if the role is the last
// role a user is assigned to.
//
// Performance improvement: In the code section below, we
// only need to consider _global_ roles. We don't need
// to check for _local_ roles, because a user who has
// a local role _always_ has a global role too.
$last_role_user_ids = array();
if ($this->getParent() == ROLE_FOLDER_ID) {
// The role is a global role: check if
// we find users who aren't assigned to any
// other global role than this one.
$user_ids = $rbacreview->assignedUsers($this->getId());
foreach ($user_ids as $user_id) {
// get all roles each user has
$role_ids = $rbacreview->assignedRoles($user_id);
// is last role?
if (count($role_ids) == 1) {
$last_role_user_ids[] = $user_id;
}
}
}
// users with last role found?
if (count($last_role_user_ids) > 0) {
foreach ($last_role_user_ids as $user_id) {
//echo "<br>last role for user id:".$user_id.":";
// GET OBJECT TITLE
$tmp_obj = $this->ilias->obj_factory->getInstanceByObjId($user_id);
$user_names[] = $tmp_obj->getFullname();
unset($tmp_obj);
}
// TODO: This check must be done in rolefolder object because if multiple
// roles were selected the other roles are still deleted and the system does not
// give any feedback about this.
$users = implode(', ', $user_names);
$this->ilias->raiseError($this->lng->txt("msg_user_last_role1") . " " . $users . "<br/>" . $this->lng->txt("msg_user_last_role2"), $this->ilias->error_obj->WARNING);
} else {
// IT'S A BASE ROLE
$rbacadmin->deleteRole($this->getId(), $this->getParent());
// Delete ldap role group mappings
include_once './Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
ilLDAPRoleGroupMappingSettings::_deleteByRole($this->getId());
// delete object_data entry
parent::delete();
// delete role_data entry
$query = "DELETE FROM role_data WHERE role_id = " . $ilDB->quote($this->getId(), 'integer');
$res = $ilDB->manipulate($query);
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($this->getId());
$role_desk_item_obj->deleteAll();
}
} else {
// linked local role: INHERITANCE WAS STOPPED, SO DELETE ONLY THIS LOCAL ROLE
$rbacadmin->deleteLocalRole($this->getId(), $this->getParent());
}
// purge empty rolefolders
//
// Performance improvement: We filter out all role folders
// which still contain roles, _before_ we attempt to purge them.
// This is faster than attempting to purge all role folders,
// and let function purge() of the role folder find out, if
// purging is possible.
$non_empty_role_folders = $rbacreview->filterEmptyRoleFolders($role_folders);
$role_folders = array_diff($role_folders, $non_empty_role_folders);
// Attempt to purge the role folders
foreach ($role_folders as $rolf) {
if (ilObject::_exists($rolf, true)) {
$rolfObj = $this->ilias->obj_factory->getInstanceByRefId($rolf);
$rolfObj->purge();
unset($rolfObj);
}
}
return true;
}
/**
* Add desktop item
* @param type $a_rol_id
* @param type $a_usr_id
*/
protected function addDesktopItem($a_rol_id, $a_usr_id)
{
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($a_rol_id);
foreach ($role_desk_item_obj->getAll() as $item_data) {
include_once './Services/User/classes/class.ilObjUser.php';
ilObjUser::_addDesktopItem($a_usr_id, $item_data['item_id'], $item_data['item_type']);
}
}
/**
* adds a local role
* This method is only called when choose the option 'you may add local roles'. This option
* is displayed in the permission settings dialogue for an object
* TODO: this will be changed
* @access public
*
*/
protected function addRole()
{
global $rbacadmin, $rbacreview, $rbacsystem, $ilErr, $ilCtrl;
$form = $this->initRoleForm();
if ($form->checkInput()) {
$new_title = $form->getInput("title");
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$role = new ilObjRole();
$role->setTitle($new_title);
$role->setDescription($form->getInput('desc'));
$role->create();
$GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
// protect
$rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role->getId(), $form->getInput('pro') ? 'y' : 'n');
// copy rights
$right_id_to_copy = $form->getInput("rights");
if ($right_id_to_copy) {
$parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
$rbacadmin->copyRoleTemplatePermissions($right_id_to_copy, $parentRoles[$right_id_to_copy]["parent"], $this->getCurrentObject()->getRefId(), $role->getId(), false);
if ($form->getInput('existing')) {
if ($form->getInput('pro')) {
$role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES, array('all'));
} else {
$role->changeExistingObjects($this->getCurrentObject()->getRefId(), ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, array('all'));
}
}
}
// add to desktop items
if ($form->getInput("desktop")) {
include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
$role_desk_item_obj = new ilRoleDesktopItem($role->getId());
$role_desk_item_obj->add($this->getCurrentObject()->getRefId(), ilObject::_lookupType($this->getCurrentObject()->getRefId(), true));
}
ilUtil::sendSuccess($this->lng->txt("role_added"), true);
$this->ctrl->redirect($this, 'perm');
} else {
$form->setValuesByPost();
$this->tpl->setContent($form->getHTML());
}
}
