ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes
ilPermissionGUI Class Reference
Services/AccessControl

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

+ Inheritance diagram for ilPermissionGUI:
+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 __construct ($a_gui_obj)
 Constructor.
 getCurrentObject ()
 Get current object.
 perm (ilTable2GUI $table=NULL)
 show permission table
 applyRoleFilter ($a_roles, $a_filter_id)
 Apply filter to roles.
- Public Member Functions inherited from ilPermission2GUI
 executeCommand ()
 Execute command.
 permSave ()
 save permissions
 initRoleForm ()
 displayAddRoleForm ()
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'.
__initTableGUI ()
 __setTableGUIBasicData (&$tbl, &$result_set, $a_from="")
 standard implementation for tables use 'from' variable use different initial setting of table
 __buildRoleFilterSelect ()
 __filterRoles ($a_roles, $a_filter)
 owner ()
 changeOwner ()
 info ()
 __initSubTabs ($a_cmd)
 getRolesData ()
 __showPermissionsGeneralSection ()
 __showPermissionsObjectSection ()
 __showPermissionsRBACSection ()
 __showPermissionsCreateSection ()
 log ()
 applyLogFilter ()
 resetLogFilter ()

Static Public Member Functions

static hasContainerCommands ($a_type)
 Check if container commands are possible for the current object type.

Protected Member Functions

 confirmTemplateSwitch ()
 Called after toolbar action applyTemplateSwitch.
 isAdminRoleFolder ()
 Check of current location is administration (main) role folder.
 isAdministrationObject ()
 applyFilter ()
 Apply filter.
 resetFilter ()
 Reset filter.
 savePermissions ()
 Save permissions.
 showConfirmBlockRole ($a_roles)
 Show block role confirmation screen.
 blockRoles ()
 Block role.
 initRoleFolder ($a_create=false)
 Init role folder of object.

Protected Attributes

 $current_obj = null
- Protected Attributes inherited from ilPermission2GUI
 $gui_obj = null
 $ilErr = null
 $ctrl = null
 $lng = null

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

ilPermissionGUI: ilObjRoleGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

ilPermissionGUI::__construct (   $a_gui_obj)

Constructor.

Parameters
object$a_gui_obj
Returns

Reimplemented from ilPermission2GUI.

Definition at line 28 of file class.ilPermissionGUI.php.

{
parent::__construct($a_gui_obj);
}

Member Function Documentation

ilPermissionGUI::applyFilter ( )
protected

Apply filter.

Returns

Definition at line 115 of file class.ilPermissionGUI.php.

References getCurrentObject(), and perm().

{
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
$table->resetOffset();
$table->writeFilterToSession();
return $this->perm($table);
}

+ Here is the call graph for this function:

ilPermissionGUI::applyRoleFilter (   $a_roles,
  $a_filter_id 
)

Apply filter to roles.

Parameters
int$a_filter_id
Returns

Definition at line 143 of file class.ilPermissionGUI.php.

References ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

{
global $rbacreview;
// Always delete administrator role from view
if(isset($a_roles[SYSTEM_ROLE_ID]))
{
unset($a_roles[SYSTEM_ROLE_ID]);
}
switch ($a_filter_id)
{
// all roles in context
case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
return $a_roles;
// only global roles
case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
$arr_global_roles = $rbacreview->getGlobalRoles();
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
// only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
$arr_global_roles = $rbacreview->getGlobalRoles();
foreach ($arr_global_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
break;
// only roles which use a local policy
case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if (!$role_folder)
{
return array();
}
$arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
// only true local role defined at current position
case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
$role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
if (!$role_folder)
{
return array();
}
$arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
$arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
foreach ($arr_remove_roles as $role_id)
{
unset($a_roles[$role_id]);
}
return $a_roles;
default:
return $a_roles;
}
}

+ Here is the caller graph for this function:

ilPermissionGUI::blockRoles ( )
protected

Block role.

Returns

Definition at line 411 of file class.ilPermissionGUI.php.

References $_POST, getCurrentObject(), and ilUtil\sendInfo().

{
global $rbacadmin,$rbacreview;
$rolf = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
$p_roles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId());
$roles = $_POST['roles'];
foreach($roles as $role)
{
// Set assign to 'y' only if it is a local role
$assign = $rbacreview->isAssignable($role, $rolf) ? 'y' : 'n';
// Delete permissions
$rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
// Delete template permissions
$rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
$rbacadmin->assignRoleToFolder(
$role,
$rolf,
$assign
);
}
ilUtil::sendInfo($this->lng->txt('settings_saved'));
$this->ctrl->redirect($this,'perm');
}

+ Here is the call graph for this function:

ilPermissionGUI::confirmTemplateSwitch ( )
protected

Called after toolbar action applyTemplateSwitch.

Definition at line 45 of file class.ilPermissionGUI.php.

{
include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
$this->ctrl->setReturn($this,'perm');
$this->ctrl->setCmdClass('ildidactictemplategui');
$dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
$this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
}
ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns
ilObject

Definition at line 37 of file class.ilPermissionGUI.php.

Referenced by applyFilter(), blockRoles(), initRoleFolder(), isAdministrationObject(), isAdminRoleFolder(), perm(), resetFilter(), and savePermissions().

{
return $this->gui_obj->object;
}

+ Here is the caller graph for this function:

static ilPermissionGUI::hasContainerCommands (   $a_type)
static

Check if container commands are possible for the current object type.

Parameters
object$a_type
Returns

Definition at line 467 of file class.ilPermissionGUI.php.

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

{
global $objDefinition;
return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
}

+ Here is the caller graph for this function:

ilPermissionGUI::initRoleFolder (   $a_create = false)
protected

Init role folder of object.

Parameters
object$a_create[optional]
Returns

Definition at line 448 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by savePermissions().

{
global $rbacreview;
$rolf_id = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
if($rolf_id)
{
return $rolf_id;
}
$rolf = $this->getCurrentObject()->createRoleFolder();
return $rolf->getRefId();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::isAdministrationObject ( )
protected

Definition at line 106 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by perm().

{
return $this->getCurrentObject()->getType() == 'adm';
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::isAdminRoleFolder ( )
protected

Check of current location is administration (main) role folder.

Returns

Definition at line 101 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by perm().

{
return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::perm ( ilTable2GUI  $table = NULL)

show permission table

Returns

Definition at line 59 of file class.ilPermissionGUI.php.

References ilPermission2GUI\__initSubTabs(), getCurrentObject(), isAdministrationObject(), and isAdminRoleFolder().

Referenced by applyFilter(), resetFilter(), and savePermissions().

{
global $objDefinition, $ilToolbar;
include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
$dtpl = new ilDidacticTemplateGUI($this->gui_obj);
if($dtpl->appendToolbarSwitch(
$ilToolbar,
$this->getCurrentObject()->getType(),
$this->getCurrentObject()->getRefId()
))
{
$ilToolbar->addSeparator();
}
if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
!$this->isAdminRoleFolder() and
!$this->isAdministrationObject()
)
{
// Show new role button
$ilToolbar->setFormAction($this->ctrl->getFormAction($this));
$ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
}
$this->__initSubTabs("perm");
if(!$table instanceof ilTable2GUI)
{
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
}
$table->parse();
$this->tpl->setContent($table->getHTML());
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilPermissionGUI::resetFilter ( )
protected

Reset filter.

Returns

Definition at line 128 of file class.ilPermissionGUI.php.

References getCurrentObject(), and perm().

{
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
$table->resetOffset();
$table->resetFilter();
return $this->perm($table);
}

+ Here is the call graph for this function:

ilPermissionGUI::savePermissions ( )
protected

Save permissions.

Returns

Definition at line 232 of file class.ilPermissionGUI.php.

References $_POST, $log, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), hasContainerCommands(), initRoleFolder(), ilRbacReview\lookupCreateOperationIds(), perm(), ilUtil\sendSuccess(), and showConfirmBlockRole().

{
global $rbacreview,$objDefinition,$rbacadmin;
include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
$table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
$roles = $this->applyRoleFilter(
$rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
$table->getFilterItemByPostVar('role')->getValue()
);
// Log history
include_once "Services/AccessControl/classes/class.ilRbacLog.php";
$log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
# all possible create permissions
$possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
$this->getCurrentObject()->getType(),
'create'
);
# createable (activated) create permissions
$create_types = $objDefinition->getCreatableSubObjects(
$this->getCurrentObject()->getType()
);
$createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
foreach((array) $roles as $role => $role_data)
{
if($role_data['protected'])
{
continue;
}
$new_ops = array_keys((array) $_POST['perm'][$role]);
$old_ops = $rbacreview->getRoleOperationsOnObject(
$role,
$this->getCurrentObject()->getRefId()
);
// Add operations which were enabled and are not activated.
foreach($possible_ops_ids as $create_ops_id)
{
if(in_array($create_ops_id,$createable_ops_ids))
{
continue;
}
if(in_array($create_ops_id,$old_ops))
{
$new_ops[] = $create_ops_id;
}
}
$rbacadmin->revokePermission(
$this->getCurrentObject()->getRefId(),
$role
);
$rbacadmin->grantPermission(
$role,
array_unique($new_ops),
$this->getCurrentObject()->getRefId()
);
}
// Handle local policies.
$rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
$relevant_roles = array_intersect(
$rbacreview->getRolesOfRoleFolder($rolf_id),
array_keys($roles)
);
if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
{
foreach($roles as $role)
{
// No action for local roles
if($role['parent'] == $rolf_id and $role['assign'] == 'y')
{
continue;
}
// Nothing for protected roles
if($role['protected'])
{
continue;
}
// Stop local policy
if($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']]))
{
$role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
$role_obj->setParent($rolf_id);
$role_obj->delete();
continue;
}
// Add local policy
if($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']]))
{
$rbacadmin->copyRoleTemplatePermissions(
$role['obj_id'],
$role['parent'],
$rolf_id,
$role['obj_id']
);
$rbacadmin->assignRoleToFolder($role['obj_id'],$rolf_id,'n');
}
}
}
// Protect permissions
if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
{
foreach($roles as $role)
{
if($rbacreview->isAssignable($role['obj_id'], $rolf_id))
{
if(isset($_POST['protect'][$role['obj_id']]) and
!$rbacreview->isProtected($rolf_id, $role['obj_id']))
{
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
}
elseif(!isset($_POST['protect'][$role['obj_id']]) and
$rbacreview->isProtected($rolf_id, $role['obj_id']))
{
$rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
}
}
}
}
$log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
$log = ilRbacLog::diffFaPa($log_old, $log_new);
ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
if(count((array) $_POST['block']))
{
return $this->showConfirmBlockRole(array_keys($_POST['block']));
}
ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
#$this->ctrl->redirect($this,'perm');
$this->perm();
}

+ Here is the call graph for this function:

ilPermissionGUI::showConfirmBlockRole (   $a_roles)
protected

Show block role confirmation screen.

Parameters
array$a_roles
Returns

Definition at line 383 of file class.ilPermissionGUI.php.

References ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

{
ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
$confirm = new ilConfirmationGUI();
$confirm->setFormAction($this->ctrl->getFormAction($this));
$confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
$confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
$confirm->setCancel($this->lng->txt('cancel'), 'perm');
foreach($a_roles as $role_id)
{
include_once './Services/AccessControl/classes/class.ilObjRole.php';
$confirm->addItem(
'roles[]',
$role_id,
ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
}
$this->tpl->setContent($confirm->getHTML());
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Field Documentation

ilPermissionGUI::$current_obj = null
protected

Definition at line 21 of file class.ilPermissionGUI.php.

The documentation for this class was generated from the following file: