ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2008 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 require_once "./classes/class.ilObjectGUI.php";
25 
38 class ilObjRoleGUI extends ilObjectGUI
39 {
45  var $type;
46 
52  var $rolf_ref_id;
53 
54 
55  var $ctrl;
56 
61  function ilObjRoleGUI($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
62  {
63  global $tree,$lng;
64 
65  $lng->loadLanguageModule('rbac');
66 
67  //TODO: move this to class.ilias.php
68  define("USER_FOLDER_ID",7);
69 
70  // copy ref_id for later use.
71  if ($_GET['rolf_ref_id'] != "")
72  {
73  $this->rolf_ref_id = $_GET['rolf_ref_id'];
74  }
75  else
76  {
77  $this->rolf_ref_id = $_GET['ref_id'];
78  }
79 
80  // Add ref_id of object that contains this role folder
81  $this->obj_ref_id = $tree->getParentId($this->rolf_ref_id);
82 
83  $this->type = "role";
84  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,false);
85  $this->ctrl->saveParameter($this, array("obj_id", "rolf_ref_id"));
86  }
87 
88 
89  function &executeCommand()
90  {
91  global $rbacsystem;
92 
93  // todo: clean this mess up, but note that there are several
94  // points where roles can be edited:
95  // - repository categories, courses, groups, learning modules
96  // glossaries (see object.xml)
97  // - administration -> repository trash and permissions ->
98  // item ->edit role
99  // - administration -> repository trash and permissions ->
100  // role folder -> role
101  // - administration -> roles -> role
102  if($this->ctrl->getTargetScript() == 'repository.php' ||
103  $this->ctrl->getTargetScript() == 'role.php' ||
104  $this->ctrl->getTargetScript() == 'fblm_edit.php' ||
105  strtolower($_GET["baseClass"]) == 'ilchathandlergui' ||
106  strtolower($_GET["baseClass"]) == 'ilchatpresentationgui' ||
107  strtolower($_GET["baseClass"]) == 'illmeditorgui' ||
108  strtolower($_GET["baseClass"]) == 'ilexercisehandlergui' ||
109  strtolower($_GET["baseClass"]) == 'illinkresourcehandlergui' ||
110  strtolower($_GET["baseClass"]) == 'ilsahseditgui' ||
111  strtolower($_GET["baseClass"]) == 'ilobjsurveygui' ||
112  strtolower($_GET["baseClass"]) == 'ilwikihandlergui' ||
113  strtolower($_GET["baseClass"]) == 'ilmediapoolpresentation' ||
114  strtolower($_GET["baseClass"]) == 'ilobjsurveyquestionpoolgui' ||
115  strtolower($_GET["baseClass"]) == 'ilobjtestgui' ||
116  strtolower($_GET["baseClass"]) == 'ilobjquestionpoolgui' ||
117  strtolower($_GET["baseClass"]) == 'ilglossaryeditorgui' ||
118  $_GET["admin_mode"] == "repository")
119  {
120  $this->__prepareOutput();
121  }
122  else
123  {
124  if ($_GET["ref_id"] != SYSTEM_FOLDER_ID)
125  {
126  $this->prepareOutput();
127  }
128  else
129  {
130  $this->setAdminTabs();
131  //$this->addAdminLocatorItems();
132  //$tpl->setLocator();
133  }
134  }
135 
136  $next_class = $this->ctrl->getNextClass($this);
137  $cmd = $this->ctrl->getCmd();
138 
139  switch($next_class)
140  {
141  default:
142  if(!$cmd)
143  {
144  $cmd = "perm";
145  }
146  $cmd .= "Object";
147  $this->$cmd();
148 
149  break;
150  }
151 
152  return true;
153  }
154 
158  function setBackTarget($a_text, $a_link)
159  {
160  $this->back_target = array("text" => $a_text,
161  "link" => $a_link);
162  }
163 
167  function getAdminTabs(&$tabs_gui)
168  {
169  $this->getTabs($tabs_gui);
170  }
171 
172 
173  function listDesktopItemsObject()
174  {
175  global $rbacsystem,$rbacreview,$tree;
176 
177  #if(!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
178  if(!$this->checkAccess('edit_permission'))
179  {
180  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
181  }
182 
183  if(!$rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id) &&
184  $this->rolf_ref_id != ROLE_FOLDER_ID)
185  {
186  ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
187  return true;
188  }
189 
190 
191  include_once './classes/class.ilRoleDesktopItem.php';
192  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
193 
194  if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
195  {
196  $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
197  }
198  if(!count($items = $role_desk_item_obj->getAll()))
199  {
200  ilUtil::sendInfo($this->lng->txt('role_desk_none_created'));
201  return true;
202  }
203  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_list.html");
204  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
205  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.gif'));
206  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
207  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
208  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
209  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
210  $this->tpl->setVariable("IMG_ARROW",ilUtil::getImagePath('arrow_downright.gif'));
211 
212  $counter = 0;
213 
214  foreach($items as $role_item_id => $item)
215  {
216  $tmp_obj = ilObjectFactory::getInstanceByRefId($item['item_id']);
217 
218  if(strlen($desc = $tmp_obj->getDescription()))
219  {
220  $this->tpl->setCurrentBlock("description");
221  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
222  $this->tpl->parseCurrentBlock();
223  }
224  $this->tpl->setCurrentBlock("desk_row");
225  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
226  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
227  $this->tpl->setVariable("CHECK_DESK",ilUtil::formCheckBox(0,'del_desk_item[]',$role_item_id));
228  $this->tpl->setVariable("TXT_PATH",$this->lng->txt('path').':');
229  $this->tpl->setVariable("PATH",$this->__formatPath($tree->getPathFull($item['item_id'])));
230  $this->tpl->parseCurrentBlock();
231  }
232 
233  return true;
234  }
235 
236  function askDeleteDesktopItemObject()
237  {
238  global $rbacsystem;
239 
240 
241  #if(!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
242  if(!$this->checkAccess('edit_permission'))
243  {
244  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
245  }
246  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
247  {
248  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
249  }
250  if(!count($_POST['del_desk_item']))
251  {
252  ilUtil::sendInfo($this->lng->txt('role_select_one_item'));
253 
254  $this->listDesktopItemsObject();
255 
256  return true;
257  }
258  ilUtil::sendInfo($this->lng->txt('role_sure_delete_desk_items'));
259 
260  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_ask_delete_desktop_item.html");
261  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
262  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.gif'));
263  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
264  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
265  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
266  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
267  $this->tpl->setVariable("BTN_CANCEL",$this->lng->txt('cancel'));
268 
269  include_once './classes/class.ilRoleDesktopItem.php';
270 
271  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
272 
273  $counter = 0;
274 
275  foreach($_POST['del_desk_item'] as $role_item_id)
276  {
277  $item_data = $role_desk_item_obj->getItem($role_item_id);
278  $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
279 
280  if(strlen($desc = $tmp_obj->getDescription()))
281  {
282  $this->tpl->setCurrentBlock("description");
283  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
284  $this->tpl->parseCurrentBlock();
285  }
286  $this->tpl->setCurrentBlock("desk_row");
287  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
288  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
289  $this->tpl->parseCurrentBlock();
290  }
291 
292  $_SESSION['role_del_desk_items'] = $_POST['del_desk_item'];
293 
294  return true;
295  }
296 
297  function deleteDesktopItemsObject()
298  {
299  global $rbacsystem;
300 
301  #if (!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
302  if(!$this->checkAccess('edit_permission'))
303  {
304  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
305  }
306 
307  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
308  {
309  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
310  }
311 
312  if (!count($_SESSION['role_del_desk_items']))
313  {
314  ilUtil::sendInfo($this->lng->txt('role_select_one_item'));
315 
316  $this->listDesktopItemsObject();
317 
318  return true;
319  }
320 
321  include_once './classes/class.ilRoleDesktopItem.php';
322 
323  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
324 
325  foreach ($_SESSION['role_del_desk_items'] as $role_item_id)
326  {
327  $role_desk_item_obj->delete($role_item_id);
328  }
329 
330  ilUtil::sendInfo($this->lng->txt('role_deleted_desktop_items'));
331  $this->listDesktopItemsObject();
332 
333  return true;
334  }
335 
336 
337  function selectDesktopItemObject()
338  {
339  global $rbacsystem,$tree;
340 
341  include_once './classes/class.ilRoleDesktopItemSelector.php';
342  include_once './classes/class.ilRoleDesktopItem.php';
343 
344  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
345  {
346  #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
347  ilUtil::sendInfo($this->lng->txt('permission_denied'));
348  $this->listDesktopItemsObject();
349  return false;
350  }
351 
352  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html");
353  $this->__showButton('listDesktopItems',$this->lng->txt('back'));
354 
355  ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
356 
357  $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
358  new ilRoleDesktopItem($this->object->getId()));
359  $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
360  $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
361 
362  $exp->setOutput(0);
363 
364  $output = $exp->getOutput();
365  $this->tpl->setVariable("EXPLORER",$output);
366  //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
367 
368  return true;
369  }
370 
371  function assignDesktopItemObject()
372  {
373  global $rbacsystem;
374 
375  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
376  {
377  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
378  return false;
379  }
380 
381  #if (!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
382  if(!$this->checkAccess('edit_permission'))
383  {
384  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
385  return false;
386  }
387 
388  if (!isset($_GET['item_id']))
389  {
390  ilUtil::sendInfo($this->lng->txt('role_no_item_selected'));
391  $this->selectDesktopItemObject();
392 
393  return false;
394  }
395 
396  include_once './classes/class.ilRoleDesktopItem.php';
397 
398  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
399  $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
400 
401  ilUtil::sendInfo($this->lng->txt('role_assigned_desktop_item'));
402 
403  $this->ctrl->redirect($this,'listDesktopItems');
404  return true;
405  }
406 
407 
411  function createObject()
412  {
413  global $rbacsystem;
414 
415  if (!$rbacsystem->checkAccess('create_role', $this->rolf_ref_id))
416  {
417  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
418  }
419 
420  $this->getTemplateFile("edit","role");
421 
422  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
423  {
424  $this->tpl->setCurrentBlock("allow_register");
425  $allow_register = ($_SESSION["error_post_vars"]["Fobject"]["allow_register"]) ? "checked=\"checked\"" : "";
426  $this->tpl->setVariable("TXT_ALLOW_REGISTER",$this->lng->txt("allow_register"));
427  $this->tpl->setVariable("ALLOW_REGISTER",$allow_register);
428  $this->tpl->parseCurrentBlock();
429 
430  $this->tpl->setCurrentBlock("assign_users");
431  $assign_users = $_SESSION["error_post_vars"]["Fobject"]["assign_users"] ? "checked=\"checked\"" : "";
432  $this->tpl->setVariable("TXT_ASSIGN_USERS",$this->lng->txt("allow_assign_users"));
433  $this->tpl->setVariable("ASSIGN_USERS",$assign_users);
434  $this->tpl->parseCurrentBlock();
435 
436  $this->tpl->setCurrentBlock("protect_permissions");
437  $protect_permissions = $_SESSION["error_post_vars"]["Fobject"]["protect_permissions"] ? "checked=\"checked\"" : "";
438  $this->tpl->setVariable("TXT_PROTECT_PERMISSIONS",$this->lng->txt("role_protect_permissions"));
439  $this->tpl->setVariable("PROTECT_PERMISSIONS",$protect_permissions);
440  $this->tpl->parseCurrentBlock();
441  }
442 
443  // fill in saved values in case of error
444  $this->tpl->setVariable("TITLE",ilUtil::prepareFormOutput($_SESSION["error_post_vars"]["Fobject"]["title"]),true);
445  $this->tpl->setVariable("DESC",ilUtil::stripSlashes($_SESSION["error_post_vars"]["Fobject"]["desc"]));
446 
447  $this->tpl->setVariable("TXT_TITLE",$this->lng->txt("title"));
448  $this->tpl->setVariable("TXT_DESC",$this->lng->txt("desc"));
449  $this->ctrl->setParameter($this, "new_type", $this->type);
450  $this->tpl->setVariable("FORMACTION",
451  $this->ctrl->getFormAction($this));
452  $this->tpl->setVariable("TXT_HEADER", $this->lng->txt($this->type."_new"));
453  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
454  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt($this->type."_add"));
455  $this->tpl->setVariable("CMD_SUBMIT", "save");
456  $this->tpl->setVariable("TARGET", $this->getTargetFrame("save"));
457  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
458  }
459 
465  function saveObject()
466  {
467  global $rbacsystem, $rbacadmin, $rbacreview;
468 
469  // check for create role permission
470  if (!$rbacsystem->checkAccess("create_role",$this->rolf_ref_id))
471  {
472  $this->ilias->raiseError($this->lng->txt("msg_no_perm_create_role"),$this->ilias->error_obj->MESSAGE);
473  }
474 
475  // check required fields
476  if (empty($_POST["Fobject"]["title"]))
477  {
478  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
479  }
480 
481  // check if role title has il_ prefix
482  if (substr($_POST["Fobject"]["title"],0,3) == "il_")
483  {
484  $this->ilias->raiseError($this->lng->txt("msg_role_reserved_prefix"),$this->ilias->error_obj->MESSAGE);
485  }
486 
487  // save
488  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
489  $roleObj = new ilObjRole();
490  $roleObj->setTitle(ilUtil::stripSlashes($_POST["Fobject"]["title"]));
491  $roleObj->setDescription(ilUtil::stripSlashes($_POST["Fobject"]["desc"]));
492  $roleObj->setAllowRegister($_POST["Fobject"]["allow_register"]);
493  $roleObj->toggleAssignUsersStatus($_POST["Fobject"]["assign_users"]);
494  $roleObj->create();
495  $rbacadmin->assignRoleToFolder($roleObj->getId(), $this->rolf_ref_id,'y');
496  $rbacadmin->setProtected($this->rolf_ref_id,$roleObj->getId(),ilUtil::tf2yn($_POST["Fobject"]["protect_permissions"]));
497  ilUtil::sendInfo($this->lng->txt("role_added"),true);
498 
499  $this->ctrl->returnToParent($this);
500  }
501 
507  function permObject()
508  {
509  global $rbacadmin, $rbacreview, $rbacsystem, $objDefinition, $tree;
510 
511  // for role administration check visible,write of global role folder
512  /*
513  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
514  {
515  $access = $rbacsystem->checkAccess('visible,write',$this->rolf_ref_id);
516  }
517  else // for local roles check 'edit permission' of parent object of the local role folder
518  {
519  $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
520  }
521  */
522  $access = $this->checkAccess('visible,write','edit_permission');
523 
524  if (!$access)
525  {
526  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
527  }
528 
529  $perm_def = $this->object->__getPermissionDefinitions();
530 
531  $rbac_objects =& $perm_def[0];
532  $rbac_operations =& $perm_def[1];
533 
534  foreach ($rbac_objects as $key => $obj_data)
535  {
536  $rbac_objects[$key]["name"] = $this->lng->txt("obj_".$obj_data["type"]);
537  $rbac_objects[$key]["ops"] = $rbac_operations[$key];
538  }
539 
540  // for local roles display only the permissions settings for allowed subobjects
541  if ($this->rolf_ref_id != ROLE_FOLDER_ID)
542  {
543  // first get object in question (parent of role folder object)
544  $parent_data = $this->tree->getParentNodeData($this->rolf_ref_id);
545  // get allowed subobjects of object recursively
546  $subobj_data = $this->objDefinition->getSubObjectsRecursively($parent_data["type"]);
547 
548  // remove not allowed object types from array but keep the type definition of object itself
549  foreach ($rbac_objects as $key => $obj_data)
550  {
551  if ($obj_data["type"] == "rolf")
552  {
553  unset($rbac_objects[$key]);
554  continue;
555  }
556 
557  if (!$subobj_data[$obj_data["type"]] and $parent_data["type"] != $obj_data["type"])
558  {
559  unset($rbac_objects[$key]);
560  }
561  }
562  } // end if local roles
563 
564  // now sort computed result
565  //sort($rbac_objects);
566 
567  /*foreach ($rbac_objects as $key => $obj_data)
568  {
569  sort($rbac_objects[$key]["ops"]);
570  }*/
571 
572  // sort by (translated) name of object type
573  $rbac_objects = ilUtil::sortArray($rbac_objects,"name","asc");
574 
575  // BEGIN CHECK_PERM
576  foreach ($rbac_objects as $key => $obj_data)
577  {
578  $arr_selected = $rbacreview->getOperationsOfRole($this->object->getId(), $obj_data["type"], $this->rolf_ref_id);
579  $arr_checked = array_intersect($arr_selected,array_keys($rbac_operations[$obj_data["obj_id"]]));
580 
581  foreach ($rbac_operations[$obj_data["obj_id"]] as $operation)
582  {
583  // check all boxes for system role
584  if ($this->object->getId() == SYSTEM_ROLE_ID)
585  {
586  $checked = true;
587  $disabled = true;
588  }
589  else
590  {
591  $checked = in_array($operation["ops_id"],$arr_checked);
592  $disabled = false;
593  }
594 
595  // Es wird eine 2-dim Post Variable �bergeben: perm[rol_id][ops_id]
596  $box = ilUtil::formCheckBox($checked,"template_perm[".$obj_data["type"]."][]",$operation["ops_id"],$disabled);
597  $output["perm"][$obj_data["obj_id"]][$operation["ops_id"]] = $box;
598  }
599  }
600  // END CHECK_PERM
601 
602  $output["col_anz"] = count($rbac_objects);
603  $output["txt_save"] = $this->lng->txt("save");
604  $output["check_recursive"] = ilUtil::formCheckBox(0,"recursive",1);
605  $output["text_recursive"] = $this->lng->txt("change_existing_objects");
606  $output["text_recursive_desc"] = $this->lng->txt("change_existing_objects_desc");
607 
608  $protected_disabled = true;
609 
610  if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id))
611  {
612  $protected_disabled = false;
613  }
614 
615  $output["check_protected"] = ilUtil::formCheckBox($rbacreview->isProtected($this->rolf_ref_id,$this->object->getId()),
616  "protected",
617  1,
618  $protected_disabled);
619 
620  $output["text_protected"] = $this->lng->txt("role_protect_permissions");
621  $output["text_protected_desc"] = $this->lng->txt("role_protect_permissions_desc");
622 
623 
624 /************************************/
625 /* adopt permissions form */
626 /************************************/
627 
628  $output["message_middle"] = $this->lng->txt("adopt_perm_from_template");
629 
630  // send message for system role
631  if ($this->object->getId() == SYSTEM_ROLE_ID)
632  {
633  $output["adopt"] = array();
634  $output["sysrole_msg"] = $this->lng->txt("msg_sysrole_not_editable");
635  }
636  else
637  {
638  // BEGIN ADOPT_PERMISSIONS
639  $parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id,true);
640  $ids = array();
641  foreach($parent_role_ids as $id => $tmp)
642  {
643  $ids[] = $id;
644  }
645 
646  // Sort ids
647  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
648 
649  // Sort roles by title
650  $sorted_roles = ilUtil::sortArray(array_values($parent_role_ids), 'title', ASC);
651  $key = 0;
652 
653  foreach($sorted_ids as $id)
654  {
655  $par = $parent_role_ids[$id];
656  #foreach ($sorted_roles as $par)
657  #{
658  if ($par["obj_id"] != SYSTEM_ROLE_ID)
659  {
660  $radio = ilUtil::formRadioButton(0,"adopt",$par["obj_id"]);
661  $output["adopt"][$key]["css_row_adopt"] = ($key % 2 == 0) ? "tblrow1" : "tblrow2";
662  $output["adopt"][$key]["check_adopt"] = $radio;
663  $output["adopt"][$key]["role_id"] = $par["obj_id"];
664  $output["adopt"][$key]["type"] = ($par["type"] == 'role' ? 'Role' : 'Template');
665  $output["adopt"][$key]["role_name"] = $par["title"];
666  $output["adopt"][$key]["role_desc"] = $par["desc"];
667  }
668  $key++;
669  }
670 
671  $output["formaction_adopt"] = $this->ctrl->getFormAction($this);
672  // END ADOPT_PERMISSIONS
673  }
674 
675  $output["formaction"] = $this->ctrl->getFormAction($this);
676 
677  $this->data = $output;
678 
679 
680 /************************************/
681 /* generate output */
682 /************************************/
683 
684  $this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.adm_perm_role.html');
685 
686  foreach ($rbac_objects as $obj_data)
687  {
688  // BEGIN object_operations
689  $this->tpl->setCurrentBlock("object_operations");
690 
691  $ops_ids = "";
692 
693  foreach ($obj_data["ops"] as $operation)
694  {
695  $ops_ids[] = $operation["ops_id"];
696 
697  //$css_row = ilUtil::switchColor($j++, "tblrow1", "tblrow2");
698  $css_row = "tblrow1";
699  $this->tpl->setVariable("CSS_ROW",$css_row);
700  $this->tpl->setVariable("PERMISSION",$operation["name"]);
701  if (substr($operation["title"], 0, 7) == "create_")
702  {
703  if ($this->objDefinition->getDevMode(substr($operation["title"], 7, strlen($operation["title"]) -7)))
704  {
705  $this->tpl->setVariable("TXT_NOT_IMPL", "(".$this->lng->txt("not_implemented_yet").")");
706  }
707  }
708  $this->tpl->setVariable("CHECK_PERMISSION",$this->data["perm"][$obj_data["obj_id"]][$operation["ops_id"]]);
709  $this->tpl->setVariable("LABEL_ID","template_perm_".$obj_data["type"]."_".$operation["ops_id"]);
710  $this->tpl->parseCurrentBlock();
711  } // END object_operations
712 
713  // BEGIN object_type
714  $this->tpl->setCurrentBlock("object_type");
715 
716  // add administration for adminstrative items
717  if ($objDefinition->isSystemObject($obj_data["type"]) &&
718  $obj_data["type"] != "root")
719  {
720  $this->tpl->setVariable("TXT_ADMINIS", "(".$this->lng->txt("administration").") ");
721  }
722 
723  $this->tpl->setVariable("TXT_OBJ_TYPE",$obj_data["name"]);
724 
725 // TODO: move this if in a function and query all objects that may be disabled or inactive
726  if ($this->objDefinition->getDevMode($obj_data["type"]))
727  {
728  $this->tpl->setVariable("TXT_NOT_IMPL", "(".$this->lng->txt("not_implemented_yet").")");
729  }
730  else if ($obj_data["type"] == "icrs" and !$this->ilias->getSetting("ilinc_active"))
731  {
732  $this->tpl->setVariable("TXT_NOT_IMPL", "(".$this->lng->txt("not_enabled_or_configured").")");
733  }
734 
735  // option: change permissions of exisiting objects of that type
736  $this->tpl->setVariable("OBJ_TYPE",$obj_data["type"]);
737  $this->tpl->setVariable("CHANGE_PERM_OBJ_TYPE_DESC",$this->lng->txt("change_existing_object_type_desc"));
738 
739  // use different Text for system objects
740  if ($objDefinition->isSystemObject($obj_data["type"]))
741  {
742  $this->tpl->setVariable("CHANGE_PERM_OBJ_TYPE",$this->lng->txt("change_existing_prefix_single")." ".$this->lng->txt("obj_".$obj_data["type"])." ".$this->lng->txt("change_existing_suffix_single"));
743 
744  }
745  else
746  {
747  $this->tpl->setVariable("CHANGE_PERM_OBJ_TYPE",$this->lng->txt("change_existing_prefix")." ".$this->lng->txt("objs_".$obj_data["type"])." ".$this->lng->txt("change_existing_suffix"));
748  }
749 
750  // js checkbox toggles
751  $this->tpl->setVariable("JS_VARNAME","template_perm_".$obj_data["type"]);
752  $this->tpl->setVariable("JS_ONCLICK",ilUtil::array_php2js($ops_ids));
753  $this->tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
754  $this->tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
755 
756  $this->tpl->parseCurrentBlock();
757  // END object_type
758  }
759 
760  // don't display adopt permissions form for system role
761  if ($this->object->getId() != SYSTEM_ROLE_ID)
762  {
763  // BEGIN ADOPT PERMISSIONS
764  foreach ($this->data["adopt"] as $key => $value)
765  {
766  $this->tpl->setCurrentBlock("ADOPT_PERM_ROW");
767  $this->tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]);
768  $this->tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]);
769  $this->tpl->setVariable("LABEL_ID",$value["role_id"]);
770  $this->tpl->setVariable("TYPE",$value["type"]);
771  $this->tpl->setVariable("ROLE_NAME",$value["role_name"]);
772  if(strlen($value['role_desc']))
773  {
774  $this->tpl->setVariable('ROLE_DESC',$value['role_desc']);
775  }
776 
777  $this->tpl->parseCurrentBlock();
778  }
779 
780  $this->tpl->setCurrentBlock("ADOPT_PERM_FORM");
781  $this->tpl->setVariable("MESSAGE_MIDDLE",$this->data["message_middle"]);
782  $this->tpl->setVariable("FORMACTION_ADOPT",$this->data["formaction_adopt"]);
783  $this->tpl->setVariable("ADOPT",$this->lng->txt('copy'));
784  $this->tpl->parseCurrentBlock();
785  // END ADOPT PERMISSIONS
786 
787  $this->tpl->setCurrentBlock("tblfooter_special_options");
788  $this->tpl->setVariable("TXT_PERM_SPECIAL_OPTIONS",$this->lng->txt("perm_special_options"));
789  $this->tpl->parseCurrentBlock();
790 
791  $this->tpl->setCurrentBlock("tblfooter_recursive");
792  $this->tpl->setVariable("COL_ANZ",3);
793  $this->tpl->setVariable("CHECK_RECURSIVE",$this->data["check_recursive"]);
794  $this->tpl->setVariable("TXT_RECURSIVE",$this->data["text_recursive"]);
795  $this->tpl->setVariable("TXT_RECURSIVE_DESC",$this->data["text_recursive_desc"]);
796  $this->tpl->parseCurrentBlock();
797 
798  $this->tpl->setCurrentBlock("tblfooter_protected");
799  $this->tpl->setVariable("COL_ANZ",3);
800  $this->tpl->setVariable("CHECK_PROTECTED",$this->data["check_protected"]);
801  $this->tpl->setVariable("TXT_PROTECTED",$this->data["text_protected"]);
802  $this->tpl->setVariable("TXT_PROTECTED_DESC",$this->data["text_protected_desc"]);
803  $this->tpl->parseCurrentBlock();
804 
805  $this->tpl->setCurrentBlock("tblfooter_standard");
806  $this->tpl->setVariable("COL_ANZ_PLUS",4);
807  $this->tpl->setVariable("TXT_SAVE",$this->data["txt_save"]);
808  $this->tpl->parseCurrentBlock();
809  }
810  else
811  {
812  // display form buttons not for system role
813  $this->tpl->setCurrentBlock("tblfooter_sysrole");
814  $this->tpl->setVariable("COL_ANZ_SYS",3);
815  $this->tpl->parseCurrentBlock();
816 
817  // display sysrole_msg
818  $this->tpl->setCurrentBlock("sysrole_msg");
819  $this->tpl->setVariable("TXT_SYSROLE_MSG",$this->data["sysrole_msg"]);
820  $this->tpl->parseCurrentBlock();
821  }
822 
823  $this->tpl->setCurrentBlock("adm_content");
824  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath("icon_".$this->object->getType().".gif"));
825  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt($this->object->getType()));
826  $this->tpl->setVariable("TBL_HELP_IMG",ilUtil::getImagePath("icon_help.gif"));
827  $this->tpl->setVariable("TBL_HELP_LINK","tbl_help.php");
828  $this->tpl->setVariable("TBL_HELP_IMG_ALT",$this->lng->txt("help"));
829 
830  // compute additional information in title
831  $global_roles = $rbacreview->getGlobalRoles();
832 
833  if (in_array($this->object->getId(),$global_roles))
834  {
835  $desc = "global";
836  }
837  else
838  {
839  // description for autogenerated roles
840  if($rolf = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true))
841  {
842  $parent_node = $this->tree->getParentNodeData($rolf[0]);
843  $desc = $this->lng->txt("obj_".$parent_node['type'])." (#".$parent_node['obj_id'].") : ".$parent_node['title'];
844  }
845  }
846 
847  $description = "&nbsp;<span class=\"small\">(".$desc.")</span>";
848 
849  // translation for autogenerated roles
850  if (substr($this->object->getTitle(),0,3) == "il_")
851  {
852  $title = ilObjRole::_getTranslation($this->object->getTitle())." (".$this->object->getTitle().")";
853  }
854  else
855  {
856  $title = $this->object->getTitle();
857  }
858 
859  $this->tpl->setVariable("TBL_TITLE",$title.$description);
860 
861  // info text
862  $pid = $tree->getParentId($this->rolf_ref_id);
863  $ptitle = ilObject::_lookupTitle(ilObject::_lookupObjId($pid));
864  if ($this->rolf_ref_id != ROLE_FOLDER_ID)
865  {
866  $info = sprintf($this->lng->txt("perm_role_info_1"),
867  $this->object->getTitle(), $ptitle)." ".
868  sprintf($this->lng->txt("perm_role_info_2"),
869  $this->object->getTitle(), $ptitle);
870  }
871  else
872  {
873  $info = sprintf($this->lng->txt("perm_role_info_glob_1"),
874  $this->object->getTitle(), $ptitle)." ".
875  sprintf($this->lng->txt("perm_role_info_glob_2"),
876  $this->object->getTitle(), $ptitle);
877  }
878  $this->tpl->setVariable("TXT_TITLE_INFO", $info);
879 
880  $this->tpl->setVariable("TXT_PERMISSION",$this->data["txt_permission"]);
881  $this->tpl->setVariable("FORMACTION",$this->data["formaction"]);
882  $this->tpl->parseCurrentBlock();
883 
884  //var_dump($this->data["formaction"]);
885  }
886 
892  function permSaveObject()
893  {
894  global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
895 
896  // for role administration check write of global role folder
897  /*
898  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
899  {
900  $access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
901  }
902  else // for local roles check 'edit permission' of parent object of the local role folder
903  {
904  $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
905  }
906  */
907  $access = $this->checkAccess('visible,write','edit_permission');
908 
909  if (!$access)
910  {
911  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
912  }
913 
914  // delete all template entries
915  $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id);
916 
917  if (empty($_POST["template_perm"]))
918  {
919  $_POST["template_perm"] = array();
920  }
921 
922  foreach ($_POST["template_perm"] as $key => $ops_array)
923  {
924  // sets new template permissions
925  $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
926  }
927 
928  // update object data entry (to update last modification date)
929  $this->object->update();
930 
931  // CHANGE ALL EXISTING OBJECT UNDER PARENT NODE OF ROLE FOLDER
932  // BUT DON'T CHANGE PERMISSIONS OF SUBTREE OBJECTS IF INHERITANCE WAS STOPPED
933  if ($_POST["recursive"] or is_array($_POST["recursive_list"]))
934  {
935  // IF ROLE IS A GLOBAL ROLE START AT ROOT
936  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
937  {
938  $node_id = ROOT_FOLDER_ID;
939  }
940  else
941  {
942  $node_id = $this->tree->getParentId($this->rolf_ref_id);
943  }
944 
945  // GET ALL SUBNODES
946  // Performance fix (memory_usage)
947  #$node_data = $this->tree->getNodeData($node_id);
948  #$subtree_nodes = $this->tree->getSubTree($node_data);
949 
950  $subtree_nodes = $tree->getRbacSubtreeInfo($node_id);
951 
952  // GET ALL OBJECTS THAT CONTAIN A ROLE FOLDER
953  $all_parent_obj_of_rolf = $rbacreview->getObjectsWithStopedInheritance($this->object->getId());
954 
955  // DELETE ACTUAL ROLE FOLDER FROM ARRAY
956  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
957  {
958  $key = array_keys($all_parent_obj_of_rolf,SYSTEM_FOLDER_ID);
959  }
960  else
961  {
962  $key = array_keys($all_parent_obj_of_rolf,$node_id);
963  }
964 
965  unset($all_parent_obj_of_rolf[$key[0]]);
966 
967  $check = false;
968 
969  foreach ($subtree_nodes as $node)
970  {
971  if (!$check)
972  {
973  if (in_array($node["child"],$all_parent_obj_of_rolf))
974  {
975  $lft = $node["lft"];
976  $rgt = $node["rgt"];
977  $check = true;
978  continue;
979  }
980 
981  $valid_nodes[] = $node;
982  }
983  else
984  {
985  if (($node["lft"] > $lft) && ($node["rgt"] < $rgt))
986  {
987  continue;
988  }
989  else
990  {
991  $check = false;
992 
993  if (in_array($node["child"],$all_parent_obj_of_rolf))
994  {
995  $lft = $node["lft"];
996  $rgt = $node["rgt"];
997  $check = true;
998  continue;
999  }
1000 
1001  $valid_nodes[] = $node;
1002  }
1003  }
1004  }
1005 
1006  // Prepare arrays for permission settings below
1007  foreach ($valid_nodes as $key => $node)
1008  {
1009  // To change only selected object types filter selected object types
1010  if (is_array($_POST["recursive_list"]) and !in_array($node["type"],$_POST["recursive_list"]))
1011  {
1012  unset($valid_nodes[$key]);
1013  continue;
1014  }
1015 
1016  $node_ids[] = $node["child"];
1017  $valid_nodes[$key]["perms"] = $_POST["template_perm"][$node["type"]];
1018  }
1019 
1020  // prepare arrays for permission settings below
1021  /*foreach ($valid_nodes as $key => $node)
1022  {
1023  #if(!in_array($node["type"],$to_filter))
1024  {
1025  $node_ids[] = $node["child"];
1026  $valid_nodes[$key]["perms"] = $_POST["template_perm"][$node["type"]];
1027  }
1028  }*/
1029 
1030  if (!empty($node_ids))
1031  {
1032  // FIRST REVOKE PERMISSIONS FROM ALL VALID OBJECTS
1033  $rbacadmin->revokePermissionList($node_ids,$this->object->getId());
1034 
1035  // NOW SET ALL PERMISSIONS
1036  foreach ($valid_nodes as $node)
1037  {
1038  if (is_array($node["perms"]))
1039  {
1040  $rbacadmin->grantPermission($this->object->getId(),$node["perms"],$node["child"]);
1041  }
1042  }
1043  }
1044  }// END IF RECURSIVE
1045 
1046  // var_dump(memory_get_peak_usage());
1047 
1048  // set protected flag
1049  if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id))
1050  {
1051  $rbacadmin->setProtected($this->rolf_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1052  }
1053 
1054  ilUtil::sendInfo($this->lng->txt("saved_successfully"),true);
1055  $this->ctrl->redirect($this, "perm");
1056  }
1057 
1058 
1064  function adoptPermSaveObject()
1065  {
1066  global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1067 
1068  if(!$_POST['adopt'])
1069  {
1070  ilUtil::sendInfo($this->lng->txt('select_one'));
1071  $this->permObject();
1072  return false;
1073  }
1074 
1075  // for role administration check write of global role folder
1076  /*
1077  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
1078  {
1079  $access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
1080  }
1081  else // for local roles check 'edit permission' of parent object of the local role folder
1082  {
1083  $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
1084  }
1085  */
1086 
1087  $access = $this->checkAccess('visible,write','edit_permission');
1088  if (!$access)
1089  {
1090  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1091  }
1092 
1093  if ($this->object->getId() == $_POST["adopt"])
1094  {
1095  ilUtil::sendInfo($this->lng->txt("msg_perm_adopted_from_itself"),true);
1096  }
1097  else
1098  {
1099  $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id);
1100  $parentRoles = $rbacreview->getParentRoleIds($this->rolf_ref_id,true);
1101  $rbacadmin->copyRoleTemplatePermissions(
1102  $_POST["adopt"],
1103  $parentRoles[$_POST["adopt"]]["parent"],
1104  $this->rolf_ref_id,
1105  $this->object->getId(),
1106  false);
1107 
1108  // update object data entry (to update last modification date)
1109  $this->object->update();
1110 
1111  // send info
1112  $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1113  ilUtil::sendInfo($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1114  $this->lng->txt("msg_perm_adopted_from2"),true);
1115  }
1116 
1117  $this->ctrl->redirect($this, "perm");
1118  }
1119 
1125  function assignSaveObject()
1126  {
1127  $this->assignUserObject();
1128  }
1129 
1135  function assignUserObject()
1136  {
1137  global $rbacsystem, $rbacadmin, $rbacreview;
1138 
1139  #if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1140  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1141  {
1142  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1143  }
1144 
1145  if (!$rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id) &&
1146  $this->rolf_ref_id != ROLE_FOLDER_ID)
1147  {
1148  $this->ilias->raiseError($this->lng->txt("err_role_not_assignable"),$this->ilias->error_obj->MESSAGE);
1149  }
1150 
1151  if (!isset($_POST["user"]))
1152  {
1153  ilUtil::sendInfo($this->lng->txt("no_checkbox"));
1154  $this->searchObject();
1155 
1156  return false;
1157  }
1158 
1159  $selected_users = $_POST["user"];
1160  $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1161 
1162  // users to assign
1163  $assigned_users_new = array_diff($selected_users,array_intersect($selected_users,$assigned_users_all));
1164 
1165  // selected users all already assigned. stop
1166  if (count($assigned_users_new) == 0)
1167  {
1168  ilUtil::sendInfo($this->lng->txt("msg_selected_users_already_assigned"));
1169  $this->searchObject();
1170 
1171  return false;
1172  }
1173 
1174  // assign new users
1175  foreach ($assigned_users_new as $user)
1176  {
1177  $rbacadmin->assignUser($this->object->getId(),$user,false);
1178  }
1179 
1180  // update object data entry (to update last modification date)
1181  $this->object->update();
1182 
1183  ilUtil::sendInfo($this->lng->txt("msg_userassignment_changed"),true);
1184 
1185  $this->ctrl->redirect($this,'userassignment');
1186  }
1187 
1193  function deassignUserObject()
1194  {
1195  global $rbacsystem, $rbacadmin, $rbacreview;
1196 
1197  #if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1198  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1199  {
1200  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1201  }
1202 
1203  /*
1204  if (!$rbacsystem->checkAccess('write',$this->rolf_ref_id))
1205  {
1206  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1207  }
1208  */
1209  $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1210 
1211  if ($selected_users[0]=== NULL)
1212  {
1213  $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1214  }
1215 
1216  // prevent unassignment of system user from system role
1217  if ($this->object->getId() == SYSTEM_ROLE_ID)
1218  {
1219  if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1220  unset($selected_users[$admin]);
1221  }
1222 
1223  // check for each user if the current role is his last global role before deassigning him
1224  $last_role = array();
1225  $global_roles = $rbacreview->getGlobalRoles();
1226 
1227  foreach ($selected_users as $user)
1228  {
1229  $assigned_roles = $rbacreview->assignedRoles($user);
1230  $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1231 
1232  if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1233  {
1234  $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1235  $last_role[$user] = $userObj->getFullName();
1236  unset($userObj);
1237  }
1238  }
1239 
1240  // raise error if last role was taken from a user...
1241  if (count($last_role) > 0)
1242  {
1243  $user_list = implode(", ",$last_role);
1244  $this->ilias->raiseError($this->lng->txt("msg_is_last_role").": ".$user_list."<br/>".$this->lng->txt("msg_min_one_role")."<br/>".$this->lng->txt("action_aborted"),$this->ilias->error_obj->MESSAGE);
1245  }
1246 
1247  // ... else perform deassignment
1248  foreach ($selected_users as $user)
1249  {
1250  $rbacadmin->deassignUser($this->object->getId(),$user);
1251  }
1252 
1253  // update object data entry (to update last modification date)
1254  $this->object->update();
1255 
1256  ilUtil::sendInfo($this->lng->txt("msg_userassignment_changed"),true);
1257 
1258  $this->ctrl->redirect($this,'userassignment');
1259  }
1260 
1266  function updateObject()
1267  {
1268  global $rbacsystem, $rbacreview, $rbacadmin, $tree;
1269 
1270  // for role administration check write of global role folder
1271  /*
1272  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
1273  {
1274  $access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
1275  }
1276  else // for local roles check 'edit permission' of parent object of the local role folder
1277  {
1278  $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
1279  }
1280  */
1281  $access = $this->checkAccess('write','edit_permission');
1282  if (!$access)
1283  {
1284  $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_role"),$this->ilias->error_obj->MESSAGE);
1285  }
1286 
1287  if (substr($this->object->getTitle(),0,3) != "il_")
1288  {
1289  // check required fields
1290  if (empty($_POST["Fobject"]["title"]))
1291  {
1292  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
1293  }
1294 
1295  // check if role title has il_ prefix
1296  if (substr($_POST["Fobject"]["title"],0,3) == "il_")
1297  {
1298  $this->ilias->raiseError($this->lng->txt("msg_role_reserved_prefix"),$this->ilias->error_obj->MESSAGE);
1299  }
1300 
1301  // update
1302  $this->object->setTitle(ilUtil::stripSlashes($_POST["Fobject"]["title"]));
1303  $this->object->setDescription(ilUtil::stripSlashes($_POST["Fobject"]["desc"]));
1304  }
1305 
1306 
1307 
1308  // ensure that at least one role is available in the new user register form if registration is enabled
1309  if ($_POST["Fobject"]["allow_register"] == "")
1310  {
1311  $roles_allowed = $this->object->_lookupRegisterAllowed();
1312 
1313  if (count($roles_allowed) == 1 and $roles_allowed[0]['id'] == $this->object->getId())
1314  {
1315  $this->ilias->raiseError($this->lng->txt("msg_last_role_for_registration"),$this->ilias->error_obj->MESSAGE);
1316  }
1317  }
1318 
1319  $this->object->setAllowRegister($_POST["Fobject"]["allow_register"]);
1320  $this->object->toggleAssignUsersStatus($_POST["Fobject"]["assign_users"]);
1321  $rbacadmin->setProtected($this->rolf_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST["Fobject"]["protect_permissions"]));
1322  $this->object->update();
1323 
1324  ilUtil::sendInfo($this->lng->txt("saved_successfully"),true);
1325 
1326  $this->ctrl->redirect($this,'edit');
1327  }
1328 
1334  function editObject()
1335  {
1336  global $rbacsystem, $rbacreview;
1337 
1338  #if (!$rbacsystem->checkAccess("write", $this->rolf_ref_id))
1339  if(!$this->checkAccess('write','edit_permission'))
1340  {
1341  $this->ilias->raiseError($this->lng->txt("msg_no_perm_write"),$this->ilias->error_obj->MESSAGE);
1342  }
1343 
1344  $this->getTemplateFile("edit");
1345 
1346  if ($_SESSION["error_post_vars"])
1347  {
1348  // fill in saved values in case of error
1349  if (substr($this->object->getTitle(false),0,3) != "il_")
1350  {
1351  $this->tpl->setVariable("TITLE",ilUtil::prepareFormOutput($_SESSION["error_post_vars"]["Fobject"]["title"]),true);
1352  $this->tpl->setVariable("DESC",ilUtil::stripSlashes($_SESSION["error_post_vars"]["Fobject"]["desc"]));
1353  }
1354 
1355  $allow_register = ($_SESSION["error_post_vars"]["Fobject"]["allow_register"]) ? "checked=\"checked\"" : "";
1356  $assign_users = ($_SESSION["error_post_vars"]["Fobject"]["assign_users"]) ? "checked=\"checked\"" : "";
1357  $protect_permissions = ($_SESSION["error_post_vars"]["Fobject"]["protect_permissions"]) ? "checked=\"checked\"" : "";
1358  }
1359  else
1360  {
1361  if (substr($this->object->getTitle(),0,3) != "il_")
1362  {
1363  $this->tpl->setVariable("TITLE",ilUtil::prepareFormOutput($this->object->getTitle()));
1364  $this->tpl->setVariable("DESC",ilUtil::stripSlashes($this->object->getDescription()));
1365  }
1366 
1367  $allow_register = ($this->object->getAllowRegister()) ? "checked=\"checked\"" : "";
1368  $assign_users = $this->object->getAssignUsersStatus() ? "checked=\"checked\"" : "";
1369  $protect_permissions = $rbacreview->isProtected($this->rolf_ref_id,$this->object->getId()) ? "checked=\"checked\"" : "";
1370 
1371  }
1372 
1373  $obj_str = "&obj_id=".$this->obj_id;
1374 
1375  $this->tpl->setVariable("TXT_TITLE",$this->lng->txt("title"));
1376  $this->tpl->setVariable("TXT_DESC",$this->lng->txt("desc"));
1377 
1378  // exclude allow register option for anonymous role, system role and all local roles
1379  $global_roles = $rbacreview->getGlobalRoles();
1380 
1381  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
1382  $this->tpl->setVariable("TXT_HEADER", $this->lng->txt($this->object->getType()."_edit"));
1383  $this->tpl->setVariable("TARGET", $this->getTargetFrame("update"));
1384  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
1385  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
1386  $this->tpl->setVariable("CMD_SUBMIT", "update");
1387  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
1388 
1389  if (substr($this->object->getTitle(),0,3) == "il_")
1390  {
1391  $this->tpl->setVariable("SHOW_TITLE",ilObjRole::_getTranslation($this->object->getTitle())." (".$this->object->getTitle().")");
1392 
1393  $rolf = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1394  $parent_node = $this->tree->getParentNodeData($rolf[0]);
1395 
1396  $this->tpl->setVariable("SHOW_DESC",$this->lng->txt("obj_".$parent_node['type'])." (".$parent_node['obj_id'].") <br/>".$parent_node['title']);
1397 
1398  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
1399  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("back"));
1400  $this->tpl->setVariable("CMD_SUBMIT", "cancel");
1401  }
1402 
1403  if ($this->object->getId() != ANONYMOUS_ROLE_ID and
1404  $this->object->getId() != SYSTEM_ROLE_ID and
1405  in_array($this->object->getId(),$global_roles))
1406  {
1407  $this->tpl->setCurrentBlock("allow_register");
1408  $this->tpl->setVariable("TXT_ALLOW_REGISTER",$this->lng->txt("allow_register"));
1409  $this->tpl->setVariable("ALLOW_REGISTER",$allow_register);
1410  $this->tpl->parseCurrentBlock();
1411 
1412  $this->tpl->setCurrentBlock("assign_users");
1413  $this->tpl->setVariable("TXT_ASSIGN_USERS",$this->lng->txt('allow_assign_users'));
1414  $this->tpl->setVariable("ASSIGN_USERS",$assign_users);
1415  $this->tpl->parseCurrentBlock();
1416 
1417  $this->tpl->setCurrentBlock("protect_permissions");
1418  $this->tpl->setVariable("TXT_PROTECT_PERMISSIONS",$this->lng->txt('role_protect_permissions'));
1419  $this->tpl->setVariable("PROTECT_PERMISSIONS",$protect_permissions);
1420  $this->tpl->parseCurrentBlock();
1421  }
1422  }
1423 
1427  function userassignmentObject()
1428  {
1429  global $rbacreview, $rbacsystem;
1430 
1431  //if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1432  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1433  {
1434  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1435  }
1436  $assigned_users = $rbacreview->assignedUsers($this->object->getId(),array("login","firstname","lastname","usr_id"));
1437 
1438  //if current user is admin he is able to add new members to group
1439  $val_contact = $this->lng->txt("message");
1440  $val_change = $this->lng->txt("edit");
1441  $val_leave = $this->lng->txt("remove");
1442  $val_contact_desc = $this->lng->txt("role_user_send_mail");
1443  $val_change_desc = $this->lng->txt("role_user_edit");
1444  $val_leave_desc = $this->lng->txt("role_user_deassign");
1445  $counter = 0;
1446 
1447  foreach ($assigned_users as $user)
1448  {
1449  $link_contact = "ilias.php?baseClass=ilMailGUI&type=new&rcp_to=".urlencode($user["login"]);
1450 
1451  if ($_GET["admin_mode"] == "settings"
1452  && $_GET["ref_id"] != SYSTEM_FOLDER_ID)
1453  {
1454  $this->ctrl->setParameterByClass("ilobjusergui", "ref_id", 7);
1455  $this->ctrl->setParameterByClass("ilobjusergui", "obj_id", $user["usr_id"]);
1456  $link_change = $this->ctrl->getLinkTargetByClass(array("iladministrationgui", "ilobjusergui"), "view");
1457  $this->ctrl->setParameterByClass("ilobjusergui", "ref_id", $_GET["ref_id"]);
1458  }
1459 
1460  $this->ctrl->setParameter($this, "user_id", $user["usr_id"]);
1461  $link_leave = $this->ctrl->getLinkTarget($this,"deassignUser");
1462 
1463  $member_functions = "";
1464 
1465  // exclude root/admin role and anon/anon
1466  if ($this->object->getId() != ANONYMOUS_ROLE_ID or $user["usr_id"] != ANONYMOUS_USER_ID)
1467  {
1468  //build function
1469  $member_functions = "<a class=\"il_ContainerItemCommand\" href=\"".$link_contact."\" title=\"".$val_contact_desc."\">".$val_contact."</a>";
1470 
1471  if (strtolower($_GET["baseClass"]) == 'iladministrationgui' && $_GET["admin_mode"] == "settings")
1472  {
1473  $member_functions .= "&nbsp;<a class=\"il_ContainerItemCommand\" href=\"".$link_change."\" title=\"".$val_change_desc."\">".$val_change."</a>";
1474  }
1475 
1476  if ($this->object->getId() != SYSTEM_ROLE_ID or $user["usr_id"] != SYSTEM_USER_ID)
1477  {
1478  $member_functions .= "&nbsp;<a class=\"il_ContainerItemCommand\" href=\"".$link_leave."\" title=\"".$val_leave_desc."\">".$val_leave."</a>";
1479  }
1480  }
1481 
1482  // no check box for root/admin role and anon/anon
1483  if (($this->object->getId() == SYSTEM_ROLE_ID and $user["usr_id"] == SYSTEM_USER_ID)
1484  or ($this->object->getId() == ANONYMOUS_ROLE_ID and $user["usr_id"] == ANONYMOUS_USER_ID))
1485  {
1486  $result_set[$counter][] = "";
1487  }
1488  else
1489  {
1490  $result_set[$counter][] = ilUtil::formCheckBox(0,"user_id[]",$user["usr_id"]);
1491  }
1492 
1493  $user_ids[$counter] = $user["usr_id"];
1494 
1495  $result_set[$counter][] = $user["login"];
1496  $result_set[$counter][] = $user["firstname"];
1497  $result_set[$counter][] = $user["lastname"];
1498  $result_set[$counter][] = $member_functions;
1499 
1500  ++$counter;
1501 
1502  unset($member_functions);
1503  }
1504 
1505  return $this->__showAssignedUsersTable($result_set,$user_ids);
1506  }
1507 
1508  function __showAssignedUsersTable($a_result_set,$a_user_ids = NULL)
1509  {
1510  global $rbacsystem;
1511 
1512  $actions = array("deassignUser" => $this->lng->txt("remove"));
1513 
1514  $tbl =& $this->__initTableGUI();
1515  $tpl =& $tbl->getTemplateObject();
1516 
1517  $this->__showButton('mailToRole',$this->lng->txt('role_mailto'),'target=\'_blank\'');
1518 
1519  $tpl->setCurrentBlock("tbl_form_header");
1520  $tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
1521  $tpl->parseCurrentBlock();
1522 
1523  $tpl->setCurrentBlock("tbl_action_row");
1524 
1525  $tpl->setCurrentBlock("plain_button");
1526  $tpl->setVariable("PBTN_NAME","searchUserForm");
1527  $tpl->setVariable("PBTN_VALUE",$this->lng->txt("role_add_user"));
1528  $tpl->parseCurrentBlock();
1529  $tpl->setCurrentBlock("plain_buttons");
1530  $tpl->parseCurrentBlock();
1531 
1532  $tpl->setVariable("COLUMN_COUNTS",5);
1533  $tpl->setVariable("IMG_ARROW", ilUtil::getImagePath("arrow_downright.gif"));
1534 
1535  foreach ($actions as $name => $value)
1536  {
1537  $tpl->setCurrentBlock("tbl_action_btn");
1538  $tpl->setVariable("BTN_NAME",$name);
1539  $tpl->setVariable("BTN_VALUE",$value);
1540  $tpl->parseCurrentBlock();
1541  }
1542 
1543  if (!empty($a_user_ids))
1544  {
1545  // set checkbox toggles
1546  $tpl->setCurrentBlock("tbl_action_toggle_checkboxes");
1547  $tpl->setVariable("JS_VARNAME","user_id");
1548  $tpl->setVariable("JS_ONCLICK",ilUtil::array_php2js($a_user_ids));
1549  $tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
1550  $tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
1551  $tpl->parseCurrentBlock();
1552  }
1553 
1554  $tpl->setVariable("TPLPATH",$this->tpl->tplPath);
1555  $this->ctrl->setParameter($this,"cmd","userassignment");
1556 
1557  // title & header columns
1558  $tbl->setTitle($this->lng->txt("assigned_users"),"icon_usr.gif",$this->lng->txt("users"));
1559 
1560  //user must be administrator
1561  $tbl->setHeaderNames(array("",$this->lng->txt("username"),$this->lng->txt("firstname"),
1562  $this->lng->txt("lastname"),$this->lng->txt("grp_options")));
1563  $tbl->setHeaderVars(array("","login","firstname","lastname","functions"),
1564  $this->ctrl->getParameterArray($this,"",false));
1565  $tbl->setColumnWidth(array("","20%","25%","25%","30%"));
1566 
1567  $this->__setTableGUIBasicData($tbl,$a_result_set,"userassignment");
1568  $tbl->render();
1569  $this->tpl->setVariable("ADM_CONTENT",$tbl->tpl->get());
1570 
1571  return true;
1572  }
1573 
1574  function &__initTableGUI()
1575  {
1576  include_once "./Services/Table/classes/class.ilTableGUI.php";
1577 
1578  return new ilTableGUI(0,false);
1579  }
1580 
1581  function __setTableGUIBasicData(&$tbl,&$result_set,$from = "")
1582  {
1583  switch($from)
1584  {
1585  case "group":
1586  $order = $_GET["sort_by"] ? $_GET["sort_by"] : "title";
1587  break;
1588 
1589  case "role":
1590  $order = $_GET["sort_by"] ? $_GET["sort_by"] : "title";
1591  break;
1592 
1593  default:
1594  // init sort_by (unfortunatly sort_by is preset with 'title')
1595  if ($_GET["sort_by"] == "title" or empty($_GET["sort_by"]))
1596  {
1597  $_GET["sort_by"] = "login";
1598  }
1599  $order = $_GET["sort_by"];
1600  break;
1601  }
1602 
1603  $tbl->setOrderColumn($order);
1604  $tbl->setOrderDirection($_GET["sort_order"]);
1605  $tbl->setOffset($_GET["offset"]);
1606  $tbl->setLimit($_GET["limit"]);
1607  $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
1608  $tbl->setData($result_set);
1609  }
1610 
1611  function searchUserFormObject()
1612  {
1613  global $rbacsystem;
1614 
1615  //if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1616  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1617  {
1618  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1619  }
1620 
1621  $this->lng->loadLanguageModule('search');
1622 
1623  $this->tpl->addBlockFile("ADM_CONTENT","adm_content","tpl.role_users_search.html");
1624 
1625  $this->tpl->setVariable("F_ACTION",$this->ctrl->getFormAction($this));
1626  $this->tpl->setVariable("SEARCH_ASSIGN_USR",$this->lng->txt("role_search_users"));
1627  $this->tpl->setVariable("SEARCH_SEARCH_TERM",$this->lng->txt("search_search_term"));
1628  $this->tpl->setVariable("SEARCH_VALUE",$_SESSION["role_search_str"] ? $_SESSION["role_search_str"] : "");
1629  $this->tpl->setVariable("SEARCH_FOR",$this->lng->txt("exc_search_for"));
1630  $this->tpl->setVariable("SEARCH_ROW_TXT_USER",$this->lng->txt("exc_users"));
1631  $this->tpl->setVariable("SEARCH_ROW_TXT_ROLE",$this->lng->txt("exc_roles"));
1632  $this->tpl->setVariable("SEARCH_ROW_TXT_GROUP",$this->lng->txt("exc_groups"));
1633  $this->tpl->setVariable("BTN2_VALUE",$this->lng->txt("cancel"));
1634  $this->tpl->setVariable("BTN1_VALUE",$this->lng->txt("search"));
1635 
1636  $usr = ($_POST["search_for"] == "usr" || $_POST["search_for"] == "") ? 1 : 0;
1637  $grp = ($_POST["search_for"] == "grp") ? 1 : 0;
1638  $role = ($_POST["search_for"] == "role") ? 1 : 0;
1639 
1640  $this->tpl->setVariable("SEARCH_ROW_CHECK_USER",ilUtil::formRadioButton($usr,"search_for","usr"));
1641  $this->tpl->setVariable("SEARCH_ROW_CHECK_ROLE",ilUtil::formRadioButton($role,"search_for","role"));
1642  $this->tpl->setVariable("SEARCH_ROW_CHECK_GROUP",ilUtil::formRadioButton($grp,"search_for","grp"));
1643 
1644  $this->__unsetSessionVariables();
1645  }
1646 
1647  function __unsetSessionVariables()
1648  {
1649  unset($_SESSION["role_delete_member_ids"]);
1650  unset($_SESSION["role_delete_subscriber_ids"]);
1651  unset($_SESSION["role_search_str"]);
1652  unset($_SESSION["role_search_for"]);
1653  unset($_SESSION["role_role"]);
1654  unset($_SESSION["role_group"]);
1655  unset($_SESSION["role_archives"]);
1656  }
1657 
1662  function cancelObject()
1663  {
1664  ilUtil::sendInfo($this->lng->txt("action_aborted"),true);
1665 
1666  if ($_GET["new_type"] != "role")
1667  {
1668  $this->ctrl->redirect($this, "userassignment");
1669  }
1670  else
1671  {
1672  $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1673  }
1674  }
1675 
1676  function searchObject()
1677  {
1678  global $rbacsystem, $tree;
1679 
1680  #if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1681  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1682  {
1683  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1684  }
1685 
1686  $_SESSION["role_search_str"] = $_POST["search_str"] = $_POST["search_str"] ? $_POST["search_str"] : $_SESSION["role_search_str"];
1687  $_SESSION["role_search_for"] = $_POST["search_for"] = $_POST["search_for"] ? $_POST["search_for"] : $_SESSION["role_search_for"];
1688 
1689  if (!isset($_POST["search_for"]) or !isset($_POST["search_str"]))
1690  {
1691  ilUtil::sendInfo($this->lng->txt("role_search_enter_search_string"));
1692  $this->searchUserFormObject();
1693 
1694  return false;
1695  }
1696 
1697  if (!count($result = $this->__search(ilUtil::stripSlashes($_POST["search_str"]),$_POST["search_for"])))
1698  {
1699  ilUtil::sendInfo($this->lng->txt("role_no_results_found"));
1700  $this->searchUserFormObject();
1701 
1702  return false;
1703  }
1704 
1705  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html");
1706  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1707 
1708  $counter = 0;
1709  $f_result = array();
1710 
1711  switch($_POST["search_for"])
1712  {
1713  case "usr":
1714  foreach($result as $user)
1715  {
1716  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user["id"],false))
1717  {
1718  continue;
1719  }
1720 
1721  $user_ids[$counter] = $user["id"];
1722 
1723  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user["id"]);
1724  $f_result[$counter][] = $tmp_obj->getLogin();
1725  $f_result[$counter][] = $tmp_obj->getFirstname();
1726  $f_result[$counter][] = $tmp_obj->getLastname();
1727 
1728  unset($tmp_obj);
1729  ++$counter;
1730  }
1731  $this->__showSearchUserTable($f_result,$user_ids);
1732 
1733  return true;
1734 
1735  case "role":
1736  foreach($result as $role)
1737  {
1738  // exclude anonymous role
1739  if ($role["id"] == ANONYMOUS_ROLE_ID)
1740  {
1741  continue;
1742  }
1743 
1744  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($role["id"],false))
1745  {
1746  continue;
1747  }
1748 
1749  // exclude roles with no users assigned to
1750  if ($tmp_obj->getCountMembers() == 0)
1751  {
1752  continue;
1753  }
1754 
1755  $role_ids[$counter] = $role["id"];
1756 
1757  $f_result[$counter][] = ilUtil::formCheckbox(0,"role[]",$role["id"]);
1758  $f_result[$counter][] = array($tmp_obj->getTitle(),$tmp_obj->getDescription());
1759  $f_result[$counter][] = $tmp_obj->getCountMembers();
1760 
1761  unset($tmp_obj);
1762  ++$counter;
1763  }
1764 
1765  $this->__showSearchRoleTable($f_result,$role_ids);
1766 
1767  return true;
1768 
1769  case "grp":
1770  foreach($result as $group)
1771  {
1772  if(!$tree->isInTree($group["id"]))
1773  {
1774  continue;
1775  }
1776 
1777  if(!$tmp_obj = ilObjectFactory::getInstanceByRefId($group["id"],false))
1778  {
1779  continue;
1780  }
1781 
1782  // exclude myself :-)
1783  if ($tmp_obj->getId() == $this->object->getId())
1784  {
1785  continue;
1786  }
1787 
1788  $grp_ids[$counter] = $group["id"];
1789 
1790  $f_result[$counter][] = ilUtil::formCheckbox(0,"group[]",$group["id"]);
1791  $f_result[$counter][] = array($tmp_obj->getTitle(),$tmp_obj->getDescription());
1792  $f_result[$counter][] = $tmp_obj->getCountMembers();
1793 
1794  unset($tmp_obj);
1795  ++$counter;
1796  }
1797  $this->__showSearchGroupTable($f_result,$grp_ids);
1798 
1799  return true;
1800  }
1801  }
1802 
1803  function __search($a_search_string,$a_search_for)
1804  {
1805  include_once("./classes/class.ilSearch.php");
1806 
1807  $this->lng->loadLanguageModule("content");
1808  $search =& new ilSearch($_SESSION["AccountId"]);
1809  $search->setPerformUpdate(false);
1810  $search->setSearchString(ilUtil::stripSlashes($a_search_string));
1811  $search->setCombination("and");
1812  $search->setSearchFor(array(0 => $a_search_for));
1813  $search->setSearchType('new');
1814 
1815  if ($search->validate($message))
1816  {
1817  $search->performSearch();
1818  }
1819  else
1820  {
1821  ilUtil::sendInfo($message,true);
1822  $this->ctrl->redirect($this,"searchUserForm");
1823  }
1824 
1825  return $search->getResultByType($a_search_for);
1826  }
1827 
1828  function __showSearchUserTable($a_result_set,$a_user_ids = NULL,$a_cmd = "search")
1829  {
1830  $return_to = "searchUserForm";
1831 
1832  if ($a_cmd == "listUsersRole" or $a_cmd == "listUsersGroup")
1833  {
1834  $return_to = "search";
1835  }
1836 
1837  $tbl =& $this->__initTableGUI();
1838  $tpl =& $tbl->getTemplateObject();
1839 
1840  // SET FORMACTION
1841  $tpl->setCurrentBlock("tbl_form_header");
1842  $tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
1843  $tpl->parseCurrentBlock();
1844 
1845  $tpl->setCurrentBlock("tbl_action_btn");
1846  $tpl->setVariable("BTN_NAME",$return_to);
1847  $tpl->setVariable("BTN_VALUE",$this->lng->txt("back"));
1848  $tpl->parseCurrentBlock();
1849 
1850  $tpl->setCurrentBlock("tbl_action_btn");
1851  $tpl->setVariable("BTN_NAME","assignUser");
1852  $tpl->setVariable("BTN_VALUE",$this->lng->txt("add"));
1853  $tpl->parseCurrentBlock();
1854 
1855  if (!empty($a_user_ids))
1856  {
1857  // set checkbox toggles
1858  $tpl->setCurrentBlock("tbl_action_toggle_checkboxes");
1859  $tpl->setVariable("JS_VARNAME","user");
1860  $tpl->setVariable("JS_ONCLICK",ilUtil::array_php2js($a_user_ids));
1861  $tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
1862  $tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
1863  $tpl->parseCurrentBlock();
1864  }
1865 
1866  $tpl->setCurrentBlock("tbl_action_row");
1867  $tpl->setVariable("COLUMN_COUNTS",4);
1868  $tpl->setVariable("IMG_ARROW",ilUtil::getImagePath("arrow_downright.gif"));
1869  $tpl->parseCurrentBlock();
1870 
1871  $tbl->setTitle($this->lng->txt("role_header_edit_users"),"icon_usr.gif",$this->lng->txt("role_header_edit_users"));
1872  $tbl->setHeaderNames(array("",
1873  $this->lng->txt("username"),
1874  $this->lng->txt("firstname"),
1875  $this->lng->txt("lastname")));
1876  $tbl->setHeaderVars(array("",
1877  "login",
1878  "firstname",
1879  "lastname"),
1880  $this->ctrl->getParameterArray($this,$a_cmd,false));
1881  //array("ref_id" => $this->rolf_ref_id,
1882  // "obj_id" => $this->object->getId(),
1883  // "cmd" => $a_cmd,
1884  //"cmdClass" => "ilobjrolegui",
1885  // "cmdNode" => $_GET["cmdNode"]));
1886 
1887  $tbl->setColumnWidth(array("","33%","33%","33%"));
1888 
1889  $this->__setTableGUIBasicData($tbl,$a_result_set);
1890  $tbl->render();
1891 
1892  $this->tpl->setVariable("SEARCH_RESULT_TABLE",$tbl->tpl->get());
1893 
1894  return true;
1895  }
1896 
1897  function __showSearchRoleTable($a_result_set,$a_role_ids = NULL)
1898  {
1899  $tbl =& $this->__initTableGUI();
1900  $tpl =& $tbl->getTemplateObject();
1901 
1902  $tpl->setCurrentBlock("tbl_form_header");
1903  $tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
1904  $tpl->parseCurrentBlock();
1905 
1906  $tpl->setCurrentBlock("tbl_action_btn");
1907  $tpl->setVariable("BTN_NAME","searchUserForm");
1908  $tpl->setVariable("BTN_VALUE",$this->lng->txt("back"));
1909  $tpl->parseCurrentBlock();
1910 
1911  $tpl->setCurrentBlock("tbl_action_btn");
1912  $tpl->setVariable("BTN_NAME","listUsersRole");
1913  $tpl->setVariable("BTN_VALUE",$this->lng->txt("role_list_users"));
1914  $tpl->parseCurrentBlock();
1915 
1916  if (!empty($a_role_ids))
1917  {
1918  // set checkbox toggles
1919  $tpl->setCurrentBlock("tbl_action_toggle_checkboxes");
1920  $tpl->setVariable("JS_VARNAME","role");
1921  $tpl->setVariable("JS_ONCLICK",ilUtil::array_php2js($a_role_ids));
1922  $tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
1923  $tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
1924  $tpl->parseCurrentBlock();
1925  }
1926 
1927  $tpl->setCurrentBlock("tbl_action_row");
1928  $tpl->setVariable("COLUMN_COUNTS",4);
1929  $tpl->setVariable("IMG_ARROW",ilUtil::getImagePath("arrow_downright.gif"));
1930  $tpl->parseCurrentBlock();
1931 
1932  $tbl->setTitle($this->lng->txt("role_header_edit_users"),"icon_usr.gif",$this->lng->txt("role_header_edit_users"));
1933  $tbl->setHeaderNames(array("",
1934  $this->lng->txt("obj_role"),
1935  $this->lng->txt("role_count_users")));
1936  $tbl->setHeaderVars(array("",
1937  "title",
1938  "nr_members"),
1939  $this->ctrl->getParameterArray($this,"search",false));
1940  //array("ref_id" => $this->rolf_ref_id,
1941  //"obj_id" => $this->object->getId(),
1942  //"cmd" => "search",
1943  //"cmdClass" => "ilobjrolegui",
1944  //"cmdNode" => $_GET["cmdNode"]));
1945 
1946  $tbl->setColumnWidth(array("","80%","19%"));
1947 
1948 
1949  $this->__setTableGUIBasicData($tbl,$a_result_set,"role");
1950  $tbl->render();
1951 
1952  $this->tpl->setVariable("SEARCH_RESULT_TABLE",$tbl->tpl->get());
1953 
1954  return true;
1955  }
1956 
1957  function __showSearchGroupTable($a_result_set,$a_grp_ids = NULL)
1958  {
1959  $tbl =& $this->__initTableGUI();
1960  $tpl =& $tbl->getTemplateObject();
1961 
1962  $tpl->setCurrentBlock("tbl_form_header");
1963  $tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
1964  $tpl->parseCurrentBlock();
1965 
1966  $tpl->setCurrentBlock("tbl_action_btn");
1967  $tpl->setVariable("BTN_NAME","searchUserForm");
1968  $tpl->setVariable("BTN_VALUE",$this->lng->txt("back"));
1969  $tpl->parseCurrentBlock();
1970 
1971  $tpl->setCurrentBlock("tbl_action_btn");
1972  $tpl->setVariable("BTN_NAME","listUsersGroup");
1973  $tpl->setVariable("BTN_VALUE",$this->lng->txt("grp_list_users"));
1974  $tpl->parseCurrentBlock();
1975 
1976  if (!empty($a_grp_ids))
1977  {
1978  // set checkbox toggles
1979  $tpl->setCurrentBlock("tbl_action_toggle_checkboxes");
1980  $tpl->setVariable("JS_VARNAME","group");
1981  $tpl->setVariable("JS_ONCLICK",ilUtil::array_php2js($a_grp_ids));
1982  $tpl->setVariable("TXT_CHECKALL", $this->lng->txt("check_all"));
1983  $tpl->setVariable("TXT_UNCHECKALL", $this->lng->txt("uncheck_all"));
1984  $tpl->parseCurrentBlock();
1985  }
1986 
1987  $tpl->setCurrentBlock("tbl_action_row");
1988  $tpl->setVariable("COLUMN_COUNTS",4);
1989  $tpl->setVariable("IMG_ARROW",ilUtil::getImagePath("arrow_downright.gif"));
1990  $tpl->parseCurrentBlock();
1991 
1992  $tbl->setTitle($this->lng->txt("grp_header_edit_members"),"icon_usr.gif",$this->lng->txt("grp_header_edit_members"));
1993  $tbl->setHeaderNames(array("",
1994  $this->lng->txt("obj_grp"),
1995  $this->lng->txt("grp_count_members")));
1996  $tbl->setHeaderVars(array("",
1997  "title",
1998  "nr_members"),
1999  array("ref_id" => $this->rolf_ref_id,
2000  "obj_id" => $this->object->getId(),
2001  "cmd" => "search",
2002  "cmdClass" => "ilobjrolegui",
2003  "cmdNode" => $_GET["cmdNode"]));
2004 
2005  $tbl->setColumnWidth(array("","80%","19%"));
2006 
2007 
2008  $this->__setTableGUIBasicData($tbl,$a_result_set,"group");
2009  $tbl->render();
2010 
2011  $this->tpl->setVariable("SEARCH_RESULT_TABLE",$tbl->tpl->get());
2012 
2013  return true;
2014  }
2015 
2016  function listUsersRoleObject()
2017  {
2018  global $rbacsystem,$rbacreview;
2019 
2020  $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
2021 
2022  if (!is_array($_POST["role"]))
2023  {
2024  ilUtil::sendInfo($this->lng->txt("role_no_roles_selected"));
2025  $this->searchObject();
2026 
2027  return false;
2028  }
2029 
2030  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html");
2031  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
2032 
2033  // GET ALL MEMBERS
2034  $members = array();
2035 
2036  foreach ($_POST["role"] as $role_id)
2037  {
2038  $members = array_merge($rbacreview->assignedUsers($role_id),$members);
2039  }
2040 
2041  $members = array_unique($members);
2042 
2043  // FORMAT USER DATA
2044  $counter = 0;
2045  $f_result = array();
2046 
2047  foreach($members as $user)
2048  {
2049  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
2050  {
2051  continue;
2052  }
2053 
2054  $user_ids[$counter] = $user;
2055 
2056  // TODO: exclude anonymous user
2057  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
2058  $f_result[$counter][] = $tmp_obj->getLogin();
2059  $f_result[$counter][] = $tmp_obj->getFirstname();
2060  $f_result[$counter][] = $tmp_obj->getLastname();
2061 
2062  unset($tmp_obj);
2063  ++$counter;
2064  }
2065 
2066  $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
2067 
2068  return true;
2069  }
2070 
2071  function listUsersGroupObject()
2072  {
2073  global $rbacsystem,$rbacreview,$tree;
2074 
2075  $_SESSION["role_group"] = $_POST["group"] = $_POST["group"] ? $_POST["group"] : $_SESSION["role_group"];
2076 
2077  if (!is_array($_POST["group"]))
2078  {
2079  ilUtil::sendInfo($this->lng->txt("role_no_groups_selected"));
2080  $this->searchObject();
2081 
2082  return false;
2083  }
2084 
2085  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html");
2086  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
2087 
2088  // GET ALL MEMBERS
2089  $members = array();
2090 
2091  foreach ($_POST["group"] as $group_id)
2092  {
2093  if (!$tree->isInTree($group_id))
2094  {
2095  continue;
2096  }
2097  if (!$tmp_obj = ilObjectFactory::getInstanceByRefId($group_id))
2098  {
2099  continue;
2100  }
2101 
2102  $members = array_merge($tmp_obj->getGroupMemberIds(),$members);
2103 
2104  unset($tmp_obj);
2105  }
2106 
2107  $members = array_unique($members);
2108 
2109  // FORMAT USER DATA
2110  $counter = 0;
2111  $f_result = array();
2112 
2113  foreach($members as $user)
2114  {
2115  if (!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
2116  {
2117  continue;
2118  }
2119 
2120  $user_ids[$counter] = $user;
2121 
2122  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
2123  $f_result[$counter][] = $tmp_obj->getLogin();
2124  $f_result[$counter][] = $tmp_obj->getFirstname();
2125  $f_result[$counter][] = $tmp_obj->getLastname();
2126 
2127  unset($tmp_obj);
2128  ++$counter;
2129  }
2130 
2131  $this->__showSearchUserTable($f_result,$user_ids,"listUsersGroup");
2132 
2133  return true;
2134  }
2135 
2136 
2137  function __formatPath($a_path_arr)
2138  {
2139  $counter = 0;
2140 
2141  foreach ($a_path_arr as $data)
2142  {
2143  if ($counter++)
2144  {
2145  $path .= " -> ";
2146  }
2147 
2148  $path .= $data['title'];
2149  }
2150 
2151  if (strlen($path) > 50)
2152  {
2153  return '...'.substr($path,-50);
2154  }
2155 
2156  return $path;
2157  }
2158 
2159  function __prepareOutput()
2160  {
2161  // output objects
2162  //$this->tpl->addBlockFile("CONTENT", "content", "tpl.role.html");
2163  $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
2164  $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
2165 
2166  // output locator
2167  //$this->__setLocator();
2168 
2169  // output message
2170  if ($this->message)
2171  {
2172  ilUtil::sendInfo($this->message);
2173  }
2174 
2175  // display infopanel if something happened
2176  ilUtil::infoPanel();
2177 
2178  // set header
2179  $this->__setHeader();
2180  }
2181 
2182  function __setHeader()
2183  {
2184  include_once './classes/class.ilTabsGUI.php';
2185 
2186  $this->tpl->setTitle($this->lng->txt('role'));
2187  $this->tpl->setDescription($this->object->getTitle());
2188  $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.gif"));
2189 
2190  #$tabs_gui =& new ilTabsGUI();
2191  $this->getTabs($this->tabs_gui);
2192 
2193  // output tabs
2194  #$this->tpl->setVariable("TABS", $tabs_gui->getHTML());
2195  }
2196 
2197  function __setLocator()
2198  {
2199  global $tree, $ilias_locator;
2200 
2201  return;
2202 
2203  $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html");
2204 
2205  $counter = 0;
2206 
2207  foreach ($tree->getPathFull($this->rolf_ref_id) as $key => $row)
2208  {
2209  if ($counter++)
2210  {
2211  $this->tpl->touchBlock('locator_separator_prefix');
2212  }
2213 
2214  $this->tpl->setCurrentBlock("locator_item");
2215 
2216  if ($row["type"] == 'rolf')
2217  {
2218  $this->tpl->setVariable("ITEM",$this->object->getTitle());
2219  $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
2220  }
2221  elseif ($row["child"] != $tree->getRootId())
2222  {
2223  $this->tpl->setVariable("ITEM", $row["title"]);
2224  $this->tpl->setVariable("LINK_ITEM","repository.php?ref_id=".$row["child"]);
2225  }
2226  else
2227  {
2228  $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
2229  $this->tpl->setVariable("LINK_ITEM","repository.php?ref_id=".$row["child"]);
2230  }
2231 
2232  $this->tpl->parseCurrentBlock();
2233  }
2234 
2235  $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
2236  $this->tpl->parseCurrentBlock();
2237  }
2238 
2243  function addAdminLocatorItems()
2244  {
2245  global $ilLocator;
2246 
2247  if ($_GET["admin_mode"] == "settings"
2248  && $_GET["ref_id"] != SYSTEM_FOLDER_ID) // system settings
2249  {
2250  $ilLocator->addItem($this->lng->txt("administration"),
2251  $this->ctrl->getLinkTargetByClass("iladministrationgui", "frameset"),
2252  ilFrameTargetInfo::_getFrame("MainContent"));
2253 
2254  $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
2255  ilObject::_lookupObjId($_GET["ref_id"]))),
2256  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
2257 
2258  if ($_GET["obj_id"] > 0)
2259  {
2260  $ilLocator->addItem($this->object->getTitle(),
2261  $this->ctrl->getLinkTarget($this, "view"));
2262  }
2263  }
2264  else // repository administration
2265  {
2266  // ?
2267  }
2268  }
2269 
2270  function showUpperIcon()
2271  {
2272  global $tree, $tpl, $objDefinition;
2273 
2274  if (strtolower($_GET["baseClass"]) == "iladministrationgui")
2275  {
2276  if ($_GET["admin_mode"] == "settings"
2277  && $_GET["ref_id"] != SYSTEM_FOLDER_ID)
2278  {
2279  $tpl->setUpperIcon(
2280  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
2281  }
2282  }
2283  else
2284  {
2285  if ($this->object->getRefId() != ROOT_FOLDER_ID &&
2286  $this->object->getRefId() != SYSTEM_FOLDER_ID)
2287  {
2288  $par_id = $tree->getParentId($this->object->getRefId());
2289  $tpl->setUpperIcon("repository.php?ref_id=".$par_id);
2290  }
2291  }
2292  }
2293 
2294 
2295 
2296  function getTabs(&$tabs_gui)
2297  {
2298  global $rbacsystem,$rbacreview;
2299 
2300  $base_role_folder = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
2301 
2302 //var_dump($base_role_folder);
2303 //echo "-".$this->rolf_ref_id."-";
2304 
2305  $activate_role_edit = false;
2306 
2307  // todo: activate the following (allow editing of local roles in
2308  // roles administration)
2309  //if (in_array($this->rolf_ref_id,$base_role_folder))
2310  if (in_array($this->rolf_ref_id,$base_role_folder) ||
2311  (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
2312  $_GET["admin_mode"] == "settings"))
2313  {
2314  $activate_role_edit = true;
2315  }
2316 
2317  // not so nice (workaround for using tabs in repository)
2318  $tabs_gui->clearTargets();
2319 
2320  if ($this->back_target != "")
2321  {
2322  $tabs_gui->setBackTarget(
2323  $this->back_target["text"],$this->back_target["link"]);
2324  }
2325 
2326  #if ($rbacsystem->checkAccess('write',$this->rolf_ref_id) && $activate_role_edit)
2327  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
2328  {
2329  $tabs_gui->addTarget("edit_properties",
2330  $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
2331  }
2332 
2333  #if ($rbacsystem->checkAccess('write',$this->rolf_ref_id))
2334  if($this->checkAccess('write','edit_permission'))
2335  {
2336  $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
2337  ? true
2338  : false;
2339  $tabs_gui->addTarget("default_perm_settings",
2340  $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
2341  get_class($this),
2342  "", $force_active);
2343  }
2344 
2345  #if ($rbacsystem->checkAccess('write',$this->rolf_ref_id) && $activate_role_edit)
2346  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
2347  {
2348  $tabs_gui->addTarget("user_assignment",
2349  $this->ctrl->getLinkTarget($this, "userassignment"),
2350  array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
2351  get_class($this));
2352  }
2353 
2354  #if ($rbacsystem->checkAccess('write',$this->rolf_ref_id) && $activate_role_edit)
2355  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
2356  {
2357  $tabs_gui->addTarget("desktop_items",
2358  $this->ctrl->getLinkTarget($this, "listDesktopItems"),
2359  array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
2360  get_class($this));
2361  }
2362  }
2363 
2364  function mailToRoleObject()
2365  {
2366  global $rbacreview;
2367 
2368  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
2369  if(count($obj_ids) > 1)
2370  {
2371  $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
2372  }
2373  else
2374  {
2375  $_SESSION['mail_roles'][] = $rbacreview->getRoleMailboxAddress($this->object->getId());
2376  }
2377  $script = 'ilias.php?baseClass=ilMailGUI&type=role';
2378  ilUtil::redirect($script);
2379  }
2380 
2381  function checkAccess($a_perm_global,$a_perm_obj = '')
2382  {
2383  global $rbacsystem,$ilAccess;
2384 
2385  $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
2386 
2387  if($this->rolf_ref_id == ROLE_FOLDER_ID)
2388  {
2389  return $rbacsystem->checkAccess($a_perm_global,$this->rolf_ref_id);
2390  }
2391  else
2392  {
2393  return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
2394  }
2395  }
2396 
2397 } // END class.ilObjRoleGUI
2398 ?>