ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  protected $current_obj = null;
22 
28  public function __construct($a_gui_obj)
29  {
30  parent::__construct($a_gui_obj);
31  }
32 
37  public function getCurrentObject()
38  {
39  return $this->gui_obj->object;
40  }
41 
46  public function perm(ilTable2GUI $table = NULL )
47  {
48  global $objDefinition, $ilToolbar;
49 
50  if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and !$this->isAdminRoleFolder())
51  {
52  // Show new role button
53  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
54  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
55  }
56 
57  $this->__initSubTabs("perm");
58 
59  if(!$table instanceof ilTable2GUI)
60  {
61  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
62  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
63  }
64  $table->parse();
65  $this->tpl->setContent($table->getHTML());
66  }
67 
68 
69 
74  protected function isAdminRoleFolder()
75  {
76  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
77  }
78 
83  protected function applyFilter()
84  {
85  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
86  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
87  $table->resetOffset();
88  $table->writeFilterToSession();
89  return $this->perm($table);
90  }
91 
96  protected function resetFilter()
97  {
98  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
99  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
100  $table->resetOffset();
101  $table->resetFilter();
102 
103  return $this->perm($table);
104  }
105 
111  public function applyRoleFilter($a_roles, $a_filter_id)
112  {
113  global $rbacreview;
114 
115  // Always delete administrator role from view
116  if(isset($a_roles[SYSTEM_ROLE_ID]))
117  {
118  unset($a_roles[SYSTEM_ROLE_ID]);
119  }
120 
121  switch ($a_filter_id)
122  {
123  // all roles in context
124  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
125 
126  return $a_roles;
127 
128  // only global roles
129  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
130 
131  $arr_global_roles = $rbacreview->getGlobalRoles();
132  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
133 
134  foreach ($arr_remove_roles as $role_id)
135  {
136  unset($a_roles[$role_id]);
137  }
138  return $a_roles;
139 
140  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
141  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
142  $arr_global_roles = $rbacreview->getGlobalRoles();
143 
144  foreach ($arr_global_roles as $role_id)
145  {
146  unset($a_roles[$role_id]);
147  }
148 
149  return $a_roles;
150  break;
151 
152  // only roles which use a local policy
153  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
154  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
155 
156  if (!$role_folder)
157  {
158  return array();
159  }
160 
161  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
162  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
163 
164  foreach ($arr_remove_roles as $role_id)
165  {
166  unset($a_roles[$role_id]);
167  }
168 
169  return $a_roles;
170 
171  // only true local role defined at current position
172  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
173 
174  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
175 
176  if (!$role_folder)
177  {
178  return array();
179  }
180 
181  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
182  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
183 
184  foreach ($arr_remove_roles as $role_id)
185  {
186  unset($a_roles[$role_id]);
187  }
188 
189  return $a_roles;
190 
191  default:
192  return $a_roles;
193  }
194  }
195 
200  protected function savePermissions()
201  {
202  global $rbacreview,$objDefinition,$rbacadmin;
203 
204  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
205  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
206 
207  $roles = $this->applyRoleFilter(
208  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
209  $table->getFilterItemByPostVar('role')->getValue()
210  );
211 
212  // Log history
213  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
214  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
215 
216 
217  # all possible create permissions
218  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
219  $this->getCurrentObject()->getType(),
220  'create'
221  );
222 
223  # createable (activated) create permissions
224  $create_types = $objDefinition->getCreatableSubObjects(
225  $this->getCurrentObject()->getType()
226  );
227  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
228 
229  foreach((array) $roles as $role => $role_data)
230  {
231  if($role_data['protected'])
232  {
233  continue;
234  }
235 
236  $new_ops = array_keys((array) $_POST['perm'][$role]);
237  $old_ops = $rbacreview->getRoleOperationsOnObject(
238  $role,
239  $this->getCurrentObject()->getRefId()
240  );
241 
242  // Add operations which were enabled and are not activated.
243  foreach($possible_ops_ids as $create_ops_id)
244  {
245  if(in_array($create_ops_id,$createable_ops_ids))
246  {
247  continue;
248  }
249  if(in_array($create_ops_id,$old_ops))
250  {
251  $new_ops[] = $create_ops_id;
252  }
253  }
254 
255  $rbacadmin->revokePermission(
256  $this->getCurrentObject()->getRefId(),
257  $role
258  );
259 
260  $rbacadmin->grantPermission(
261  $role,
262  array_unique($new_ops),
263  $this->getCurrentObject()->getRefId()
264  );
265  }
266 
267  // Handle local policies.
268  $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
269  $relevant_roles = array_intersect(
270  $rbacreview->getRolesOfRoleFolder($rolf_id),
271  array_keys($roles)
272  );
273 
274  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
275  {
276  foreach($roles as $role)
277  {
278  // No action for local roles
279  if($role['parent'] == $rolf_id and $role['assign'] == 'y')
280  {
281  continue;
282  }
283  // Nothing for protected roles
284  if($role['protected'])
285  {
286  continue;
287  }
288  // Stop local policy
289  if($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']]))
290  {
291  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
292  $role_obj->setParent($rolf_id);
293  $role_obj->delete();
294  continue;
295  }
296  // Add local policy
297  if($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']]))
298  {
299  $rbacadmin->copyRoleTemplatePermissions(
300  $role['obj_id'],
301  $role['parent'],
302  $rolf_id,
303  $role['obj_id']
304  );
305  $rbacadmin->assignRoleToFolder($role['obj_id'],$rolf_id,'n');
306  }
307  }
308  }
309 
310  // Protect permissions
311  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
312  {
313  foreach($roles as $role)
314  {
315  if($rbacreview->isAssignable($role['obj_id'], $rolf_id))
316  {
317  if(isset($_POST['protect'][$role['obj_id']]) and
318  !$rbacreview->isProtected($rolf_id, $role['obj_id']))
319  {
320  $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
321  }
322  elseif(!isset($_POST['protect'][$role['obj_id']]) and
323  $rbacreview->isProtected($rolf_id, $role['obj_id']))
324  {
325  $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
326  }
327  }
328  }
329  }
330 
331  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
332  $log = ilRbacLog::diffFaPa($log_old, $log_new);
333  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
334 
335  if(count((array) $_POST['block']))
336  {
337  return $this->showConfirmBlockRole(array_keys($_POST['block']));
338  }
339 
340 
341  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
342  #$this->ctrl->redirect($this,'perm');
343  $this->perm();
344  }
345 
351  protected function showConfirmBlockRole($a_roles)
352  {
353  ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
354 
355  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
356  $confirm = new ilConfirmationGUI();
357  $confirm->setFormAction($this->ctrl->getFormAction($this));
358  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
359  $confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
360  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
361 
362  foreach($a_roles as $role_id)
363  {
364  include_once './Services/AccessControl/classes/class.ilObjRole.php';
365  $confirm->addItem(
366  'roles[]',
367  $role_id,
368  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
369  }
370 
371  $this->tpl->setContent($confirm->getHTML());
372 
373  }
374 
379  protected function blockRoles()
380  {
381  global $rbacadmin,$rbacreview;
382 
383  $rolf = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
384 
385  $p_roles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId());
386 
387  $roles = $_POST['roles'];
388  foreach($roles as $role)
389  {
390  // Set assign to 'y' only if it is a local role
391  $assign = $rbacreview->isAssignable($role, $rolf) ? 'y' : 'n';
392 
393  // Delete permissions
394  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
395 
396  // Delete template permissions
397  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
398 
399 
400  $rbacadmin->assignRoleToFolder(
401  $role,
402  $rolf,
403  $assign
404  );
405  }
406 
407  ilUtil::sendInfo($this->lng->txt('settings_saved'));
408  $this->ctrl->redirect($this,'perm');
409  }
410 
416  protected function initRoleFolder($a_create = false)
417  {
418  global $rbacreview;
419 
420  $rolf_id = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
421 
422  if($rolf_id)
423  {
424  return $rolf_id;
425  }
426  $rolf = $this->getCurrentObject()->createRoleFolder();
427  return $rolf->getRefId();
428  }
429 
435  public static function hasContainerCommands($a_type)
436  {
437  global $objDefinition;
438 
439  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
440  }
441 }
442 ?>