ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
37 class ilPermissionGUI
38 {
46  function ilPermissionGUI(&$a_gui_obj)
47  {
48  global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
49 
50  if (!isset($ilErr))
51  {
52  $ilErr = new ilErrorHandling();
53  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
54  }
55  else
56  {
57  $this->ilErr =& $ilErr;
58  }
59 
60  $this->ilias =& $ilias;
61  $this->objDefinition =& $objDefinition;
62  $this->tree =& $tree;
63  $this->tpl =& $tpl;
64  $this->lng =& $lng;
65  $this->lng->loadLanguageModule("rbac");
66 
67  $this->ctrl =& $ilCtrl;
68 
69  $this->gui_obj =& $a_gui_obj;
70 
71  $this->roles = array();
72  $this->num_roles = 0;
73  }
74 
75 
76  function &executeCommand()
77  {
78  global $rbacsystem, $ilErr;
79 
80  // access to all functions in this class are only allowed if edit_permission is granted
81  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
82  {
83  $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
84  }
85 
86  $next_class = $this->ctrl->getNextClass($this);
87 
88  switch($next_class)
89  {
90  case "ilobjrolegui":
91  include_once("./Services/AccessControl/classes/class.ilObjRoleGUI.php");
92  $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
93  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),
94  $this->ctrl->getLinkTarget($this, "perm"));
95  $ret =& $this->ctrl->forwardCommand($this->gui_obj);
96  break;
97 
98  default:
99  $cmd = $this->ctrl->getCmd();
100  $this->$cmd();
101  break;
102  }
103 
104  return true;
105  }
106 
112  function perm()
113  {
114  global $rbacsystem, $rbacreview;
115 
116  $this->getRolesData();
117 
119  // START DATA OUTPUT
121  $this->__initSubTabs("perm");
122 
123  $this->gui_obj->getTemplateFile("perm");
124 
125  $this->num_roles = count($this->roles);
126 
127  // render filter form
128  $this->tpl->setCurrentBlock("filter");
129  $this->tpl->setVariable("FILTER_TXT_FILTER",$this->lng->txt('filter'));
130  $this->tpl->setVariable("SELECT_FILTER",$this->__buildRoleFilterSelect());
131  $this->tpl->setVariable("FILTER_ACTION",$this->ctrl->getFormAction($this)."&cmd=perm");
132  $this->tpl->setVariable("FILTER_NAME",'view');
133  $this->tpl->setVariable("FILTER_VALUE",$this->lng->txt('apply_filter'));
134  $this->tpl->parseCurrentBlock();
135 
136  // don't display table if no role in list
137  if ($this->num_roles < 1)
138  {
139  ilUtil::sendInfo($this->lng->txt("msg_no_roles_of_type"),false);
140  $this->__displayAddRoleForm();
141  return true;
142  }
143 
144  $this->tpl->addBlockFile("PERM_PERMISSIONS", "permissions", "tpl.obj_perm_permissions.html");
145 
146  $this->tpl->setVariable("TXT_TITLE", $this->lng->txt("permission_settings"));
147  $this->tpl->setVariable("IMG_PERM", ilUtil::getImagePath("icon_perm.gif"));
148  $this->tpl->setVariable("TXT_TITLE_INFO",
149  sprintf($this->lng->txt("permission_settings_info"),
150  $this->gui_obj->object->getTitle()
151  ));
152  $this->tpl->setVariable("COLSPAN", $this->num_roles);
153  $this->tpl->setVariable("FORMACTION",
154  $this->gui_obj->getFormAction("permSave",$this->ctrl->getLinkTarget($this,"permSave")));
155  $this->tpl->setVariable("TXT_SAVE", $this->lng->txt("save"));
156 
157  // needed for display correct role context of global roles
158  $global_roles = $rbacreview->getGlobalRoles();
159 
160  foreach ($this->roles as $role)
161  {
162  $tmp_role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
163  $tmp_local_roles = array();
164 
165  if ($tmp_role_folder)
166  {
167  $tmp_local_roles = $rbacreview->getRolesOfRoleFolder($tmp_role_folder["ref_id"]);
168  }
169 
170  // Is it a real or linked lokal role
171  if ($role['protected'] == false and in_array($role['obj_id'],$tmp_local_roles))
172  {
173  $role_folder_data = $rbacreview->getRoleFolderOfObject($_GET['ref_id']);
174  $role_folder_id = $role_folder_data['ref_id'];
175 
176 
177  $this->tpl->setCurrentBlock("rolelink_open");
178 
179  $up_path = defined('ILIAS_MODULE') ? "../" : "";
180  $this->ctrl->setParameterByClass("ilobjrolegui", "obj_id",
181  $role['obj_id']);
182  $this->ctrl->setParameterByClass("ilobjrolegui", "rolf_ref_id",
183  $role_folder_id);
184  $this->tpl->setVariable("LINK_ROLE_RULESET",
185  $this->ctrl->getLinkTargetByClass("ilobjrolegui", "perm"));
186 
187  $this->tpl->setVariable("TXT_ROLE_RULESET",$this->lng->txt("edit_perm_ruleset"));
188  $this->tpl->parseCurrentBlock();
189 
190  $this->tpl->touchBlock("rolelink_close");
191  }
192 
193  $this->tpl->setCurrentBlock("role_infos");
194 
195  // display human readable role names for autogenerated roles
196  include_once ('./Services/AccessControl/classes/class.ilObjRole.php');
197  $this->tpl->setVariable("ROLE_NAME",str_replace(" ","&nbsp;",ilObjRole::_getTranslation($role["title"])));
198  //var_dump("<pre>",$role,"</pre>");
199 
200  // display role context
201  if (in_array($role["obj_id"],$global_roles))
202  {
203  $this->tpl->setVariable("ROLE_CONTEXT_TYPE","global");
204  }
205  else
206  {
207  if($rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"],true))
208  {
209  $parent_node = $this->tree->getParentNodeData($rolf[0]);
210  //$this->tpl->setVariable("ROLE_CONTEXT_TYPE",$this->lng->txt("obj_".$parent_node["type"])."&nbsp;(#".$parent_node["obj_id"].")");
211  //$this->tpl->setVariable("ROLE_CONTEXT",$parent_node["title"]);
212  $this->tpl->setVariable("ROLE_CONTEXT_TYPE",$parent_node["title"]);
213  }
214  }
215 
216  $this->tpl->parseCurrentBlock();
217  }
218  $this->ctrl->clearParametersByClass("ilobjrolegui");
219 
220 // show permission settings
221 
222  // general section
223  $this->__showPermissionsGeneralSection();
224 
225  // object section
226  $this->__showPermissionsObjectSection();
227 
228  // rbac section
229  $this->__showPermissionsRBACSection();
230 
231  // create section
232  $this->__showPermissionsCreateSection();
233 
234  $this->tpl->setVariable("COLSPAN", $this->num_roles);
235 
236  // ADD LOCAL ROLE
237  $this->__displayAddRoleForm();
238  }
239 
240 
246  function permSave()
247  {
248  global $rbacreview, $rbacadmin, $rbacsystem;
249 
250  // only revoke permission of roles that are not filtered
251  $this->getRolesData();
252  foreach($this->roles as $role_id => $data)
253  {
254  $rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
255  }
256 
257  if (is_array($_POST["perm"]))
258  {
259  foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
260  {
261  $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
262  }
263  }
264 
265  // update object data entry (to update last modification date)
266  $this->gui_obj->object->update();
267 
268  // Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
269  // muss folgendes geschehen:
270  // - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
271  // - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
272  // - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
273  // und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
274 
275  // get rolefolder data if a rolefolder already exists
276  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
277  $rolf_id = $rolf_data["child"];
278 
279  $stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
280 
281  if ($stop_inherit_roles)
282  {
283  // rolefolder does not exist, so create one
284  if (empty($rolf_id))
285  {
286  // create a local role folder
287  $rfoldObj = $this->gui_obj->object->createRoleFolder();
288 
289  // set rolf_id again from new rolefolder object
290  $rolf_id = $rfoldObj->getRefId();
291  }
292 
293  $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
294 
295  foreach ($stop_inherit_roles as $stop_inherit)
296  {
297  // create role entries for roles with stopped inheritance
298  if (!in_array($stop_inherit,$roles_of_folder))
299  {
300  $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
301  $rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit]["parent"],
302  $rolf_id,$stop_inherit);
303  $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
304  }
305  }// END FOREACH
306  }// END STOP INHERIT
307 
308  if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
309  {
310  // get roles where inheritance is stopped was cancelled
311  $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
312  $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
313 
314  // Only delete local policies for filtered roles
315  $linked_roles_to_remove = (array) array_intersect(
316  (array) $linked_roles_to_remove,
317  (array) array_keys($this->roles));
318 
319  // remove roles where stopped inheritance is cancelled and purge rolefolder if empty
320  foreach ($linked_roles_to_remove as $role_id)
321  {
322  if ($rbacreview->isProtected($rolf_id,$role_id))
323  {
324  continue;
325  }
326 
327  $role_obj =& $this->ilias->obj_factory->getInstanceByObjId($role_id);
328  $role_obj->setParent($rolf_id);
329  $role_obj->delete();
330  unset($role_obj);
331  }
332  }
333 
334  ilUtil::sendInfo($this->lng->txt("saved_successfully"),true);
335 
336  // redirect to default page if user revokes himself access to the permission panel
337  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
338  {
339  $this->ctrl->redirect($this->gui_obj);
340  }
341 
342  $this->ctrl->redirect($this,'perm');
343  }
344 
345 
346 
354  function addRole()
355  {
356  global $rbacadmin, $rbacreview, $rbacsystem;
357 
358  // check if role title has il_ prefix
359  if (substr($_POST["Fobject"]["title"],0,3) == "il_")
360  {
361  $this->ilias->raiseError($this->lng->txt("msg_role_reserved_prefix"),$this->ilias->error_obj->MESSAGE);
362  }
363  if(!strlen($_POST["Fobject"]["title"]))
364  {
365  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
366  }
367 
368  // if the current object is no role folder, create one
369  if ($this->gui_obj->object->getType() != "rolf")
370  {
371  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
372 
373  // is there already a rolefolder?
374  if (!($rolf_id = $rolf_data["child"]))
375  {
376  // can the current object contain a rolefolder?
377  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
378 
379  if (!isset($subobjects["rolf"]))
380  {
381  $this->ilias->raiseError($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
382  $this->lng->txt("msg_no_rolf_allowed2"),$this->ilias->error_obj->WARNING);
383  }
384 
385  // create a rolefolder
386  $rolfObj = $this->gui_obj->object->createRoleFolder();
387  $rolf_id = $rolfObj->getRefId();
388  }
389  }
390  else
391  {
392  // Current object is already a rolefolder. To create the role we take its reference id
393  $rolf_id = $this->gui_obj->object->getRefId();
394  }
395 
396  // create role
397  if ($this->gui_obj->object->getType() == "rolf")
398  {
399  $roleObj = $this->gui_obj->object->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
400  }
401  else
402  {
403  $rfoldObj = $this->ilias->obj_factory->getInstanceByRefId($rolf_id);
404  $roleObj = $rfoldObj->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
405  }
406 
407  ilUtil::sendInfo($this->lng->txt("role_added"),true);
408 
409  // in administration jump to deault perm settings screen
410  // alex, ILIAS 3.6.5, 1.9.2006: this does not work and leads to errors in
411  // a) administration
412  // -> repository trash & permissions -> item -> permissions ->
413  // "you may add role" screen -> save
414  // b) other modules like learning modules
415  // -> permissions -> "you may add role" screen
416  // deactivated for 3.6.6
417  //if ($this->ctrl->getTargetScript() != "repository.php")
418  //{
419  // $this->ctrl->setParameter($this,"obj_id",$roleObj->getId());
420  // $this->ctrl->setParameter($this,"ref_id",$rolf_id);
421  // $this->ctrl->redirect($this,'perm');
422  //}
423 
424  $this->ctrl->redirect($this,'perm');
425  }
426 
427  function &__initTableGUI()
428  {
429  include_once "./Services/Table/classes/class.ilTableGUI.php";
430 
431  return new ilTableGUI(0,false);
432  }
433 
439  function __setTableGUIBasicData(&$tbl,&$result_set,$a_from = "")
440  {
441  switch ($a_from)
442  {
443  case "clipboardObject":
444  $offset = $_GET["offset"];
445  $order = $_GET["sort_by"];
446  $direction = $_GET["sort_order"];
447  $tbl->disable("footer");
448  break;
449 
450  default:
451  $offset = $_GET["offset"];
452  $order = $_GET["sort_by"];
453  $direction = $_GET["sort_order"];
454  break;
455  }
456 
457  $tbl->setOrderColumn($order);
458  $tbl->setOrderDirection($direction);
459  $tbl->setOffset($offset);
460  $tbl->setLimit($_GET["limit"]);
461  $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
462  $tbl->setData($result_set);
463  }
464 
465 
466  function __buildRoleFilterSelect()
467  {
468  $action[1] = $this->lng->txt('filter_all_roles');
469  $action[2] = $this->lng->txt('filter_global_roles');
470  $action[3] = $this->lng->txt('filter_local_roles');
471  $action[4] = $this->lng->txt('filter_roles_local_policy');
472  $action[5] = $this->lng->txt('filter_local_roles_object');
473  return ilUtil::formSelect($_SESSION['perm_filtered_roles'], "filter",$action,false,true);
474  }
475 
476  function __filterRoles($a_roles,$a_filter)
477  {
478  global $rbacreview;
479 
480  switch ($a_filter)
481  {
482  case 1: // all roles in context
483  return $a_roles;
484  break;
485 
486  case 2: // only global roles
487  $arr_global_roles = $rbacreview->getGlobalRoles();
488  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
489 
490  foreach ($arr_remove_roles as $role_id)
491  {
492  unset($a_roles[$role_id]);
493  }
494 
495  return $a_roles;
496  break;
497 
498  case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
499  $arr_global_roles = $rbacreview->getGlobalRoles();
500 
501  foreach ($arr_global_roles as $role_id)
502  {
503  unset($a_roles[$role_id]);
504  }
505 
506  return $a_roles;
507  break;
508 
509  case 4: // only roles which use a local policy
510  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
511 
512  if (!$role_folder)
513  {
514  return array();
515  }
516 
517  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
518  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
519 
520  foreach ($arr_remove_roles as $role_id)
521  {
522  unset($a_roles[$role_id]);
523  }
524 
525  return $a_roles;
526  break;
527 
528  case 5: // only true local role defined at current position
529 
530  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
531 
532  if (!$role_folder)
533  {
534  return array();
535  }
536 
537  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
538  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
539 
540  foreach ($arr_remove_roles as $role_id)
541  {
542  unset($a_roles[$role_id]);
543  }
544 
545  return $a_roles;
546  break;
547  }
548 
549  return $a_roles;
550  }
551 
552  // show owner sub tab
553  function owner()
554  {
555  global $ilObjDataCache,$ilUser;
556 
557  $this->__initSubTabs("owner");
558 
559  $this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.obj_owner.html');
560 
561  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
562  $this->tpl->setVariable("USERNAME",ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
563  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_usr.gif'));
564  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('owner'));
565  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('info_owner_of_object'));
566  $this->tpl->setVariable("BTN_CHOWN",$this->lng->txt('change_owner'));
567  $this->tpl->setVariable("TXT_USERNAME",$this->lng->txt('username'));
568  $this->tpl->setVariable("CHOWN_WARNING",$this->lng->txt('chown_warning'));
569  }
570 
571  function changeOwner()
572  {
573  global $rbacsystem,$ilErr,$ilObjDataCache;
574 
575  if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
576  {
577  ilUtil::sendInfo($this->lng->txt('user_not_known'));
578  $this->owner();
579  return true;
580  }
581 
582  $this->gui_obj->object->setOwner($user_id);
583  $this->gui_obj->object->updateOwner();
584  $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
585  ilUtil::sendInfo($this->lng->txt('owner_updated'),true);
586 
587  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
588  {
589  $this->ctrl->redirect($this->gui_obj);
590  return true;
591  }
592 
593  $this->ctrl->redirect($this,'owner');
594  return true;
595 
596  }
597 
598  // init permission query feature
599  function info()
600  {
601  $this->__initSubTabs("info");
602 
603  include_once('classes/class.ilObjectStatusGUI.php');
604 
605  $ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
606 
607  $this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
608  }
609 
610  // init sub tabs
611  function __initSubTabs($a_cmd)
612  {
613  global $ilTabs;
614 
615  $perm = ($a_cmd == 'perm') ? true : false;
616  $info = ($a_cmd == 'info') ? true : false;
617  $owner = ($a_cmd == 'owner') ? true : false;
618 
619  $ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
620  "", "", "", $perm);
621  $ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
622  "", "", "", $info);
623  $ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
624  "", "", "", $owner);
625  }
626 
627  function getRolesData()
628  {
629  global $rbacsystem, $rbacreview, $tree;
630 
631  // first get all roles in
632  $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
633 
634  // filter roles
635  $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
636 
637  // set default filter (all roles) if no filter is set
638  if ($_SESSION['perm_filtered_roles'] == 0)
639  {
640  if ($tree->checkForParentType($this->gui_obj->object->getRefId(),'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),'grp'))
641  $_SESSION['perm_filtered_roles'] = 3;
642  else
643  $_SESSION['perm_filtered_roles'] = 1;
644  }
645 
646 
647  // remove filtered roles from array
648  $roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
649 
650  // determine status of each role (local role, changed policy, protected)
651 
652  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
653 
654  $local_roles = array();
655 
656  if (!empty($role_folder))
657  {
658  $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
659  }
660 
661  foreach ($roles as $key => $role)
662  {
663  // exclude system admin role from list
664  if ($role["obj_id"] == SYSTEM_ROLE_ID)
665  {
666  unset($roles[$key]);
667  continue;
668  }
669 
670  $this->roles[$role['obj_id']] = $role;
671 
672  // don't allow local policies for protected roles
673  $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
674 
675  if (!in_array($role["obj_id"],$local_roles))
676  {
677  $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
678  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
679  }
680  else
681  {
682  // no checkbox for local roles
683  if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
684  {
685  $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
686  }
687  else
688  {
689  $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
690  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
691  }
692  }
693 
694  // compute permission settings for each role
695  $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
696  foreach ($grouped_ops as $ops_group => $ops_data)
697  {
698  foreach ($ops_data as $key => $operation)
699  {
700  $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
701  }
702  }
703 
704  $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
705  unset($grouped_ops);
706  }
707  }
708 
709  function __displayAddRoleForm()
710  {
711  // do not display this option for admin section and root node
712  $object_types_exclude = array("adm","root","mail","objf","lngf","trac","taxf","auth", "assf","svyf",'seas','extt','adve');
713 
714  if (!in_array($this->gui_obj->object->getType(),$object_types_exclude) and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
715  {
716  $this->tpl->addBlockFile("PERM_ADD_ROLE", "add_local_roles", "tpl.obj_perm_add_role.html");
717 
718  // fill in saved values in case of error
719  $data = array();
720  $data["fields"] = array();
721  $data["fields"]["title"] = $_SESSION["error_post_vars"]["Fobject"]["title"];
722  $data["fields"]["desc"] = $_SESSION["error_post_vars"]["Fobject"]["desc"];
723 
724  foreach ($data["fields"] as $key => $val)
725  {
726  $this->tpl->setVariable("TXT_LR_".strtoupper($key), $this->lng->txt($key));
727  $this->tpl->setVariable(strtoupper($key), $val);
728  }
729 
730  $this->tpl->setVariable("FORMACTION_LR",$this->gui_obj->getFormAction("addRole", $this->ctrl->getLinkTarget($this, "addRole")));
731  $this->tpl->setVariable("TXT_LR_HEADER", $this->lng->txt("you_may_add_local_roles"));
732  $this->tpl->setVariable("TXT_ADD_ROLE", $this->lng->txt("role_add_local"));
733  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
734  }
735  }
736 
737  function __showPermissionsGeneralSection()
738  {
739  $this->tpl->setCurrentBlock("perm_subtitle");
740  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
741  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
742  $this->tpl->setVariable("COLSPAN", $this->num_roles);
743  $this->tpl->parseCurrentBlock();
744 
745  foreach ($this->roles as $role)
746  {
747  foreach ($role['permissions']['general'] as $perm)
748  {
749  // exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
750  if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
751  {
752  continue;
753  }
754 
755  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
756 
757  $this->tpl->setCurrentBlock("perm_item");
758  $this->tpl->setVariable("PERM_CHECKBOX",$box);
759  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
760  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
761  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
762  $this->tpl->parseCurrentBlock();
763  }
764 
765  $this->tpl->setCurrentBlock("perm_table");
766  $this->tpl->parseCurrentBlock();
767  }
768 
769  $this->tpl->setCurrentBlock("perm_settings");
770  $this->tpl->parseCurrentBlock();
771  }
772 
773  function __showPermissionsObjectSection()
774  {
775  // create pointer to first role (only the permission list is needed)
776  reset($this->roles);
777  $first_role =& current($this->roles);
778 
779  if (count($first_role['permissions']['object'])) // check if object type has special operations
780  {
781  $this->tpl->setCurrentBlock("perm_subtitle");
782  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
783  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
784  $this->tpl->setVariable("COLSPAN", $this->num_roles);
785  $this->tpl->parseCurrentBlock();
786 
787  foreach ($this->roles as $role)
788  {
789  foreach ($role['permissions']['object'] as $perm)
790  {
791  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
792 
793  $this->tpl->setCurrentBlock("perm_item");
794  $this->tpl->setVariable("PERM_CHECKBOX",$box);
795  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
796  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
797  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
798  $this->tpl->parseCurrentBlock();
799  }
800 
801  $this->tpl->setCurrentBlock("perm_table");
802  $this->tpl->parseCurrentBlock();
803  }
804 
805  $this->tpl->setCurrentBlock("perm_settings");
806  $this->tpl->parseCurrentBlock();
807  }
808  }
809 
810  function __showPermissionsRBACSection()
811  {
812  $this->tpl->setCurrentBlock("perm_subtitle");
813  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
814  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
815  $this->tpl->setVariable("COLSPAN", $this->num_roles);
816  $this->tpl->parseCurrentBlock();
817 
818  foreach ($this->roles as $role)
819  {
820  foreach ($role['permissions']['rbac'] as $perm)
821  {
822  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
823 
824  $this->tpl->setCurrentBlock("perm_item");
825  $this->tpl->setVariable("PERM_CHECKBOX",$box);
826  $this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
827  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
828  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
829  $this->tpl->parseCurrentBlock();
830  }
831 
832  // use local policy flag
833  // offer option 'use local policy' only to those objects where this option is permitted
834  if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
835  {
836  if ($role['local_policy_allowed'])
837  {
838  $box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
839  $lang = $this->lng->txt("perm_use_local_policy")." (".
840  $this->lng->txt("stop_inheritance").")";
841  $lang_desc = $this->lng->txt("perm_use_local_policy_desc");
842  }
843  else
844  {
845  $box = '&nbsp;';
846  $lang = $this->lng->txt("perm_local_role");
847  $lang_desc = $this->lng->txt("perm_local_role_desc");
848  }
849 
850  $this->tpl->setCurrentBlock("perm_item");
851  $this->tpl->setVariable("PERM_CHECKBOX",$box);
852  $this->tpl->setVariable("PERM_NAME",$lang);
853  $this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
854  $this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
855  $this->tpl->parseCurrentBlock();
856  }
857 
858  $this->tpl->setCurrentBlock("perm_table");
859  $this->tpl->parseCurrentBlock();
860  }
861 
862  $this->tpl->setCurrentBlock("perm_settings");
863  $this->tpl->parseCurrentBlock();
864  }
865 
866  function __showPermissionsCreateSection()
867  {
868  // no create operation for roles/role templates in local role folders
869  // access is controlled by 'administrate' (change permission settings) only
870  if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
871  {
872  return;
873  }
874 
875  // create pointer to first role (only the permission list is needed)
876  reset($this->roles);
877  $first_role =& current($this->roles);
878 
879  if (count($first_role['permissions']['create'])) // check if object type has create operations
880  {
881  $this->tpl->setCurrentBlock("perm_subtitle");
882  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
883  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
884  $this->tpl->setVariable("COLSPAN", $this->num_roles);
885  $this->tpl->parseCurrentBlock();
886 
887  // add a checkbox 'select all' for create permissions of the following object types
888  $container_arr = array('cat','grp','crs','fold');
889 
890  if (in_array($this->gui_obj->object->getType(),$container_arr))
891  {
892  $chk_toggle_create = true;
893  }
894 
895  foreach ($this->roles as $role)
896  {
897  $ops_ids = array();
898 
899  foreach ($role['permissions']['create'] as $perm)
900  {
901  $ops_ids[] = $perm['ops_id'];
902  }
903 
904  if ($chk_toggle_create)
905  {
906  $this->tpl->setCurrentBlock('chk_toggle_create');
907  $this->tpl->setVariable('PERM_NAME',$this->lng->txt('check_all')."/".$this->lng->txt('uncheck_all'));
908  $this->tpl->setVariable('PERM_TOOLTIP',$this->lng->txt('check_all'));
909  $this->tpl->setVariable('ROLE_ID',$role['obj_id']);
910  $this->tpl->setVariable('JS_VARNAME','perm_'.$role['obj_id']);
911  $this->tpl->setVariable('JS_ONCLICK',ilUtil::array_php2js($ops_ids));
912  $this->tpl->parseCurrentBlock();
913  }
914 
915  foreach ($role['permissions']['create'] as $perm)
916  {
917  if ($perm["name"] == "create_icrs" and !$this->ilias->getSetting("ilinc_active"))
918  {
919  continue;
920  }
921 
922  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
923 
924  $this->tpl->setCurrentBlock("perm_item");
925  $this->tpl->setVariable("PERM_CHECKBOX",$box);
926  $this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
927  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
928  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
929  $this->tpl->parseCurrentBlock();
930  }
931 
932  $this->tpl->setCurrentBlock("perm_table");
933  $this->tpl->parseCurrentBlock();
934  }
935 
936  $this->tpl->setCurrentBlock("perm_settings");
937  $this->tpl->parseCurrentBlock();
938  }
939  }
940 } // END class.ilPermissionGUI
941 ?>