ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermission2GUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
17 class ilPermission2GUI
18 {
19  protected $gui_obj = null;
20  protected $ilErr = null;
21  protected $ctrl = null;
22  protected $lng = null;
23 
24  public function __construct($a_gui_obj)
25  {
26  global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
27 
28  if (!isset($ilErr))
29  {
30  $ilErr = new ilErrorHandling();
31  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
32  }
33  else
34  {
35  $this->ilErr =& $ilErr;
36  }
37 
38  $this->objDefinition =& $objDefinition;
39  $this->tpl =& $tpl;
40  $this->lng =& $lng;
41  $this->lng->loadLanguageModule("rbac");
42 
43  $this->ctrl =& $ilCtrl;
44 
45  $this->gui_obj = $a_gui_obj;
46 
47  $this->roles = array();
48  $this->num_roles = 0;
49  }
50 
51 
56  public function executeCommand()
57  {
58  global $rbacsystem, $ilErr;
59 
60  // access to all functions in this class are only allowed if edit_permission is granted
61  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
62  {
63  $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
64  }
65 
66  $next_class = $this->ctrl->getNextClass($this);
67 
68  switch($next_class)
69  {
70  case "ilobjrolegui":
71  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
72  $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
73  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
74  $ret = $this->ctrl->forwardCommand($this->gui_obj);
75  break;
76 
77  case 'ildidactictemplategui':
78  $this->ctrl->setReturn($this,'perm');
79  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
80  $did = new ilDidacticTemplateGUI($this->gui_obj);
81  $this->ctrl->forwardCommand($did);
82  break;
83 
84  default:
85  $cmd = $this->ctrl->getCmd();
86  $this->$cmd();
87  break;
88  }
89 
90  return true;
91  }
92 
93 
99  function permSave()
100  {
101  global $rbacreview, $rbacadmin, $rbacsystem;
102 
103  $this->getRolesData();
104 
105  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
106  $log_old = ilRbacLog::gatherFaPa($this->gui_obj->object->getRefId(), array_keys($this->roles));
107 
108  // only revoke permission of roles that are not filtered
109  foreach($this->roles as $role_id => $data)
110  {
111  $rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
112  }
113 
114  if (is_array($_POST["perm"]))
115  {
116  foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
117  {
118  $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
119  }
120  }
121 
122  // update object data entry (to update last modification date)
123  $this->gui_obj->object->update();
124 
125  // Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
126  // muss folgendes geschehen:
127  // - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
128  // - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
129  // - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
130  // und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
131 
132  // get rolefolder data if a rolefolder already exists
133  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
134  $rolf_id = $rolf_data["child"];
135 
136  $stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
137 
138  if ($stop_inherit_roles)
139  {
140  // rolefolder does not exist, so create one
141  if (empty($rolf_id))
142  {
143  // create a local role folder
144  $rfoldObj = $this->gui_obj->object->createRoleFolder();
145 
146  // set rolf_id again from new rolefolder object
147  $rolf_id = $rfoldObj->getRefId();
148  }
149 
150  $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
151 
152  foreach ($stop_inherit_roles as $stop_inherit)
153  {
154  // create role entries for roles with stopped inheritance
155  if (!in_array($stop_inherit,$roles_of_folder))
156  {
157  $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
158  $rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit]["parent"],
159  $rolf_id,$stop_inherit);
160  $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
161  }
162  }// END FOREACH
163  }// END STOP INHERIT
164 
165  if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
166  {
167  // get roles where inheritance is stopped was cancelled
168  $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
169  $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
170 
171  // Only delete local policies for filtered roles
172  $linked_roles_to_remove = (array) array_intersect(
173  (array) $linked_roles_to_remove,
174  (array) array_keys($this->roles));
175 
176  // remove roles where stopped inheritance is cancelled and purge rolefolder if empty
177  foreach ($linked_roles_to_remove as $role_id)
178  {
179  if ($rbacreview->isProtected($rolf_id,$role_id))
180  {
181  continue;
182  }
183 
184  $role_obj = ilObjectFactory::getInstanceByObjId($role_id);
185  $role_obj->setParent($rolf_id);
186  $role_obj->delete();
187  unset($role_obj);
188  }
189  }
190 
191  $log_new = ilRbacLog::gatherFaPa($this->gui_obj->object->getRefId(), array_keys($this->roles));
192  $log = ilRbacLog::diffFaPa($log_old, $log_new);
193  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->gui_obj->object->getRefId(), $log);
194 
195  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
196 
197  // redirect to default page if user revokes himself access to the permission panel
198  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
199  {
200  $this->ctrl->redirect($this->gui_obj);
201  }
202 
203  $this->ctrl->redirect($this,'perm');
204  }
205 
206  function initRoleForm()
207  {
208  global $rbacreview,$objDefinition;
209 
210  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
211  $form = new ilPropertyFormGUI();
212  $form->setFormAction($this->ctrl->getFormAction($this));
213  $form->setTitle($this->lng->txt('role_new'));
214  $form->addCommandButton('addrole',$this->lng->txt('role_new'));
215  $form->addCommandButton('perm', $this->lng->txt('cancel'));
216 
217  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
218  $title->setValidationRegexp('/^(?!il_).*$/');
219  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
220  $title->setSize(40);
221  $title->setMaxLength(70);
222  $title->setRequired(true);
223  $form->addItem($title);
224 
225  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
226  $desc->setCols(40);
227  $desc->setRows(3);
228  $form->addItem($desc);
229 
230  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
231  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
232  $pro->setValue(1);
233  $form->addItem($pro);
234 
235  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
236  $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
237  $pd->setValue(1);
238  $form->addItem($pd);
239 
240  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
241  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
242  $rights->addOption($option);
243 
244  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
245  $ids = array();
246  foreach($parent_role_ids as $id => $tmp)
247  {
248  $ids[] = $id;
249  }
250 
251  // Sort ids
252  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
253 
254  // Sort roles by title
255  $sorted_roles = ilUtil::sortArray(array_values($parent_role_ids), 'title', ASC);
256  $key = 0;
257 
258  foreach($sorted_ids as $id)
259  {
260  $par = $parent_role_ids[$id];
261  if ($par["obj_id"] != SYSTEM_ROLE_ID)
262  {
263  include_once './Services/AccessControl/classes/class.ilObjRole.php';
264  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
265  $option->setInfo($par["desc"]);
266  $rights->addOption($option);
267  }
268  $key++;
269  }
270  $form->addItem($rights);
271 
272  // Local policy only for containers
273  if($objDefinition->isContainer($this->getCurrentObject()->getType()))
274  {
275  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
276  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
277  $form->addItem($check);
278 
279  }
280 
281  return $form;
282  }
283 
284  function displayAddRoleForm()
285  {
286  $form = $this->initRoleForm();
287  $this->tpl->setContent($form->getHTML());
288  }
289 
297  function addRole()
298  {
299  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
300 
301  $form = $this->initRoleForm();
302  if($form->checkInput())
303  {
304  $new_title = $form->getInput("title");
305  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
306  if($rolf_data['child'])
307  {
308  foreach($rbacreview->getRolesOfRoleFolder($rolf_data['child']) as $role_id)
309  {
310  if(trim($new_title) == ilObject::_lookupTitle($role_id))
311  {
312  $ilErr->raiseError($this->lng->txt('rbac_role_exists_alert'),$ilErr->MESSAGE);
313  }
314  }
315  }
316 
317  // if the current object is no role folder, create one
318  if ($this->gui_obj->object->getType() != "rolf")
319  {
320  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
321 
322  // is there already a rolefolder?
323  if (!($rolf_id = $rolf_data["child"]))
324  {
325  // can the current object contain a rolefolder?
326  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
327 
328  if (!isset($subobjects["rolf"]))
329  {
330  ilUtil::sendFailure($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
331  $this->lng->txt("msg_no_rolf_allowed2"), true);
332  $ilCtrl->redirect($this, "perm");
333  }
334 
335  // create a rolefolder
336  $rolfObj = $this->gui_obj->object->createRoleFolder();
337  $rolf_id = $rolfObj->getRefId();
338  }
339  }
340  else
341  {
342  // Current object is already a rolefolder. To create the role we take its reference id
343  $rolf_id = $this->gui_obj->object->getRefId();
344  }
345 
346  // create role
347  if ($this->gui_obj->object->getType() == "rolf")
348  {
349  $roleObj = $this->gui_obj->object->createRole($new_title, $form->getInput("desc"));
350  }
351  else
352  {
353  $rfoldObj = ilObjectFactory::getInstanceByRefId($rolf_id);
354  $roleObj = $rfoldObj->createRole($new_title, $form->getInput("desc"));
355  }
356 
357  // protect
358  $rbacadmin->setProtected(
359  $rolf_id,
360  $roleObj->getId(),
361  $form->getInput('pro') ? 'y' : 'n'
362  );
363 
364  // copy rights
365  $right_id_to_copy = $form->getInput("rights");
366  if($right_id_to_copy)
367  {
368  $parentRoles = $rbacreview->getParentRoleIds($rolf_id,true);
369  $rbacadmin->copyRoleTemplatePermissions(
370  $right_id_to_copy,
371  $parentRoles[$right_id_to_copy]["parent"],
372  $rolf_id,
373  $roleObj->getId(),
374  false);
375 
376  if($form->getInput('existing'))
377  {
378  if($form->getInput('pro'))
379  {
380  $roleObj->changeExistingObjects(
381  $this->gui_obj->object->getRefId(),
382  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
383  array('all')
384  );
385  }
386  else
387  {
388  $roleObj->changeExistingObjects(
389  $this->gui_obj->object->getRefId(),
390  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
391  array('all')
392  );
393  }
394  }
395  }
396 
397  // add to desktop items
398  if($form->getInput("desktop"))
399  {
400  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
401  $role_desk_item_obj =& new ilRoleDesktopItem($roleObj->getId());
402  $role_desk_item_obj->add($this->gui_obj->object->getRefId(),ilObject::_lookupType($this->gui_obj->object->getRefId(),true));
403  }
404 
405  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
406  $this->ctrl->redirect($this,'perm');
407  }
408  else
409  {
410  $form->setValuesByPost();
411  $this->tpl->setContent($form->getHTML());
412  }
413  }
414 
415  function &__initTableGUI()
416  {
417  include_once "Services/Table/classes/class.ilTableGUI.php";
418 
419  return new ilTableGUI(0,false);
420  }
421 
427  function __setTableGUIBasicData(&$tbl,&$result_set,$a_from = "")
428  {
429  switch ($a_from)
430  {
431  case "clipboardObject":
432  $offset = $_GET["offset"];
433  $order = $_GET["sort_by"];
434  $direction = $_GET["sort_order"];
435  $tbl->disable("footer");
436  break;
437 
438  default:
439  $offset = $_GET["offset"];
440  $order = $_GET["sort_by"];
441  $direction = $_GET["sort_order"];
442  break;
443  }
444 
445  $tbl->setOrderColumn($order);
446  $tbl->setOrderDirection($direction);
447  $tbl->setOffset($offset);
448  $tbl->setLimit($_GET["limit"]);
449  $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
450  $tbl->setData($result_set);
451  }
452 
453 
454  function __buildRoleFilterSelect()
455  {
456  $action[1] = $this->lng->txt('filter_all_roles');
457  $action[2] = $this->lng->txt('filter_global_roles');
458  $action[3] = $this->lng->txt('filter_local_roles');
459  $action[4] = $this->lng->txt('filter_roles_local_policy');
460  $action[5] = $this->lng->txt('filter_local_roles_object');
461  return ilUtil::formSelect($_SESSION['perm_filtered_roles'], "filter",$action,false,true);
462  }
463 
464 
465  function __filterRoles($a_roles,$a_filter)
466  {
467  global $rbacreview;
468 
469  switch ($a_filter)
470  {
471  case 1: // all roles in context
472  return $a_roles;
473  break;
474 
475  case 2: // only global roles
476  $arr_global_roles = $rbacreview->getGlobalRoles();
477  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
478 
479  foreach ($arr_remove_roles as $role_id)
480  {
481  unset($a_roles[$role_id]);
482  }
483 
484  return $a_roles;
485  break;
486 
487  case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
488  $arr_global_roles = $rbacreview->getGlobalRoles();
489 
490  foreach ($arr_global_roles as $role_id)
491  {
492  unset($a_roles[$role_id]);
493  }
494 
495  return $a_roles;
496  break;
497 
498  case 4: // only roles which use a local policy
499  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
500 
501  if (!$role_folder)
502  {
503  return array();
504  }
505 
506  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
507  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
508 
509  foreach ($arr_remove_roles as $role_id)
510  {
511  unset($a_roles[$role_id]);
512  }
513 
514  return $a_roles;
515  break;
516 
517  case 5: // only true local role defined at current position
518 
519  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
520 
521  if (!$role_folder)
522  {
523  return array();
524  }
525 
526  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
527  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
528 
529  foreach ($arr_remove_roles as $role_id)
530  {
531  unset($a_roles[$role_id]);
532  }
533 
534  return $a_roles;
535  break;
536  }
537 
538  return $a_roles;
539  }
540 
541  // show owner sub tab
542  function owner()
543  {
544  global $ilObjDataCache,$ilUser;
545 
546  $this->__initSubTabs("owner");
547 
548  $this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.obj_owner.html');
549 
550  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
551  $this->tpl->setVariable("USERNAME",ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
552  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_usr.gif'));
553  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('owner'));
554  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('info_owner_of_object'));
555  $this->tpl->setVariable("BTN_CHOWN",$this->lng->txt('change_owner'));
556  $this->tpl->setVariable("TXT_USERNAME",$this->lng->txt('username'));
557  $this->tpl->setVariable("CHOWN_WARNING",$this->lng->txt('chown_warning'));
558  }
559 
560  function changeOwner()
561  {
562  global $rbacsystem,$ilErr,$ilObjDataCache;
563 
564  if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
565  {
566  ilUtil::sendFailure($this->lng->txt('user_not_known'));
567  $this->owner();
568  return true;
569  }
570 
571  $this->gui_obj->object->setOwner($user_id);
572  $this->gui_obj->object->updateOwner();
573  $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
574  ilUtil::sendSuccess($this->lng->txt('owner_updated'),true);
575 
576  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
577  if(ilRbacLog::isActive())
578  {
579  ilRbacLog::add(ilRbacLog::CHANGE_OWNER, $this->gui_obj->object->getRefId(), array($user_id));
580  }
581 
582  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
583  {
584  $this->ctrl->redirect($this->gui_obj);
585  return true;
586  }
587 
588  $this->ctrl->redirect($this,'owner');
589  return true;
590 
591  }
592 
593  // init permission query feature
594  function info()
595  {
596  $this->__initSubTabs("info");
597 
598  include_once('classes/class.ilObjectStatusGUI.php');
599 
600  $ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
601 
602  $this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
603  }
604 
605  // init sub tabs
606  function __initSubTabs($a_cmd)
607  {
608  global $ilTabs;
609 
610  $perm = ($a_cmd == 'perm') ? true : false;
611  $info = ($a_cmd == 'info') ? true : false;
612  $owner = ($a_cmd == 'owner') ? true : false;
613  $log = ($a_cmd == 'log') ? true : false;
614 
615  $ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
616  "", "", "", $perm);
617 
618  #$ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm2"),
619  # "", "", "", $perm);
620 
621  $ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
622  "", "", "", $info);
623  $ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
624  "", "", "", $owner);
625 
626  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
627  if(ilRbacLog::isActive())
628  {
629  $ilTabs->addSubTabTarget("log", $this->ctrl->getLinkTarget($this, "log"),
630  "", "", "", $log);
631  }
632  }
633 
634  function getRolesData()
635  {
636  global $rbacsystem, $rbacreview, $tree;
637 
638  // first get all roles in
639  $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
640 
641  // filter roles
642  $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
643 
644  // set default filter (all roles) if no filter is set
645  if ($_SESSION['perm_filtered_roles'] == 0)
646  {
647  if ($tree->checkForParentType($this->gui_obj->object->getRefId(),'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),'grp'))
648  $_SESSION['perm_filtered_roles'] = 3;
649  else
650  $_SESSION['perm_filtered_roles'] = 1;
651  }
652 
653 
654  // remove filtered roles from array
655  $roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
656 
657  // determine status of each role (local role, changed policy, protected)
658 
659  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
660 
661  $local_roles = array();
662 
663  if (!empty($role_folder))
664  {
665  $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
666  }
667 
668  foreach ($roles as $key => $role)
669  {
670  // exclude system admin role from list
671  if ($role["obj_id"] == SYSTEM_ROLE_ID)
672  {
673  unset($roles[$key]);
674  continue;
675  }
676 
677  $this->roles[$role['obj_id']] = $role;
678 
679  // don't allow local policies for protected roles
680  $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
681 
682  if (!in_array($role["obj_id"],$local_roles))
683  {
684  $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
685  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
686  }
687  else
688  {
689  // no checkbox for local roles
690  if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
691  {
692  $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
693  }
694  else
695  {
696  $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
697  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
698  }
699  }
700 
701  // compute permission settings for each role
702  $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
703  foreach ($grouped_ops as $ops_group => $ops_data)
704  {
705  foreach ($ops_data as $key => $operation)
706  {
707  $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
708  }
709  }
710 
711  $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
712 
713  unset($grouped_ops);
714  }
715  }
716 
717  function __showPermissionsGeneralSection()
718  {
719  global $objDefinition;
720 
721  $this->tpl->setCurrentBlock("perm_subtitle");
722  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
723  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
724  $this->tpl->setVariable("COLSPAN", $this->num_roles);
725  $this->tpl->parseCurrentBlock();
726 
727  foreach ($this->roles as $role)
728  {
729  foreach ($role['permissions']['general'] as $perm)
730  {
731  // exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
732  if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
733  {
734  continue;
735  }
736 
737  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
738 
739  $this->tpl->setCurrentBlock("perm_item");
740  $this->tpl->setVariable("PERM_CHECKBOX",$box);
741  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
742  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
743  {
744  $this->tpl->setVariable("PERM_TOOLTIP",
745  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
746  $this->gui_obj->object->getType()."_".$perm['name']));
747  }
748  else
749  {
750  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
751  }
752  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
753  $this->tpl->parseCurrentBlock();
754  }
755 
756  $this->tpl->setCurrentBlock("perm_table");
757  $this->tpl->parseCurrentBlock();
758  }
759 
760  $this->tpl->setCurrentBlock("perm_settings");
761  $this->tpl->parseCurrentBlock();
762  }
763 
764  function __showPermissionsObjectSection()
765  {
766  global $objDefinition;
767 
768  // create pointer to first role (only the permission list is needed)
769  reset($this->roles);
770  $first_role =& current($this->roles);
771 
772  if (count($first_role['permissions']['object'])) // check if object type has special operations
773  {
774  $this->tpl->setCurrentBlock("perm_subtitle");
775  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
776  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
777  $this->tpl->setVariable("COLSPAN", $this->num_roles);
778  $this->tpl->parseCurrentBlock();
779 
780  foreach ($this->roles as $role)
781  {
782  foreach ($role['permissions']['object'] as $perm)
783  {
784  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
785 
786  $this->tpl->setCurrentBlock("perm_item");
787  $this->tpl->setVariable("PERM_CHECKBOX",$box);
788  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
789  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
790  {
791  $this->tpl->setVariable("PERM_TOOLTIP",
792  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
793  $this->gui_obj->object->getType()."_".$perm['name']));
794  }
795  else
796  {
797  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
798  }
799  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
800  $this->tpl->parseCurrentBlock();
801  }
802 
803  $this->tpl->setCurrentBlock("perm_table");
804  $this->tpl->parseCurrentBlock();
805  }
806 
807  $this->tpl->setCurrentBlock("perm_settings");
808  $this->tpl->parseCurrentBlock();
809  }
810  }
811 
812  function __showPermissionsRBACSection()
813  {
814  global $objDefinition;
815 
816  $this->tpl->setCurrentBlock("perm_subtitle");
817  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
818  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
819  $this->tpl->setVariable("COLSPAN", $this->num_roles);
820  $this->tpl->parseCurrentBlock();
821 
822  foreach ($this->roles as $role)
823  {
824  foreach ($role['permissions']['rbac'] as $perm)
825  {
826  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
827 
828  $this->tpl->setCurrentBlock("perm_item");
829  $this->tpl->setVariable("PERM_CHECKBOX",$box);
830  $this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
831  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
832  {
833  $this->tpl->setVariable("PERM_TOOLTIP",
834  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
835  $this->gui_obj->object->getType()."_".$perm['name']));
836  }
837  else
838  {
839  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
840  }
841  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
842  $this->tpl->parseCurrentBlock();
843  }
844 
845  // use local policy flag
846  // offer option 'use local policy' only to those objects where this option is permitted
847  if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
848  {
849  if ($role['local_policy_allowed'])
850  {
851  $box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
852  $lang = $this->lng->txt("perm_use_local_policy")." (".
853  $this->lng->txt("stop_inheritance").")";
854  $lang_desc = $this->lng->txt("perm_use_local_policy_desc");
855  }
856  else
857  {
858  $box = '&nbsp;';
859  $lang = $this->lng->txt("perm_local_role");
860  $lang_desc = $this->lng->txt("perm_local_role_desc");
861  }
862 
863  $this->tpl->setCurrentBlock("perm_item");
864  $this->tpl->setVariable("PERM_CHECKBOX",$box);
865  $this->tpl->setVariable("PERM_NAME",$lang);
866  $this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
867  $this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
868  $this->tpl->parseCurrentBlock();
869  }
870 
871  $this->tpl->setCurrentBlock("perm_table");
872  $this->tpl->parseCurrentBlock();
873  }
874 
875  $this->tpl->setCurrentBlock("perm_settings");
876  $this->tpl->parseCurrentBlock();
877  }
878 
879  function __showPermissionsCreateSection()
880  {
881  global $objDefinition,$ilSetting;
882 
883  // no create operation for roles/role templates in local role folders
884  // access is controlled by 'administrate' (change permission settings) only
885  if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
886  {
887  return;
888  }
889 
890  // create pointer to first role (only the permission list is needed)
891  reset($this->roles);
892  $first_role =& current($this->roles);
893 
894  if (count($first_role['permissions']['create'])) // check if object type has create operations
895  {
896  $this->tpl->setCurrentBlock("perm_subtitle");
897  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
898  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
899  $this->tpl->setVariable("COLSPAN", $this->num_roles);
900  $this->tpl->parseCurrentBlock();
901 
902  // add a checkbox 'select all' for create permissions of the following object types
903  $container_arr = array('cat','grp','crs','fold');
904 
905  if (in_array($this->gui_obj->object->getType(),$container_arr))
906  {
907  $chk_toggle_create = true;
908  }
909 
910  foreach ($this->roles as $role)
911  {
912  $ops_ids = array();
913 
914  foreach ($role['permissions']['create'] as $perm)
915  {
916  $ops_ids[] = $perm['ops_id'];
917  }
918 
919  if ($chk_toggle_create)
920  {
921  $this->tpl->setCurrentBlock('chk_toggle_create');
922  $this->tpl->setVariable('PERM_NAME',$this->lng->txt('check_all')."/".$this->lng->txt('uncheck_all'));
923  $this->tpl->setVariable('PERM_TOOLTIP',$this->lng->txt('check_all'));
924  $this->tpl->setVariable('ROLE_ID',$role['obj_id']);
925  $this->tpl->setVariable('JS_VARNAME','perm_'.$role['obj_id']);
926  $this->tpl->setVariable('JS_ONCLICK',ilUtil::array_php2js($ops_ids));
927  $this->tpl->parseCurrentBlock();
928  }
929 
930  foreach ($role['permissions']['create'] as $perm)
931  {
932  if ($perm["name"] == "create_icrs" and !$ilSetting->get("ilinc_active"))
933  {
934  continue;
935  }
936 
937  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
938 
939  $this->tpl->setCurrentBlock("perm_item");
940  $this->tpl->setVariable("PERM_CHECKBOX",$box);
941  if ($objDefinition->isPlugin(substr($perm['name'],7)))
942  {
943  $this->tpl->setVariable("PERM_NAME",
944  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
945  "obj_".substr($perm['name'],7)));
946  $this->tpl->setVariable("PERM_TOOLTIP",
947  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
948  $this->gui_obj->object->getType()."_".$perm['name']));
949  }
950  else
951  {
952  $this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
953  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
954  }
955 
956  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
957  $this->tpl->parseCurrentBlock();
958  }
959 
960  $this->tpl->setCurrentBlock("perm_table");
961  $this->tpl->parseCurrentBlock();
962  }
963 
964  $this->tpl->setCurrentBlock("perm_settings");
965  $this->tpl->parseCurrentBlock();
966  }
967  }
968 
969  function log()
970  {
971  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
972  if(!ilRbacLog::isActive())
973  {
974  $this->ctrl->redirect($this, "perm");
975  }
976 
977  $this->__initSubTabs("log");
978 
979  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
980  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
981  $this->tpl->setContent($table->getHTML());
982  }
983 
984  function applyLogFilter()
985  {
986  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
987  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
988  $table->resetOffset();
989  $table->writeFilterToSession();
990  $this->log();
991  }
992 
993  function resetLogFilter()
994  {
995  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
996  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
997  $table->resetOffset();
998  $table->resetFilter();
999  $this->log();
1000  }
1001 
1002 } // END class.ilPermissionGUI
1003 ?>