ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions
ilPermissionGUI Class Reference
Services/AccessControl

Class ilPermissionGUI RBAC related output. More...

+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 ilPermissionGUI (&$a_gui_obj)
 Constructor.
executeCommand ()
 perm ()
 show permissions of current node
 permSave ()
 save permissions
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'.
__initTableGUI ()
 __setTableGUIBasicData (&$tbl, &$result_set, $a_from="")
 standard implementation for tables use 'from' variable use different initial setting of table
 __buildRoleFilterSelect ()
 __filterRoles ($a_roles, $a_filter)
 owner ()
 changeOwner ()
 info ()
 __initSubTabs ($a_cmd)
 getRolesData ()
 __displayAddRoleForm ()
 __showPermissionsGeneralSection ()
 __showPermissionsObjectSection ()
 __showPermissionsRBACSection ()
 __showPermissionsCreateSection ()

Detailed Description

Class ilPermissionGUI RBAC related output.

Author
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
Id:
class.ilPermissionGUI.php 20310 2009-06-23 12:57:19Z smeyer

ilPermissionGUI: ilObjRoleGUI

Definition at line 17 of file class.ilPermissionGUI.php.

Member Function Documentation

ilPermissionGUI::__buildRoleFilterSelect ( )

Definition at line 459 of file class.ilPermissionGUI.php.

References $_SESSION, and formSelect().

Referenced by perm().

{
$action[1] = $this->lng->txt('filter_all_roles');
$action[2] = $this->lng->txt('filter_global_roles');
$action[3] = $this->lng->txt('filter_local_roles');
$action[4] = $this->lng->txt('filter_roles_local_policy');
$action[5] = $this->lng->txt('filter_local_roles_object');
return ilUtil::formSelect($_SESSION['perm_filtered_roles'], "filter",$action,false,true);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::__displayAddRoleForm ( )

Definition at line 703 of file class.ilPermissionGUI.php.

References $_SESSION, $data, and $key.

Referenced by perm().

{
// do not display this option for admin section and root node
$object_types_exclude = array("adm","root","objf","taxf");
// can the current object contain a rolefolder?
$subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
if (!isset($subobjects["rolf"]))
{
return;
}
if (!in_array($this->gui_obj->object->getType(),$object_types_exclude) and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
{
$this->tpl->addBlockFile("PERM_ADD_ROLE", "add_local_roles", "tpl.obj_perm_add_role.html");
// fill in saved values in case of error
$data = array();
$data["fields"] = array();
$data["fields"]["title"] = $_SESSION["error_post_vars"]["Fobject"]["title"];
$data["fields"]["desc"] = $_SESSION["error_post_vars"]["Fobject"]["desc"];
foreach ($data["fields"] as $key => $val)
{
$this->tpl->setVariable("TXT_LR_".strtoupper($key), $this->lng->txt($key));
$this->tpl->setVariable(strtoupper($key), $val);
}
$this->tpl->setVariable("FORMACTION_LR",
$this->ctrl->getLinkTarget($this, "addRole"));
$this->tpl->setVariable("TXT_LR_HEADER", $this->lng->txt("you_may_add_local_roles"));
$this->tpl->setVariable("TXT_ADD_ROLE", $this->lng->txt("role_add_local"));
$this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
}
}

+ Here is the caller graph for this function:

ilPermissionGUI::__filterRoles (   $a_roles,
  $a_filter 
)

Definition at line 469 of file class.ilPermissionGUI.php.

Referenced by getRolesData().

{
global $rbacreview;
switch ($a_filter)
{
case 1: // all roles in context
return $a_roles;
break;
case 2: // only global roles
$arr_global_roles = $rbacreview->getGlobalRoles();
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
break;
case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
$arr_global_roles = $rbacreview->getGlobalRoles();
foreach ($arr_global_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
break;
case 4: // only roles which use a local policy
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if (!$role_folder)
{
return array();
}
$arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
break;
case 5: // only true local role defined at current position
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if (!$role_folder)
{
return array();
}
$arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
break;
}
return $a_roles;
}

+ Here is the caller graph for this function:

ilPermissionGUI::__initSubTabs (   $a_cmd)

Definition at line 604 of file class.ilPermissionGUI.php.

Referenced by info(), owner(), and perm().

{
global $ilTabs;
$perm = ($a_cmd == 'perm') ? true : false;
$info = ($a_cmd == 'info') ? true : false;
$owner = ($a_cmd == 'owner') ? true : false;
$ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
"", "", "", $perm);
$ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
"", "", "", $info);
$ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
"", "", "", $owner);
}

+ Here is the caller graph for this function:

& ilPermissionGUI::__initTableGUI ( )

Definition at line 420 of file class.ilPermissionGUI.php.

{
include_once "Services/Table/classes/class.ilTableGUI.php";
return new ilTableGUI(0,false);
}
ilPermissionGUI::__setTableGUIBasicData ( $tbl,
$result_set,
  $a_from = "" 
)

standard implementation for tables use 'from' variable use different initial setting of table

Definition at line 432 of file class.ilPermissionGUI.php.

References $_GET.

{
switch ($a_from)
{
case "clipboardObject":
$offset = $_GET["offset"];
$order = $_GET["sort_by"];
$direction = $_GET["sort_order"];
$tbl->disable("footer");
break;
default:
$offset = $_GET["offset"];
$order = $_GET["sort_by"];
$direction = $_GET["sort_order"];
break;
}
$tbl->setOrderColumn($order);
$tbl->setOrderDirection($direction);
$tbl->setOffset($offset);
$tbl->setLimit($_GET["limit"]);
$tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
$tbl->setData($result_set);
}
ilPermissionGUI::__showPermissionsCreateSection ( )

Definition at line 901 of file class.ilPermissionGUI.php.

References ilUtil\array_php2js(), and ilPlugin\lookupTxt().

Referenced by perm().

{
global $objDefinition;
// no create operation for roles/role templates in local role folders
// access is controlled by 'administrate' (change permission settings) only
if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
{
return;
}
// create pointer to first role (only the permission list is needed)
reset($this->roles);
$first_role =& current($this->roles);
if (count($first_role['permissions']['create'])) // check if object type has create operations
{
$this->tpl->setCurrentBlock("perm_subtitle");
$this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
$this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
$this->tpl->setVariable("COLSPAN", $this->num_roles);
$this->tpl->parseCurrentBlock();
// add a checkbox 'select all' for create permissions of the following object types
$container_arr = array('cat','grp','crs','fold');
if (in_array($this->gui_obj->object->getType(),$container_arr))
{
$chk_toggle_create = true;
}
foreach ($this->roles as $role)
{
$ops_ids = array();
foreach ($role['permissions']['create'] as $perm)
{
$ops_ids[] = $perm['ops_id'];
}
if ($chk_toggle_create)
{
$this->tpl->setCurrentBlock('chk_toggle_create');
$this->tpl->setVariable('PERM_NAME',$this->lng->txt('check_all')."/".$this->lng->txt('uncheck_all'));
$this->tpl->setVariable('PERM_TOOLTIP',$this->lng->txt('check_all'));
$this->tpl->setVariable('ROLE_ID',$role['obj_id']);
$this->tpl->setVariable('JS_VARNAME','perm_'.$role['obj_id']);
$this->tpl->setVariable('JS_ONCLICK',ilUtil::array_php2js($ops_ids));
$this->tpl->parseCurrentBlock();
}
foreach ($role['permissions']['create'] as $perm)
{
if ($perm["name"] == "create_icrs" and !$this->ilias->getSetting("ilinc_active"))
{
continue;
}
$box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
$this->tpl->setCurrentBlock("perm_item");
$this->tpl->setVariable("PERM_CHECKBOX",$box);
if ($objDefinition->isPlugin(substr($perm['name'],7)))
{
$this->tpl->setVariable("PERM_NAME",
ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
"obj_".substr($perm['name'],7)));
$this->tpl->setVariable("PERM_TOOLTIP",
ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
$this->gui_obj->object->getType()."_".$perm['name']));
}
else
{
$this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
$this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
}
$this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_table");
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_settings");
$this->tpl->parseCurrentBlock();
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::__showPermissionsGeneralSection ( )

Definition at line 739 of file class.ilPermissionGUI.php.

References ilPlugin\lookupTxt().

Referenced by perm().

{
global $objDefinition;
$this->tpl->setCurrentBlock("perm_subtitle");
$this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
$this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
$this->tpl->setVariable("COLSPAN", $this->num_roles);
$this->tpl->parseCurrentBlock();
foreach ($this->roles as $role)
{
foreach ($role['permissions']['general'] as $perm)
{
// exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
{
continue;
}
$box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
$this->tpl->setCurrentBlock("perm_item");
$this->tpl->setVariable("PERM_CHECKBOX",$box);
$this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
{
$this->tpl->setVariable("PERM_TOOLTIP",
ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
$this->gui_obj->object->getType()."_".$perm['name']));
}
else
{
$this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
}
$this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_table");
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_settings");
$this->tpl->parseCurrentBlock();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::__showPermissionsObjectSection ( )

Definition at line 786 of file class.ilPermissionGUI.php.

References ilPlugin\lookupTxt().

Referenced by perm().

{
global $objDefinition;
// create pointer to first role (only the permission list is needed)
reset($this->roles);
$first_role =& current($this->roles);
if (count($first_role['permissions']['object'])) // check if object type has special operations
{
$this->tpl->setCurrentBlock("perm_subtitle");
$this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
$this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
$this->tpl->setVariable("COLSPAN", $this->num_roles);
$this->tpl->parseCurrentBlock();
foreach ($this->roles as $role)
{
foreach ($role['permissions']['object'] as $perm)
{
$box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
$this->tpl->setCurrentBlock("perm_item");
$this->tpl->setVariable("PERM_CHECKBOX",$box);
$this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
{
$this->tpl->setVariable("PERM_TOOLTIP",
ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
$this->gui_obj->object->getType()."_".$perm['name']));
}
else
{
$this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
}
$this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_table");
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_settings");
$this->tpl->parseCurrentBlock();
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::__showPermissionsRBACSection ( )

Definition at line 834 of file class.ilPermissionGUI.php.

References $lang, and ilPlugin\lookupTxt().

Referenced by perm().

{
global $objDefinition;
$this->tpl->setCurrentBlock("perm_subtitle");
$this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
$this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
$this->tpl->setVariable("COLSPAN", $this->num_roles);
$this->tpl->parseCurrentBlock();
foreach ($this->roles as $role)
{
foreach ($role['permissions']['rbac'] as $perm)
{
$box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
$this->tpl->setCurrentBlock("perm_item");
$this->tpl->setVariable("PERM_CHECKBOX",$box);
$this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
{
$this->tpl->setVariable("PERM_TOOLTIP",
ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
$this->gui_obj->object->getType()."_".$perm['name']));
}
else
{
$this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
}
$this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
$this->tpl->parseCurrentBlock();
}
// use local policy flag
// offer option 'use local policy' only to those objects where this option is permitted
if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
{
if ($role['local_policy_allowed'])
{
$box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
$lang = $this->lng->txt("perm_use_local_policy")." (".
$this->lng->txt("stop_inheritance").")";
$lang_desc = $this->lng->txt("perm_use_local_policy_desc");
}
else
{
$box = ' ';
$lang = $this->lng->txt("perm_local_role");
$lang_desc = $this->lng->txt("perm_local_role_desc");
}
$this->tpl->setCurrentBlock("perm_item");
$this->tpl->setVariable("PERM_CHECKBOX",$box);
$this->tpl->setVariable("PERM_NAME",$lang);
$this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
$this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_table");
$this->tpl->parseCurrentBlock();
}
$this->tpl->setCurrentBlock("perm_settings");
$this->tpl->parseCurrentBlock();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::addRole ( )

adds a local role This method is only called when choose the option 'you may add local roles'.

This option is displayed in the permission settings dialogue for an object TODO: this will be changed public

Definition at line 332 of file class.ilPermissionGUI.php.

References $_POST, $ilCtrl, $ilErr, ilObject\_lookupTitle(), ilUtil\sendFailure(), ilUtil\sendSuccess(), and ilUtil\stripSlashes().

{
global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
// check if role title has il_ prefix
if (substr($_POST["Fobject"]["title"],0,3) == "il_")
{
$this->ilias->raiseError($this->lng->txt("msg_role_reserved_prefix"),$this->ilias->error_obj->MESSAGE);
}
if(!strlen($_POST["Fobject"]["title"]))
{
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
}
$new_title = ilUtil::stripSlashes($_POST['Fobject']['title']);
$rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if($rolf_data['child'])
{
foreach($rbacreview->getRolesOfRoleFolder($rolf_data['child']) as $role_id)
{
if(trim($new_title) == ilObject::_lookupTitle($role_id))
{
$ilErr->raiseError($this->lng->txt('rbac_role_exists_alert'),$ilErr->MESSAGE);
}
}
}
// if the current object is no role folder, create one
if ($this->gui_obj->object->getType() != "rolf")
{
$rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
// is there already a rolefolder?
if (!($rolf_id = $rolf_data["child"]))
{
// can the current object contain a rolefolder?
$subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
if (!isset($subobjects["rolf"]))
{
ilUtil::sendFailure($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
$this->lng->txt("msg_no_rolf_allowed2"), true);
$ilCtrl->redirect($this, "perm");
}
// create a rolefolder
$rolfObj = $this->gui_obj->object->createRoleFolder();
$rolf_id = $rolfObj->getRefId();
}
}
else
{
// Current object is already a rolefolder. To create the role we take its reference id
$rolf_id = $this->gui_obj->object->getRefId();
}
// create role
if ($this->gui_obj->object->getType() == "rolf")
{
$roleObj = $this->gui_obj->object->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
}
else
{
$rfoldObj = $this->ilias->obj_factory->getInstanceByRefId($rolf_id);
$roleObj = $rfoldObj->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
}
ilUtil::sendSuccess($this->lng->txt("role_added"),true);
// in administration jump to deault perm settings screen
// alex, ILIAS 3.6.5, 1.9.2006: this does not work and leads to errors in
// a) administration
// -> repository trash & permissions -> item -> permissions ->
// "you may add role" screen -> save
// b) other modules like learning modules
// -> permissions -> "you may add role" screen
// deactivated for 3.6.6
//if ($this->ctrl->getTargetScript() != "repository.php")
//{
// $this->ctrl->setParameter($this,"obj_id",$roleObj->getId());
// $this->ctrl->setParameter($this,"ref_id",$rolf_id);
// $this->ctrl->redirect($this,'perm');
//}
$this->ctrl->redirect($this,'perm');
}

+ Here is the call graph for this function:

ilPermissionGUI::changeOwner ( )

Definition at line 564 of file class.ilPermissionGUI.php.

References $_POST, $ilErr, ilObjUser\_lookupId(), owner(), ilUtil\sendFailure(), and ilUtil\sendSuccess().

{
global $rbacsystem,$ilErr,$ilObjDataCache;
if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
{
ilUtil::sendFailure($this->lng->txt('user_not_known'));
$this->owner();
return true;
}
$this->gui_obj->object->setOwner($user_id);
$this->gui_obj->object->updateOwner();
$ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
ilUtil::sendSuccess($this->lng->txt('owner_updated'),true);
if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
{
$this->ctrl->redirect($this->gui_obj);
return true;
}
$this->ctrl->redirect($this,'owner');
return true;
}

+ Here is the call graph for this function:

& ilPermissionGUI::executeCommand ( )

Definition at line 52 of file class.ilPermissionGUI.php.

References $_GET, $cmd, $ilErr, and $ret.

{
global $rbacsystem, $ilErr;
// access to all functions in this class are only allowed if edit_permission is granted
if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
{
$ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
}
$next_class = $this->ctrl->getNextClass($this);
switch($next_class)
{
case "ilobjrolegui":
include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
$this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
$this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),
$this->ctrl->getLinkTarget($this, "perm"));
$ret =& $this->ctrl->forwardCommand($this->gui_obj);
break;
default:
$cmd = $this->ctrl->getCmd();
$this->$cmd();
break;
}
return true;
}
ilPermissionGUI::getRolesData ( )

Definition at line 620 of file class.ilPermissionGUI.php.

References $_POST, $_SESSION, $key, __filterRoles(), ilRbacReview\_getOperationList(), and ilRbacReview\_groupOperationsByClass().

Referenced by perm(), and permSave().

{
global $rbacsystem, $rbacreview, $tree;
// first get all roles in
$roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
// filter roles
$_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
// set default filter (all roles) if no filter is set
if ($_SESSION['perm_filtered_roles'] == 0)
{
if ($tree->checkForParentType($this->gui_obj->object->getRefId(),'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),'grp'))
$_SESSION['perm_filtered_roles'] = 3;
else
$_SESSION['perm_filtered_roles'] = 1;
}
// remove filtered roles from array
$roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
// determine status of each role (local role, changed policy, protected)
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
$local_roles = array();
if (!empty($role_folder))
{
$local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
}
foreach ($roles as $key => $role)
{
// exclude system admin role from list
if ($role["obj_id"] == SYSTEM_ROLE_ID)
{
unset($roles[$key]);
continue;
}
$this->roles[$role['obj_id']] = $role;
// don't allow local policies for protected roles
$this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
if (!in_array($role["obj_id"],$local_roles))
{
$this->roles[$role['obj_id']]['local_policy_enabled'] = false;
$this->roles[$role['obj_id']]['local_policy_allowed'] = true;
}
else
{
// no checkbox for local roles
if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
{
$this->roles[$role['obj_id']]['local_policy_allowed'] = false;
}
else
{
$this->roles[$role['obj_id']]['local_policy_enabled'] = true;
$this->roles[$role['obj_id']]['local_policy_allowed'] = true;
}
}
// compute permission settings for each role
$grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
foreach ($grouped_ops as $ops_group => $ops_data)
{
foreach ($ops_data as $key => $operation)
{
$grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
}
}
$this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
unset($grouped_ops);
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::ilPermissionGUI ( $a_gui_obj)

Constructor.

Definition at line 22 of file class.ilPermissionGUI.php.

References $ilCtrl, $ilErr, $lng, $tpl, and PEAR_ERROR_CALLBACK.

{
global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
if (!isset($ilErr))
{
$ilErr = new ilErrorHandling();
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
}
else
{
$this->ilErr =& $ilErr;
}
$this->ilias =& $ilias;
$this->objDefinition =& $objDefinition;
$this->tree =& $tree;
$this->tpl =& $tpl;
$this->lng =& $lng;
$this->lng->loadLanguageModule("rbac");
$this->ctrl =& $ilCtrl;
$this->gui_obj =& $a_gui_obj;
$this->roles = array();
$this->num_roles = 0;
}
ilPermissionGUI::info ( )

Definition at line 592 of file class.ilPermissionGUI.php.

References __initSubTabs().

{
$this->__initSubTabs("info");
include_once('classes/class.ilObjectStatusGUI.php');
$ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
$this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
}

+ Here is the call graph for this function:

ilPermissionGUI::owner ( )

Definition at line 546 of file class.ilPermissionGUI.php.

References __initSubTabs(), ilObjUser\_lookupLogin(), and ilUtil\getImagePath().

Referenced by changeOwner().

{
global $ilObjDataCache,$ilUser;
$this->__initSubTabs("owner");
$this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.obj_owner.html');
$this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
$this->tpl->setVariable("USERNAME",ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
$this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_usr.gif'));
$this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('owner'));
$this->tpl->setVariable("TBL_TITLE",$this->lng->txt('info_owner_of_object'));
$this->tpl->setVariable("BTN_CHOWN",$this->lng->txt('change_owner'));
$this->tpl->setVariable("TXT_USERNAME",$this->lng->txt('username'));
$this->tpl->setVariable("CHOWN_WARNING",$this->lng->txt('chown_warning'));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::perm ( )

show permissions of current node

public

Definition at line 88 of file class.ilPermissionGUI.php.

References $_GET, __buildRoleFilterSelect(), __displayAddRoleForm(), __initSubTabs(), __showPermissionsCreateSection(), __showPermissionsGeneralSection(), __showPermissionsObjectSection(), __showPermissionsRBACSection(), ilObjRole\_getTranslation(), ilUtil\getImagePath(), getRolesData(), and ilUtil\sendInfo().

{
global $rbacsystem, $rbacreview;
$this->getRolesData();
// START DATA OUTPUT
$this->__initSubTabs("perm");
// $this->gui_obj->getTemplateFile("perm");
$this->tpl->addBlockFile("ADM_CONTENT", "adm_content",
"tpl.edit_permissions.html", "Services/AccessControl");
$this->num_roles = count($this->roles);
// render filter form
$this->tpl->setCurrentBlock("filter");
$this->tpl->setVariable("FILTER_TXT_FILTER",$this->lng->txt('filter'));
$this->tpl->setVariable("SELECT_FILTER",$this->__buildRoleFilterSelect());
$this->tpl->setVariable("FILTER_ACTION",$this->ctrl->getFormAction($this)."&cmd=perm");
$this->tpl->setVariable("FILTER_NAME",'view');
$this->tpl->setVariable("FILTER_VALUE",$this->lng->txt('apply_filter'));
$this->tpl->parseCurrentBlock();
// don't display table if no role in list
if ($this->num_roles < 1)
{
ilUtil::sendInfo($this->lng->txt("msg_no_roles_of_type"),false);
$this->__displayAddRoleForm();
return true;
}
$this->tpl->addBlockFile("PERM_PERMISSIONS", "permissions", "tpl.obj_perm_permissions.html");
$this->tpl->setVariable("TXT_TITLE", $this->lng->txt("permission_settings"));
$this->tpl->setVariable("IMG_PERM", ilUtil::getImagePath("icon_perm.gif"));
$this->tpl->setVariable("TXT_TITLE_INFO",
sprintf($this->lng->txt("permission_settings_info"),
$this->gui_obj->object->getTitle()
));
$this->tpl->setVariable("COLSPAN", $this->num_roles);
$this->tpl->setVariable("FORMACTION",
$this->ctrl->getLinkTarget($this,"permSave"));
$this->tpl->setVariable("TXT_SAVE", $this->lng->txt("save"));
// needed for display correct role context of global roles
$global_roles = $rbacreview->getGlobalRoles();
foreach ($this->roles as $role)
{
$tmp_role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
$tmp_local_roles = array();
if ($tmp_role_folder)
{
$tmp_local_roles = $rbacreview->getRolesOfRoleFolder($tmp_role_folder["ref_id"]);
}
// Is it a real or linked lokal role
if ($role['protected'] == false and in_array($role['obj_id'],$tmp_local_roles))
{
$role_folder_data = $rbacreview->getRoleFolderOfObject($_GET['ref_id']);
$role_folder_id = $role_folder_data['ref_id'];
$this->tpl->setCurrentBlock("rolelink_open");
$up_path = defined('ILIAS_MODULE') ? "../" : "";
$this->ctrl->setParameterByClass("ilobjrolegui", "obj_id",
$role['obj_id']);
$this->ctrl->setParameterByClass("ilobjrolegui", "rolf_ref_id",
$role_folder_id);
$this->tpl->setVariable("LINK_ROLE_RULESET",
$this->ctrl->getLinkTargetByClass("ilobjrolegui", ""));
$this->tpl->setVariable("TXT_ROLE_RULESET",$this->lng->txt("edit_perm_ruleset"));
$this->tpl->parseCurrentBlock();
$this->tpl->touchBlock("rolelink_close");
}
$this->tpl->setCurrentBlock("role_infos");
// display human readable role names for autogenerated roles
include_once ('Services/AccessControl/classes/class.ilObjRole.php');
$this->tpl->setVariable("ROLE_NAME",str_replace(" ","&nbsp;",ilObjRole::_getTranslation($role["title"])));
//var_dump("<pre>",$role,"</pre>");
// display role context
if (in_array($role["obj_id"],$global_roles))
{
$this->tpl->setVariable("ROLE_CONTEXT_TYPE","global");
}
else
{
if($rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"],true))
{
$parent_node = $this->tree->getParentNodeData($rolf[0]);
//$this->tpl->setVariable("ROLE_CONTEXT_TYPE",$this->lng->txt("obj_".$parent_node["type"])."&nbsp;(#".$parent_node["obj_id"].")");
//$this->tpl->setVariable("ROLE_CONTEXT",$parent_node["title"]);
$this->tpl->setVariable("ROLE_CONTEXT_TYPE",$parent_node["title"]);
}
}
$this->tpl->parseCurrentBlock();
}
$this->ctrl->clearParametersByClass("ilobjrolegui");
// show permission settings
// general section
$this->__showPermissionsGeneralSection();
// object section
$this->__showPermissionsObjectSection();
// rbac section
$this->__showPermissionsRBACSection();
// create section
$this->__showPermissionsCreateSection();
$this->tpl->setVariable("COLSPAN", $this->num_roles);
// ADD LOCAL ROLE
$this->__displayAddRoleForm();
}

+ Here is the call graph for this function:

ilPermissionGUI::permSave ( )

save permissions

public

Definition at line 224 of file class.ilPermissionGUI.php.

References $_POST, $data, $key, getRolesData(), and ilUtil\sendSuccess().

{
global $rbacreview, $rbacadmin, $rbacsystem;
// only revoke permission of roles that are not filtered
$this->getRolesData();
foreach($this->roles as $role_id => $data)
{
$rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
}
if (is_array($_POST["perm"]))
{
foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
{
$rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
}
}
// update object data entry (to update last modification date)
$this->gui_obj->object->update();
// Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
// muss folgendes geschehen:
// - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
// - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
// - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
// und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
// get rolefolder data if a rolefolder already exists
$rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
$rolf_id = $rolf_data["child"];
$stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
if ($stop_inherit_roles)
{
// rolefolder does not exist, so create one
if (empty($rolf_id))
{
// create a local role folder
$rfoldObj = $this->gui_obj->object->createRoleFolder();
// set rolf_id again from new rolefolder object
$rolf_id = $rfoldObj->getRefId();
}
$roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
foreach ($stop_inherit_roles as $stop_inherit)
{
// create role entries for roles with stopped inheritance
if (!in_array($stop_inherit,$roles_of_folder))
{
$parentRoles = $rbacreview->getParentRoleIds($rolf_id);
$rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit]["parent"],
$rolf_id,$stop_inherit);
$rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
}
}// END FOREACH
}// END STOP INHERIT
if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
{
// get roles where inheritance is stopped was cancelled
$linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
$linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
// Only delete local policies for filtered roles
$linked_roles_to_remove = (array) array_intersect(
(array) $linked_roles_to_remove,
(array) array_keys($this->roles));
// remove roles where stopped inheritance is cancelled and purge rolefolder if empty
foreach ($linked_roles_to_remove as $role_id)
{
if ($rbacreview->isProtected($rolf_id,$role_id))
{
continue;
}
$role_obj =& $this->ilias->obj_factory->getInstanceByObjId($role_id);
$role_obj->setParent($rolf_id);
$role_obj->delete();
unset($role_obj);
}
}
ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
// redirect to default page if user revokes himself access to the permission panel
if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
{
$this->ctrl->redirect($this->gui_obj);
}
$this->ctrl->redirect($this,'perm');
}

+ Here is the call graph for this function:

The documentation for this class was generated from the following file: