ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  protected $current_obj = null;
22 
28  public function __construct($a_gui_obj)
29  {
30  parent::__construct($a_gui_obj);
31  }
32 
37  public function executeCommand()
38  {
39  global $rbacsystem, $ilErr;
40 
41  // access to all functions in this class are only allowed if edit_permission is granted
42  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
43  {
44  $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
45  }
46 
47  $next_class = $this->ctrl->getNextClass($this);
48 
49  switch($next_class)
50  {
51  case "ilobjrolegui":
52  $this->ctrl->setReturn($this,'perm');
53  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
54  $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
55  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
56  $ret = $this->ctrl->forwardCommand($this->gui_obj);
57  break;
58 
59  case 'ildidactictemplategui':
60  $this->ctrl->setReturn($this,'perm');
61  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
62  $did = new ilDidacticTemplateGUI($this->gui_obj);
63  $this->ctrl->forwardCommand($did);
64  break;
65 
66  case 'ilrepositorysearchgui':
67  // used for owner autocomplete
68  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
69  $rep_search = new ilRepositorySearchGUI();
70  $this->ctrl->forwardCommand($rep_search);
71  break;
72 
73  case 'ilobjectpermissionstatusgui':
74  $this->__initSubTabs("perminfo");
75  include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
76  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
77  $this->ctrl->forwardCommand($perm_stat);
78  break;
79 
80  default:
81  $cmd = $this->ctrl->getCmd();
82  $this->$cmd();
83  break;
84  }
85 
86  return true;
87  }
88 
89 
94  public function getCurrentObject()
95  {
96  return $this->gui_obj->object;
97  }
98 
102  protected function confirmTemplateSwitch()
103  {
104  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
105  $this->ctrl->setReturn($this,'perm');
106  $this->ctrl->setCmdClass('ildidactictemplategui');
107  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
108  $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
109  }
110 
111 
116  public function perm(ilTable2GUI $table = NULL )
117  {
118  global $objDefinition, $ilToolbar;
119 
120  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
121  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
122  if($dtpl->appendToolbarSwitch(
123  $ilToolbar,
124  $this->getCurrentObject()->getType(),
125  $this->getCurrentObject()->getRefId()
126  ))
127  {
128  $ilToolbar->addSeparator();
129  }
130 
131  if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132  !$this->isAdministrationObject()
133  )
134  {
135  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
136 
137  if(!$this->isAdminRoleFolder())
138  {
139  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
140  }
141  $ilToolbar->addButton($this->lng->txt('rbac_import_role'),$this->ctrl->getLinkTarget($this,'displayImportRoleForm'));
142  }
143 
144  $this->__initSubTabs("perm");
145 
146  if(!$table instanceof ilTable2GUI)
147  {
148  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
149  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
150  }
151  $table->parse();
152  $this->tpl->setContent($table->getHTML());
153  }
154 
155 
156 
161  protected function isAdminRoleFolder()
162  {
163  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
164  }
165 
166  protected function isAdministrationObject()
167  {
168  return $this->getCurrentObject()->getType() == 'adm';
169  }
170 
175  protected function isInAdministration()
176  {
177  return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID,$this->getCurrentObject()->getRefId());
178  }
179 
180 
185  protected function applyFilter()
186  {
187  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
188  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
189  $table->resetOffset();
190  $table->writeFilterToSession();
191  return $this->perm($table);
192  }
193 
198  protected function resetFilter()
199  {
200  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
201  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
202  $table->resetOffset();
203  $table->resetFilter();
204 
205  return $this->perm($table);
206  }
207 
213  public function applyRoleFilter($a_roles, $a_filter_id)
214  {
215  global $rbacreview;
216 
217  // Always delete administrator role from view
218  if(isset($a_roles[SYSTEM_ROLE_ID]))
219  {
220  unset($a_roles[SYSTEM_ROLE_ID]);
221  }
222 
223  switch ($a_filter_id)
224  {
225  // all roles in context
226  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
227 
228  return $a_roles;
229 
230  // only global roles
231  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
232 
233  $arr_global_roles = $rbacreview->getGlobalRoles();
234  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
235 
236  foreach ($arr_remove_roles as $role_id)
237  {
238  unset($a_roles[$role_id]);
239  }
240  return $a_roles;
241 
242  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
243  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
244  $arr_global_roles = $rbacreview->getGlobalRoles();
245 
246  foreach ($arr_global_roles as $role_id)
247  {
248  unset($a_roles[$role_id]);
249  }
250 
251  return $a_roles;
252  break;
253 
254  // only roles which use a local policy
255  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256 
257  $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
259 
260  foreach ($arr_remove_roles as $role_id)
261  {
262  unset($a_roles[$role_id]);
263  }
264 
265  return $a_roles;
266 
267  // only true local role defined at current position
268  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
269 
270  $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(),TRUE);
271  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
272 
273  foreach ($arr_remove_roles as $role_id)
274  {
275  unset($a_roles[$role_id]);
276  }
277 
278  return $a_roles;
279 
280  default:
281  return $a_roles;
282  }
283  }
284 
289  protected function savePermissions()
290  {
291  global $rbacreview,$objDefinition,$rbacadmin;
292 
293  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
294  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
295 
296  $roles = $this->applyRoleFilter(
297  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
298  $table->getFilterItemByPostVar('role')->getValue()
299  );
300 
301  // Log history
302  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
303  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
304 
305 
306  # all possible create permissions
307  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
308  $this->getCurrentObject()->getType(),
309  'create'
310  );
311 
312  # createable (activated) create permissions
313  $create_types = $objDefinition->getCreatableSubObjects(
314  $this->getCurrentObject()->getType()
315  );
316  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
317 
318  foreach((array) $roles as $role => $role_data)
319  {
320  if($role_data['protected'])
321  {
322  continue;
323  }
324 
325  $new_ops = array_keys((array) $_POST['perm'][$role]);
326  $old_ops = $rbacreview->getRoleOperationsOnObject(
327  $role,
328  $this->getCurrentObject()->getRefId()
329  );
330 
331  // Add operations which were enabled and are not activated.
332  foreach($possible_ops_ids as $create_ops_id)
333  {
334  if(in_array($create_ops_id,$createable_ops_ids))
335  {
336  continue;
337  }
338  if(in_array($create_ops_id,$old_ops))
339  {
340  $new_ops[] = $create_ops_id;
341  }
342  }
343 
344  $rbacadmin->revokePermission(
345  $this->getCurrentObject()->getRefId(),
346  $role
347  );
348 
349  $rbacadmin->grantPermission(
350  $role,
351  array_unique($new_ops),
352  $this->getCurrentObject()->getRefId()
353  );
354  }
355 
356  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
357  {
358  foreach($roles as $role)
359  {
360  // No action for local roles
361  if($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y')
362  {
363  continue;
364  }
365  // Nothing for protected roles
366  if($role['protected'])
367  {
368  continue;
369  }
370  // Stop local policy
371  if($role['parent'] == $this->getCurrentObject()->getRefId() and !isset($_POST['inherit'][$role['obj_id']]))
372  {
373  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
374  $role_obj->setParent($this->getCurrentObject()->getRefId());
375  $role_obj->delete();
376  continue;
377  }
378  // Add local policy
379  if($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']]))
380  {
381  $rbacadmin->copyRoleTemplatePermissions(
382  $role['obj_id'],
383  $role['parent'],
384  $this->getCurrentObject()->getRefId(),
385  $role['obj_id']
386  );
387  $rbacadmin->assignRoleToFolder($role['obj_id'],$this->getCurrentObject()->getRefId(),'n');
388  }
389  }
390  }
391 
392  // Protect permissions
393  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
394  {
395  foreach($roles as $role)
396  {
397  if($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId()))
398  {
399  if(isset($_POST['protect'][$role['obj_id']]) and
400  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
401  {
402  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
403  }
404  elseif(!isset($_POST['protect'][$role['obj_id']]) and
405  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
406  {
407  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
408  }
409  }
410  }
411  }
412 
413  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
414  $log = ilRbacLog::diffFaPa($log_old, $log_new);
415  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
416 
417  if(count((array) $_POST['block']))
418  {
419  return $this->showConfirmBlockRole(array_keys($_POST['block']));
420  }
421 
422 
423  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
424  #$this->ctrl->redirect($this,'perm');
425  $this->perm();
426  }
427 
433  protected function showConfirmBlockRole($a_roles)
434  {
435  ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
436 
437  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
438  $confirm = new ilConfirmationGUI();
439  $confirm->setFormAction($this->ctrl->getFormAction($this));
440  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
441  $confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
442  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
443 
444  foreach($a_roles as $role_id)
445  {
446  include_once './Services/AccessControl/classes/class.ilObjRole.php';
447  $confirm->addItem(
448  'roles[]',
449  $role_id,
450  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
451  }
452 
453  $this->tpl->setContent($confirm->getHTML());
454 
455  }
456 
461  protected function blockRoles()
462  {
463  global $rbacadmin,$rbacreview;
464 
465  $roles = $_POST['roles'];
466  foreach($roles as $role)
467  {
468  // Set assign to 'y' only if it is a local role
469  $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
470 
471  // Delete permissions
472  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
473 
474  // Delete template permissions
475  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
476 
477 
478  $rbacadmin->assignRoleToFolder(
479  $role,
480  $this->getCurrentObject()->getRefId(),
481  $assign
482  );
483  }
484 
485  ilUtil::sendInfo($this->lng->txt('settings_saved'));
486  $this->ctrl->redirect($this,'perm');
487  }
488 
489 
495  public static function hasContainerCommands($a_type)
496  {
497  global $objDefinition;
498 
499  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
500  }
501 
506  protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
507  {
508  $GLOBALS['ilTabs']->clearTargets();
509 
510  if(!$form)
511  {
512  $form = $this->initImportForm();
513  }
514  $GLOBALS['tpl']->setContent($form->getHTML());
515  }
516 
520  protected function doImportRole()
521  {
522  global $rbacreview;
523 
524  $form = $this->initImportForm();
525  if($form->checkInput())
526  {
527  try {
528 
529  include_once './Services/Export/classes/class.ilImport.php';
530 
531  // For global roles set import id to parent of current ref_id (adm)
532  if($this->isAdminRoleFolder())
533  {
534  $parent_ref = $GLOBALS['tree']->getParentId($this->getCurrentObject()->getRefId());
535  }
536  else
537  {
538  $parent_ref = $this->getCurrentObject()->getRefId();
539  }
540 
541  $imp = new ilImport($parent_ref);
542  $imp->getMapping()->addMapping(
543  'Services/AccessControl',
544  'rolf',
545  0,
546  $parent_ref
547  );
548 
549  $imp->importObject(
550  null,
551  $_FILES["importfile"]["tmp_name"],
552  $_FILES["importfile"]["name"],
553  'role'
554  );
555  ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'),true);
556  $this->ctrl->redirect($this,'perm');
557  return;
558  }
559  catch(Exception $e)
560  {
561  ilUtil::sendFailure($e->getMessage());
562  $form->setValuesByPost();
563  $this->displayImportRoleForm($form);
564  return;
565  }
566  }
567  $form->setValuesByPost();
568  ilUtil::sendFailure($this->lng->txt('err_check_input'));
569  $this->displayImportRoleForm($form);
570  }
571 
575  protected function initImportForm()
576  {
577  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
578  $form = new ilPropertyFormGUI();
579  $form->setFormAction($this->ctrl->getFormAction($this));
580  $form->setTitle($this->lng->txt('rbac_import_role'));
581  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
582  $form->addCommandButton('perm', $this->lng->txt('cancel'));
583 
584  $zip = new ilFileInputGUI($this->lng->txt('import_file'),'importfile');
585  $zip->setSuffixes(array('zip'));
586  $form->addItem($zip);
587 
588  return $form;
589  }
590 
597  protected function initRoleForm()
598  {
599  global $rbacreview,$objDefinition;
600 
601  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
602  $form = new ilPropertyFormGUI();
603  $form->setFormAction($this->ctrl->getFormAction($this));
604  $form->setTitle($this->lng->txt('role_new'));
605  $form->addCommandButton('addrole',$this->lng->txt('role_new'));
606  $form->addCommandButton('perm', $this->lng->txt('cancel'));
607 
608  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
609  $title->setValidationRegexp('/^(?!il_).*$/');
610  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
611  $title->setSize(40);
612  $title->setMaxLength(70);
613  $title->setRequired(true);
614  $form->addItem($title);
615 
616  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
617  $desc->setCols(40);
618  $desc->setRows(3);
619  $form->addItem($desc);
620 
621  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
622  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
623  $pro->setValue(1);
624  $form->addItem($pro);
625 
626  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
627  $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
628  $pd->setValue(1);
629  $form->addItem($pd);
630 
631 
632  if(!$this->isInAdministration())
633  {
634  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
635  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
636  $rights->addOption($option);
637 
638  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
639  $ids = array();
640  foreach($parent_role_ids as $id => $tmp)
641  {
642  $ids[] = $id;
643  }
644 
645  // Sort ids
646  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
647 
648  $key = 0;
649  foreach($sorted_ids as $id)
650  {
651  $par = $parent_role_ids[$id];
652  if ($par["obj_id"] != SYSTEM_ROLE_ID)
653  {
654  include_once './Services/AccessControl/classes/class.ilObjRole.php';
655  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
656  $option->setInfo($par["desc"]);
657  $rights->addOption($option);
658  }
659  $key++;
660  }
661  $form->addItem($rights);
662  }
663 
664  // Local policy only for containers
665  if($objDefinition->isContainer($this->getCurrentObject()->getType()))
666  {
667  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
668  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
669  $form->addItem($check);
670 
671  }
672 
673  return $form;
674  }
675 
679  protected function displayAddRoleForm()
680  {
681  $GLOBALS['ilTabs']->clearTargets();
682 
683  $form = $this->initRoleForm();
684  $this->tpl->setContent($form->getHTML());
685  }
686 
695  protected function addRole()
696  {
697  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
698 
699  $form = $this->initRoleForm();
700  if($form->checkInput())
701  {
702  $new_title = $form->getInput("title");
703 
704  include_once './Services/AccessControl/classes/class.ilObjRole.php';
705  $role = new ilObjRole();
706  $role->setTitle($new_title);
707  $role->setDescription($form->getInput('desc'));
708  $role->create();
709 
710  $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$this->getCurrentObject()->getRefId());
711 
712  // protect
713  $rbacadmin->setProtected(
714  $this->getCurrentObject()->getRefId(),
715  $role->getId(),
716  $form->getInput('pro') ? 'y' : 'n'
717  );
718 
719  // copy rights
720  $right_id_to_copy = $form->getInput("rights");
721  if($right_id_to_copy)
722  {
723  $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(),true);
724  $rbacadmin->copyRoleTemplatePermissions(
725  $right_id_to_copy,
726  $parentRoles[$right_id_to_copy]["parent"],
727  $this->getCurrentObject()->getRefId(),
728  $role->getId(),
729  false);
730 
731  if($form->getInput('existing'))
732  {
733  if($form->getInput('pro'))
734  {
735  $role->changeExistingObjects(
736  $this->getCurrentObject()->getRefId(),
737  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
738  array('all')
739  );
740  }
741  else
742  {
743  $role->changeExistingObjects(
744  $this->getCurrentObject()->getRefId(),
745  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
746  array('all')
747  );
748  }
749  }
750  }
751 
752  // add to desktop items
753  if($form->getInput("desktop"))
754  {
755  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
756  $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
757  $role_desk_item_obj->add(
758  $this->getCurrentObject()->getRefId(),
759  ilObject::_lookupType($this->getCurrentObject()->getRefId(),true));
760  }
761 
762  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
763  $this->ctrl->redirect($this,'perm');
764  }
765  else
766  {
767  $form->setValuesByPost();
768  $this->tpl->setContent($form->getHTML());
769  }
770  }
771 }
772 ?>