ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once "./Services/Object/classes/class.ilObjectGUI.php";
5 include_once './Services/AccessControl/classes/class.ilObjRole.php';
6 
19 class ilObjRoleGUI extends ilObjectGUI
20 {
21  const MODE_GLOBAL_UPDATE = 1;
22  const MODE_GLOBAL_CREATE = 2;
23  const MODE_LOCAL_UPDATE = 3;
24  const MODE_LOCAL_CREATE = 4;
25 
31  var $type;
32 
38  var $rolf_ref_id;
39 
40  protected $obj_ref_id = 0;
41  protected $obj_obj_id = 0;
42  protected $obj_obj_type = '';
43  protected $container_type = '';
44 
45 
46  var $ctrl;
47 
52  function __construct($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
53  {
54  global $tree,$lng;
55 
56  $lng->loadLanguageModule('rbac');
57 
58  //TODO: move this to class.ilias.php
59  define("USER_FOLDER_ID",7);
60 
61  if($_GET['rolf_ref_id'] != '')
62  {
63  $this->rolf_ref_id = $_GET['rolf_ref_id'];
64  }
65  else
66  {
67  $this->rolf_ref_id = $_GET['ref_id'];
68  }
69  // Add ref_id of object that contains this role folder
70  $this->obj_ref_id = $tree->getParentId($this->rolf_ref_id);
71  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
72  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
73 
74  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
75 
76  $this->type = "role";
77  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,false);
78  $this->ctrl->saveParameter($this, array("obj_id", "rolf_ref_id"));
79  }
80 
81 
82  function &executeCommand()
83  {
84  global $rbacsystem;
85 
86  $this->prepareOutput();
87 
88  $next_class = $this->ctrl->getNextClass($this);
89  $cmd = $this->ctrl->getCmd();
90 
91  switch($next_class)
92  {
93  case 'ilrepositorysearchgui':
94  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
95  $rep_search =& new ilRepositorySearchGUI();
96  $rep_search->setTitle($this->lng->txt('role_add_user'));
97  $rep_search->setCallback($this,'addUserObject');
98 
99  // Set tabs
100  $this->tabs_gui->setTabActive('user_assignment');
101  $this->ctrl->setReturn($this,'userassignment');
102  $ret =& $this->ctrl->forwardCommand($rep_search);
103  break;
104 
105  case 'ilexportgui':
106 
107  $this->tabs_gui->setTabActive('export');
108 
109  include_once './Services/Export/classes/class.ilExportOptions.php';
110  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
111  $eo->addOption(ilExportOptions::KEY_ROOT,0,$this->object->getId(),$this->rolf_ref_id);
112 
113  include_once './Services/Export/classes/class.ilExportGUI.php';
114  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
115  $exp->addFormat('xml');
116  $this->ctrl->forwardCommand($exp);
117  break;
118 
119  default:
120  if(!$cmd)
121  {
122  if($this->showDefaultPermissionSettings())
123  {
124  $cmd = "perm";
125  }
126  else
127  {
128  $cmd = 'userassignment';
129  }
130  }
131  $cmd .= "Object";
132  $this->$cmd();
133 
134  break;
135  }
136 
137  return true;
138  }
139 
144  public function getParentRefId()
145  {
146  return $this->obj_ref_id;
147  }
148 
153  public function getParentObjId()
154  {
155  return $this->obj_obj_id;
156  }
157 
162  public function getParentType()
163  {
164  return $this->obj_obj_type;
165  }
166 
170  function setBackTarget($a_text, $a_link)
171  {
172  $this->back_target = array("text" => $a_text,
173  "link" => $a_link);
174  }
175 
176  public function getBackTarget()
177  {
178  return $this->back_target ? $this->back_target : array();
179  }
180 
184  function getAdminTabs(&$tabs_gui)
185  {
186  $this->getTabs($tabs_gui);
187  }
188 
193  protected function getContainerType()
194  {
195  return $this->container_type;
196  }
197 
202  protected function showDefaultPermissionSettings()
203  {
204  global $objDefinition;
205 
206  return $objDefinition->isContainer($this->getContainerType());
207  }
208 
209 
210  function listDesktopItemsObject()
211  {
212  global $rbacsystem,$rbacreview,$tree;
213 
214 
215  #if(!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
216  /*
217  if(!$this->checkAccess('edit_permission'))
218  {
219  ilUtil::sendFailure()
220  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
221  }
222  */
223  if(!$rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id) &&
224  $this->rolf_ref_id != ROLE_FOLDER_ID)
225  {
226  ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
227  return true;
228  }
229 
230 
231  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
232  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
233 
234  if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
235  {
236  $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
237  }
238  if(!count($items = $role_desk_item_obj->getAll()))
239  {
240  ilUtil::sendInfo($this->lng->txt('role_desk_none_created'));
241  return true;
242  }
243  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_list.html", "Services/AccessControl");
244  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
245  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.png'));
246  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
247  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
248  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
249  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
250  $this->tpl->setVariable("IMG_ARROW",ilUtil::getImagePath('arrow_downright.png'));
251 
252  $counter = 0;
253 
254  foreach($items as $role_item_id => $item)
255  {
256  $tmp_obj = ilObjectFactory::getInstanceByRefId($item['item_id']);
257 
258  if(strlen($desc = $tmp_obj->getDescription()))
259  {
260  $this->tpl->setCurrentBlock("description");
261  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
262  $this->tpl->parseCurrentBlock();
263  }
264  $this->tpl->setCurrentBlock("desk_row");
265  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
266  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
267  $this->tpl->setVariable("CHECK_DESK",ilUtil::formCheckBox(0,'del_desk_item[]',$role_item_id));
268  $this->tpl->setVariable("TXT_PATH",$this->lng->txt('path').':');
269  $this->tpl->setVariable("PATH",$this->__formatPath($tree->getPathFull($item['item_id'])));
270  $this->tpl->parseCurrentBlock();
271  }
272 
273  return true;
274  }
275 
276  function askDeleteDesktopItemObject()
277  {
278  global $rbacsystem;
279 
280 
281  #if(!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
282  if(!$this->checkAccess('edit_permission'))
283  {
284  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
285  }
286  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
287  {
288  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
289  }
290  if(!count($_POST['del_desk_item']))
291  {
292  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
293 
294  $this->listDesktopItemsObject();
295 
296  return true;
297  }
298  ilUtil::sendQuestion($this->lng->txt('role_sure_delete_desk_items'));
299 
300  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_ask_delete_desktop_item.html", "Services/AccessControl");
301  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
302  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.png'));
303  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
304  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
305  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
306  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
307  $this->tpl->setVariable("BTN_CANCEL",$this->lng->txt('cancel'));
308 
309  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
310 
311  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
312 
313  $counter = 0;
314 
315  foreach($_POST['del_desk_item'] as $role_item_id)
316  {
317  $item_data = $role_desk_item_obj->getItem($role_item_id);
318  $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
319 
320  if(strlen($desc = $tmp_obj->getDescription()))
321  {
322  $this->tpl->setCurrentBlock("description");
323  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
324  $this->tpl->parseCurrentBlock();
325  }
326  $this->tpl->setCurrentBlock("desk_row");
327  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
328  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
329  $this->tpl->parseCurrentBlock();
330  }
331 
332  $_SESSION['role_del_desk_items'] = $_POST['del_desk_item'];
333 
334  return true;
335  }
336 
337  function deleteDesktopItemsObject()
338  {
339  global $rbacsystem;
340 
341  #if (!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
342  if(!$this->checkAccess('edit_permission'))
343  {
344  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
345  }
346 
347  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
348  {
349  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
350  }
351 
352  if (!count($_SESSION['role_del_desk_items']))
353  {
354  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
355 
356  $this->listDesktopItemsObject();
357 
358  return true;
359  }
360 
361  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
362 
363  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
364 
365  foreach ($_SESSION['role_del_desk_items'] as $role_item_id)
366  {
367  $role_desk_item_obj->delete($role_item_id);
368  }
369 
370  ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
371  $this->listDesktopItemsObject();
372 
373  return true;
374  }
375 
376 
377  function selectDesktopItemObject()
378  {
379  global $rbacsystem,$tree;
380 
381  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
382  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
383 
384  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
385  {
386  #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
387  ilUtil::sendFailure($this->lng->txt('permission_denied'));
388  $this->listDesktopItemsObject();
389  return false;
390  }
391 
392  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
393  $this->__showButton('listDesktopItems',$this->lng->txt('back'));
394 
395  ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
396 
397  $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
398  new ilRoleDesktopItem($this->object->getId()));
399  $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
400  $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
401 
402  $exp->setOutput(0);
403 
404  $output = $exp->getOutput();
405  $this->tpl->setVariable("EXPLORER",$output);
406  //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
407 
408  return true;
409  }
410 
411  function assignDesktopItemObject()
412  {
413  global $rbacsystem;
414 
415  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
416  {
417  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
418  return false;
419  }
420 
421 
422  if (!isset($_GET['item_id']))
423  {
424  ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
425  $this->selectDesktopItemObject();
426 
427  return false;
428  }
429 
430  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
431 
432  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
433  $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
434 
435  ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
436 
437  $this->ctrl->redirect($this,'listDesktopItems');
438  return true;
439  }
440 
446  protected function initFormRoleProperties($a_mode)
447  {
448  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
449  $this->form = new ilPropertyFormGUI();
450 
451  if($this->creation_mode)
452  {
453  $this->ctrl->setParameter($this, "new_type", 'role');
454  }
455  $this->form->setFormAction($this->ctrl->getFormAction($this));
456 
457  switch($a_mode)
458  {
459  case self::MODE_GLOBAL_CREATE:
460  $this->form->setTitle($this->lng->txt('role_new'));
461  $this->form->addCommandButton('save',$this->lng->txt('role_new'));
462  break;
463 
464  case self::MODE_GLOBAL_UPDATE:
465  $this->form->setTitle($this->lng->txt('role_edit'));
466  $this->form->addCommandButton('update', $this->lng->txt('save'));
467  break;
468 
469  case self::MODE_LOCAL_CREATE:
470  case self::MODE_LOCAL_UPDATE:
471  }
472  // Fix cancel
473  $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
474 
475  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
476  if(ilObjRole::isAutoGenerated($this->object->getId()))
477  {
478  $title->setDisabled(true);
479  }
480  $title->setValidationRegexp('/^(?!il_).*$/');
481  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
482  $title->setSize(40);
483  $title->setMaxLength(70);
484  $title->setRequired(true);
485  $this->form->addItem($title);
486 
487  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
488  if(ilObjRole::isAutoGenerated($this->object->getId()))
489  {
490  $desc->setDisabled(true);
491  }
492  $desc->setCols(40);
493  $desc->setRows(3);
494  $this->form->addItem($desc);
495 
496  if($this->rolf_ref_id == ROLE_FOLDER_ID)
497  {
498  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'),'reg');
499  $reg->setValue(1);
500  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
501  $this->form->addItem($reg);
502 
503  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'),'la');
504  $la->setValue(1);
505  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
506  $this->form->addItem($la);
507  }
508 
509  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
510  $pro->setValue(1);
511  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
512  $this->form->addItem($pro);
513 
514  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
515  if(ilDiskQuotaActivationChecker::_isActive())
516  {
517  $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'),'disk_quota');
518  $quo->setMinValue(0);
519  $quo->setSize(4);
520  $quo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
521  $this->form->addItem($quo);
522  }
523  if(ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive())
524  {
525  $this->lng->loadLanguageModule("file");
526  $wquo = new ilNumberInputGUI($this->lng->txt('personal_workspace_disk_quota'),'wsp_disk_quota');
527  $wquo->setMinValue(0);
528  $wquo->setSize(4);
529  $wquo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
530  $this->form->addItem($wquo);
531  }
532 
533  return true;
534  }
535 
541  protected function loadRoleProperties(ilObjRole $role)
542  {
543  $role->setTitle($this->form->getInput('title'));
544  $role->setDescription($this->form->getInput('desc'));
545  $role->setAllowRegister($this->form->getInput('reg'));
546  $role->toggleAssignUsersStatus($this->form->getInput('la'));
547  $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
548  $role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
549  return true;
550  }
551 
557  protected function readRoleProperties(ilObjRole $role)
558  {
559  global $rbacreview;
560 
561  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
562 
563  $data['title'] = $role->getTitle();
564  $data['desc'] = $role->getDescription();
565  $data['reg'] = $role->getAllowRegister();
566  $data['la'] = $role->getAssignUsersStatus();
567  if(ilDiskQuotaActivationChecker::_isActive())
568  {
569  $data['disk_quota'] = $role->getDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
570  }
571  if(ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive())
572  {
573  $data['wsp_disk_quota'] = $role->getPersonalWorkspaceDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
574  }
575  $data['pro'] = $rbacreview->isProtected($this->rolf_ref_id, $role->getId());
576 
577  $this->form->setValuesByArray($data);
578  }
579 
580 
581 
582 
588  public function createObject()
589  {
590  global $rbacsystem;
591 
592  if(!$rbacsystem->checkAccess('create_role',$this->rolf_ref_id))
593  {
594  $ilErr->raiseError($this->lng->txt('permission_denied'),$ilErr->MESSAGE);
595  }
596 
597  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
598  $this->tpl->setContent($this->form->getHTML());
599  }
600 
605  public function editObject()
606  {
607  global $rbacsystem, $rbacreview, $ilSetting,$ilErr;
608 
609  if(!$this->checkAccess('write','edit_permission'))
610  {
611  $ilErr->raiseError($this->lng->txt("msg_no_perm_write"),$ilErr->MESSAGE);
612  }
613  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
614  $this->readRoleProperties($this->object);
615  $this->tpl->setContent($this->form->getHTML());
616  }
617 
618 
623  public function saveObject()
624  {
625  global $rbacadmin,$rbacreview;
626 
627  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
628  if($this->form->checkInput() and !$this->checkDuplicate())
629  {
630  include_once './Services/AccessControl/classes/class.ilObjRole.php';
631  $this->loadRoleProperties($this->role = new ilObjRole());
632  $this->role->create();
633  $rbacadmin->assignRoleToFolder($this->role->getId(), $this->rolf_ref_id,'y');
634  $rbacadmin->setProtected(
635  $this->rolf_ref_id,
636  $this->role->getId(),
637  $this->form->getInput('pro') ? 'y' : 'n'
638  );
639  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
640  $this->ctrl->setParameter($this,'obj_id',$this->role->getId());
641  $this->ctrl->redirect($this,'perm');
642  }
643 
644  ilUtil::sendFailure($this->lng->txt('err_check_input'));
645  $this->form->setValuesByPost();
646  $this->tpl->setContent($this->form->getHTML());
647  return false;
648  }
649 
654  protected function checkDuplicate($a_role_id = 0)
655  {
656  // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
657  return FALSE;
658  }
659 
664  public function updateObject()
665  {
666  global $rbacadmin;
667 
668  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
669  if($this->form->checkInput() and !$this->checkDuplicate($this->object->getId()))
670  {
671  include_once './Services/AccessControl/classes/class.ilObjRole.php';
672  $this->loadRoleProperties($this->object);
673  $this->object->update();
674  $rbacadmin->setProtected(
675  $this->rolf_ref_id,
676  $this->object->getId(),
677  $this->form->getInput('pro') ? 'y' : 'n'
678  );
679  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
680  $this->ctrl->redirect($this,'edit');
681  }
682 
683  ilUtil::sendFailure($this->lng->txt('err_check_input'));
684  $this->form->setValuesByPost();
685  $this->tpl->setContent($this->form->getHTML());
686  return false;
687  }
688 
693  protected function permObject($a_show_admin_permissions = false)
694  {
695  global $ilTabs, $ilErr, $ilToolbar, $objDefinition,$rbacreview;
696 
697  $ilTabs->setTabActive('default_perm_settings');
698 
699  $this->setSubTabs('default_perm_settings');
700 
701  if($a_show_admin_permissions)
702  {
703  $ilTabs->setSubTabActive('rbac_admin_permissions');
704  }
705  else
706  {
707  $ilTabs->setSubTabActive('rbac_repository_permissions');
708  }
709 
710  if(!$this->checkAccess('write','edit_permission'))
711  {
712  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->MESSAGE);
713  return true;
714  }
715 
716  // Show copy role button
717  if($this->object->getId() != SYSTEM_ROLE_ID)
718  {
719  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
720  $ilToolbar->addButton(
721  $this->lng->txt("adopt_perm_from_template"),
722  $this->ctrl->getLinkTarget($this,'adoptPerm')
723  );
724  if($rbacreview->isDeleteable($this->object->getId(), $this->rolf_ref_id))
725  {
726  $ilToolbar->addButton(
727  $this->lng->txt('rbac_delete_role'),
728  $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
729  );
730  }
731  }
732 
733  $this->tpl->addBlockFile(
734  'ADM_CONTENT',
735  'adm_content',
736  'tpl.rbac_template_permissions.html',
737  'Services/AccessControl'
738  );
739 
740  $this->tpl->setVariable('PERM_ACTION',$this->ctrl->getFormAction($this));
741 
742  include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
743  $acc = new ilAccordionGUI();
744  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
745  $acc->setId('template_perm_'.$this->getParentRefId());
746 
747  if($this->rolf_ref_id == ROLE_FOLDER_ID)
748  {
749  if($a_show_admin_permissions)
750  {
751  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
752  }
753  else
754  {
755  $subs = $objDefinition->getSubObjectsRecursively('root',true,$a_show_admin_permissions);
756  }
757  }
758  else
759  {
760  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,$a_show_admin_permissions);
761  }
762 
763  $sorted = array();
764  foreach($subs as $subtype => $def)
765  {
766  if($objDefinition->isPlugin($subtype))
767  {
768  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
769  }
770  elseif($objDefinition->isSystemObject($subtype))
771  {
772  $translation = $this->lng->txt("obj_".$subtype);
773  }
774  else
775  {
776  $translation = $this->lng->txt('objs_'.$subtype);
777  }
778 
779  $sorted[$subtype] = $def;
780  $sorted[$subtype]['translation'] = $translation;
781  }
782 
783 
784  $sorted = ilUtil::sortArray($sorted, 'translation','asc',true,true);
785  foreach($sorted as $subtype => $def)
786  {
787  if($objDefinition->isPlugin($subtype))
788  {
789  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
790  }
791  elseif($objDefinition->isSystemObject($subtype))
792  {
793  $translation = $this->lng->txt("obj_".$subtype);
794  }
795  else
796  {
797  $translation = $this->lng->txt('objs_'.$subtype);
798  }
799 
800  include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
801  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
802  $this,
803  'perm',
804  $this->getParentRefId(),
805  $this->object->getId(),
806  $subtype,
807  $a_show_admin_permissions
808  );
809  $tbl->parse();
810 
811  $acc->addItem($translation, $tbl->getHTML());
812  }
813 
814  $this->tpl->setVariable('ACCORDION',$acc->getHTML());
815 
816  // Add options table
817  include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
818  $options = new ilObjectRoleTemplateOptionsTableGUI(
819  $this,
820  'perm',
821  $this->rolf_ref_id,
822  $this->object->getId(),
823  $a_show_admin_permissions
824  );
825  if($this->object->getId() != SYSTEM_ROLE_ID)
826  {
827  $options->addMultiCommand(
828  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
829  $this->lng->txt('save')
830  );
831  }
832 
833  $options->parse();
834  $this->tpl->setVariable('OPTIONS_TABLE',$options->getHTML());
835  }
836 
841  protected function adminPermObject()
842  {
843  return $this->permObject(true);
844  }
845 
850  protected function adminPermSaveObject()
851  {
852  return $this->permSaveObject(true);
853  }
854 
855  protected function adoptPermObject()
856  {
857  global $rbacreview;
858 
859  $output = array();
860 
861  $parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id,true);
862  $ids = array();
863  foreach($parent_role_ids as $id => $tmp)
864  {
865  $ids[] = $id;
866  }
867 
868  // Sort ids
869  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
870  $key = 0;
871  foreach($sorted_ids as $id)
872  {
873  $par = $parent_role_ids[$id];
874  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"])
875  {
876  $radio = ilUtil::formRadioButton(0,"adopt",$par["obj_id"]);
877  $output["adopt"][$key]["css_row_adopt"] = ($key % 2 == 0) ? "tblrow1" : "tblrow2";
878  $output["adopt"][$key]["check_adopt"] = $radio;
879  $output["adopt"][$key]["role_id"] = $par["obj_id"];
880  $output["adopt"][$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
881  $output["adopt"][$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
882  $output["adopt"][$key]["role_desc"] = $par["desc"];
883  $key++;
884  }
885  }
886 
887  $output["formaction_adopt"] = $this->ctrl->getFormAction($this);
888  $output["message_middle"] = $this->lng->txt("adopt_perm_from_template");
889 
890 
891  $tpl = new ilTemplate("tpl.adm_copy_role.html", true, true, "Services/AccessControl");
892 
893  $tpl->setCurrentBlock("ADOPT_PERM_ROW");
894  foreach ($output["adopt"] as $key => $value)
895  {
896  $tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]);
897  $tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]);
898  $tpl->setVariable("LABEL_ID",$value["role_id"]);
899  $tpl->setVariable("TYPE",$value["type"]);
900  $tpl->setVariable("ROLE_NAME",$value["role_name"]);
901  if(strlen($value['role_desc']))
902  {
903  $tpl->setVariable('ROLE_DESC',$value['role_desc']);
904  }
905  $tpl->parseCurrentBlock();
906  }
907 
908  $tpl->setVariable("TPLPATH",$this->tpl->tplPath);
909  $tpl->setVariable("MESSAGE_MIDDLE",$output["message_middle"]);
910  $tpl->setVariable("FORMACTION_ADOPT",$output["formaction_adopt"]);
911  $tpl->setVariable("ADOPT",$this->lng->txt('copy'));
912  $tpl->setVariable("CANCEL",$this->lng->txt('cancel'));
913 
914  $tpl->setVariable('HEAD_ROLE',$this->lng->txt('title'));
915  $tpl->setVariable('HEAD_TYPE',$this->lng->txt('type'));
916 
917  $this->tpl->setContent($tpl->get());
918  }
919 
924  protected function confirmDeleteRoleObject()
925  {
926  global $ilErr,$rbacreview,$ilUser;
927 
928  $access = $this->checkAccess('visible,write','edit_permission');
929  if (!$access)
930  {
931  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
932  }
933 
934  $question = $this->lng->txt('rbac_role_delete_qst');
935  if($rbacreview->isAssigned($ilUser->getId(), $this->object->getId()))
936  {
937  $question .= ('<br />'.$this->lng->txt('rbac_role_delete_self'));
938  }
939  ilUtil::sendQuestion($question);
940 
941  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
942 
943  $confirm = new ilConfirmationGUI();
944  $confirm->setFormAction($this->ctrl->getFormAction($this));
945  $confirm->setHeaderText($question);
946  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
947  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
948 
949  $confirm->addItem(
950  'role',
951  $this->object->getId(),
952  $this->object->getTitle(),
953  ilUtil::getImagePath('icon_role.png')
954  );
955 
956  $this->tpl->setContent($confirm->getHTML());
957  return true;
958  }
959 
960 
965  protected function performDeleteRoleObject()
966  {
967  global $ilErr;
968 
969  $access = $this->checkAccess('visible,write','edit_permission');
970  if (!$access)
971  {
972  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
973  }
974 
975  $this->object->setParent((int) $_GET['rolf_ref_id']);
976  $this->object->delete();
977  ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'),true);
978 
979  $this->ctrl->returnToParent($this);
980  }
981 
987  function permSaveObject($a_show_admin_permissions = false)
988  {
989  global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
990 
991  // for role administration check write of global role folder
992  /*
993  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
994  {
995  $access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
996  }
997  else // for local roles check 'edit permission' of parent object of the local role folder
998  {
999  $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
1000  }
1001  */
1002  $access = $this->checkAccess('visible,write','edit_permission');
1003 
1004  if (!$access)
1005  {
1006  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1007  }
1008 
1009  // rbac log
1010  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1011  $rbac_log_active = ilRbacLog::isActive();
1012  if($rbac_log_active)
1013  {
1014  $rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
1015  }
1016 
1017  // delete all template entries of enabled types
1018  if($this->rolf_ref_id == ROLE_FOLDER_ID)
1019  {
1020  if($a_show_admin_permissions)
1021  {
1022  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
1023  }
1024  else
1025  {
1026  $subs = $objDefinition->getSubObjectsRecursively('root',true,false);
1027  }
1028  }
1029  else
1030  {
1031  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,false);
1032  }
1033 
1034  foreach($subs as $subtype => $def)
1035  {
1036  // Delete per object type
1037  $rbacadmin->deleteRolePermission($this->object->getId(),$this->rolf_ref_id,$subtype);
1038  }
1039 
1040  if (empty($_POST["template_perm"]))
1041  {
1042  $_POST["template_perm"] = array();
1043  }
1044 
1045  foreach ($_POST["template_perm"] as $key => $ops_array)
1046  {
1047  // sets new template permissions
1048  $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
1049  }
1050 
1051  if($rbac_log_active)
1052  {
1053  $rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
1054  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
1055  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
1056  }
1057 
1058  // update object data entry (to update last modification date)
1059  $this->object->update();
1060 
1061  // set protected flag
1062  if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id))
1063  {
1064  $rbacadmin->setProtected($this->rolf_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1065  }
1066 
1067  if($a_show_admin_permissions)
1068  {
1069  $_POST['recursive'] = true;
1070  }
1071 
1072  // Redirect if Change existing objects is not chosen
1073  if(!$_POST['recursive'] and !is_array($_POST['recursive_list']))
1074  {
1075  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1076  if($a_show_admin_permissions)
1077  {
1078  $this->ctrl->redirect($this,'adminPerm');
1079  }
1080  else
1081  {
1082  $this->ctrl->redirect($this,'perm');
1083  }
1084  }
1085  // New implementation
1086  if($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions)
1087  {
1088  $this->showChangeExistingObjectsConfirmation();
1089  return true;
1090  }
1091 
1092  $start = ($this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id));
1093  if($a_show_admin_permissions)
1094  {
1095  $start = $tree->getParentId($this->rolf_ref_id);
1096  }
1097 
1098  if($_POST['protected'])
1099  {
1100  $this->object->changeExistingObjects(
1101  $start,
1102  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1103  array('all'),
1104  array()
1105  #$a_show_admin_permissions ? array('adm') : array()
1106  );
1107  }
1108  else
1109  {
1110  $this->object->changeExistingObjects(
1111  $start,
1112  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1113  array('all'),
1114  array()
1115  #$a_show_admin_permissions ? array('adm') : array()
1116  );
1117  }
1118  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1119 
1120  if($a_show_admin_permissions)
1121  {
1122  $this->ctrl->redirect($this,'adminPerm');
1123  }
1124  else
1125  {
1126  $this->ctrl->redirect($this,'perm');
1127  }
1128  return true;
1129  }
1130 
1131 
1137  function adoptPermSaveObject()
1138  {
1139  global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1140 
1141  if(!$_POST['adopt'])
1142  {
1143  ilUtil::sendFailure($this->lng->txt('select_one'));
1144  $this->adoptPermObject();
1145  return false;
1146  }
1147 
1148  $access = $this->checkAccess('visible,write','edit_permission');
1149  if (!$access)
1150  {
1151  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1152  }
1153 
1154  if ($this->object->getId() == $_POST["adopt"])
1155  {
1156  ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"),true);
1157  }
1158  else
1159  {
1160  $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id);
1161  $parentRoles = $rbacreview->getParentRoleIds($this->rolf_ref_id,true);
1162  $rbacadmin->copyRoleTemplatePermissions(
1163  $_POST["adopt"],
1164  $parentRoles[$_POST["adopt"]]["parent"],
1165  $this->rolf_ref_id,
1166  $this->object->getId(),
1167  false);
1168 
1169  // update object data entry (to update last modification date)
1170  $this->object->update();
1171 
1172  // send info
1173  $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1174  ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1175  $this->lng->txt("msg_perm_adopted_from2"),true);
1176  }
1177 
1178  $this->ctrl->redirect($this, "perm");
1179  }
1180 
1186  function assignSaveObject()
1187  {
1188  $this->assignUserObject();
1189  }
1190 
1191 
1192 
1198  public function addUserObject($a_user_ids)
1199  {
1200  global $rbacreview,$rbacadmin;
1201 
1202  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1203  {
1204  ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'),true);
1205  return false;
1206  }
1207  if(!$rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id) &&
1208  $this->rolf_ref_id != ROLE_FOLDER_ID)
1209  {
1210  ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'),true);
1211  return false;
1212  }
1213  if(!$a_user_ids)
1214  {
1215  $GLOBALS['lng']->loadLanguageModule('search');
1216  ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'),true);
1217  return false;
1218  }
1219 
1220  $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1221 
1222  // users to assign
1223  $assigned_users_new = array_diff($a_user_ids,array_intersect($a_user_ids,$assigned_users_all));
1224 
1225  // selected users all already assigned. stop
1226  if (count($assigned_users_new) == 0)
1227  {
1228  ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"),true);
1229  $this->ctrl->redirect($this,'userassignment');
1230  }
1231 
1232  // assign new users
1233  foreach ($assigned_users_new as $user)
1234  {
1235  $rbacadmin->assignUser($this->object->getId(),$user,false);
1236  }
1237 
1238  // update object data entry (to update last modification date)
1239  $this->object->update();
1240 
1241  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"),true);
1242  $this->ctrl->redirect($this,'userassignment');
1243  }
1244 
1250  function deassignUserObject()
1251  {
1252  global $rbacsystem, $rbacadmin, $rbacreview;
1253 
1254  #if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1255  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1256  {
1257  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1258  }
1259 
1260  $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1261 
1262  if ($selected_users[0]=== NULL)
1263  {
1264  $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1265  }
1266 
1267  // prevent unassignment of system user from system role
1268  if ($this->object->getId() == SYSTEM_ROLE_ID)
1269  {
1270  if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1271  unset($selected_users[$admin]);
1272  }
1273 
1274  // check for each user if the current role is his last global role before deassigning him
1275  $last_role = array();
1276  $global_roles = $rbacreview->getGlobalRoles();
1277 
1278  foreach ($selected_users as $user)
1279  {
1280  $assigned_roles = $rbacreview->assignedRoles($user);
1281  $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1282 
1283  if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1284  {
1285  $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1286  $last_role[$user] = $userObj->getFullName();
1287  unset($userObj);
1288  }
1289  }
1290 
1291 
1292  // ... else perform deassignment
1293  foreach ($selected_users as $user)
1294  {
1295  if(!isset($last_role[$user]))
1296  {
1297  $rbacadmin->deassignUser($this->object->getId(), $user);
1298  }
1299  }
1300 
1301  // update object data entry (to update last modification date)
1302  $this->object->update();
1303 
1304  // raise error if last role was taken from a user...
1305  if(count($last_role))
1306  {
1307  $user_list = implode(", ",$last_role);
1308  ilUtil::sendFailure($this->lng->txt('msg_is_last_role').': '.$user_list.'<br />'.$this->lng->txt('msg_min_one_role'),true);
1309  }
1310  else
1311  {
1312  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1313  }
1314  $this->ctrl->redirect($this,'userassignment');
1315  }
1316 
1317 
1321  function userassignmentObject()
1322  {
1323  global $rbacreview, $rbacsystem, $lng, $ilUser;
1324 
1325  //if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1326  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1327  {
1328  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1329  }
1330 
1331  $this->tabs_gui->setTabActive('user_assignment');
1332 
1333  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.rbac_ua.html','Services/AccessControl');
1334 
1335  include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1336  $tb = new ilToolbarGUI();
1337 
1338  // protected admin role
1339  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1340  if(
1341  $this->object->getId() != SYSTEM_ROLE_ID ||
1342  (
1343  !$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID) or
1344  !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1345  )
1346  )
1347  {
1348 
1349 
1350  // add member
1351  include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1352  ilRepositorySearchGUI::fillAutoCompleteToolbar(
1353  $this,
1354  $tb,
1355  array(
1356  'auto_complete_name' => $lng->txt('user'),
1357  'submit_name' => $lng->txt('add')
1358  )
1359  );
1360 
1361  /*
1362  // add button
1363  $tb->addFormButton($lng->txt("add"), "assignUser");
1364  */
1365  $tb->addSpacer();
1366 
1367  $tb->addButton(
1368  $this->lng->txt('search_user'),
1369  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI','start')
1370  );
1371  $tb->addSpacer();
1372  }
1373 
1374  $tb->addButton(
1375  $this->lng->txt('role_mailto'),
1376  $this->ctrl->getLinkTarget($this,'mailToRole')
1377  );
1378  $this->tpl->setVariable('BUTTONS_UA',$tb->getHTML());
1379 
1380 
1381  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1382  $role_assignment_editable = true;
1383  if(
1384  $this->object->getId() == SYSTEM_ROLE_ID &&
1385  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId()))
1386  {
1387  $role_assignment_editable = false;
1388  }
1389 
1390  include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1391  $ut = new ilAssignedUsersTableGUI($this,'userassignment',$this->object->getId(),$role_assignment_editable);
1392 
1393  $this->tpl->setVariable('TABLE_UA',$ut->getHTML());
1394 
1395  return true;
1396 
1397  }
1398 
1399 
1404  function cancelObject()
1405  {
1406  if ($_GET["new_type"] != "role")
1407  {
1408  $this->ctrl->redirect($this, "userassignment");
1409  }
1410  else
1411  {
1412  $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1413  }
1414  }
1415 
1416 
1417  function listUsersRoleObject()
1418  {
1419  global $rbacsystem,$rbacreview;
1420 
1421  $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1422 
1423  if (!is_array($_POST["role"]))
1424  {
1425  ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1426  $this->searchObject();
1427 
1428  return false;
1429  }
1430 
1431  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1432  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1433 
1434  // GET ALL MEMBERS
1435  $members = array();
1436 
1437  foreach ($_POST["role"] as $role_id)
1438  {
1439  $members = array_merge($rbacreview->assignedUsers($role_id),$members);
1440  }
1441 
1442  $members = array_unique($members);
1443 
1444  // FORMAT USER DATA
1445  $counter = 0;
1446  $f_result = array();
1447 
1448  foreach($members as $user)
1449  {
1450  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
1451  {
1452  continue;
1453  }
1454 
1455  $user_ids[$counter] = $user;
1456 
1457  // TODO: exclude anonymous user
1458  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
1459  $f_result[$counter][] = $tmp_obj->getLogin();
1460  $f_result[$counter][] = $tmp_obj->getFirstname();
1461  $f_result[$counter][] = $tmp_obj->getLastname();
1462 
1463  unset($tmp_obj);
1464  ++$counter;
1465  }
1466 
1467  $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
1468 
1469  return true;
1470  }
1471 
1472 
1473 
1474  function __formatPath($a_path_arr)
1475  {
1476  $counter = 0;
1477 
1478  foreach ($a_path_arr as $data)
1479  {
1480  if ($counter++)
1481  {
1482  $path .= " -> ";
1483  }
1484 
1485  $path .= $data['title'];
1486  }
1487 
1488  if (strlen($path) > 50)
1489  {
1490  return '...'.substr($path,-50);
1491  }
1492 
1493  return $path;
1494  }
1495 
1496  function __prepareOutput()
1497  {
1498  // output objects
1499  $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1500  $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1501 
1502  // output locator
1503  //$this->__setLocator();
1504 
1505  // output message
1506  if ($this->message)
1507  {
1508  ilUtil::sendInfo($this->message);
1509  }
1510 
1511  // display infopanel if something happened
1512  ilUtil::infoPanel();
1513 
1514  // set header
1515  $this->__setHeader();
1516  }
1517 
1518  function __setHeader()
1519  {
1520  $this->tpl->setTitle($this->lng->txt('role'));
1521  $this->tpl->setDescription($this->object->getTitle());
1522  $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.png"));
1523 
1524  $this->getTabs($this->tabs_gui);
1525  }
1526 
1527  function __setLocator()
1528  {
1529  global $tree, $ilCtrl;
1530 
1531  return;
1532 
1533  $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html", "Services/Locator");
1534 
1535  $counter = 0;
1536 
1537  foreach ($tree->getPathFull($this->rolf_ref_id) as $key => $row)
1538  {
1539  if ($counter++)
1540  {
1541  $this->tpl->touchBlock('locator_separator_prefix');
1542  }
1543 
1544  $this->tpl->setCurrentBlock("locator_item");
1545 
1546  if ($row["type"] == 'rolf')
1547  {
1548  $this->tpl->setVariable("ITEM",$this->object->getTitle());
1549  $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
1550  }
1551  elseif ($row["child"] != $tree->getRootId())
1552  {
1553  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1554  $this->tpl->setVariable("ITEM", $row["title"]);
1555  $this->tpl->setVariable("LINK_ITEM",
1556  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1557  }
1558  else
1559  {
1560  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1561  $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
1562  $this->tpl->setVariable("LINK_ITEM",
1563  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1564  }
1565  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $_GET["ref_id"]);
1566 
1567  $this->tpl->parseCurrentBlock();
1568  }
1569 
1570  $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
1571  $this->tpl->parseCurrentBlock();
1572  }
1573 
1578  function addAdminLocatorItems()
1579  {
1580  global $ilLocator;
1581 
1582  if ($_GET["admin_mode"] == "settings"
1583  && $_GET["ref_id"] == ROLE_FOLDER_ID) // system settings
1584  {
1585  parent::addAdminLocatorItems(true);
1586 
1587  $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
1588  ilObject::_lookupObjId($_GET["ref_id"]))),
1589  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
1590 
1591  if ($_GET["obj_id"] > 0)
1592  {
1593  $ilLocator->addItem($this->object->getTitle(),
1594  $this->ctrl->getLinkTarget($this, "view"));
1595  }
1596  }
1597  else // repository administration
1598  {
1599  // ?
1600  }
1601  }
1602 
1603 
1604 
1605 
1606  function getTabs(&$tabs_gui)
1607  {
1608  global $rbacsystem,$rbacreview, $ilHelp;
1609 
1610  $base_role_folder = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1611 
1612 //var_dump($base_role_folder);
1613 //echo "-".$this->rolf_ref_id."-";
1614 
1615  $activate_role_edit = false;
1616 
1617  // todo: activate the following (allow editing of local roles in
1618  // roles administration)
1619  //if (in_array($this->rolf_ref_id,$base_role_folder))
1620  if (in_array($this->rolf_ref_id,$base_role_folder) ||
1621  (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1622  $_GET["admin_mode"] == "settings"))
1623  {
1624  $activate_role_edit = true;
1625  }
1626 
1627  // not so nice (workaround for using tabs in repository)
1628  $tabs_gui->clearTargets();
1629 
1630  $ilHelp->setScreenIdComponent("role");
1631 
1632  if ($this->back_target != "")
1633  {
1634  $tabs_gui->setBackTarget(
1635  $this->back_target["text"],$this->back_target["link"]);
1636  }
1637 
1638  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
1639  {
1640  $tabs_gui->addTarget("edit_properties",
1641  $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
1642  }
1643 /*
1644  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1645  {
1646  $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1647  ? true
1648  : false;
1649  $tabs_gui->addTarget("default_perm_settings",
1650  $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1651  get_class($this),
1652  "", $force_active);
1653  }
1654 */
1655  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1656  {
1657  $tabs_gui->addTarget(
1658  "default_perm_settings",
1659  $this->ctrl->getLinkTarget($this, "perm"), array(),get_class($this)
1660  );
1661  }
1662 
1663  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1664  {
1665  $tabs_gui->addTarget("user_assignment",
1666  $this->ctrl->getLinkTarget($this, "userassignment"),
1667  array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1668  get_class($this));
1669  }
1670 
1671  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1672  {
1673  $tabs_gui->addTarget("desktop_items",
1674  $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1675  array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1676  get_class($this));
1677  }
1678  if($this->checkAccess('write','edit_permission'))
1679  {
1680  $tabs_gui->addTarget(
1681  'export',
1682  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1683  array()
1684  );
1685 
1686  }
1687  }
1688 
1689  function mailToRoleObject()
1690  {
1691  global $rbacreview;
1692 
1693  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1694  if(count($obj_ids) > 1)
1695  {
1696  $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
1697  }
1698  else
1699  {
1700  $_SESSION['mail_roles'][] = $rbacreview->getRoleMailboxAddress($this->object->getId());
1701  }
1702 
1703  require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1704  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1705  ilUtil::redirect($script);
1706  }
1707 
1708  function checkAccess($a_perm_global,$a_perm_obj = '')
1709  {
1710  global $rbacsystem,$ilAccess;
1711 
1712  $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1713 
1714  if($this->rolf_ref_id == ROLE_FOLDER_ID)
1715  {
1716  return $rbacsystem->checkAccess($a_perm_global,$this->rolf_ref_id);
1717  }
1718  else
1719  {
1720  return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
1721  }
1722  }
1723 
1728  protected function isChangeExistingObjectsConfirmationRequired()
1729  {
1730  global $rbacreview;
1731 
1732  if(!(int) $_POST['recursive'] and !is_array($_POST['recursive_list']))
1733  {
1734  return false;
1735  }
1736 
1737  // Role is protected
1738  if($rbacreview->isProtected($this->rolf_ref_id, $this->object->getId()))
1739  {
1740  // TODO: check if recursive_list is enabled
1741  // and if yes: check if inheritance is broken for the relevant object types
1742  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1743  }
1744  else
1745  {
1746  // TODO: check if recursive_list is enabled
1747  // and if yes: check if inheritance is broken for the relevant object types
1748  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1749  }
1750  }
1751 
1756  protected function showChangeExistingObjectsConfirmation()
1757  {
1758  $protected = $_POST['protected'];
1759 
1760  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1761  $form = new ilPropertyFormGUI();
1762  $form->setFormAction($this->ctrl->getFormAction($this,'changeExistingObjects'));
1763  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1764 
1765  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1766  $form->addCommandButton('perm',$this->lng->txt('cancel'));
1767 
1768  $hidden = new ilHiddenInputGUI('type_filter');
1769  $hidden->setValue(
1770  $_POST['recursive'] ?
1771  serialize(array('all')) :
1772  serialize($_POST['recursive_list'])
1773  );
1774  $form->addItem($hidden);
1775 
1776  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'),'mode');
1777 
1778  if($protected)
1779  {
1780  $rad->setValue(ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1781  $keep = new ilRadioOption(
1782  $this->lng->txt('rbac_keep_local_policies'),
1783  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1784  $this->lng->txt('rbac_keep_local_policies_info')
1785  );
1786  }
1787  else
1788  {
1789  $rad->setValue(ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1790  $keep = new ilRadioOption(
1791  $this->lng->txt('rbac_keep_local_policies'),
1792  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1793  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1794  );
1795 
1796  }
1797  $rad->addOption($keep);
1798 
1799  if($protected)
1800  {
1801  $del = new ilRadioOption(
1802  $this->lng->txt('rbac_delete_local_policies'),
1803  ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1804  $this->lng->txt('rbac_delete_local_policies_info')
1805  );
1806  }
1807  else
1808  {
1809  $del = new ilRadioOption(
1810  $this->lng->txt('rbac_delete_local_policies'),
1811  ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1812  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1813  );
1814  }
1815  $rad->addOption($del);
1816 
1817  $form->addItem($rad);
1818  $this->tpl->setContent($form->getHTML());
1819  }
1820 
1825  protected function changeExistingObjectsObject()
1826  {
1827  global $tree,$rbacreview,$rbacadmin;
1828 
1829  $mode = (int) $_POST['mode'];
1830  $start = ($this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id));
1831  $this->object->changeExistingObjects($start,$mode,unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1832 
1833  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1834  $this->ctrl->redirect($this,'perm');
1835  }
1836 
1842  protected function setSubTabs($a_tab)
1843  {
1844  global $ilTabs;
1845 
1846  switch($a_tab)
1847  {
1848  case 'default_perm_settings':
1849  if($this->rolf_ref_id != ROLE_FOLDER_ID)
1850  {
1851  return true;
1852  }
1853  $ilTabs->addSubTabTarget(
1854  'rbac_repository_permissions',
1855  $this->ctrl->getLinkTarget($this,'perm')
1856  );
1857  $ilTabs->addSubTabTarget(
1858  'rbac_admin_permissions',
1859  $this->ctrl->getLinkTarget($this,'adminPerm')
1860  );
1861  }
1862  return true;
1863  }
1864 
1865 
1866 } // END class.ilObjRoleGUI
1867 ?>