ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjectRolePermissionTableGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once ('./Services/Table/classes/class.ilTable2GUI.php');
5 include_once './Services/AccessControl/classes/class.ilPermissionGUI.php';
6 
16 class ilObjectRolePermissionTableGUI extends ilTable2GUI
17 {
18  const ROLE_FILTER_ALL = 1;
19  const ROLE_FILTER_GLOBAL = 2;
20  const ROLE_FILTER_LOCAL = 3;
21  const ROLE_FILTER_LOCAL_POLICY = 4;
22  const ROLE_FILTER_LOCAL_OBJECT = 5;
23 
24  private $ref_id = null;
25  private $role_folder_id = 0;
26  private $roles = array();
27 
28  private $tree_path_ids = array();
29 
30  private $activeOperations = array();
31  private $visible_roles = array();
32 
37  public function __construct($a_parent_obj,$a_parent_cmd, $a_ref_id)
38  {
39  global $ilCtrl,$rbacreview,$tpl,$tree;
40 
41  parent::__construct($a_parent_obj,$a_parent_cmd);
42 
43  $this->lng->loadLanguageModule('rbac');
44 
45  $this->ref_id = $a_ref_id;
46  $this->tree_path_ids = $tree->getPathId($this->ref_id);
47  $this->role_folder_id = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
48 
49  $this->setId('objroleperm_'.$this->ref_id);
50 
51  $tpl->addJavaScript('./Services/AccessControl/js/ilPermSelect.js');
52 
53  $this->setTitle($this->lng->txt('permission_settings'));
54  $this->setEnableHeader(true);
55  $this->disable('sort');
56  $this->setFormAction($ilCtrl->getFormAction($a_parent_obj, $a_parent_cmd));
57  $this->disable('numinfo');
58  $this->setRowTemplate("tpl.obj_role_perm_row.html", "Services/AccessControl");
59  $this->setLimit(100);
60  $this->setShowRowsSelector(false);
61  $this->setDisableFilterHiding(true);
62  $this->setNoEntriesText($this->lng->txt('msg_no_roles_of_type'));
63 
64  $this->addCommandButton('savePermissions', $this->lng->txt('save'));
65 
66  $this->initFilter();
67  }
68 
73  public function getRoleFolderId()
74  {
75  return $this->role_folder_id;
76  }
77 
82  public function getPathIds()
83  {
84  return (array) $this->tree_path_ids;
85  }
86 
91  public function getRefId()
92  {
93  return $this->ref_id;
94  }
95 
100  public function getObjId()
101  {
102  return ilObject::_lookupObjId($this->getRefId());
103  }
104 
109  public function getObjType()
110  {
111  return ilObject::_lookupType($this->getObjId());
112  }
113 
119  public function addActiveOperation($a_ops_id)
120  {
121  $this->activeOperations[] = $a_ops_id;
122  }
123 
128  public function getActiveOperations()
129  {
130  return (array) $this->activeOperations;
131  }
132 
138  public function setVisibleRoles($a_ar)
139  {
140  $this->visible_roles = $a_ar;
141  }
142 
147  public function getVisibleRoles()
148  {
149  return $this->visible_roles;
150  }
151 
156  public function initFilter()
157  {
158  global $tree;
159 
160  $roles = $this->addFilterItemByMetaType(
161  'role',
162  ilTable2GUI::FILTER_SELECT
163  );
164 
165  // Limit filter to local roles only for objects with group or course in path
166  if(!$roles->getValue())
167  {
168  if ($tree->checkForParentType($this->getRefId(), 'crs') or
169  $tree->checkForParentType($this->getRefId(), 'grp'))
170  {
171  $roles->setValue(self::ROLE_FILTER_LOCAL);
172  }
173  else
174  {
175  $roles->setValue(self::ROLE_FILTER_ALL);
176  }
177  }
178 
179 
180  $roles->setOptions(
181  array(
182  self::ROLE_FILTER_ALL => $this->lng->txt('filter_all_roles'),
183  self::ROLE_FILTER_GLOBAL => $this->lng->txt('filter_global_roles'),
184  self::ROLE_FILTER_LOCAL => $this->lng->txt('filter_local_roles'),
185  self::ROLE_FILTER_LOCAL_POLICY => $this->lng->txt('filter_roles_local_policy'),
186  self::ROLE_FILTER_LOCAL_OBJECT => $this->lng->txt('filter_local_roles_object')
187  )
188  );
189 
190  }
191 
197  public function fillRow($row)
198  {
199  global $objDefinition;
200 
201 
202  // local policy
203  if(isset($row['show_local_policy_row']))
204  {
205  foreach($row['roles'] as $role_id => $role_info)
206  {
207  $this->tpl->setCurrentBlock('role_option');
208  $this->tpl->setVariable('INHERIT_ROLE_ID',$role_id);
209  $this->tpl->setVariable('INHERIT_CHECKED',$role_info['local_policy'] ? 'checked=checked' : '');
210  $this->tpl->setVariable('INHERIT_DISABLED',($role_info['protected'] or $role_info['isLocal']) ? 'disabled="disabled"' : '');
211  $this->tpl->setVariable('TXT_INHERIT',$this->lng->txt('rbac_local_policy'));
212  $this->tpl->setVariable('INHERIT_LONG',$this->lng->txt('perm_use_local_policy_desc'));
213  $this->tpl->parseCurrentBlock();
214  }
215  return true;
216  }
217  // protected
218  if(isset($row['show_protected_row']))
219  {
220  foreach($row['roles'] as $role_id => $role_info)
221  {
222  $this->tpl->setCurrentBlock('role_protect');
223  $this->tpl->setVariable('PROTECT_ROLE_ID',$role_id);
224  $this->tpl->setVariable('PROTECT_CHECKED',$role_info['protected_status'] ? 'checked=checked' : '');
225  $this->tpl->setVariable('PROTECT_DISABLED',$role_info['protected_allowed'] ? '' : 'disabled="disabled"');
226  $this->tpl->setVariable('TXT_PROTECT',$this->lng->txt('role_protect_permissions'));
227  $this->tpl->setVariable('PROTECT_LONG',$this->lng->txt('role_protect_permissions_desc'));
228  $this->tpl->parseCurrentBlock();
229  }
230  return true;
231  }
232 
233  // block role
234  if(isset($row['show_block_row']))
235  {
236  foreach($this->getVisibleRoles() as $counter => $role_info)
237  {
238  $this->tpl->setCurrentBlock('role_block');
239  $this->tpl->setVariable('BLOCK_ROLE_ID',$role_info['obj_id']);
240  $this->tpl->setVariable('TXT_BLOCK',$this->lng->txt('role_block_role'));
241  $this->tpl->setVariable('BLOCK_LONG',$this->lng->txt('role_block_role_desc'));
242  if($role_info['protected'] == 'y')
243  {
244  $this->tpl->setVariable('BLOCK_DISABLED','disabled="disabled');
245  }
246 
247  $this->tpl->parseCurrentBlock();
248  }
249  return true;
250  }
251 
252  // Select all
253  if(isset($row['show_select_all']))
254  {
255  foreach($this->getVisibleRoles() as $role)
256  {
257  $this->tpl->setCurrentBlock('role_select_all');
258  $this->tpl->setVariable('JS_ROLE_ID',$role['obj_id']);
259  $this->tpl->setVariable('JS_SUBID',$row['subtype']);
260  $this->tpl->setVariable('JS_ALL_PERMS',"['".implode("','",$row['ops'])."']");
261  $this->tpl->setVariable('JS_FORM_NAME',$this->getFormName());
262  $this->tpl->setVariable('TXT_SEL_ALL',$this->lng->txt('select_all'));
263  $this->tpl->parseCurrentBlock();
264  }
265  return true;
266  }
267 
268  // Object permissions
269  if(isset($row['show_start_info']))
270  {
271  $this->tpl->setCurrentBlock('section_info');
272  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_object'));
273  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_object_desc'));
274  $this->tpl->parseCurrentBlock();
275 
276  return true;
277  }
278 
279  if(isset($row['show_create_info']))
280  {
281  $this->tpl->setCurrentBlock('section_info');
282  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_create'));
283  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_create_desc'));
284  $this->tpl->parseCurrentBlock();
285 
286  return true;
287  }
288 
289  foreach((array) $row['roles'] as $role_id => $role_info)
290  {
291  $this->tpl->setCurrentBlock('role_td');
292  $this->tpl->setVariable('PERM_ROLE_ID',$role_id);
293  $this->tpl->setVariable('PERM_PERM_ID',$row['perm']['ops_id']);
294 
295 
296  if(substr($row['perm']['operation'],0,6) == 'create')
297  {
298  if ($objDefinition->isPlugin(substr($row['perm']['operation'],7)))
299  {
300  $perm = ilPlugin::lookupTxt("rep_robj", substr($row['perm']['operation'],7),
301  "obj_".substr($row['perm']['operation'],7));
302  }
303  else
304  {
305  $perm = $this->lng->txt('obj_'.substr($row['perm']['operation'],7));
306  }
307  }
308  else
309  {
310  if($this->lng->exists($this->getObjType().'_'.$row['perm']['operation'].'_short'))
311  {
312  $perm = $this->lng->txt($this->getObjType().'_'.$row['perm']['operation'].'_short');
313  }
314  else
315  {
316  $perm = $this->lng->txt($row['perm']['operation']);
317  }
318  }
319 
320  $this->tpl->setVariable('TXT_PERM',$perm);
321 
322  if ($objDefinition->isPlugin($this->getObjType()))
323  {
324  $this->tpl->setVariable('PERM_LONG',ilPlugin::lookupTxt("rep_robj", $this->getObjType(),
325  $this->getObjType()."_".$row['perm']['operation']));
326  }
327  else
328  {
329  $this->tpl->setVariable('PERM_LONG',$this->lng->txt($this->getObjType().'_'.$row['perm']['operation']));
330  }
331 
332  if($role_info['protected'])
333  {
334  $this->tpl->setVariable('PERM_DISABLED',$role_info['protected'] ? 'disabled="disabled"' : '');
335  }
336  if($role_info['permission_set'])
337  {
338  $this->tpl->setVariable('PERM_CHECKED','checked="checked"');
339  }
340 
341  $this->tpl->parseCurrentBlock();
342  }
343  }
344 
345 
350  public function parse()
351  {
352  global $rbacreview,$objDefinition;
353 
354  $this->initColumns();
355 
356  $perms = array();
357  $roles = array();
358 
359  if(!count($this->getVisibleRoles()))
360  {
361  return $this->setData(array());
362  }
363 
364  // Read operations of role
365  $operations = array();
366  foreach($this->getVisibleRoles() as $role_data)
367  {
368  $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
369  }
370 
371  $counter = 0;
372 
373  $rolf = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
374 
375  // Local policy
376  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
377  {
378  $roles = array();
379  $local_roles = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
380  $local_roles = $rbacreview->getRolesOfRoleFolder($local_roles);
381  foreach($this->getVisibleRoles() as $role_id => $role_data)
382  {
383  $roles[$role_data['obj_id']] = array(
384  'protected' => $role_data['protected'],
385  'local_policy' => in_array($role_data['obj_id'],$local_roles),
386  'isLocal' => ($rolf == $role_data['parent']) && $role_data['assign'] == 'y'
387  );
388  }
389  $perms[$counter]['roles'] = $roles;
390  $perms[$counter]['show_local_policy_row'] = 1;
391 
392  $counter++;
393  }
394 
395  // Protect permissions
396  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
397  {
398  $roles = array();
399  foreach($this->getVisibleRoles() as $role_id => $role_data)
400  {
401  $roles[$role_data['obj_id']] = array(
402  'protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'],$rolf),
403  'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id'])
404  );
405  }
406  $perms[$counter]['roles'] = $roles;
407  $perms[$counter]['show_protected_row'] = 1;
408 
409  $counter++;
410  }
411  // Block role
412  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
413  {
414  $perms[$counter++]['show_block_row'] = 1;
415  }
416 
417 
418  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
419  {
420  $perms[$counter++]['show_start_info'] = true;
421  }
422 
423  // no creation permissions
424  $no_creation_operations = array();
425  foreach($rbacreview->getOperationsByTypeAndClass($this->getObjType(),'object') as $operation)
426  {
427  $this->addActiveOperation($operation);
428  $no_creation_operations[] = $operation;
429 
430  $roles = array();
431  foreach($this->getVisibleRoles() as $role_data)
432  {
433 
434  $roles[$role_data['obj_id']] =
435  array(
436  'protected' => $role_data['protected'],
437  'permission_set' => in_array($operation,(array) $operations[$role_data['obj_id']])
438  );
439  }
440 
441  $op = $rbacreview->getOperation($operation);
442 
443  $perms[$counter]['roles'] = $roles;
444  $perms[$counter]['perm'] = $op;
445  $counter++;
446 
447  }
448 
449  /*
450  * Select all
451  */
452  if($no_creation_operations)
453  {
454  $perms[$counter]['show_select_all'] = 1;
455  $perms[$counter]['ops'] = $no_creation_operations;
456  $perms[$counter]['subtype'] = 'nocreation';
457  $counter++;
458  }
459 
460 
461  if($objDefinition->isContainer($this->getObjType()))
462  {
463  $perms[$counter++]['show_create_info'] = true;
464  }
465 
466  // Get creatable objects
467  $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
468  $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
469  $creation_operations = array();
470  foreach($objects as $type => $info)
471  {
472  $ops_id = $ops_ids[$type];
473 
474  if(!$ops_id)
475  {
476  continue;
477  }
478 
479  $this->addActiveOperation($ops_id);
480  $creation_operations[] = $ops_id;
481 
482  $roles = array();
483  foreach($this->getVisibleRoles() as $role_data)
484  {
485  $roles[$role_data['obj_id']] =
486  array(
487  'protected' => $role_data['protected'],
488  'permission_set' => in_array($ops_id,(array) $operations[$role_data['obj_id']])
489  );
490  }
491 
492  $op = $rbacreview->getOperation($ops_id);
493 
494  $perms[$counter]['roles'] = $roles;
495  $perms[$counter]['perm'] = $op;
496  $counter++;
497 
498  }
499 
500 
501 
502  // Select all
503  if(count($creation_operations))
504  {
505  $perms[$counter]['show_select_all'] = 1;
506  $perms[$counter]['ops'] = $creation_operations;
507  $perms[$counter]['subtype'] = 'creation';
508  $counter++;
509  }
510 
511  $this->setData($perms);
512  }
513 
518  protected function initColumns()
519  {
520  global $rbacreview,$ilCtrl;
521 
522  $roles = $rbacreview->getParentRoleIds($this->getRefId());
523  $roles = $this->getParentObject()->applyRoleFilter(
524  $roles,
525  $this->getFilterItemByPostVar('role')->getValue()
526  );
527 
528  if(count($roles))
529  {
530  $column_width = 100/count($roles);
531  $column_width .= '%';
532  }
533  else
534  {
535  $column_widht = "0%";
536  }
537 
538  $all_roles = array();
539  foreach($roles as $role)
540  {
541  if($role['obj_id'] == SYSTEM_ROLE_ID)
542  {
543  continue;
544  }
545 
546  $role['role_type'] = $rbacreview->isGlobalRole($role['obj_id']) ? 'global' : 'local';
547 
548  // TODO check filter
549  $this->addColumn(
550  $this->createTitle($role),
551  $role['obj_id'],
552  '',
553  '',
554  false,
555  $this->createTooltip($role)
556  );
557  $all_roles[] = $role;
558  }
559 
560  $this->setVisibleRoles($all_roles);
561  return true;
562  }
563 
569  protected function createTooltip($role)
570  {
571  global $rbacreview,$tree;
572 
573  #vd($role);
574  $protected_status = $rbacreview->isProtected($role['parent'], $role['obj_id']) ? 'protected_' : '';
575  if($role['role_type'] == 'global')
576  {
577  $tp = $this->lng->txt('perm_'.$protected_status.'global_role');
578  }
579  else
580  {
581  $tp = $this->lng->txt('perm_'.$protected_status.'local_role');
582  }
583 
584  $inheritance_seperator = ': ';
585 
586  // Show create at info
587  if(
588  ($role['assign'] == 'y' and $role['role_type'] != 'global') or
589  ($role['assign'] == 'n' and $role['role_type'] != 'global')
590  )
591  {
592  $tp .= ': ';
593 
594  $obj = $rbacreview->getObjectOfRole($role['obj_id']);
595  if($obj)
596  {
597  $tp .= sprintf(
598  $this->lng->txt('perm_role_path_info_created'),
599  $this->lng->txt('obj_'.ilObject::_lookupType($obj)),ilObject::_lookupTitle($obj)
600  );
601  $inheritance_seperator = ', ';
602  }
603  }
604 
605  $path_hierarchy = $rbacreview->getObjectsWithStopedInheritance(
606  $role['obj_id'],
607  $tree->getPathId($this->getRefId())
608  );
609 
610  $reduced_path_hierarchy = (array) array_diff(
611  $path_hierarchy,
612  array(
613  $this->getRefId(),
614  $rbacreview->getObjectReferenceOfRole($role['obj_id'])
615  )
616  );
617 
618 
619  // Inheritance
620  if($role['assign'] == 'n' and count($reduced_path_hierarchy))
621  {
622  $tp .= $inheritance_seperator;
623 
624  $parent = end($reduced_path_hierarchy);
625  $p_type = ilObject::_lookupType(ilObject::_lookupObjId($parent));
626  $p_title = ilObject::_lookupTitle(ilObject::_lookupObjId($parent));
627  $tp .= sprintf($this->lng->txt('perm_role_path_info_inheritance'),$this->lng->txt('obj_'.$p_type),$p_title);
628  }
629 
630  return $tp;
631  }
632 
638  protected function createTitle($role)
639  {
640  global $ilCtrl;
641 
642  include_once './Services/AccessControl/classes/class.ilObjRole.php';
643  $role['title'] = ilObjRole::_getTranslation($role['title']);
644 
645  // No local policies
646  if($role['parent'] != $this->getRoleFolderId())
647  {
648  return $role['title'];
649  }
650  $ilCtrl->setParameterByClass('ilobjrolegui', 'rolf_ref_id', $this->getRoleFolderId());
651  $ilCtrl->setParameterByClass('ilobjrolegui', 'obj_id', $role['obj_id']);
652 
653  return '<a class="tblheader" href="'.$ilCtrl->getLinkTargetByClass('ilobjrolegui','').'" >'.$role['title'].'</a>';
654  }
655 }
656 ?>