ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjectRolePermissionTableGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once ('./Services/Table/classes/class.ilTable2GUI.php');
5 include_once './Services/AccessControl/classes/class.ilPermissionGUI.php';
6 
16 class ilObjectRolePermissionTableGUI extends ilTable2GUI
17 {
18  const ROLE_FILTER_ALL = 1;
19  const ROLE_FILTER_GLOBAL = 2;
20  const ROLE_FILTER_LOCAL = 3;
21  const ROLE_FILTER_LOCAL_POLICY = 4;
22  const ROLE_FILTER_LOCAL_OBJECT = 5;
23 
24  private $ref_id = null;
25  private $roles = array();
26 
27  private $tree_path_ids = array();
28 
29  private $activeOperations = array();
30  private $visible_roles = array();
31 
36  public function __construct($a_parent_obj,$a_parent_cmd, $a_ref_id)
37  {
38  global $ilCtrl,$rbacreview,$tpl,$tree;
39 
40  parent::__construct($a_parent_obj,$a_parent_cmd);
41 
42  $this->lng->loadLanguageModule('rbac');
43 
44  $this->ref_id = $a_ref_id;
45  $this->tree_path_ids = $tree->getPathId($this->ref_id);
46 
47  $this->setId('objroleperm_'.$this->ref_id);
48 
49  $tpl->addJavaScript('./Services/AccessControl/js/ilPermSelect.js');
50 
51  $this->setTitle($this->lng->txt('permission_settings'));
52  $this->setEnableHeader(true);
53  $this->disable('sort');
54  $this->setFormAction($ilCtrl->getFormAction($a_parent_obj, $a_parent_cmd));
55  $this->disable('numinfo');
56  $this->setRowTemplate("tpl.obj_role_perm_row.html", "Services/AccessControl");
57  $this->setLimit(100);
58  $this->setShowRowsSelector(false);
59  $this->setDisableFilterHiding(true);
60  $this->setNoEntriesText($this->lng->txt('msg_no_roles_of_type'));
61 
62  $this->addCommandButton('savePermissions', $this->lng->txt('save'));
63 
64  $this->initFilter();
65  }
66 
67 
72  public function getPathIds()
73  {
74  return (array) $this->tree_path_ids;
75  }
76 
81  public function getRefId()
82  {
83  return $this->ref_id;
84  }
85 
90  public function getObjId()
91  {
92  return ilObject::_lookupObjId($this->getRefId());
93  }
94 
99  public function getObjType()
100  {
101  return ilObject::_lookupType($this->getObjId());
102  }
103 
109  public function addActiveOperation($a_ops_id)
110  {
111  $this->activeOperations[] = $a_ops_id;
112  }
113 
118  public function getActiveOperations()
119  {
120  return (array) $this->activeOperations;
121  }
122 
128  public function setVisibleRoles($a_ar)
129  {
130  $this->visible_roles = $a_ar;
131  }
132 
137  public function getVisibleRoles()
138  {
139  return $this->visible_roles;
140  }
141 
146  public function initFilter()
147  {
148  global $tree;
149 
150  $roles = $this->addFilterItemByMetaType(
151  'role',
152  ilTable2GUI::FILTER_SELECT
153  );
154 
155  // Limit filter to local roles only for objects with group or course in path
156  if(!$roles->getValue())
157  {
158  if ($tree->checkForParentType($this->getRefId(), 'crs') or
159  $tree->checkForParentType($this->getRefId(), 'grp'))
160  {
161  $roles->setValue(self::ROLE_FILTER_LOCAL);
162  }
163  else
164  {
165  $roles->setValue(self::ROLE_FILTER_ALL);
166  }
167  }
168 
169 
170  $roles->setOptions(
171  array(
172  self::ROLE_FILTER_ALL => $this->lng->txt('filter_all_roles'),
173  self::ROLE_FILTER_GLOBAL => $this->lng->txt('filter_global_roles'),
174  self::ROLE_FILTER_LOCAL => $this->lng->txt('filter_local_roles'),
175  self::ROLE_FILTER_LOCAL_POLICY => $this->lng->txt('filter_roles_local_policy'),
176  self::ROLE_FILTER_LOCAL_OBJECT => $this->lng->txt('filter_local_roles_object')
177  )
178  );
179 
180  }
181 
187  public function fillRow($row)
188  {
189  global $objDefinition;
190 
191 
192  // local policy
193  if(isset($row['show_local_policy_row']))
194  {
195  foreach($row['roles'] as $role_id => $role_info)
196  {
197  $this->tpl->setCurrentBlock('role_option');
198  $this->tpl->setVariable('INHERIT_ROLE_ID',$role_id);
199  $this->tpl->setVariable('INHERIT_CHECKED',$role_info['local_policy'] ? 'checked=checked' : '');
200  $this->tpl->setVariable('INHERIT_DISABLED',($role_info['protected'] or $role_info['isLocal']) ? 'disabled="disabled"' : '');
201  $this->tpl->setVariable('TXT_INHERIT',$this->lng->txt('rbac_local_policy'));
202  $this->tpl->setVariable('INHERIT_LONG',$this->lng->txt('perm_use_local_policy_desc'));
203  $this->tpl->parseCurrentBlock();
204  }
205  return true;
206  }
207  // protected
208  if(isset($row['show_protected_row']))
209  {
210  foreach($row['roles'] as $role_id => $role_info)
211  {
212  $this->tpl->setCurrentBlock('role_protect');
213  $this->tpl->setVariable('PROTECT_ROLE_ID',$role_id);
214  $this->tpl->setVariable('PROTECT_CHECKED',$role_info['protected_status'] ? 'checked=checked' : '');
215  $this->tpl->setVariable('PROTECT_DISABLED',$role_info['protected_allowed'] ? '' : 'disabled="disabled"');
216  $this->tpl->setVariable('TXT_PROTECT',$this->lng->txt('role_protect_permissions'));
217  $this->tpl->setVariable('PROTECT_LONG',$this->lng->txt('role_protect_permissions_desc'));
218  $this->tpl->parseCurrentBlock();
219  }
220  return true;
221  }
222 
223  // block role
224  if(isset($row['show_block_row']))
225  {
226  foreach($this->getVisibleRoles() as $counter => $role_info)
227  {
228  $this->tpl->setCurrentBlock('role_block');
229  $this->tpl->setVariable('BLOCK_ROLE_ID',$role_info['obj_id']);
230  $this->tpl->setVariable('TXT_BLOCK',$this->lng->txt('role_block_role'));
231  $this->tpl->setVariable('BLOCK_LONG',$this->lng->txt('role_block_role_desc'));
232  if($role_info['protected'] == 'y')
233  {
234  $this->tpl->setVariable('BLOCK_DISABLED','disabled="disabled');
235  }
236 
237  $this->tpl->parseCurrentBlock();
238  }
239  return true;
240  }
241 
242  // Select all
243  if(isset($row['show_select_all']))
244  {
245  foreach($this->getVisibleRoles() as $role)
246  {
247  $this->tpl->setCurrentBlock('role_select_all');
248  $this->tpl->setVariable('JS_ROLE_ID',$role['obj_id']);
249  $this->tpl->setVariable('JS_SUBID',$row['subtype']);
250  $this->tpl->setVariable('JS_ALL_PERMS',"['".implode("','",$row['ops'])."']");
251  $this->tpl->setVariable('JS_FORM_NAME',$this->getFormName());
252  $this->tpl->setVariable('TXT_SEL_ALL',$this->lng->txt('select_all'));
253  $this->tpl->parseCurrentBlock();
254  }
255  return true;
256  }
257 
258  // Object permissions
259  if(isset($row['show_start_info']))
260  {
261  $this->tpl->setCurrentBlock('section_info');
262  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_object'));
263  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_object_desc'));
264  $this->tpl->parseCurrentBlock();
265 
266  return true;
267  }
268 
269  if(isset($row['show_create_info']))
270  {
271  $this->tpl->setCurrentBlock('section_info');
272  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_create'));
273  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_create_desc'));
274  $this->tpl->parseCurrentBlock();
275 
276  return true;
277  }
278 
279  foreach((array) $row['roles'] as $role_id => $role_info)
280  {
281  $this->tpl->setCurrentBlock('role_td');
282  $this->tpl->setVariable('PERM_ROLE_ID',$role_id);
283  $this->tpl->setVariable('PERM_PERM_ID',$row['perm']['ops_id']);
284 
285 
286  if(substr($row['perm']['operation'],0,6) == 'create')
287  {
288  if ($objDefinition->isPlugin(substr($row['perm']['operation'],7)))
289  {
290  $perm = ilPlugin::lookupTxt("rep_robj", substr($row['perm']['operation'],7),
291  "obj_".substr($row['perm']['operation'],7));
292  }
293  else
294  {
295  $perm = $this->lng->txt('obj_'.substr($row['perm']['operation'],7));
296  }
297  }
298  else
299  {
300  if($this->lng->exists($this->getObjType().'_'.$row['perm']['operation'].'_short'))
301  {
302  $perm = $this->lng->txt($this->getObjType().'_'.$row['perm']['operation'].'_short');
303  }
304  else
305  {
306  $perm = $this->lng->txt($row['perm']['operation']);
307  }
308  }
309 
310  $this->tpl->setVariable('TXT_PERM',$perm);
311 
312  if ($objDefinition->isPlugin($this->getObjType()))
313  {
314  $this->tpl->setVariable('PERM_LONG',ilPlugin::lookupTxt("rep_robj", $this->getObjType(),
315  $this->getObjType()."_".$row['perm']['operation']));
316  }
317  elseif(substr($row['perm']['operation'],0,6) == 'create')
318  {
319  $this->tpl->setVariable('PERM_LONG',$this->lng->txt('rbac_'.$row['perm']['operation']));
320  }
321  else
322  {
323  $this->tpl->setVariable('PERM_LONG',$this->lng->txt($this->getObjType().'_'.$row['perm']['operation']));
324  }
325 
326  if($role_info['protected'])
327  {
328  $this->tpl->setVariable('PERM_DISABLED',$role_info['protected'] ? 'disabled="disabled"' : '');
329  }
330  if($role_info['permission_set'])
331  {
332  $this->tpl->setVariable('PERM_CHECKED','checked="checked"');
333  }
334 
335  $this->tpl->parseCurrentBlock();
336  }
337  }
338 
339 
344  public function parse()
345  {
346  global $rbacreview,$objDefinition;
347 
348  $this->initColumns();
349 
350  $perms = array();
351  $roles = array();
352 
353  if(!count($this->getVisibleRoles()))
354  {
355  return $this->setData(array());
356  }
357 
358  // Read operations of role
359  $operations = array();
360  foreach($this->getVisibleRoles() as $role_data)
361  {
362  $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
363  }
364 
365  $counter = 0;
366 
367  // Local policy
368  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
369  {
370  $roles = array();
371  $local_roles = $rbacreview->getRolesOfObject($this->getRefId());
372  foreach($this->getVisibleRoles() as $role_id => $role_data)
373  {
374  $roles[$role_data['obj_id']] = array(
375  'protected' => $role_data['protected'],
376  'local_policy' => in_array($role_data['obj_id'],$local_roles),
377  'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
378  );
379  }
380  $perms[$counter]['roles'] = $roles;
381  $perms[$counter]['show_local_policy_row'] = 1;
382 
383  $counter++;
384  }
385 
386  // Protect permissions
387  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
388  {
389  $roles = array();
390  foreach($this->getVisibleRoles() as $role_id => $role_data)
391  {
392  $roles[$role_data['obj_id']] = array(
393  'protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'],$this->getRefId()),
394  'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id'])
395  );
396  }
397  $perms[$counter]['roles'] = $roles;
398  $perms[$counter]['show_protected_row'] = 1;
399 
400  $counter++;
401  }
402  // Block role
403  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
404  {
405  $perms[$counter++]['show_block_row'] = 1;
406  }
407 
408 
409  if(ilPermissionGUI::hasContainerCommands($this->getObjType()))
410  {
411  $perms[$counter++]['show_start_info'] = true;
412  }
413 
414  // no creation permissions
415  $no_creation_operations = array();
416  foreach($rbacreview->getOperationsByTypeAndClass($this->getObjType(),'object') as $operation)
417  {
418  $this->addActiveOperation($operation);
419  $no_creation_operations[] = $operation;
420 
421  $roles = array();
422  foreach($this->getVisibleRoles() as $role_data)
423  {
424 
425  $roles[$role_data['obj_id']] =
426  array(
427  'protected' => $role_data['protected'],
428  'permission_set' => in_array($operation,(array) $operations[$role_data['obj_id']])
429  );
430  }
431 
432  $op = $rbacreview->getOperation($operation);
433 
434  $perms[$counter]['roles'] = $roles;
435  $perms[$counter]['perm'] = $op;
436  $counter++;
437 
438  }
439 
440  /*
441  * Select all
442  */
443  if($no_creation_operations)
444  {
445  $perms[$counter]['show_select_all'] = 1;
446  $perms[$counter]['ops'] = $no_creation_operations;
447  $perms[$counter]['subtype'] = 'nocreation';
448  $counter++;
449  }
450 
451 
452  if($objDefinition->isContainer($this->getObjType()))
453  {
454  $perms[$counter++]['show_create_info'] = true;
455  }
456 
457  // Get creatable objects
458  $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
459  $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
460  $creation_operations = array();
461  foreach($objects as $type => $info)
462  {
463  $ops_id = $ops_ids[$type];
464 
465  if(!$ops_id)
466  {
467  continue;
468  }
469 
470  $this->addActiveOperation($ops_id);
471  $creation_operations[] = $ops_id;
472 
473  $roles = array();
474  foreach($this->getVisibleRoles() as $role_data)
475  {
476  $roles[$role_data['obj_id']] =
477  array(
478  'protected' => $role_data['protected'],
479  'permission_set' => in_array($ops_id,(array) $operations[$role_data['obj_id']])
480  );
481  }
482 
483  $op = $rbacreview->getOperation($ops_id);
484 
485  $perms[$counter]['roles'] = $roles;
486  $perms[$counter]['perm'] = $op;
487  $counter++;
488 
489  }
490 
491 
492 
493  // Select all
494  if(count($creation_operations))
495  {
496  $perms[$counter]['show_select_all'] = 1;
497  $perms[$counter]['ops'] = $creation_operations;
498  $perms[$counter]['subtype'] = 'creation';
499  $counter++;
500  }
501 
502  $this->setData($perms);
503  }
504 
509  protected function initColumns()
510  {
511  global $rbacreview,$ilCtrl;
512 
513  $roles = $rbacreview->getParentRoleIds($this->getRefId());
514  $roles = $this->getParentObject()->applyRoleFilter(
515  $roles,
516  $this->getFilterItemByPostVar('role')->getValue()
517  );
518 
519  if(count($roles))
520  {
521  $column_width = 100/count($roles);
522  $column_width .= '%';
523  }
524  else
525  {
526  $column_widht = "0%";
527  }
528 
529  $all_roles = array();
530  foreach($roles as $role)
531  {
532  if($role['obj_id'] == SYSTEM_ROLE_ID)
533  {
534  continue;
535  }
536 
537  $role['role_type'] = $rbacreview->isGlobalRole($role['obj_id']) ? 'global' : 'local';
538 
539  // TODO check filter
540  $this->addColumn(
541  $this->createTitle($role),
542  $role['obj_id'],
543  '',
544  '',
545  false,
546  $this->createTooltip($role)
547  );
548  $all_roles[] = $role;
549  }
550 
551  $this->setVisibleRoles($all_roles);
552  return true;
553  }
554 
560  protected function createTooltip($role)
561  {
562  global $rbacreview,$tree;
563 
564  #vd($role);
565  $protected_status = $rbacreview->isProtected($role['parent'], $role['obj_id']) ? 'protected_' : '';
566  if($role['role_type'] == 'global')
567  {
568  $tp = $this->lng->txt('perm_'.$protected_status.'global_role');
569  }
570  else
571  {
572  $tp = $this->lng->txt('perm_'.$protected_status.'local_role');
573  }
574 
575  $inheritance_seperator = ': ';
576 
577  // Show create at info
578  if(
579  ($role['assign'] == 'y' and $role['role_type'] != 'global') or
580  ($role['assign'] == 'n' and $role['role_type'] != 'global')
581  )
582  {
583  $tp .= ': ';
584 
585  $obj = $rbacreview->getObjectOfRole($role['obj_id']);
586  if($obj)
587  {
588  $tp .= sprintf(
589  $this->lng->txt('perm_role_path_info_created'),
590  $this->lng->txt('obj_'.ilObject::_lookupType($obj)),ilObject::_lookupTitle($obj)
591  );
592  $inheritance_seperator = ', ';
593  }
594  }
595 
596  $path_hierarchy = $rbacreview->getObjectsWithStopedInheritance(
597  $role['obj_id'],
598  $tree->getPathId($this->getRefId())
599  );
600 
601  $reduced_path_hierarchy = (array) array_diff(
602  $path_hierarchy,
603  array(
604  $this->getRefId(),
605  $rbacreview->getObjectReferenceOfRole($role['obj_id'])
606  )
607  );
608 
609 
610  // Inheritance
611  if($role['assign'] == 'n' and count($reduced_path_hierarchy))
612  {
613  $tp .= $inheritance_seperator;
614 
615  $parent = end($reduced_path_hierarchy);
616  $p_type = ilObject::_lookupType(ilObject::_lookupObjId($parent));
617  $p_title = ilObject::_lookupTitle(ilObject::_lookupObjId($parent));
618  $tp .= sprintf($this->lng->txt('perm_role_path_info_inheritance'),$this->lng->txt('obj_'.$p_type),$p_title);
619  }
620 
621  return $tp;
622  }
623 
629  protected function createTitle($role)
630  {
631  global $ilCtrl;
632 
633  include_once './Services/AccessControl/classes/class.ilObjRole.php';
634  $role['title'] = ilObjRole::_getTranslation($role['title']);
635 
636  // No local policies
637  if($role['parent'] != $this->getRefId())
638  {
639  return $role['title'];
640  }
641  $ilCtrl->setParameterByClass('ilobjrolegui', 'obj_id', $role['obj_id']);
642 
643  return '<a class="tblheader" href="'.$ilCtrl->getLinkTargetByClass('ilobjrolegui','').'" >'.$role['title'].'</a>';
644  }
645 }
646 ?>