ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  protected $current_obj = null;
22 
28  public function __construct($a_gui_obj)
29  {
30  parent::__construct($a_gui_obj);
31  }
32 
37  public function getCurrentObject()
38  {
39  return $this->gui_obj->object;
40  }
41 
45  protected function confirmTemplateSwitch()
46  {
47  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
48  $this->ctrl->setReturn($this,'perm');
49  $this->ctrl->setCmdClass('ildidactictemplategui');
50  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
51  $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
52  }
53 
54 
59  public function perm(ilTable2GUI $table = NULL )
60  {
61  global $objDefinition, $ilToolbar;
62 
63  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
64  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
65  if($dtpl->appendToolbarSwitch(
66  $ilToolbar,
67  $this->getCurrentObject()->getType(),
68  $this->getCurrentObject()->getRefId()
69  ))
70  {
71  $ilToolbar->addSeparator();
72  }
73 
74  if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
75  !$this->isAdminRoleFolder() and
76  !$this->isAdministrationObject()
77  )
78  {
79  // Show new role button
80  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
81  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
82  }
83 
84  $this->__initSubTabs("perm");
85 
86  if(!$table instanceof ilTable2GUI)
87  {
88  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
89  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
90  }
91  $table->parse();
92  $this->tpl->setContent($table->getHTML());
93  }
94 
95 
96 
101  protected function isAdminRoleFolder()
102  {
103  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
104  }
105 
106  protected function isAdministrationObject()
107  {
108  return $this->getCurrentObject()->getType() == 'adm';
109  }
110 
115  protected function applyFilter()
116  {
117  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
118  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
119  $table->resetOffset();
120  $table->writeFilterToSession();
121  return $this->perm($table);
122  }
123 
128  protected function resetFilter()
129  {
130  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
131  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
132  $table->resetOffset();
133  $table->resetFilter();
134 
135  return $this->perm($table);
136  }
137 
143  public function applyRoleFilter($a_roles, $a_filter_id)
144  {
145  global $rbacreview;
146 
147  // Always delete administrator role from view
148  if(isset($a_roles[SYSTEM_ROLE_ID]))
149  {
150  unset($a_roles[SYSTEM_ROLE_ID]);
151  }
152 
153  switch ($a_filter_id)
154  {
155  // all roles in context
156  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
157 
158  return $a_roles;
159 
160  // only global roles
161  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
162 
163  $arr_global_roles = $rbacreview->getGlobalRoles();
164  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
165 
166  foreach ($arr_remove_roles as $role_id)
167  {
168  unset($a_roles[$role_id]);
169  }
170  return $a_roles;
171 
172  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
173  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
174  $arr_global_roles = $rbacreview->getGlobalRoles();
175 
176  foreach ($arr_global_roles as $role_id)
177  {
178  unset($a_roles[$role_id]);
179  }
180 
181  return $a_roles;
182  break;
183 
184  // only roles which use a local policy
185  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
186  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
187 
188  if (!$role_folder)
189  {
190  return array();
191  }
192 
193  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
194  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
195 
196  foreach ($arr_remove_roles as $role_id)
197  {
198  unset($a_roles[$role_id]);
199  }
200 
201  return $a_roles;
202 
203  // only true local role defined at current position
204  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
205 
206  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
207 
208  if (!$role_folder)
209  {
210  return array();
211  }
212 
213  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
214  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
215 
216  foreach ($arr_remove_roles as $role_id)
217  {
218  unset($a_roles[$role_id]);
219  }
220 
221  return $a_roles;
222 
223  default:
224  return $a_roles;
225  }
226  }
227 
232  protected function savePermissions()
233  {
234  global $rbacreview,$objDefinition,$rbacadmin;
235 
236  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
237  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
238 
239  $roles = $this->applyRoleFilter(
240  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
241  $table->getFilterItemByPostVar('role')->getValue()
242  );
243 
244  // Log history
245  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
246  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
247 
248 
249  # all possible create permissions
250  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
251  $this->getCurrentObject()->getType(),
252  'create'
253  );
254 
255  # createable (activated) create permissions
256  $create_types = $objDefinition->getCreatableSubObjects(
257  $this->getCurrentObject()->getType()
258  );
259  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
260 
261  foreach((array) $roles as $role => $role_data)
262  {
263  if($role_data['protected'])
264  {
265  continue;
266  }
267 
268  $new_ops = array_keys((array) $_POST['perm'][$role]);
269  $old_ops = $rbacreview->getRoleOperationsOnObject(
270  $role,
271  $this->getCurrentObject()->getRefId()
272  );
273 
274  // Add operations which were enabled and are not activated.
275  foreach($possible_ops_ids as $create_ops_id)
276  {
277  if(in_array($create_ops_id,$createable_ops_ids))
278  {
279  continue;
280  }
281  if(in_array($create_ops_id,$old_ops))
282  {
283  $new_ops[] = $create_ops_id;
284  }
285  }
286 
287  $rbacadmin->revokePermission(
288  $this->getCurrentObject()->getRefId(),
289  $role
290  );
291 
292  $rbacadmin->grantPermission(
293  $role,
294  array_unique($new_ops),
295  $this->getCurrentObject()->getRefId()
296  );
297  }
298 
299  // Handle local policies.
300  $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
301  $relevant_roles = array_intersect(
302  $rbacreview->getRolesOfRoleFolder($rolf_id),
303  array_keys($roles)
304  );
305 
306  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
307  {
308  foreach($roles as $role)
309  {
310  // No action for local roles
311  if($role['parent'] == $rolf_id and $role['assign'] == 'y')
312  {
313  continue;
314  }
315  // Nothing for protected roles
316  if($role['protected'])
317  {
318  continue;
319  }
320  // Stop local policy
321  if($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']]))
322  {
323  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
324  $role_obj->setParent($rolf_id);
325  $role_obj->delete();
326  continue;
327  }
328  // Add local policy
329  if($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']]))
330  {
331  $rbacadmin->copyRoleTemplatePermissions(
332  $role['obj_id'],
333  $role['parent'],
334  $rolf_id,
335  $role['obj_id']
336  );
337  $rbacadmin->assignRoleToFolder($role['obj_id'],$rolf_id,'n');
338  }
339  }
340  }
341 
342  // Protect permissions
343  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
344  {
345  foreach($roles as $role)
346  {
347  if($rbacreview->isAssignable($role['obj_id'], $rolf_id))
348  {
349  if(isset($_POST['protect'][$role['obj_id']]) and
350  !$rbacreview->isProtected($rolf_id, $role['obj_id']))
351  {
352  $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
353  }
354  elseif(!isset($_POST['protect'][$role['obj_id']]) and
355  $rbacreview->isProtected($rolf_id, $role['obj_id']))
356  {
357  $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
358  }
359  }
360  }
361  }
362 
363  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
364  $log = ilRbacLog::diffFaPa($log_old, $log_new);
365  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
366 
367  if(count((array) $_POST['block']))
368  {
369  return $this->showConfirmBlockRole(array_keys($_POST['block']));
370  }
371 
372 
373  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
374  #$this->ctrl->redirect($this,'perm');
375  $this->perm();
376  }
377 
383  protected function showConfirmBlockRole($a_roles)
384  {
385  ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
386 
387  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
388  $confirm = new ilConfirmationGUI();
389  $confirm->setFormAction($this->ctrl->getFormAction($this));
390  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
391  $confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
392  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
393 
394  foreach($a_roles as $role_id)
395  {
396  include_once './Services/AccessControl/classes/class.ilObjRole.php';
397  $confirm->addItem(
398  'roles[]',
399  $role_id,
400  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
401  }
402 
403  $this->tpl->setContent($confirm->getHTML());
404 
405  }
406 
411  protected function blockRoles()
412  {
413  global $rbacadmin,$rbacreview;
414 
415  $rolf = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
416 
417  $p_roles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId());
418 
419  $roles = $_POST['roles'];
420  foreach($roles as $role)
421  {
422  // Set assign to 'y' only if it is a local role
423  $assign = $rbacreview->isAssignable($role, $rolf) ? 'y' : 'n';
424 
425  // Delete permissions
426  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
427 
428  // Delete template permissions
429  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
430 
431 
432  $rbacadmin->assignRoleToFolder(
433  $role,
434  $rolf,
435  $assign
436  );
437  }
438 
439  ilUtil::sendInfo($this->lng->txt('settings_saved'));
440  $this->ctrl->redirect($this,'perm');
441  }
442 
448  protected function initRoleFolder($a_create = false)
449  {
450  global $rbacreview;
451 
452  $rolf_id = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
453 
454  if($rolf_id)
455  {
456  return $rolf_id;
457  }
458  $rolf = $this->getCurrentObject()->createRoleFolder();
459  return $rolf->getRefId();
460  }
461 
467  public static function hasContainerCommands($a_type)
468  {
469  global $objDefinition;
470 
471  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
472  }
473 }
474 ?>