ILIAS Release_3_7_x_branch .rev 46817: classes/class.ilPermissionGUI.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2006 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00024 
00037 class ilPermissionGUI
00038 {
00046         function ilPermissionGUI(&$a_gui_obj)
00047         {
00048                 global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
00049 
00050                 if (!isset($ilErr))
00051                 {
00052                         $ilErr = new ilErrorHandling();
00053                         $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
00054                 }
00055                 else
00056                 {
00057                         $this->ilErr =& $ilErr;
00058                 }
00059 
00060                 $this->ilias =& $ilias;
00061                 $this->objDefinition =& $objDefinition;
00062                 $this->tree =& $tree;
00063                 $this->tpl =& $tpl;
00064                 $this->lng =& $lng;
00065                 $this->lng->loadLanguageModule("rbac");
00066 
00067                 $this->ctrl =& $ilCtrl;
00068 
00069                 $this->gui_obj =& $a_gui_obj;
00070                 
00071                 $this->roles = array();
00072                 $this->num_roles = 0;
00073         }
00074         
00075 
00076         function &executeCommand()
00077         {
00078                 global $rbacsystem, $ilErr;
00079 
00080                 // access to all functions in this class are only allowed if edit_permission is granted
00081                 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
00082                 {
00083                         $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
00084                 }
00085 
00086                 $next_class = $this->ctrl->getNextClass($this);
00087 
00088                 switch($next_class)
00089                 {
00090                         case "ilobjrolegui":
00091                                 include_once("classes/class.ilObjRoleGUI.php");
00092                                 $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
00093                                 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),
00094                                         $this->ctrl->getLinkTarget($this, "perm"));
00095                                 $ret =& $this->ctrl->forwardCommand($this->gui_obj);
00096                                 break;
00097                                 
00098                         default:
00099                                 $cmd = $this->ctrl->getCmd();
00100                                 $this->$cmd();
00101                                 break;
00102                 }
00103 
00104                 return true;
00105         }
00106 
00112         function perm()
00113         {
00114                 global $rbacsystem, $rbacreview;
00115 
00116                 $this->getRolesData();
00117 
00119                 // START DATA OUTPUT
00121                 $this->__initSubTabs("perm");
00122 
00123                 $this->gui_obj->getTemplateFile("perm");
00124 
00125                 $this->num_roles = count($this->roles);
00126 
00127                 // render filter form
00128             $this->tpl->setCurrentBlock("filter");
00129             $this->tpl->setVariable("FILTER_TXT_FILTER",$this->lng->txt('filter'));
00130             $this->tpl->setVariable("SELECT_FILTER",$this->__buildRoleFilterSelect());
00131             $this->tpl->setVariable("FILTER_ACTION",$this->ctrl->getFormAction($this)."&cmd=perm");
00132             $this->tpl->setVariable("FILTER_NAME",'view');
00133             $this->tpl->setVariable("FILTER_VALUE",$this->lng->txt('apply_filter'));
00134             $this->tpl->parseCurrentBlock();
00135 
00136                 // don't display table if no role in list
00137                 if ($this->num_roles < 1)
00138                 {
00139                         sendinfo($this->lng->txt("msg_no_roles_of_type"),false);
00140                         $this->__displayAddRoleForm();
00141                         return true;
00142                 }
00143 
00144                 $this->tpl->addBlockFile("PERM_PERMISSIONS", "permissions", "tpl.obj_perm_permissions.html");
00145 
00146                 $this->tpl->setVariable("TXT_TITLE", $this->lng->txt("permission_settings"));
00147                 $this->tpl->setVariable("IMG_PERM", ilUtil::getImagePath("icon_perm.gif"));
00148                 $this->tpl->setVariable("TXT_TITLE_INFO",
00149                         sprintf($this->lng->txt("permission_settings_info"),
00150                         $this->gui_obj->object->getTitle()
00151                         ));
00152                 $this->tpl->setVariable("COLSPAN", $this->num_roles);
00153                 $this->tpl->setVariable("FORMACTION",
00154                         $this->gui_obj->getFormAction("permSave",$this->ctrl->getLinkTarget($this,"permSave")));
00155                 $this->tpl->setVariable("TXT_SAVE", $this->lng->txt("save"));
00156                 
00157                 // needed for display correct role context of global roles
00158                 $global_roles = $rbacreview->getGlobalRoles();
00159 
00160                 foreach ($this->roles as $role)
00161                 {
00162                         $tmp_role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
00163                         $tmp_local_roles = array();
00164 
00165                         if ($tmp_role_folder)
00166                         {
00167                                 $tmp_local_roles = $rbacreview->getRolesOfRoleFolder($tmp_role_folder["ref_id"]);
00168                         }
00169                                 
00170                         // Is it a real or linked lokal role
00171                         if ($role['protected'] == false and in_array($role['obj_id'],$tmp_local_roles))
00172                         {
00173                                 $role_folder_data = $rbacreview->getRoleFolderOfObject($_GET['ref_id']);
00174                                 $role_folder_id = $role_folder_data['ref_id'];
00175 
00176 
00177                                 $this->tpl->setCurrentBlock("rolelink_open");
00178 
00179                                 $up_path = defined('ILIAS_MODULE') ? "../" : "";
00180                                 $this->ctrl->setParameterByClass("ilobjrolegui", "obj_id",
00181                                         $role['obj_id']);
00182                                 $this->ctrl->setParameterByClass("ilobjrolegui", "rolf_ref_id",
00183                                         $role_folder_id);
00184                                 $this->tpl->setVariable("LINK_ROLE_RULESET",
00185                                         $this->ctrl->getLinkTargetByClass("ilobjrolegui", "perm"));
00186                                 
00187                                 $this->tpl->setVariable("TXT_ROLE_RULESET",$this->lng->txt("edit_perm_ruleset"));
00188                                 $this->tpl->parseCurrentBlock();
00189 
00190                                 $this->tpl->touchBlock("rolelink_close");
00191                         }
00192 
00193                         $this->tpl->setCurrentBlock("role_infos");
00194                         
00195                         // display human readable role names for autogenerated roles
00196                         include_once ('class.ilObjRole.php');
00197                         $this->tpl->setVariable("ROLE_NAME",str_replace(" ","&nbsp;",ilObjRole::_getTranslation($role["title"])));
00198                         //var_dump("<pre>",$role,"</pre>");
00199                         
00200                         // display role context
00201                         if (in_array($role["obj_id"],$global_roles))
00202                         {
00203                                 $this->tpl->setVariable("ROLE_CONTEXT_TYPE","global");
00204                         }
00205                         else
00206                         {
00207                                 $rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"],true);
00208                                 $parent_node = $this->tree->getParentNodeData($rolf[0]);
00209                                 //$this->tpl->setVariable("ROLE_CONTEXT_TYPE",$this->lng->txt("obj_".$parent_node["type"])."&nbsp;(#".$parent_node["obj_id"].")");
00210                                 //$this->tpl->setVariable("ROLE_CONTEXT",$parent_node["title"]);
00211                                 $this->tpl->setVariable("ROLE_CONTEXT_TYPE",$parent_node["title"]);
00212                         }
00213                         
00214                         $this->tpl->parseCurrentBlock();
00215                 }
00216                 $this->ctrl->clearParametersByClass("ilobjrolegui");
00217                 
00218 // show permission settings
00219 
00220                 // general section
00221                 $this->__showPermissionsGeneralSection();
00222                 
00223                 // object section
00224                 $this->__showPermissionsObjectSection();
00225 
00226                 // rbac section
00227                 $this->__showPermissionsRBACSection();
00228                 
00229                 // create section
00230                 $this->__showPermissionsCreateSection();
00231 
00232                 $this->tpl->setVariable("COLSPAN", $this->num_roles);
00233 
00234                 // ADD LOCAL ROLE               
00235                 $this->__displayAddRoleForm();
00236         }
00237 
00238 
00244         function permSave()
00245         {
00246                 global $rbacreview, $rbacadmin, $rbacsystem;
00247 
00248                 // first save the new permission settings for all roles
00249                 $rbacadmin->revokePermission($this->gui_obj->object->getRefId());
00250 
00251                 if (is_array($_POST["perm"]))
00252                 {
00253                         foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
00254                         {
00255                                 $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
00256                         }
00257                 }
00258 
00259                 // update object data entry (to update last modification date)
00260                 $this->gui_obj->object->update();
00261 
00262                 // Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
00263                 // muss folgendes geschehen:
00264                 // - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
00265                 // - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
00266                 // - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
00267                 //   und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
00268 
00269                 // get rolefolder data if a rolefolder already exists
00270                 $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
00271                 $rolf_id = $rolf_data["child"];
00272                 
00273                 $stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
00274 
00275                 if ($stop_inherit_roles)
00276                 {
00277                         // rolefolder does not exist, so create one
00278                         if (empty($rolf_id))
00279                         {
00280                                 // create a local role folder
00281                                 $rfoldObj = $this->gui_obj->object->createRoleFolder();
00282 
00283                                 // set rolf_id again from new rolefolder object
00284                                 $rolf_id = $rfoldObj->getRefId();
00285                         }
00286 
00287                         $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
00288                         
00289                         foreach ($stop_inherit_roles as $stop_inherit)
00290                         {
00291                                 // create role entries for roles with stopped inheritance
00292                                 if (!in_array($stop_inherit,$roles_of_folder))
00293                                 {
00294                                         $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
00295                                         $rbacadmin->copyRolePermission($stop_inherit,$parentRoles[$stop_inherit]["parent"],
00296                                                                                                    $rolf_id,$stop_inherit);
00297                                         $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
00298                                 }
00299                         }// END FOREACH
00300                 }// END STOP INHERIT
00301                 
00302                 if ($rolf_id  and $rolf_id != ROLE_FOLDER_ID)
00303                 {
00304                         // get roles where inheritance is stopped was cancelled
00305                         $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
00306                         $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
00307                                 
00308                         // remove roles where stopped inheritance is cancelled and purge rolefolder if empty
00309                         foreach ($linked_roles_to_remove as $role_id)
00310                         {
00311                                 if ($rbacreview->isProtected($rolf_id,$role_id))
00312                                 {
00313                                         continue;
00314                                 }
00315                                 
00316                                 $role_obj =& $this->ilias->obj_factory->getInstanceByObjId($role_id);
00317                                 $role_obj->setParent($rolf_id);
00318                                 $role_obj->delete();
00319                                 unset($role_obj);
00320                         }
00321                 }
00322                 
00323                 sendinfo($this->lng->txt("saved_successfully"),true);
00324                 
00325                 // redirect to default page if user revokes himself access to the permission panel
00326                 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
00327                 {
00328                         $this->ctrl->redirect($this->gui_obj);
00329                 }
00330                 
00331                 $this->ctrl->redirect($this,'perm');
00332         }
00333 
00334 
00335 
00343         function addRole()
00344         {
00345                 global $rbacadmin, $rbacreview, $rbacsystem;
00346 
00347                 // first check if role title is unique
00348                 if ($rbacreview->roleExists($_POST["Fobject"]["title"]))
00349                 {
00350                         $this->ilias->raiseError($this->lng->txt("msg_role_exists1")." '".ilUtil::stripSlashes($_POST["Fobject"]["title"])."' ".
00351                                                                          $this->lng->txt("msg_role_exists2"),$this->ilias->error_obj->MESSAGE);
00352                 }
00353 
00354                 // check if role title has il_ prefix
00355                 if (substr($_POST["Fobject"]["title"],0,3) == "il_")
00356                 {
00357                         $this->ilias->raiseError($this->lng->txt("msg_role_reserved_prefix"),$this->ilias->error_obj->MESSAGE);
00358                 }
00359 
00360                 // if the current object is no role folder, create one
00361                 if ($this->gui_obj->object->getType() != "rolf")
00362                 {
00363                         $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
00364 
00365                         // is there already a rolefolder?
00366                         if (!($rolf_id = $rolf_data["child"]))
00367                         {
00368                                 // can the current object contain a rolefolder?
00369                                 $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
00370 
00371                                 if (!isset($subobjects["rolf"]))
00372                                 {
00373                                         $this->ilias->raiseError($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
00374                                                                                         $this->lng->txt("msg_no_rolf_allowed2"),$this->ilias->error_obj->WARNING);
00375                                 }
00376 
00377                                 // create a rolefolder
00378                                 $rolfObj = $this->gui_obj->object->createRoleFolder();
00379                                 $rolf_id = $rolfObj->getRefId();
00380                         }
00381                 }
00382                 else
00383                 {
00384                         // Current object is already a rolefolder. To create the role we take its reference id
00385                         $rolf_id = $this->gui_obj->object->getRefId();
00386                 }
00387 
00388                 // create role
00389                 if ($this->gui_obj->object->getType() == "rolf")
00390                 {
00391                         $roleObj = $this->gui_obj->object->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
00392                 }
00393                 else
00394                 {
00395                         $rfoldObj = $this->ilias->obj_factory->getInstanceByRefId($rolf_id);
00396                         $roleObj = $rfoldObj->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
00397                 }
00398 
00399                 sendInfo($this->lng->txt("role_added"),true);
00400                 
00401                 // in administration jump to deault perm settings screen
00402                 // alex, ILIAS 3.6.5, 1.9.2006: this does not work and leads to errors in
00403                 // a) administration
00404                 //    -> repository trash & permissions -> item -> permissions ->
00405                 //    "you may add role" screen -> save
00406                 // b) other modules like learning modules
00407                 //    -> permissions -> "you may add role" screen
00408                 // deactivated for 3.6.6
00409                 //if ($this->ctrl->getTargetScript() != "repository.php")
00410                 //{
00411                 //      $this->ctrl->setParameter($this,"obj_id",$roleObj->getId());
00412                 //      $this->ctrl->setParameter($this,"ref_id",$rolf_id);
00413                 //      $this->ctrl->redirect($this,'perm');
00414                 //}
00415 
00416                 $this->ctrl->redirect($this,'perm');
00417         }
00418 
00419         function &__initTableGUI()
00420         {
00421                 include_once "./classes/class.ilTableGUI.php";
00422 
00423                 return new ilTableGUI(0,false);
00424         }
00425         
00431         function __setTableGUIBasicData(&$tbl,&$result_set,$a_from = "")
00432         {
00433                 switch ($a_from)
00434                 {
00435                         case "clipboardObject":
00436                                 $offset = $_GET["offset"];
00437                                 $order = $_GET["sort_by"];
00438                                 $direction = $_GET["sort_order"];
00439                                 $tbl->disable("footer");
00440                                 break;
00441 
00442                         default:
00443                                 $offset = $_GET["offset"];
00444                                 $order = $_GET["sort_by"];
00445                                 $direction = $_GET["sort_order"];
00446                                 break;
00447                 }
00448 
00449                 $tbl->setOrderColumn($order);
00450                 $tbl->setOrderDirection($direction);
00451                 $tbl->setOffset($offset);
00452                 $tbl->setLimit($_GET["limit"]);
00453                 $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
00454                 $tbl->setData($result_set);
00455         }
00456         
00457 
00458         function __buildRoleFilterSelect()
00459         {
00460                 $action[1] = $this->lng->txt('filter_all_roles');
00461                 $action[2] = $this->lng->txt('filter_global_roles');
00462                 $action[3] = $this->lng->txt('filter_local_roles');
00463                 $action[4] = $this->lng->txt('filter_roles_local_policy');
00464                 $action[5] = $this->lng->txt('filter_local_roles_object');
00465                 
00466                 return ilUtil::formSelect($_SESSION['perm_filtered_roles'],"filter",$action,false,true);
00467         }
00468         
00469         function __filterRoles($a_roles,$a_filter)
00470         {
00471                 global $rbacreview;
00472 
00473                 switch ($a_filter)
00474                 {
00475                         case 1: // all roles in context
00476                                 return $a_roles;
00477                                 break;
00478                         
00479                         case 2: // only global roles
00480                                 $arr_global_roles = $rbacreview->getGlobalRoles();
00481                                 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
00482 
00483                                 foreach ($arr_remove_roles as $role_id)
00484                                 {
00485                                         unset($a_roles[$role_id]);
00486                                 }
00487                                 
00488                                 return $a_roles;
00489                                 break;                  
00490 
00491                         case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
00492                                 $arr_global_roles = $rbacreview->getGlobalRoles();
00493 
00494                                 foreach ($arr_global_roles as $role_id)
00495                                 {
00496                                         unset($a_roles[$role_id]);
00497                                 }
00498                                 
00499                                 return $a_roles;
00500                                 break;
00501                                 
00502                         case 4: // only roles which use a local policy 
00503                                 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
00504                 
00505                                 if (!$role_folder)
00506                                 {
00507                                         return array();
00508                                 }
00509                                 
00510                                 $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
00511                                 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
00512 
00513                                 foreach ($arr_remove_roles as $role_id)
00514                                 {
00515                                         unset($a_roles[$role_id]);
00516                                 }
00517 
00518                                 return $a_roles;
00519                                 break;
00520                                 
00521                         case 5: // only true local role defined at current position
00522                                 
00523                                 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
00524                 
00525                                 if (!$role_folder)
00526                                 {
00527                                         return array();
00528                                 }
00529                                 
00530                                 $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
00531                                 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
00532 
00533                                 foreach ($arr_remove_roles as $role_id)
00534                                 {
00535                                         unset($a_roles[$role_id]);
00536                                 }
00537 
00538                                 return $a_roles;
00539                                 break;
00540                 }
00541 
00542                 return $a_roles;
00543         }
00544 
00545         // show owner sub tab
00546         function owner()
00547         {
00548                 global $ilObjDataCache,$ilUser;
00549 
00550                 $this->__initSubTabs("owner");
00551 
00552                 $this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.obj_owner.html');
00553 
00554                 $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
00555                 $this->tpl->setVariable("USERNAME",ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
00556                 $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_usr.gif'));
00557                 $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('owner'));
00558                 $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('info_owner_of_object'));
00559                 $this->tpl->setVariable("BTN_CHOWN",$this->lng->txt('change_owner'));
00560                 $this->tpl->setVariable("TXT_USERNAME",$this->lng->txt('username'));
00561                 $this->tpl->setVariable("CHOWN_WARNING",$this->lng->txt('chown_warning'));
00562         }
00563         
00564         function changeOwner()
00565         {
00566                 global $rbacsystem,$ilErr,$ilObjDataCache;
00567 
00568                 if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
00569                 {
00570                         sendInfo($this->lng->txt('user_not_known'));
00571                         $this->owner();
00572                         return true;
00573                 }
00574 
00575                 $this->gui_obj->object->setOwner($user_id);
00576                 $this->gui_obj->object->updateOwner();
00577                 $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
00578                 sendInfo($this->lng->txt('owner_updated'),true);
00579 
00580                 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
00581                 {
00582                         $this->ctrl->redirect($this->gui_obj);
00583                         return true;
00584                 }
00585 
00586                 $this->ctrl->redirect($this,'owner');
00587                 return true;
00588 
00589         }
00590         
00591         // init permission query feature
00592         function info()
00593         {
00594                 $this->__initSubTabs("info");
00595 
00596                 include_once('classes/class.ilObjectStatusGUI.php');
00597                 
00598                 $ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
00599                 
00600                 $this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
00601         }
00602         
00603         // init sub tabs
00604         function __initSubTabs($a_cmd)
00605         {
00606                 global $ilTabs;
00607 
00608                 $perm = ($a_cmd == 'perm') ? true : false;
00609                 $info = ($a_cmd == 'info') ? true : false;
00610                 $owner = ($a_cmd == 'owner') ? true : false;
00611 
00612                 $ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
00613                                                                  "", "", "", $perm);
00614                 $ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
00615                                                                  "", "", "", $info);
00616                 $ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
00617                                                                  "", "", "", $owner);
00618         }
00619         
00620         function getRolesData()
00621         {
00622                 global $rbacsystem, $rbacreview;
00623 
00624                 // first get all roles in
00625                 $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
00626 
00627                 // filter roles
00628                 $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
00629 
00630                 // set default filter (all roles) if no filter is set
00631                 if ($_SESSION['perm_filtered_roles'] == 0)
00632         {
00633                 $_SESSION['perm_filtered_roles'] = 1;
00634         }
00635         
00636                 // remove filtered roles from array
00637         $roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
00638 
00639                 // determine status of each role (local role, changed policy, protected)
00640 
00641                 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
00642                 
00643                 $local_roles = array();
00644 
00645                 if (!empty($role_folder))
00646                 {
00647                         $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
00648                 }
00649 
00650                 foreach ($roles as $key => $role)
00651                 {
00652                         // exclude system admin role from list
00653                         if ($role["obj_id"] == SYSTEM_ROLE_ID)
00654                         {
00655                                 unset($roles[$key]);
00656                                 continue;
00657                         }
00658                         
00659                         $this->roles[$role['obj_id']] = $role;
00660 
00661                         // don't allow local policies for protected roles
00662                         $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
00663 
00664                         if (!in_array($role["obj_id"],$local_roles))
00665                         {
00666                                 $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
00667                                 $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
00668                         }
00669                         else
00670                         {
00671                                 // no checkbox for local roles
00672                                 if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
00673                                 {
00674                                         $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
00675                                 }
00676                                 else
00677                                 {
00678                                         $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
00679                                         $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
00680                                 }
00681                         }
00682 
00683                         // compute permission settings for each role
00684                         $grouped_ops = groupOperationsByClass(getOperationList($this->gui_obj->object->getType()));
00685 
00686                         foreach ($grouped_ops as $ops_group => $ops_data)
00687                         {
00688                                 foreach ($ops_data as $key => $operation)
00689                                 {
00690                                         $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
00691                                 }
00692                         }
00693                         
00694                         $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
00695                         unset($grouped_ops);
00696                 }
00697         }
00698         
00699         function __displayAddRoleForm()
00700         {
00701                 // do not display this option for admin section and root node
00702                 $object_types_exclude = array("adm","root","mail","objf","lngf","trac","taxf","auth", "assf",'seas','extt','adve');
00703 
00704                 if (!in_array($this->gui_obj->object->getType(),$object_types_exclude) and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
00705                 {
00706                         $this->tpl->addBlockFile("PERM_ADD_ROLE", "add_local_roles", "tpl.obj_perm_add_role.html");
00707 
00708                         // fill in saved values in case of error
00709                         $data = array();
00710                         $data["fields"] = array();
00711                         $data["fields"]["title"] = $_SESSION["error_post_vars"]["Fobject"]["title"];
00712                         $data["fields"]["desc"] = $_SESSION["error_post_vars"]["Fobject"]["desc"];
00713 
00714                         foreach ($data["fields"] as $key => $val)
00715                         {
00716                                 $this->tpl->setVariable("TXT_LR_".strtoupper($key), $this->lng->txt($key));
00717                                 $this->tpl->setVariable(strtoupper($key), $val);
00718                         }
00719 
00720                         $this->tpl->setVariable("FORMACTION_LR",$this->gui_obj->getFormAction("addRole", $this->ctrl->getLinkTarget($this, "addRole")));
00721                         $this->tpl->setVariable("TXT_LR_HEADER", $this->lng->txt("you_may_add_local_roles"));
00722                         $this->tpl->setVariable("TXT_ADD_ROLE", $this->lng->txt("role_add_local"));
00723                         $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00724                 }
00725         }
00726         
00727         function __showPermissionsGeneralSection()
00728         {
00729                 $this->tpl->setCurrentBlock("perm_subtitle");
00730                 $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
00731                 $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
00732                 $this->tpl->setVariable("COLSPAN", $this->num_roles);
00733                 $this->tpl->parseCurrentBlock();
00734 
00735                 foreach ($this->roles as $role)
00736                 {
00737                         foreach ($role['permissions']['general'] as $perm)
00738                         {
00739                                 // exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
00740                                 if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
00741                                 {
00742                                         continue;
00743                                 }
00744                                 
00745                                 $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
00746 
00747                                 $this->tpl->setCurrentBlock("perm_item");
00748                                 $this->tpl->setVariable("PERM_CHECKBOX",$box);
00749                                 $this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
00750                                 $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
00751                                 $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
00752                                 $this->tpl->parseCurrentBlock();
00753                         }
00754 
00755                         $this->tpl->setCurrentBlock("perm_table");
00756                         $this->tpl->parseCurrentBlock();        
00757                 }
00758 
00759                 $this->tpl->setCurrentBlock("perm_settings");
00760                 $this->tpl->parseCurrentBlock();
00761         }
00762         
00763         function __showPermissionsObjectSection()
00764         {
00765                 // create pointer to first role (only the permission list is needed)
00766                 reset($this->roles);
00767                 $first_role =& current($this->roles);
00768 
00769                 if (count($first_role['permissions']['object'])) // check if object type has special operations
00770                 {
00771                         $this->tpl->setCurrentBlock("perm_subtitle");
00772                         $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
00773                         $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
00774                         $this->tpl->setVariable("COLSPAN", $this->num_roles);
00775                         $this->tpl->parseCurrentBlock();
00776         
00777                         foreach ($this->roles as $role)
00778                         {
00779                                 foreach ($role['permissions']['object'] as $perm)
00780                                 {
00781                                         $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
00782         
00783                                         $this->tpl->setCurrentBlock("perm_item");
00784                                         $this->tpl->setVariable("PERM_CHECKBOX",$box);
00785                                         $this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
00786                                         $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
00787                                         $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
00788                                         $this->tpl->parseCurrentBlock();
00789                                 }
00790         
00791                                 $this->tpl->setCurrentBlock("perm_table");
00792                                 $this->tpl->parseCurrentBlock();        
00793                         }                                                               
00794         
00795                         $this->tpl->setCurrentBlock("perm_settings");
00796                         $this->tpl->parseCurrentBlock();
00797                 }
00798         }
00799         
00800         function __showPermissionsRBACSection()
00801         {
00802                 $this->tpl->setCurrentBlock("perm_subtitle");
00803                 $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
00804                 $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
00805                 $this->tpl->setVariable("COLSPAN", $this->num_roles);
00806                 $this->tpl->parseCurrentBlock();
00807 
00808                 foreach ($this->roles as $role)
00809                 {
00810                         foreach ($role['permissions']['rbac'] as $perm)
00811                         {
00812                                 $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
00813 
00814                                 $this->tpl->setCurrentBlock("perm_item");
00815                                 $this->tpl->setVariable("PERM_CHECKBOX",$box);
00816                                 $this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
00817                                 $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
00818                                 $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
00819                                 $this->tpl->parseCurrentBlock();
00820                         }
00821 
00822                         // use local policy flag
00823                         // offer option 'use local policy' only to those objects where this option is permitted
00824                         if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
00825                         {
00826                                 if ($role['local_policy_allowed'])
00827                                 {
00828                                         $box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
00829                                         $lang = $this->lng->txt("perm_use_local_policy")." (".
00830                                                 $this->lng->txt("stop_inheritance").")";
00831                                         $lang_desc = $this->lng->txt("perm_use_local_policy_desc");
00832                                 }
00833                                 else
00834                                 {
00835                                         $box = '&nbsp;';
00836                                         $lang = $this->lng->txt("perm_local_role");
00837                                         $lang_desc = $this->lng->txt("perm_local_role_desc");
00838                                 }
00839                                 
00840                                 $this->tpl->setCurrentBlock("perm_item");
00841                                 $this->tpl->setVariable("PERM_CHECKBOX",$box);
00842                                 $this->tpl->setVariable("PERM_NAME",$lang);
00843                                 $this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
00844                                 $this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
00845                                 $this->tpl->parseCurrentBlock();
00846                         }
00847         
00848                                 $this->tpl->setCurrentBlock("perm_table");
00849                                 $this->tpl->parseCurrentBlock();        
00850                 }
00851 
00852                 $this->tpl->setCurrentBlock("perm_settings");
00853                 $this->tpl->parseCurrentBlock();
00854         }
00855         
00856         function __showPermissionsCreateSection()
00857         {
00858                 // no create operation for roles/role templates in local role folders
00859                 // access is controlled by 'administrate' (change permission settings) only
00860                 if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
00861                 {
00862                         return;
00863                 }
00864                 
00865                 // create pointer to first role (only the permission list is needed)
00866                 reset($this->roles);
00867                 $first_role =& current($this->roles);
00868 
00869                 if (count($first_role['permissions']['create'])) // check if object type has create operations
00870                 {
00871                         $this->tpl->setCurrentBlock("perm_subtitle");
00872                         $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
00873                         $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
00874                         $this->tpl->setVariable("COLSPAN", $this->num_roles);
00875                         $this->tpl->parseCurrentBlock();
00876         
00877                         foreach ($this->roles as $role)
00878                         {
00879                                 foreach ($role['permissions']['create'] as $perm)
00880                                 {
00881                                         if ($perm["name"] == "create_icrs" and !$this->ilias->getSetting("ilinc_active"))
00882                                         {
00883                                                 continue;
00884                                         }
00885 
00886                                         $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
00887         
00888                                         $this->tpl->setCurrentBlock("perm_item");
00889                                         $this->tpl->setVariable("PERM_CHECKBOX",$box);
00890                                         $this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
00891                                         $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
00892                                         $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
00893                                         $this->tpl->parseCurrentBlock();
00894                                 }
00895         
00896                                 $this->tpl->setCurrentBlock("perm_table");
00897                                 $this->tpl->parseCurrentBlock();        
00898                         }
00899         
00900                         $this->tpl->setCurrentBlock("perm_settings");
00901                         $this->tpl->parseCurrentBlock();
00902                 }
00903         }
00904 } // END class.ilPermissionGUI
00905 ?>