ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes
ilPermissionGUI Class Reference
Services/AccessControl

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

+ Inheritance diagram for ilPermissionGUI:
+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 __construct ($a_gui_obj)
 Constructor.
 getCurrentObject ()
 Get current object.
 perm (ilTable2GUI $table=NULL)
 show permission table
 applyRoleFilter ($a_roles, $a_filter_id)
 Apply filter to roles.
- Public Member Functions inherited from ilPermission2GUI
 executeCommand ()
 Execute command.
 perm ()
 show permissions of current node
 permSave ()
 save permissions
 initRoleForm ()
 displayAddRoleForm ()
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'.
__initTableGUI ()
 __setTableGUIBasicData (&$tbl, &$result_set, $a_from="")
 standard implementation for tables use 'from' variable use different initial setting of table
 __buildRoleFilterSelect ()
 __filterRoles ($a_roles, $a_filter)
 owner ()
 changeOwner ()
 info ()
 __initSubTabs ($a_cmd)
 getRolesData ()
 __showPermissionsGeneralSection ()
 __showPermissionsObjectSection ()
 __showPermissionsRBACSection ()
 __showPermissionsCreateSection ()
 log ()
 applyLogFilter ()
 resetLogFilter ()

Static Public Member Functions

static hasContainerCommands ($a_type)
 Check if container commands are possible for the current object type.

Protected Member Functions

 isAdminRoleFolder ()
 Check of current location is administration (main) role folder.
 applyFilter ()
 Apply filter.
 resetFilter ()
 Reset filter.
 savePermissions ()
 Save permissions.
 showConfirmBlockRole ($a_roles)
 Show block role confirmation screen.
 blockRoles ()
 Block role.
 initRoleFolder ($a_create=false)
 Init role folder of object.

Protected Attributes

 $current_obj = null
- Protected Attributes inherited from ilPermission2GUI
 $gui_obj = null
 $ilErr = null
 $ctrl = null
 $lng = null

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

ilPermissionGUI: ilObjRoleGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

ilPermissionGUI::__construct (   $a_gui_obj)

Constructor.

Parameters
object$a_gui_obj
Returns

Reimplemented from ilPermission2GUI.

Definition at line 28 of file class.ilPermissionGUI.php.

{
parent::__construct($a_gui_obj);
}

Member Function Documentation

ilPermissionGUI::applyFilter ( )
protected

Apply filter.

Returns

Definition at line 83 of file class.ilPermissionGUI.php.

References getCurrentObject(), and ilPermission2GUI\perm().

{
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
$table->resetOffset();
$table->writeFilterToSession();
return $this->perm($table);
}

+ Here is the call graph for this function:

ilPermissionGUI::applyRoleFilter (   $a_roles,
  $a_filter_id 
)

Apply filter to roles.

Parameters
int$a_filter_id
Returns

Definition at line 111 of file class.ilPermissionGUI.php.

References ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

{
global $rbacreview;
// Always delete administrator role from view
if(isset($a_roles[SYSTEM_ROLE_ID]))
{
unset($a_roles[SYSTEM_ROLE_ID]);
}
switch ($a_filter_id)
{
// all roles in context
case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
return $a_roles;
// only global roles
case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
$arr_global_roles = $rbacreview->getGlobalRoles();
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
// only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
$arr_global_roles = $rbacreview->getGlobalRoles();
foreach ($arr_global_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
break;
// only roles which use a local policy
case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if (!$role_folder)
{
return array();
}
$arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
// only true local role defined at current position
case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if (!$role_folder)
{
return array();
}
$arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
default:
return $a_roles;
}
}

+ Here is the caller graph for this function:

ilPermissionGUI::blockRoles ( )
protected

Block role.

Returns

Definition at line 379 of file class.ilPermissionGUI.php.

References $_POST, getCurrentObject(), and ilUtil\sendInfo().

{
global $rbacadmin,$rbacreview;
$rolf = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
$p_roles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId());
$roles = $_POST['roles'];
foreach($roles as $role)
{
// Set assign to 'y' only if it is a local role
$assign = $rbacreview->isAssignable($role, $rolf) ? 'y' : 'n';
// Delete permissions
$rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
// Delete template permissions
$rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
$rbacadmin->assignRoleToFolder(
$role,
$rolf,
$assign
);
}
ilUtil::sendInfo($this->lng->txt('settings_saved'));
$this->ctrl->redirect($this,'perm');
}

+ Here is the call graph for this function:

ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns

Definition at line 37 of file class.ilPermissionGUI.php.

Referenced by applyFilter(), blockRoles(), initRoleFolder(), isAdminRoleFolder(), perm(), resetFilter(), and savePermissions().

{
return $this->gui_obj->object;
}

+ Here is the caller graph for this function:

static ilPermissionGUI::hasContainerCommands (   $a_type)
static

Check if container commands are possible for the current object type.

Parameters
object$a_type
Returns

Definition at line 435 of file class.ilPermissionGUI.php.

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

{
global $objDefinition;
return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
}

+ Here is the caller graph for this function:

ilPermissionGUI::initRoleFolder (   $a_create = false)
protected

Init role folder of object.

Parameters
object$a_create[optional]
Returns

Definition at line 416 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by savePermissions().

{
global $rbacreview;
$rolf_id = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
if($rolf_id)
{
return $rolf_id;
}
$rolf = $this->getCurrentObject()->createRoleFolder();
return $rolf->getRefId();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::isAdminRoleFolder ( )
protected

Check of current location is administration (main) role folder.

Returns

Definition at line 74 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by perm().

{
return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::perm ( ilTable2GUI  $table = NULL)

show permission table

Returns

Definition at line 46 of file class.ilPermissionGUI.php.

References ilPermission2GUI\__initSubTabs(), getCurrentObject(), and isAdminRoleFolder().

{
global $objDefinition, $ilToolbar;
if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and !$this->isAdminRoleFolder())
{
// Show new role button
$ilToolbar->setFormAction($this->ctrl->getFormAction($this));
$ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
}
$this->__initSubTabs("perm");
if(!$table instanceof ilTable2GUI)
{
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
}
$table->parse();
$this->tpl->setContent($table->getHTML());
}

+ Here is the call graph for this function:

ilPermissionGUI::resetFilter ( )
protected

Reset filter.

Returns

Definition at line 96 of file class.ilPermissionGUI.php.

References getCurrentObject(), and ilPermission2GUI\perm().

{
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
$table->resetOffset();
$table->resetFilter();
return $this->perm($table);
}

+ Here is the call graph for this function:

ilPermissionGUI::savePermissions ( )
protected

Save permissions.

Returns

Definition at line 200 of file class.ilPermissionGUI.php.

References $_POST, $log, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), hasContainerCommands(), initRoleFolder(), ilRbacReview\lookupCreateOperationIds(), ilPermission2GUI\perm(), ilUtil\sendSuccess(), and showConfirmBlockRole().

{
global $rbacreview,$objDefinition,$rbacadmin;
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
$roles = $this->applyRoleFilter(
$rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
$table->getFilterItemByPostVar('role')->getValue()
);
// Log history
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
# all possible create permissions
$possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
$this->getCurrentObject()->getType(),
'create'
);
# createable (activated) create permissions
$create_types = $objDefinition->getCreatableSubObjects(
$this->getCurrentObject()->getType()
);
$createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
foreach((array) $roles as $role => $role_data)
{
if($role_data['protected'])
{
continue;
}
$new_ops = array_keys((array) $_POST['perm'][$role]);
$old_ops = $rbacreview->getRoleOperationsOnObject(
$role,
$this->getCurrentObject()->getRefId()
);
// Add operations which were enabled and are not activated.
foreach($possible_ops_ids as $create_ops_id)
{
if(in_array($create_ops_id,$createable_ops_ids))
{
continue;
}
if(in_array($create_ops_id,$old_ops))
{
$new_ops[] = $create_ops_id;
}
}
$rbacadmin->revokePermission(
$this->getCurrentObject()->getRefId(),
$role
);
$rbacadmin->grantPermission(
$role,
array_unique($new_ops),
$this->getCurrentObject()->getRefId()
);
}
// Handle local policies.
$rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
$relevant_roles = array_intersect(
$rbacreview->getRolesOfRoleFolder($rolf_id),
array_keys($roles)
);
if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
{
foreach($roles as $role)
{
// No action for local roles
if($role['parent'] == $rolf_id and $role['assign'] == 'y')
{
continue;
}
// Nothing for protected roles
if($role['protected'])
{
continue;
}
// Stop local policy
if($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']]))
{
$role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
$role_obj->setParent($rolf_id);
$role_obj->delete();
continue;
}
// Add local policy
if($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']]))
{
$rbacadmin->copyRoleTemplatePermissions(
$role['obj_id'],
$role['parent'],
$rolf_id,
$role['obj_id']
);
$rbacadmin->assignRoleToFolder($role['obj_id'],$rolf_id,'n');
}
}
}
// Protect permissions
if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
{
foreach($roles as $role)
{
if($rbacreview->isAssignable($role['obj_id'], $rolf_id))
{
if(isset($_POST['protect'][$role['obj_id']]) and
!$rbacreview->isProtected($rolf_id, $role['obj_id']))
{
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
}
elseif(!isset($_POST['protect'][$role['obj_id']]) and
$rbacreview->isProtected($rolf_id, $role['obj_id']))
{
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
}
}
}
}
$log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
$log = ilRbacLog::diffFaPa($log_old, $log_new);
ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
if(count((array) $_POST['block']))
{
return $this->showConfirmBlockRole(array_keys($_POST['block']));
}
ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
#$this->ctrl->redirect($this,'perm');
$this->perm();
}

+ Here is the call graph for this function:

ilPermissionGUI::showConfirmBlockRole (   $a_roles)
protected

Show block role confirmation screen.

Parameters
array$a_roles
Returns

Definition at line 351 of file class.ilPermissionGUI.php.

References ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

{
ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
$confirm = new ilConfirmationGUI();
$confirm->setFormAction($this->ctrl->getFormAction($this));
$confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
$confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
$confirm->setCancel($this->lng->txt('cancel'), 'perm');
foreach($a_roles as $role_id)
{
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$confirm->addItem(
'roles[]',
$role_id,
ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
}
$this->tpl->setContent($confirm->getHTML());
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Field Documentation

ilPermissionGUI::$current_obj = null
protected

Definition at line 21 of file class.ilPermissionGUI.php.

The documentation for this class was generated from the following file: