ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
17 class ilPermissionGUI
18 {
22  function ilPermissionGUI(&$a_gui_obj)
23  {
24  global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
25 
26  if (!isset($ilErr))
27  {
28  $ilErr = new ilErrorHandling();
29  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
30  }
31  else
32  {
33  $this->ilErr =& $ilErr;
34  }
35 
36  $this->ilias =& $ilias;
37  $this->objDefinition =& $objDefinition;
38  $this->tree =& $tree;
39  $this->tpl =& $tpl;
40  $this->lng =& $lng;
41  $this->lng->loadLanguageModule("rbac");
42 
43  $this->ctrl =& $ilCtrl;
44 
45  $this->gui_obj =& $a_gui_obj;
46 
47  $this->roles = array();
48  $this->num_roles = 0;
49  }
50 
51 
52  function &executeCommand()
53  {
54  global $rbacsystem, $ilErr;
55 
56  // access to all functions in this class are only allowed if edit_permission is granted
57  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
58  {
59  $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
60  }
61 
62  $next_class = $this->ctrl->getNextClass($this);
63 
64  switch($next_class)
65  {
66  case "ilobjrolegui":
67  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
68  $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
69  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),
70  $this->ctrl->getLinkTarget($this, "perm"));
71  $ret =& $this->ctrl->forwardCommand($this->gui_obj);
72  break;
73 
74  default:
75  $cmd = $this->ctrl->getCmd();
76  $this->$cmd();
77  break;
78  }
79 
80  return true;
81  }
82 
88  function perm()
89  {
90  global $rbacsystem, $rbacreview;
91 
92  $this->getRolesData();
93 
95  // START DATA OUTPUT
97  $this->__initSubTabs("perm");
98 
99 // $this->gui_obj->getTemplateFile("perm");
100  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content",
101  "tpl.edit_permissions.html", "Services/AccessControl");
102 
103  $this->num_roles = count($this->roles);
104 
105  // render filter form
106  $this->tpl->setCurrentBlock("filter");
107  $this->tpl->setVariable("FILTER_TXT_FILTER",$this->lng->txt('filter'));
108  $this->tpl->setVariable("SELECT_FILTER",$this->__buildRoleFilterSelect());
109  $this->tpl->setVariable("FILTER_ACTION",$this->ctrl->getFormAction($this)."&cmd=perm");
110  $this->tpl->setVariable("FILTER_NAME",'view');
111  $this->tpl->setVariable("FILTER_VALUE",$this->lng->txt('apply_filter'));
112  $this->tpl->parseCurrentBlock();
113 
114  // don't display table if no role in list
115  if ($this->num_roles < 1)
116  {
117  ilUtil::sendInfo($this->lng->txt("msg_no_roles_of_type"),false);
118  $this->__displayAddRoleForm();
119  return true;
120  }
121 
122  $this->tpl->addBlockFile("PERM_PERMISSIONS", "permissions", "tpl.obj_perm_permissions.html");
123 
124  $this->tpl->setVariable("TXT_TITLE", $this->lng->txt("permission_settings"));
125  $this->tpl->setVariable("IMG_PERM", ilUtil::getImagePath("icon_perm.gif"));
126  $this->tpl->setVariable("TXT_TITLE_INFO",
127  sprintf($this->lng->txt("permission_settings_info"),
128  $this->gui_obj->object->getTitle()
129  ));
130  $this->tpl->setVariable("COLSPAN", $this->num_roles);
131  $this->tpl->setVariable("FORMACTION",
132  $this->ctrl->getLinkTarget($this,"permSave"));
133  $this->tpl->setVariable("TXT_SAVE", $this->lng->txt("save"));
134 
135  // needed for display correct role context of global roles
136  $global_roles = $rbacreview->getGlobalRoles();
137 
138  foreach ($this->roles as $role)
139  {
140  $tmp_role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
141  $tmp_local_roles = array();
142 
143  if ($tmp_role_folder)
144  {
145  $tmp_local_roles = $rbacreview->getRolesOfRoleFolder($tmp_role_folder["ref_id"]);
146  }
147 
148  // Is it a real or linked lokal role
149  if ($role['protected'] == false and in_array($role['obj_id'],$tmp_local_roles))
150  {
151  $role_folder_data = $rbacreview->getRoleFolderOfObject($_GET['ref_id']);
152  $role_folder_id = $role_folder_data['ref_id'];
153 
154 
155  $this->tpl->setCurrentBlock("rolelink_open");
156 
157  $up_path = defined('ILIAS_MODULE') ? "../" : "";
158  $this->ctrl->setParameterByClass("ilobjrolegui", "obj_id",
159  $role['obj_id']);
160  $this->ctrl->setParameterByClass("ilobjrolegui", "rolf_ref_id",
161  $role_folder_id);
162  $this->tpl->setVariable("LINK_ROLE_RULESET",
163  $this->ctrl->getLinkTargetByClass("ilobjrolegui", ""));
164 
165  $this->tpl->setVariable("TXT_ROLE_RULESET",$this->lng->txt("edit_perm_ruleset"));
166  $this->tpl->parseCurrentBlock();
167 
168  $this->tpl->touchBlock("rolelink_close");
169  }
170 
171  $this->tpl->setCurrentBlock("role_infos");
172 
173  // display human readable role names for autogenerated roles
174  include_once ('Services/AccessControl/classes/class.ilObjRole.php');
175  $this->tpl->setVariable("ROLE_NAME",str_replace(" ","&nbsp;",ilObjRole::_getTranslation($role["title"])));
176  //var_dump("<pre>",$role,"</pre>");
177 
178  // display role context
179  if (in_array($role["obj_id"],$global_roles))
180  {
181  $this->tpl->setVariable("ROLE_CONTEXT_TYPE","global");
182  }
183  else
184  {
185  if($rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"],true))
186  {
187  $parent_node = $this->tree->getParentNodeData($rolf[0]);
188  //$this->tpl->setVariable("ROLE_CONTEXT_TYPE",$this->lng->txt("obj_".$parent_node["type"])."&nbsp;(#".$parent_node["obj_id"].")");
189  //$this->tpl->setVariable("ROLE_CONTEXT",$parent_node["title"]);
190  $this->tpl->setVariable("ROLE_CONTEXT_TYPE",$parent_node["title"]);
191  }
192  }
193 
194  $this->tpl->parseCurrentBlock();
195  }
196  $this->ctrl->clearParametersByClass("ilobjrolegui");
197 
198 // show permission settings
199 
200  // general section
201  $this->__showPermissionsGeneralSection();
202 
203  // object section
204  $this->__showPermissionsObjectSection();
205 
206  // rbac section
207  $this->__showPermissionsRBACSection();
208 
209  // create section
210  $this->__showPermissionsCreateSection();
211 
212  $this->tpl->setVariable("COLSPAN", $this->num_roles);
213 
214  // ADD LOCAL ROLE
215  $this->__displayAddRoleForm();
216  }
217 
218 
224  function permSave()
225  {
226  global $rbacreview, $rbacadmin, $rbacsystem;
227 
228  // only revoke permission of roles that are not filtered
229  $this->getRolesData();
230  foreach($this->roles as $role_id => $data)
231  {
232  $rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
233  }
234 
235  if (is_array($_POST["perm"]))
236  {
237  foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
238  {
239  $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
240  }
241  }
242 
243  // update object data entry (to update last modification date)
244  $this->gui_obj->object->update();
245 
246  // Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
247  // muss folgendes geschehen:
248  // - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
249  // - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
250  // - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
251  // und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
252 
253  // get rolefolder data if a rolefolder already exists
254  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
255  $rolf_id = $rolf_data["child"];
256 
257  $stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
258 
259  if ($stop_inherit_roles)
260  {
261  // rolefolder does not exist, so create one
262  if (empty($rolf_id))
263  {
264  // create a local role folder
265  $rfoldObj = $this->gui_obj->object->createRoleFolder();
266 
267  // set rolf_id again from new rolefolder object
268  $rolf_id = $rfoldObj->getRefId();
269  }
270 
271  $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
272 
273  foreach ($stop_inherit_roles as $stop_inherit)
274  {
275  // create role entries for roles with stopped inheritance
276  if (!in_array($stop_inherit,$roles_of_folder))
277  {
278  $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
279  $rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit]["parent"],
280  $rolf_id,$stop_inherit);
281  $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
282  }
283  }// END FOREACH
284  }// END STOP INHERIT
285 
286  if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
287  {
288  // get roles where inheritance is stopped was cancelled
289  $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
290  $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
291 
292  // Only delete local policies for filtered roles
293  $linked_roles_to_remove = (array) array_intersect(
294  (array) $linked_roles_to_remove,
295  (array) array_keys($this->roles));
296 
297  // remove roles where stopped inheritance is cancelled and purge rolefolder if empty
298  foreach ($linked_roles_to_remove as $role_id)
299  {
300  if ($rbacreview->isProtected($rolf_id,$role_id))
301  {
302  continue;
303  }
304 
305  $role_obj =& $this->ilias->obj_factory->getInstanceByObjId($role_id);
306  $role_obj->setParent($rolf_id);
307  $role_obj->delete();
308  unset($role_obj);
309  }
310  }
311 
312  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
313 
314  // redirect to default page if user revokes himself access to the permission panel
315  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
316  {
317  $this->ctrl->redirect($this->gui_obj);
318  }
319 
320  $this->ctrl->redirect($this,'perm');
321  }
322 
323 
324 
332  function addRole()
333  {
334  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
335 
336  // check if role title has il_ prefix
337  if (substr($_POST["Fobject"]["title"],0,3) == "il_")
338  {
339  $this->ilias->raiseError($this->lng->txt("msg_role_reserved_prefix"),$this->ilias->error_obj->MESSAGE);
340  }
341  if(!strlen($_POST["Fobject"]["title"]))
342  {
343  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
344  }
345 
346  $new_title = ilUtil::stripSlashes($_POST['Fobject']['title']);
347  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
348  if($rolf_data['child'])
349  {
350  foreach($rbacreview->getRolesOfRoleFolder($rolf_data['child']) as $role_id)
351  {
352  if(trim($new_title) == ilObject::_lookupTitle($role_id))
353  {
354  $ilErr->raiseError($this->lng->txt('rbac_role_exists_alert'),$ilErr->MESSAGE);
355  }
356  }
357  }
358 
359 
360  // if the current object is no role folder, create one
361  if ($this->gui_obj->object->getType() != "rolf")
362  {
363  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
364 
365  // is there already a rolefolder?
366  if (!($rolf_id = $rolf_data["child"]))
367  {
368  // can the current object contain a rolefolder?
369  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
370 
371  if (!isset($subobjects["rolf"]))
372  {
373  ilUtil::sendFailure($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
374  $this->lng->txt("msg_no_rolf_allowed2"), true);
375  $ilCtrl->redirect($this, "perm");
376  }
377 
378  // create a rolefolder
379  $rolfObj = $this->gui_obj->object->createRoleFolder();
380  $rolf_id = $rolfObj->getRefId();
381  }
382  }
383  else
384  {
385  // Current object is already a rolefolder. To create the role we take its reference id
386  $rolf_id = $this->gui_obj->object->getRefId();
387  }
388 
389  // create role
390  if ($this->gui_obj->object->getType() == "rolf")
391  {
392  $roleObj = $this->gui_obj->object->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
393  }
394  else
395  {
396  $rfoldObj = $this->ilias->obj_factory->getInstanceByRefId($rolf_id);
397  $roleObj = $rfoldObj->createRole($_POST["Fobject"]["title"],$_POST["Fobject"]["desc"]);
398  }
399 
400  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
401 
402  // in administration jump to deault perm settings screen
403  // alex, ILIAS 3.6.5, 1.9.2006: this does not work and leads to errors in
404  // a) administration
405  // -> repository trash & permissions -> item -> permissions ->
406  // "you may add role" screen -> save
407  // b) other modules like learning modules
408  // -> permissions -> "you may add role" screen
409  // deactivated for 3.6.6
410  //if ($this->ctrl->getTargetScript() != "repository.php")
411  //{
412  // $this->ctrl->setParameter($this,"obj_id",$roleObj->getId());
413  // $this->ctrl->setParameter($this,"ref_id",$rolf_id);
414  // $this->ctrl->redirect($this,'perm');
415  //}
416 
417  $this->ctrl->redirect($this,'perm');
418  }
419 
420  function &__initTableGUI()
421  {
422  include_once "Services/Table/classes/class.ilTableGUI.php";
423 
424  return new ilTableGUI(0,false);
425  }
426 
432  function __setTableGUIBasicData(&$tbl,&$result_set,$a_from = "")
433  {
434  switch ($a_from)
435  {
436  case "clipboardObject":
437  $offset = $_GET["offset"];
438  $order = $_GET["sort_by"];
439  $direction = $_GET["sort_order"];
440  $tbl->disable("footer");
441  break;
442 
443  default:
444  $offset = $_GET["offset"];
445  $order = $_GET["sort_by"];
446  $direction = $_GET["sort_order"];
447  break;
448  }
449 
450  $tbl->setOrderColumn($order);
451  $tbl->setOrderDirection($direction);
452  $tbl->setOffset($offset);
453  $tbl->setLimit($_GET["limit"]);
454  $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
455  $tbl->setData($result_set);
456  }
457 
458 
459  function __buildRoleFilterSelect()
460  {
461  $action[1] = $this->lng->txt('filter_all_roles');
462  $action[2] = $this->lng->txt('filter_global_roles');
463  $action[3] = $this->lng->txt('filter_local_roles');
464  $action[4] = $this->lng->txt('filter_roles_local_policy');
465  $action[5] = $this->lng->txt('filter_local_roles_object');
466  return ilUtil::formSelect($_SESSION['perm_filtered_roles'], "filter",$action,false,true);
467  }
468 
469  function __filterRoles($a_roles,$a_filter)
470  {
471  global $rbacreview;
472 
473  switch ($a_filter)
474  {
475  case 1: // all roles in context
476  return $a_roles;
477  break;
478 
479  case 2: // only global roles
480  $arr_global_roles = $rbacreview->getGlobalRoles();
481  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
482 
483  foreach ($arr_remove_roles as $role_id)
484  {
485  unset($a_roles[$role_id]);
486  }
487 
488  return $a_roles;
489  break;
490 
491  case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
492  $arr_global_roles = $rbacreview->getGlobalRoles();
493 
494  foreach ($arr_global_roles as $role_id)
495  {
496  unset($a_roles[$role_id]);
497  }
498 
499  return $a_roles;
500  break;
501 
502  case 4: // only roles which use a local policy
503  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
504 
505  if (!$role_folder)
506  {
507  return array();
508  }
509 
510  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
511  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
512 
513  foreach ($arr_remove_roles as $role_id)
514  {
515  unset($a_roles[$role_id]);
516  }
517 
518  return $a_roles;
519  break;
520 
521  case 5: // only true local role defined at current position
522 
523  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
524 
525  if (!$role_folder)
526  {
527  return array();
528  }
529 
530  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
531  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
532 
533  foreach ($arr_remove_roles as $role_id)
534  {
535  unset($a_roles[$role_id]);
536  }
537 
538  return $a_roles;
539  break;
540  }
541 
542  return $a_roles;
543  }
544 
545  // show owner sub tab
546  function owner()
547  {
548  global $ilObjDataCache,$ilUser;
549 
550  $this->__initSubTabs("owner");
551 
552  $this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.obj_owner.html');
553 
554  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
555  $this->tpl->setVariable("USERNAME",ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
556  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_usr.gif'));
557  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('owner'));
558  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('info_owner_of_object'));
559  $this->tpl->setVariable("BTN_CHOWN",$this->lng->txt('change_owner'));
560  $this->tpl->setVariable("TXT_USERNAME",$this->lng->txt('username'));
561  $this->tpl->setVariable("CHOWN_WARNING",$this->lng->txt('chown_warning'));
562  }
563 
564  function changeOwner()
565  {
566  global $rbacsystem,$ilErr,$ilObjDataCache;
567 
568  if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
569  {
570  ilUtil::sendFailure($this->lng->txt('user_not_known'));
571  $this->owner();
572  return true;
573  }
574 
575  $this->gui_obj->object->setOwner($user_id);
576  $this->gui_obj->object->updateOwner();
577  $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
578  ilUtil::sendSuccess($this->lng->txt('owner_updated'),true);
579 
580  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
581  {
582  $this->ctrl->redirect($this->gui_obj);
583  return true;
584  }
585 
586  $this->ctrl->redirect($this,'owner');
587  return true;
588 
589  }
590 
591  // init permission query feature
592  function info()
593  {
594  $this->__initSubTabs("info");
595 
596  include_once('classes/class.ilObjectStatusGUI.php');
597 
598  $ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
599 
600  $this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
601  }
602 
603  // init sub tabs
604  function __initSubTabs($a_cmd)
605  {
606  global $ilTabs;
607 
608  $perm = ($a_cmd == 'perm') ? true : false;
609  $info = ($a_cmd == 'info') ? true : false;
610  $owner = ($a_cmd == 'owner') ? true : false;
611 
612  $ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
613  "", "", "", $perm);
614  $ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
615  "", "", "", $info);
616  $ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
617  "", "", "", $owner);
618  }
619 
620  function getRolesData()
621  {
622  global $rbacsystem, $rbacreview, $tree;
623 
624  // first get all roles in
625  $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
626 
627  // filter roles
628  $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
629 
630  // set default filter (all roles) if no filter is set
631  if ($_SESSION['perm_filtered_roles'] == 0)
632  {
633  if ($tree->checkForParentType($this->gui_obj->object->getRefId(),'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),'grp'))
634  $_SESSION['perm_filtered_roles'] = 3;
635  else
636  $_SESSION['perm_filtered_roles'] = 1;
637  }
638 
639 
640  // remove filtered roles from array
641  $roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
642 
643  // determine status of each role (local role, changed policy, protected)
644 
645  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
646 
647  $local_roles = array();
648 
649  if (!empty($role_folder))
650  {
651  $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
652  }
653 
654  foreach ($roles as $key => $role)
655  {
656  // exclude system admin role from list
657  if ($role["obj_id"] == SYSTEM_ROLE_ID)
658  {
659  unset($roles[$key]);
660  continue;
661  }
662 
663  $this->roles[$role['obj_id']] = $role;
664 
665  // don't allow local policies for protected roles
666  $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
667 
668  if (!in_array($role["obj_id"],$local_roles))
669  {
670  $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
671  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
672  }
673  else
674  {
675  // no checkbox for local roles
676  if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
677  {
678  $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
679  }
680  else
681  {
682  $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
683  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
684  }
685  }
686 
687  // compute permission settings for each role
688  $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
689  foreach ($grouped_ops as $ops_group => $ops_data)
690  {
691  foreach ($ops_data as $key => $operation)
692  {
693  $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
694  }
695  }
696 
697  $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
698 
699  unset($grouped_ops);
700  }
701  }
702 
703  function __displayAddRoleForm()
704  {
705  // do not display this option for admin section and root node
706  $object_types_exclude = array("adm","root","objf","taxf");
707 
708  // can the current object contain a rolefolder?
709  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
710  if (!isset($subobjects["rolf"]))
711  {
712  return;
713  }
714 
715  if (!in_array($this->gui_obj->object->getType(),$object_types_exclude) and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
716  {
717  $this->tpl->addBlockFile("PERM_ADD_ROLE", "add_local_roles", "tpl.obj_perm_add_role.html");
718 
719  // fill in saved values in case of error
720  $data = array();
721  $data["fields"] = array();
722  $data["fields"]["title"] = $_SESSION["error_post_vars"]["Fobject"]["title"];
723  $data["fields"]["desc"] = $_SESSION["error_post_vars"]["Fobject"]["desc"];
724 
725  foreach ($data["fields"] as $key => $val)
726  {
727  $this->tpl->setVariable("TXT_LR_".strtoupper($key), $this->lng->txt($key));
728  $this->tpl->setVariable(strtoupper($key), $val);
729  }
730 
731  $this->tpl->setVariable("FORMACTION_LR",
732  $this->ctrl->getLinkTarget($this, "addRole"));
733  $this->tpl->setVariable("TXT_LR_HEADER", $this->lng->txt("you_may_add_local_roles"));
734  $this->tpl->setVariable("TXT_ADD_ROLE", $this->lng->txt("role_add_local"));
735  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
736  }
737  }
738 
739  function __showPermissionsGeneralSection()
740  {
741  global $objDefinition;
742 
743  $this->tpl->setCurrentBlock("perm_subtitle");
744  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
745  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
746  $this->tpl->setVariable("COLSPAN", $this->num_roles);
747  $this->tpl->parseCurrentBlock();
748 
749  foreach ($this->roles as $role)
750  {
751  foreach ($role['permissions']['general'] as $perm)
752  {
753  // exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
754  if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
755  {
756  continue;
757  }
758 
759  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
760 
761  $this->tpl->setCurrentBlock("perm_item");
762  $this->tpl->setVariable("PERM_CHECKBOX",$box);
763  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
764  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
765  {
766  $this->tpl->setVariable("PERM_TOOLTIP",
767  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
768  $this->gui_obj->object->getType()."_".$perm['name']));
769  }
770  else
771  {
772  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
773  }
774  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
775  $this->tpl->parseCurrentBlock();
776  }
777 
778  $this->tpl->setCurrentBlock("perm_table");
779  $this->tpl->parseCurrentBlock();
780  }
781 
782  $this->tpl->setCurrentBlock("perm_settings");
783  $this->tpl->parseCurrentBlock();
784  }
785 
786  function __showPermissionsObjectSection()
787  {
788  global $objDefinition;
789 
790  // create pointer to first role (only the permission list is needed)
791  reset($this->roles);
792  $first_role =& current($this->roles);
793 
794  if (count($first_role['permissions']['object'])) // check if object type has special operations
795  {
796  $this->tpl->setCurrentBlock("perm_subtitle");
797  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
798  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
799  $this->tpl->setVariable("COLSPAN", $this->num_roles);
800  $this->tpl->parseCurrentBlock();
801 
802  foreach ($this->roles as $role)
803  {
804  foreach ($role['permissions']['object'] as $perm)
805  {
806  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
807 
808  $this->tpl->setCurrentBlock("perm_item");
809  $this->tpl->setVariable("PERM_CHECKBOX",$box);
810  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
811  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
812  {
813  $this->tpl->setVariable("PERM_TOOLTIP",
814  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
815  $this->gui_obj->object->getType()."_".$perm['name']));
816  }
817  else
818  {
819  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
820  }
821  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
822  $this->tpl->parseCurrentBlock();
823  }
824 
825  $this->tpl->setCurrentBlock("perm_table");
826  $this->tpl->parseCurrentBlock();
827  }
828 
829  $this->tpl->setCurrentBlock("perm_settings");
830  $this->tpl->parseCurrentBlock();
831  }
832  }
833 
834  function __showPermissionsRBACSection()
835  {
836  global $objDefinition;
837 
838  $this->tpl->setCurrentBlock("perm_subtitle");
839  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
840  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
841  $this->tpl->setVariable("COLSPAN", $this->num_roles);
842  $this->tpl->parseCurrentBlock();
843 
844  foreach ($this->roles as $role)
845  {
846  foreach ($role['permissions']['rbac'] as $perm)
847  {
848  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
849 
850  $this->tpl->setCurrentBlock("perm_item");
851  $this->tpl->setVariable("PERM_CHECKBOX",$box);
852  $this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
853  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
854  {
855  $this->tpl->setVariable("PERM_TOOLTIP",
856  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
857  $this->gui_obj->object->getType()."_".$perm['name']));
858  }
859  else
860  {
861  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
862  }
863  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
864  $this->tpl->parseCurrentBlock();
865  }
866 
867  // use local policy flag
868  // offer option 'use local policy' only to those objects where this option is permitted
869  if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
870  {
871  if ($role['local_policy_allowed'])
872  {
873  $box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
874  $lang = $this->lng->txt("perm_use_local_policy")." (".
875  $this->lng->txt("stop_inheritance").")";
876  $lang_desc = $this->lng->txt("perm_use_local_policy_desc");
877  }
878  else
879  {
880  $box = '&nbsp;';
881  $lang = $this->lng->txt("perm_local_role");
882  $lang_desc = $this->lng->txt("perm_local_role_desc");
883  }
884 
885  $this->tpl->setCurrentBlock("perm_item");
886  $this->tpl->setVariable("PERM_CHECKBOX",$box);
887  $this->tpl->setVariable("PERM_NAME",$lang);
888  $this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
889  $this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
890  $this->tpl->parseCurrentBlock();
891  }
892 
893  $this->tpl->setCurrentBlock("perm_table");
894  $this->tpl->parseCurrentBlock();
895  }
896 
897  $this->tpl->setCurrentBlock("perm_settings");
898  $this->tpl->parseCurrentBlock();
899  }
900 
901  function __showPermissionsCreateSection()
902  {
903  global $objDefinition;
904 
905  // no create operation for roles/role templates in local role folders
906  // access is controlled by 'administrate' (change permission settings) only
907  if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
908  {
909  return;
910  }
911 
912  // create pointer to first role (only the permission list is needed)
913  reset($this->roles);
914  $first_role =& current($this->roles);
915 
916  if (count($first_role['permissions']['create'])) // check if object type has create operations
917  {
918  $this->tpl->setCurrentBlock("perm_subtitle");
919  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
920  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
921  $this->tpl->setVariable("COLSPAN", $this->num_roles);
922  $this->tpl->parseCurrentBlock();
923 
924  // add a checkbox 'select all' for create permissions of the following object types
925  $container_arr = array('cat','grp','crs','fold');
926 
927  if (in_array($this->gui_obj->object->getType(),$container_arr))
928  {
929  $chk_toggle_create = true;
930  }
931 
932  foreach ($this->roles as $role)
933  {
934  $ops_ids = array();
935 
936  foreach ($role['permissions']['create'] as $perm)
937  {
938  $ops_ids[] = $perm['ops_id'];
939  }
940 
941  if ($chk_toggle_create)
942  {
943  $this->tpl->setCurrentBlock('chk_toggle_create');
944  $this->tpl->setVariable('PERM_NAME',$this->lng->txt('check_all')."/".$this->lng->txt('uncheck_all'));
945  $this->tpl->setVariable('PERM_TOOLTIP',$this->lng->txt('check_all'));
946  $this->tpl->setVariable('ROLE_ID',$role['obj_id']);
947  $this->tpl->setVariable('JS_VARNAME','perm_'.$role['obj_id']);
948  $this->tpl->setVariable('JS_ONCLICK',ilUtil::array_php2js($ops_ids));
949  $this->tpl->parseCurrentBlock();
950  }
951 
952  foreach ($role['permissions']['create'] as $perm)
953  {
954  if ($perm["name"] == "create_icrs" and !$this->ilias->getSetting("ilinc_active"))
955  {
956  continue;
957  }
958 
959  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
960 
961  $this->tpl->setCurrentBlock("perm_item");
962  $this->tpl->setVariable("PERM_CHECKBOX",$box);
963  if ($objDefinition->isPlugin(substr($perm['name'],7)))
964  {
965  $this->tpl->setVariable("PERM_NAME",
966  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
967  "obj_".substr($perm['name'],7)));
968  $this->tpl->setVariable("PERM_TOOLTIP",
969  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
970  $this->gui_obj->object->getType()."_".$perm['name']));
971  }
972  else
973  {
974  $this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
975  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
976  }
977 
978  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
979  $this->tpl->parseCurrentBlock();
980  }
981 
982  $this->tpl->setCurrentBlock("perm_table");
983  $this->tpl->parseCurrentBlock();
984  }
985 
986  $this->tpl->setCurrentBlock("perm_settings");
987  $this->tpl->parseCurrentBlock();
988  }
989  }
990 } // END class.ilPermissionGUI
991 ?>