ILIAS  Release_4_3_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjectRolePermissionTableGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once ('./Services/Table/classes/class.ilTable2GUI.php');
5 include_once './Services/AccessControl/classes/class.ilPermissionGUI.php';
6 
16 class ilObjectRolePermissionTableGUI extends ilTable2GUI
17 {
18  const ROLE_FILTER_ALL = 1;
19  const ROLE_FILTER_GLOBAL = 2;
20  const ROLE_FILTER_LOCAL = 3;
21  const ROLE_FILTER_LOCAL_POLICY = 4;
22  const ROLE_FILTER_LOCAL_OBJECT = 5;
23 
24  private $ref_id = null;
25  private $role_folder_id = 0;
26  private $roles = array();
27 
28  private $tree_path_ids = array();
29 
30  private $activeOperations = array();
31  private $visible_roles = array();
32 
37  public function __construct($a_parent_obj,$a_parent_cmd, $a_ref_id)
38  {
39  global $ilCtrl,$rbacreview,$tpl,$tree;
40 
41  parent::__construct($a_parent_obj,$a_parent_cmd);
42 
43  $this->lng->loadLanguageModule('rbac');
44 
45  $this->ref_id = $a_ref_id;
46  $this->tree_path_ids = $tree->getPathId($this->ref_id);
47  $this->role_folder_id = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
48 
49  $this->setId('objroleperm_'.$this->ref_id);
50 
51  $tpl->addJavaScript('./Services/AccessControl/js/ilPermSelect.js');
52 
53  $this->setTitle($this->lng->txt('permission_settings'));
54  $this->setEnableHeader(true);
55  $this->disable('sort');
56  $this->setFormAction($ilCtrl->getFormAction($a_parent_obj, $a_parent_cmd));
57  $this->disable('numinfo');
58  $this->setRowTemplate("tpl.obj_role_perm_row.html", "Services/AccessControl");
59  $this->setLimit(100);
60  $this->setShowRowsSelector(false);
61  $this->setDisableFilterHiding(true);
62  $this->setNoEntriesText($this->lng->txt('msg_no_roles_of_type'));
63 
64  $this->addCommandButton('savePermissions', $this->lng->txt('save'));
65 
66  $this->initFilter();
67  }
68 
73  public function getRoleFolderId()
74  {
75  return $this->role_folder_id;
76  }
77 
82  public function getPathIds()
83  {
84  return (array) $this->tree_path_ids;
85  }
86 
91  public function getRefId()
92  {
93  return $this->ref_id;
94  }
95 
100  public function getObjId()
101  {
102  return ilObject::_lookupObjId($this->getRefId());
103  }
104 
109  public function getObjType()
110  {
111  return ilObject::_lookupType($this->getObjId());
112  }
113 
119  public function addActiveOperation($a_ops_id)
120  {
121  $this->activeOperations[] = $a_ops_id;
122  }
123 
128  public function getActiveOperations()
129  {
130  return (array) $this->activeOperations;
131  }
132 
138  public function setVisibleRoles($a_ar)
139  {
140  $this->visible_roles = $a_ar;
141  }
142 
147  public function getVisibleRoles()
148  {
149  return $this->visible_roles;
150  }
151 
156  public function initFilter()
157  {
158  global $tree;
159 
160  $roles = $this->addFilterItemByMetaType(
161  'role',
162  ilTable2GUI::FILTER_SELECT
163  );
164 
165  // Limit filter to local roles only for objects with group or course in path
166  if(!$roles->getValue())
167  {
168  if ($tree->checkForParentType($this->getRefId(), 'crs') or
169  $tree->checkForParentType($this->getRefId(), 'grp'))
170  {
171  $roles->setValue(self::ROLE_FILTER_LOCAL);
172  }
173  else
174  {
175  $roles->setValue(self::ROLE_FILTER_ALL);
176  }
177  }
178 
179 
180  $roles->setOptions(
181  array(
182  self::ROLE_FILTER_ALL => $this->lng->txt('filter_all_roles'),
183  self::ROLE_FILTER_GLOBAL => $this->lng->txt('filter_global_roles'),
184  self::ROLE_FILTER_LOCAL => $this->lng->txt('filter_local_roles'),
185  self::ROLE_FILTER_LOCAL_POLICY => $this->lng->txt('filter_roles_local_policy'),
186  self::ROLE_FILTER_LOCAL_OBJECT => $this->lng->txt('filter_local_roles_object')
187  )
188  );
189 
190  }
191 
197  public function fillRow($row)
198  {
199  global $objDefinition;
200 
201 
202  // local policy
203  if(isset($row['show_local_policy_row']))
204  {
205  foreach($row['roles'] as $role_id => $role_info)
206  {
207  $this->tpl->setCurrentBlock('role_option');
208  $this->tpl->setVariable('INHERIT_ROLE_ID',$role_id);
209  $this->tpl->setVariable('INHERIT_CHECKED',$role_info['local_policy'] ? 'checked=checked' : '');
210  $this->tpl->setVariable('INHERIT_DISABLED',($role_info['protected'] or $role_info['isLocal']) ? 'disabled="disabled"' : '');
211  $this->tpl->setVariable('TXT_INHERIT',$this->lng->txt('rbac_local_policy'));
212  $this->tpl->setVariable('INHERIT_LONG',$this->lng->txt('perm_use_local_policy_desc'));
213  $this->tpl->parseCurrentBlock();
214  }
215  return true;
216  }
217  // protected
218  if(isset($row['show_protected_row']))
219  {
220  foreach($row['roles'] as $role_id => $role_info)
221  {
222  $this->tpl->setCurrentBlock('role_protect');
223  $this->tpl->setVariable('PROTECT_ROLE_ID',$role_id);
224  $this->tpl->setVariable('PROTECT_CHECKED',$role_info['protected_status'] ? 'checked=checked' : '');
225  $this->tpl->setVariable('PROTECT_DISABLED',$role_info['protected_allowed'] ? '' : 'disabled="disabled"');
226  $this->tpl->setVariable('TXT_PROTECT',$this->lng->txt('role_protect_permissions'));
227  $this->tpl->setVariable('PROTECT_LONG',$this->lng->txt('role_protect_permissions_desc'));
228  $this->tpl->parseCurrentBlock();
229  }
230  return true;
231  }
232 
233  // block role
234  if(isset($row['show_block_row']))
235  {
236  foreach($this->getVisibleRoles() as $counter => $role_info)
237  {
238  $this->tpl->setCurrentBlock('role_block');
239  $this->tpl->setVariable('BLOCK_ROLE_ID',$role_info['obj_id']);
240  $this->tpl->setVariable('TXT_BLOCK',$this->lng->txt('role_block_role'));
241  $this->tpl->setVariable('BLOCK_LONG',$this->lng->txt('role_block_role_desc'));
242  if($role_info['protected'] == 'y')
243  {
244  $this->tpl->setVariable('BLOCK_DISABLED','disabled="disabled');
245  }
246 
247  $this->tpl->parseCurrentBlock();
248  }
249  return true;
250  }
251 
252  // Select all
253  if(isset($row['show_select_all']))
254  {
255  foreach($this->getVisibleRoles() as $role)
256  {
257  $this->tpl->setCurrentBlock('role_select_all');
258  $this->tpl->setVariable('JS_ROLE_ID',$role['obj_id']);
259  $this->tpl->setVariable('JS_SUBID',$row['subtype']);
260  $this->tpl->setVariable('JS_ALL_PERMS',"['".implode("','",$row['ops'])."']");
261  $this->tpl->setVariable('JS_FORM_NAME',$this->getFormName());
262  $this->tpl->setVariable('TXT_SEL_ALL',$this->lng->txt('select_all'));
263  $this->tpl->parseCurrentBlock();
264  }
265  return true;
266  }
267 
268  // Object permissions
269  if(isset($row['show_start_info']))
270  {
271  $this->tpl->setCurrentBlock('section_info');
272  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_object'));
273  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_object_desc'));
274  $this->tpl->parseCurrentBlock();
275 
276  return true;
277  }
278 
279  if(isset($row['show_create_info']))
280  {
281  $this->tpl->setCurrentBlock('section_info');
282  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_create'));
283  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_create_desc'));
284  $this->tpl->parseCurrentBlock();
285 
286  return true;
287  }
288 
289  foreach((array) $row['roles'] as $role_id => $role_info)
290  {
291  $this->tpl->setCurrentBlock('role_td');
292  $this->tpl->setVariable('PERM_ROLE_ID',$role_id);
293  $this->tpl->setVariable('PERM_PERM_ID',$row['perm']['ops_id']);
294 
295 
296  if(substr($row['perm']['operation'],0,6) == 'create')
297  {
298  if ($objDefinition->isPlugin(substr($row['perm']['operation'],7)))
299  {
300  $perm = ilPlugin::lookupTxt("rep_robj", substr($row['perm']['operation'],7),
301  "obj_".substr($row['perm']['operation'],7));
302  }
303  else
304  {
305  $perm = $this->lng->txt('obj_'.substr($row['perm']['operation'],7));
306  }
307  }
308  else
309  {
310  if($this->lng->exists($this->getObjType().'_'.$row['perm']['operation'].'_short'))
311  {
312  $perm = $this->lng->txt($this->getObjType().'_'.$row['perm']['operation'].'_short');
313  }
314  else
315  {
316  $perm = $this->lng->txt($row['perm']['operation']);
317  }
318  }
319 
320  $this->tpl->setVariable('TXT_PERM',$perm);
321 
322  if ($objDefinition->isPlugin($this->getObjType()))
323  {
324  $this->tpl->setVariable('PERM_LONG',ilPlugin::lookupTxt("rep_robj", $this->getObjType(),
325  $this->getObjType()."_".$row['perm']['operation']));
326  }
327  elseif(substr($row['perm']['operation'],0,6) == 'create')
328  {
329  $this->tpl->setVariable('PERM_LONG',$this->lng->txt('rbac_'.$row['perm']['operation']));
330  }
331  else
332  {
333  $this->tpl->setVariable('PERM_LONG',$this->lng->txt($this->getObjType().'_'.$row['perm']['operation']));
334  }
335 
336  if($role_info['protected'])
337  {
338  $this->tpl->setVariable('PERM_DISABLED',$role_info['protected'] ? 'disabled="disabled"' : '');
339  }
340  if($role_info['permission_set'])
341  {
342  $this->tpl->setVariable('PERM_CHECKED','checked="checked"');
343  }
344 
345  $this->tpl->parseCurrentBlock();
346  }
347  }
348 
349 
354  public function parse()
355  {
356  global $rbacreview,$objDefinition;
357 
358  $this->initColumns();
359 
360  $perms = array();
361  $roles = array();
362 
363  if(!count($this->getVisibleRoles()))
364  {
365  return $this->setData(array());
366  }
367 
368  // Read operations of role
369  $operations = array();
370  foreach($this->getVisibleRoles() as $role_data)
371  {
372  $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
373  }
374 
375  $counter = 0;
376 
377  $rolf = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
378 
379  // Local policy
380  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
381  {
382  $roles = array();
383  $local_roles = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
384  $local_roles = $rbacreview->getRolesOfRoleFolder($local_roles);
385  foreach($this->getVisibleRoles() as $role_id => $role_data)
386  {
387  $roles[$role_data['obj_id']] = array(
388  'protected' => $role_data['protected'],
389  'local_policy' => in_array($role_data['obj_id'],$local_roles),
390  'isLocal' => ($rolf == $role_data['parent']) && $role_data['assign'] == 'y'
391  );
392  }
393  $perms[$counter]['roles'] = $roles;
394  $perms[$counter]['show_local_policy_row'] = 1;
395 
396  $counter++;
397  }
398 
399  // Protect permissions
400  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
401  {
402  $roles = array();
403  foreach($this->getVisibleRoles() as $role_id => $role_data)
404  {
405  $roles[$role_data['obj_id']] = array(
406  'protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'],$rolf),
407  'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id'])
408  );
409  }
410  $perms[$counter]['roles'] = $roles;
411  $perms[$counter]['show_protected_row'] = 1;
412 
413  $counter++;
414  }
415  // Block role
416  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
417  {
418  $perms[$counter++]['show_block_row'] = 1;
419  }
420 
421 
422  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
423  {
424  $perms[$counter++]['show_start_info'] = true;
425  }
426 
427  // no creation permissions
428  $no_creation_operations = array();
429  foreach($rbacreview->getOperationsByTypeAndClass($this->getObjType(),'object') as $operation)
430  {
431  $this->addActiveOperation($operation);
432  $no_creation_operations[] = $operation;
433 
434  $roles = array();
435  foreach($this->getVisibleRoles() as $role_data)
436  {
437 
438  $roles[$role_data['obj_id']] =
439  array(
440  'protected' => $role_data['protected'],
441  'permission_set' => in_array($operation,(array) $operations[$role_data['obj_id']])
442  );
443  }
444 
445  $op = $rbacreview->getOperation($operation);
446 
447  $perms[$counter]['roles'] = $roles;
448  $perms[$counter]['perm'] = $op;
449  $counter++;
450 
451  }
452 
453  /*
454  * Select all
455  */
456  if($no_creation_operations)
457  {
458  $perms[$counter]['show_select_all'] = 1;
459  $perms[$counter]['ops'] = $no_creation_operations;
460  $perms[$counter]['subtype'] = 'nocreation';
461  $counter++;
462  }
463 
464 
465  if($objDefinition->isContainer($this->getObjType()))
466  {
467  $perms[$counter++]['show_create_info'] = true;
468  }
469 
470  // Get creatable objects
471  $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
472  $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
473  $creation_operations = array();
474  foreach($objects as $type => $info)
475  {
476  $ops_id = $ops_ids[$type];
477 
478  if(!$ops_id)
479  {
480  continue;
481  }
482 
483  $this->addActiveOperation($ops_id);
484  $creation_operations[] = $ops_id;
485 
486  $roles = array();
487  foreach($this->getVisibleRoles() as $role_data)
488  {
489  $roles[$role_data['obj_id']] =
490  array(
491  'protected' => $role_data['protected'],
492  'permission_set' => in_array($ops_id,(array) $operations[$role_data['obj_id']])
493  );
494  }
495 
496  $op = $rbacreview->getOperation($ops_id);
497 
498  $perms[$counter]['roles'] = $roles;
499  $perms[$counter]['perm'] = $op;
500  $counter++;
501 
502  }
503 
504 
505 
506  // Select all
507  if(count($creation_operations))
508  {
509  $perms[$counter]['show_select_all'] = 1;
510  $perms[$counter]['ops'] = $creation_operations;
511  $perms[$counter]['subtype'] = 'creation';
512  $counter++;
513  }
514 
515  $this->setData($perms);
516  }
517 
522  protected function initColumns()
523  {
524  global $rbacreview,$ilCtrl;
525 
526  $roles = $rbacreview->getParentRoleIds($this->getRefId());
527  $roles = $this->getParentObject()->applyRoleFilter(
528  $roles,
529  $this->getFilterItemByPostVar('role')->getValue()
530  );
531 
532  if(count($roles))
533  {
534  $column_width = 100/count($roles);
535  $column_width .= '%';
536  }
537  else
538  {
539  $column_widht = "0%";
540  }
541 
542  $all_roles = array();
543  foreach($roles as $role)
544  {
545  if($role['obj_id'] == SYSTEM_ROLE_ID)
546  {
547  continue;
548  }
549 
550  $role['role_type'] = $rbacreview->isGlobalRole($role['obj_id']) ? 'global' : 'local';
551 
552  // TODO check filter
553  $this->addColumn(
554  $this->createTitle($role),
555  $role['obj_id'],
556  '',
557  '',
558  false,
559  $this->createTooltip($role)
560  );
561  $all_roles[] = $role;
562  }
563 
564  $this->setVisibleRoles($all_roles);
565  return true;
566  }
567 
573  protected function createTooltip($role)
574  {
575  global $rbacreview,$tree;
576 
577  #vd($role);
578  $protected_status = $rbacreview->isProtected($role['parent'], $role['obj_id']) ? 'protected_' : '';
579  if($role['role_type'] == 'global')
580  {
581  $tp = $this->lng->txt('perm_'.$protected_status.'global_role');
582  }
583  else
584  {
585  $tp = $this->lng->txt('perm_'.$protected_status.'local_role');
586  }
587 
588  $inheritance_seperator = ': ';
589 
590  // Show create at info
591  if(
592  ($role['assign'] == 'y' and $role['role_type'] != 'global') or
593  ($role['assign'] == 'n' and $role['role_type'] != 'global')
594  )
595  {
596  $tp .= ': ';
597 
598  $obj = $rbacreview->getObjectOfRole($role['obj_id']);
599  if($obj)
600  {
601  $tp .= sprintf(
602  $this->lng->txt('perm_role_path_info_created'),
603  $this->lng->txt('obj_'.ilObject::_lookupType($obj)),ilObject::_lookupTitle($obj)
604  );
605  $inheritance_seperator = ', ';
606  }
607  }
608 
609  $path_hierarchy = $rbacreview->getObjectsWithStopedInheritance(
610  $role['obj_id'],
611  $tree->getPathId($this->getRefId())
612  );
613 
614  $reduced_path_hierarchy = (array) array_diff(
615  $path_hierarchy,
616  array(
617  $this->getRefId(),
618  $rbacreview->getObjectReferenceOfRole($role['obj_id'])
619  )
620  );
621 
622 
623  // Inheritance
624  if($role['assign'] == 'n' and count($reduced_path_hierarchy))
625  {
626  $tp .= $inheritance_seperator;
627 
628  $parent = end($reduced_path_hierarchy);
629  $p_type = ilObject::_lookupType(ilObject::_lookupObjId($parent));
630  $p_title = ilObject::_lookupTitle(ilObject::_lookupObjId($parent));
631  $tp .= sprintf($this->lng->txt('perm_role_path_info_inheritance'),$this->lng->txt('obj_'.$p_type),$p_title);
632  }
633 
634  return $tp;
635  }
636 
642  protected function createTitle($role)
643  {
644  global $ilCtrl;
645 
646  include_once './Services/AccessControl/classes/class.ilObjRole.php';
647  $role['title'] = ilObjRole::_getTranslation($role['title']);
648 
649  // No local policies
650  if($role['parent'] != $this->getRoleFolderId())
651  {
652  return $role['title'];
653  }
654  $ilCtrl->setParameterByClass('ilobjrolegui', 'rolf_ref_id', $this->getRoleFolderId());
655  $ilCtrl->setParameterByClass('ilobjrolegui', 'obj_id', $role['obj_id']);
656 
657  return '<a class="tblheader" href="'.$ilCtrl->getLinkTargetByClass('ilobjrolegui','').'" >'.$role['title'].'</a>';
658  }
659 }
660 ?>