ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once "./Services/Object/classes/class.ilObjectGUI.php";
5 include_once './Services/AccessControl/classes/class.ilObjRole.php';
6 
19 class ilObjRoleGUI extends ilObjectGUI
20 {
21  const MODE_GLOBAL_UPDATE = 1;
22  const MODE_GLOBAL_CREATE = 2;
23  const MODE_LOCAL_UPDATE = 3;
24  const MODE_LOCAL_CREATE = 4;
25 
31  var $type;
32 
33 
34  protected $obj_ref_id = 0;
35  protected $obj_obj_id = 0;
36  protected $obj_obj_type = '';
37  protected $container_type = '';
38 
39 
40  var $ctrl;
41 
46  function __construct($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
47  {
48  global $tree,$lng;
49 
50  $lng->loadLanguageModule('rbac');
51 
52  //TODO: move this to class.ilias.php
53  define("USER_FOLDER_ID",7);
54 
55  // Add ref_id of object that contains this role folder
56 
57  $this->obj_ref_id =
58  ((int) $_REQUEST['rolf_ref_id'] ?
59  (int) $_REQUEST['rolf_ref_id'] :
60  (int) $_REQUEST['ref_id']
61  );
62 
63  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
64  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
65 
66  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
67 
68  $this->type = "role";
69  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,false);
70  $this->ctrl->saveParameter($this, array('obj_id', 'rolf_ref_id'));
71  }
72 
73 
74  function &executeCommand()
75  {
76  global $rbacsystem;
77 
78  $this->prepareOutput();
79 
80  $next_class = $this->ctrl->getNextClass($this);
81  $cmd = $this->ctrl->getCmd();
82 
83  switch($next_class)
84  {
85  case 'ilrepositorysearchgui':
86  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
87  $rep_search =& new ilRepositorySearchGUI();
88  $rep_search->setTitle($this->lng->txt('role_add_user'));
89  $rep_search->setCallback($this,'addUserObject');
90 
91  // Set tabs
92  $this->tabs_gui->setTabActive('user_assignment');
93  $this->ctrl->setReturn($this,'userassignment');
94  $ret =& $this->ctrl->forwardCommand($rep_search);
95  break;
96 
97  case 'ilexportgui':
98 
99  $this->tabs_gui->setTabActive('export');
100 
101  include_once './Services/Export/classes/class.ilExportOptions.php';
102  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
103  $eo->addOption(ilExportOptions::KEY_ROOT,0,$this->object->getId(),$this->obj_ref_id);
104 
105  include_once './Services/Export/classes/class.ilExportGUI.php';
106  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
107  $exp->addFormat('xml');
108  $this->ctrl->forwardCommand($exp);
109  break;
110 
111  default:
112  if(!$cmd)
113  {
114  if($this->showDefaultPermissionSettings())
115  {
116  $cmd = "perm";
117  }
118  else
119  {
120  $cmd = 'userassignment';
121  }
122  }
123  $cmd .= "Object";
124  $this->$cmd();
125 
126  break;
127  }
128 
129  return true;
130  }
131 
136  public function getParentRefId()
137  {
138  return $this->obj_ref_id;
139  }
140 
145  public function getParentObjId()
146  {
147  return $this->obj_obj_id;
148  }
149 
154  public function getParentType()
155  {
156  return $this->obj_obj_type;
157  }
158 
162  function setBackTarget($a_text, $a_link)
163  {
164  $this->back_target = array("text" => $a_text,
165  "link" => $a_link);
166  }
167 
168  public function getBackTarget()
169  {
170  return $this->back_target ? $this->back_target : array();
171  }
172 
176  function getAdminTabs(&$tabs_gui)
177  {
178  $this->getTabs($tabs_gui);
179  }
180 
185  protected function getContainerType()
186  {
187  return $this->container_type;
188  }
189 
194  protected function showDefaultPermissionSettings()
195  {
196  global $objDefinition;
197 
198  return $objDefinition->isContainer($this->getContainerType());
199  }
200 
201 
202  function listDesktopItemsObject()
203  {
204  global $rbacsystem,$rbacreview,$tree;
205 
206 
207  if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
208  $this->obj_ref_id != ROLE_FOLDER_ID)
209  {
210  ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
211  return true;
212  }
213 
214 
215  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
216  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
217 
218  if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
219  {
220  $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
221  }
222  if(!count($items = $role_desk_item_obj->getAll()))
223  {
224  ilUtil::sendInfo($this->lng->txt('role_desk_none_created'));
225  return true;
226  }
227  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_list.html", "Services/AccessControl");
228  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
229  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.svg'));
230  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
231  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
232  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
233  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
234  $this->tpl->setVariable("IMG_ARROW",ilUtil::getImagePath('arrow_downright.svg'));
235 
236  $counter = 0;
237 
238  foreach($items as $role_item_id => $item)
239  {
240  $tmp_obj = ilObjectFactory::getInstanceByRefId($item['item_id']);
241 
242  if(strlen($desc = $tmp_obj->getDescription()))
243  {
244  $this->tpl->setCurrentBlock("description");
245  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
246  $this->tpl->parseCurrentBlock();
247  }
248  $this->tpl->setCurrentBlock("desk_row");
249  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
250  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
251  $this->tpl->setVariable("CHECK_DESK",ilUtil::formCheckBox(0,'del_desk_item[]',$role_item_id));
252  $this->tpl->setVariable("TXT_PATH",$this->lng->txt('path').':');
253  $this->tpl->setVariable("PATH",$this->__formatPath($tree->getPathFull($item['item_id'])));
254  $this->tpl->parseCurrentBlock();
255  }
256 
257  return true;
258  }
259 
260  function askDeleteDesktopItemObject()
261  {
262  global $rbacsystem;
263 
264 
265  if(!$this->checkAccess('edit_permission'))
266  {
267  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
268  }
269  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
270  {
271  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
272  }
273  if(!count($_POST['del_desk_item']))
274  {
275  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
276 
277  $this->listDesktopItemsObject();
278 
279  return true;
280  }
281  ilUtil::sendQuestion($this->lng->txt('role_sure_delete_desk_items'));
282 
283  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_ask_delete_desktop_item.html", "Services/AccessControl");
284  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
285  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.svg'));
286  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
287  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
288  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
289  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
290  $this->tpl->setVariable("BTN_CANCEL",$this->lng->txt('cancel'));
291 
292  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
293 
294  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
295 
296  $counter = 0;
297 
298  foreach($_POST['del_desk_item'] as $role_item_id)
299  {
300  $item_data = $role_desk_item_obj->getItem($role_item_id);
301  $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
302 
303  if(strlen($desc = $tmp_obj->getDescription()))
304  {
305  $this->tpl->setCurrentBlock("description");
306  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
307  $this->tpl->parseCurrentBlock();
308  }
309  $this->tpl->setCurrentBlock("desk_row");
310  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
311  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
312  $this->tpl->parseCurrentBlock();
313  }
314 
315  $_SESSION['role_del_desk_items'] = $_POST['del_desk_item'];
316 
317  return true;
318  }
319 
320  function deleteDesktopItemsObject()
321  {
322  global $rbacsystem;
323 
324  if(!$this->checkAccess('edit_permission'))
325  {
326  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
327  }
328 
329  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
330  {
331  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
332  }
333 
334  if (!count($_SESSION['role_del_desk_items']))
335  {
336  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
337 
338  $this->listDesktopItemsObject();
339 
340  return true;
341  }
342 
343  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
344 
345  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
346 
347  foreach ($_SESSION['role_del_desk_items'] as $role_item_id)
348  {
349  $role_desk_item_obj->delete($role_item_id);
350  }
351 
352  ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
353  $this->listDesktopItemsObject();
354 
355  return true;
356  }
357 
358 
359  function selectDesktopItemObject()
360  {
361  global $rbacsystem,$tree;
362 
363  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
364  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
365 
366  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
367  {
368  #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
369  ilUtil::sendFailure($this->lng->txt('permission_denied'));
370  $this->listDesktopItemsObject();
371  return false;
372  }
373 
374  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
375  $this->__showButton('listDesktopItems',$this->lng->txt('back'));
376 
377  ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
378 
379  $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
380  new ilRoleDesktopItem($this->object->getId()));
381  $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
382  $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
383 
384  $exp->setOutput(0);
385 
386  $output = $exp->getOutput();
387  $this->tpl->setVariable("EXPLORER",$output);
388  //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
389 
390  return true;
391  }
392 
393  function assignDesktopItemObject()
394  {
395  global $rbacsystem;
396 
397  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
398  {
399  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
400  return false;
401  }
402 
403 
404  if (!isset($_GET['item_id']))
405  {
406  ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
407  $this->selectDesktopItemObject();
408 
409  return false;
410  }
411 
412  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
413 
414  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
415  $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
416 
417  ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
418 
419  $this->ctrl->redirect($this,'listDesktopItems');
420  return true;
421  }
422 
428  protected function initFormRoleProperties($a_mode)
429  {
430  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
431  $this->form = new ilPropertyFormGUI();
432 
433  if($this->creation_mode)
434  {
435  $this->ctrl->setParameter($this, "new_type", 'role');
436  }
437  $this->form->setFormAction($this->ctrl->getFormAction($this));
438 
439  switch($a_mode)
440  {
441  case self::MODE_GLOBAL_CREATE:
442  $this->form->setTitle($this->lng->txt('role_new'));
443  $this->form->addCommandButton('save',$this->lng->txt('role_new'));
444  break;
445 
446  case self::MODE_GLOBAL_UPDATE:
447  $this->form->setTitle($this->lng->txt('role_edit'));
448  $this->form->addCommandButton('update', $this->lng->txt('save'));
449  break;
450 
451  case self::MODE_LOCAL_CREATE:
452  case self::MODE_LOCAL_UPDATE:
453  }
454  // Fix cancel
455  $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
456 
457  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
458  if(ilObjRole::isAutoGenerated($this->object->getId()))
459  {
460  $title->setDisabled(true);
461  }
462  else
463  {
464  //#17111 No validation for disabled fields
465  $title->setValidationRegexp('/^(?!il_).*$/');
466  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
467  }
468 
469  $title->setSize(40);
470  $title->setMaxLength(70);
471  $title->setRequired(true);
472  $this->form->addItem($title);
473 
474  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
475  if(ilObjRole::isAutoGenerated($this->object->getId()))
476  {
477  $desc->setDisabled(true);
478  }
479  $desc->setCols(40);
480  $desc->setRows(3);
481  $this->form->addItem($desc);
482 
483  if($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE)
484  {
485  $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
486  $this->form->addItem($ilias_id);
487  }
488 
489  if($this->obj_ref_id == ROLE_FOLDER_ID)
490  {
491  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'),'reg');
492  $reg->setValue(1);
493  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
494  $this->form->addItem($reg);
495 
496  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'),'la');
497  $la->setValue(1);
498  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
499  $this->form->addItem($la);
500  }
501 
502  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
503  $pro->setValue(1);
504  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
505  $this->form->addItem($pro);
506 
507  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
508  if(ilDiskQuotaActivationChecker::_isActive())
509  {
510  $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'),'disk_quota');
511  $quo->setMinValue(0);
512  $quo->setSize(4);
513  $quo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
514  $this->form->addItem($quo);
515  }
516  if(ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive())
517  {
518  $this->lng->loadLanguageModule("file");
519  $wquo = new ilNumberInputGUI($this->lng->txt('personal_workspace_disk_quota'),'wsp_disk_quota');
520  $wquo->setMinValue(0);
521  $wquo->setSize(4);
522  $wquo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
523  $this->form->addItem($wquo);
524  }
525 
526  return true;
527  }
528 
534  protected function loadRoleProperties(ilObjRole $role)
535  {
536  //Don't set if fields are disabled to prevent html manipulation.
537  if(!$this->form->getItemByPostVar('title')->getDisabled())
538  {
539  $role->setTitle($this->form->getInput('title'));
540 
541  }
542  if(!$this->form->getItemByPostVar('desc')->getDisabled())
543  {
544  $role->setDescription($this->form->getInput('desc'));
545  }
546  $role->setAllowRegister($this->form->getInput('reg'));
547  $role->toggleAssignUsersStatus($this->form->getInput('la'));
548  $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
549  $role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
550  return true;
551  }
552 
558  protected function readRoleProperties(ilObjRole $role)
559  {
560  global $rbacreview;
561 
562  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
563 
564  $data['title'] = $role->getTitle();
565  $data['desc'] = $role->getDescription();
566  $data['ilias_id'] = 'il_'.IL_INST_ID.'_'.ilObject::_lookupType($role->getId()).'_'.$role->getId();
567  $data['reg'] = $role->getAllowRegister();
568  $data['la'] = $role->getAssignUsersStatus();
569  if(ilDiskQuotaActivationChecker::_isActive())
570  {
571  $data['disk_quota'] = $role->getDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
572  }
573  if(ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive())
574  {
575  $data['wsp_disk_quota'] = $role->getPersonalWorkspaceDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
576  }
577  $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
578 
579  $this->form->setValuesByArray($data);
580  }
581 
582 
583 
584 
590  public function createObject()
591  {
592  global $rbacsystem;
593 
594  if(!$rbacsystem->checkAccess('create_role',$this->obj_ref_id))
595  {
596  $ilErr->raiseError($this->lng->txt('permission_denied'),$ilErr->MESSAGE);
597  }
598 
599  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
600  $this->tpl->setContent($this->form->getHTML());
601  }
602 
607  public function editObject()
608  {
609  global $rbacsystem, $rbacreview, $ilSetting,$ilErr,$ilToolbar;
610 
611  if(!$this->checkAccess('write','edit_permission'))
612  {
613  $ilErr->raiseError($this->lng->txt("msg_no_perm_write"),$ilErr->MESSAGE);
614  }
615 
616  // Show copy role button
617  if($this->object->getId() != SYSTEM_ROLE_ID)
618  {
619  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
620  if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
621  {
622  $ilToolbar->addButton(
623  $this->lng->txt('rbac_delete_role'),
624  $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
625  );
626  }
627  }
628 
629  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
630  $this->readRoleProperties($this->object);
631  $this->tpl->setContent($this->form->getHTML());
632  }
633 
634 
639  public function saveObject()
640  {
641  global $rbacadmin,$rbacreview;
642 
643  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
644  if($this->form->checkInput() and !$this->checkDuplicate())
645  {
646  include_once './Services/AccessControl/classes/class.ilObjRole.php';
647  $this->loadRoleProperties($this->role = new ilObjRole());
648  $this->role->create();
649  $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id,'y');
650  $rbacadmin->setProtected(
651  $this->obj_ref_id,
652  $this->role->getId(),
653  $this->form->getInput('pro') ? 'y' : 'n'
654  );
655  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
656  $this->ctrl->setParameter($this,'obj_id',$this->role->getId());
657  $this->ctrl->redirect($this,'perm');
658  }
659 
660  ilUtil::sendFailure($this->lng->txt('err_check_input'));
661  $this->form->setValuesByPost();
662  $this->tpl->setContent($this->form->getHTML());
663  return false;
664  }
665 
670  protected function checkDuplicate($a_role_id = 0)
671  {
672  // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
673  return FALSE;
674  }
675 
680  public function updateObject()
681  {
682  global $rbacadmin;
683 
684  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
685  if($this->form->checkInput() and !$this->checkDuplicate($this->object->getId()))
686  {
687  include_once './Services/AccessControl/classes/class.ilObjRole.php';
688  $this->loadRoleProperties($this->object);
689  $this->object->update();
690  $rbacadmin->setProtected(
691  $this->obj_ref_id,
692  $this->object->getId(),
693  $this->form->getInput('pro') ? 'y' : 'n'
694  );
695  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
696  $this->ctrl->redirect($this,'edit');
697  }
698 
699  ilUtil::sendFailure($this->lng->txt('err_check_input'));
700  $this->form->setValuesByPost();
701  $this->tpl->setContent($this->form->getHTML());
702  return false;
703  }
704 
709  protected function permObject($a_show_admin_permissions = false)
710  {
711  global $ilTabs, $ilErr, $ilToolbar, $objDefinition,$rbacreview;
712 
713  $ilTabs->setTabActive('default_perm_settings');
714 
715  $this->setSubTabs('default_perm_settings');
716 
717  if($a_show_admin_permissions)
718  {
719  $ilTabs->setSubTabActive('rbac_admin_permissions');
720  }
721  else
722  {
723  $ilTabs->setSubTabActive('rbac_repository_permissions');
724  }
725 
726  if(!$this->checkAccess('write','edit_permission'))
727  {
728  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->MESSAGE);
729  return true;
730  }
731 
732  // Show copy role button
733  if($this->object->getId() != SYSTEM_ROLE_ID)
734  {
735  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
736  $ilToolbar->addButton(
737  $this->lng->txt("adopt_perm_from_template"),
738  $this->ctrl->getLinkTarget($this,'adoptPerm')
739  );
740  if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
741  {
742  $ilToolbar->addButton(
743  $this->lng->txt('rbac_delete_role'),
744  $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
745  );
746  }
747  }
748 
749  $this->tpl->addBlockFile(
750  'ADM_CONTENT',
751  'adm_content',
752  'tpl.rbac_template_permissions.html',
753  'Services/AccessControl'
754  );
755 
756  $this->tpl->setVariable('PERM_ACTION',$this->ctrl->getFormAction($this));
757 
758  include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
759  $acc = new ilAccordionGUI();
760  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
761  $acc->setId('template_perm_'.$this->getParentRefId());
762 
763  if($this->obj_ref_id == ROLE_FOLDER_ID)
764  {
765  if($a_show_admin_permissions)
766  {
767  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
768  }
769  else
770  {
771  $subs = $objDefinition->getSubObjectsRecursively('root',true,$a_show_admin_permissions);
772  }
773  }
774  else
775  {
776  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,$a_show_admin_permissions);
777  }
778 
779  $sorted = array();
780  foreach($subs as $subtype => $def)
781  {
782  if($objDefinition->isPlugin($subtype))
783  {
784  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
785  }
786  elseif($objDefinition->isSystemObject($subtype))
787  {
788  $translation = $this->lng->txt("obj_".$subtype);
789  }
790  else
791  {
792  $translation = $this->lng->txt('objs_'.$subtype);
793  }
794 
795  $sorted[$subtype] = $def;
796  $sorted[$subtype]['translation'] = $translation;
797  }
798 
799 
800  $sorted = ilUtil::sortArray($sorted, 'translation','asc',true,true);
801  foreach($sorted as $subtype => $def)
802  {
803  if($objDefinition->isPlugin($subtype))
804  {
805  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
806  }
807  elseif($objDefinition->isSystemObject($subtype))
808  {
809  $translation = $this->lng->txt("obj_".$subtype);
810  }
811  else
812  {
813  $translation = $this->lng->txt('objs_'.$subtype);
814  }
815 
816  include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
817  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
818  $this,
819  'perm',
820  $this->getParentRefId(),
821  $this->object->getId(),
822  $subtype,
823  $a_show_admin_permissions
824  );
825  $tbl->parse();
826 
827  $acc->addItem($translation, $tbl->getHTML());
828  }
829 
830  $this->tpl->setVariable('ACCORDION',$acc->getHTML());
831 
832  // Add options table
833  include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
834  $options = new ilObjectRoleTemplateOptionsTableGUI(
835  $this,
836  'perm',
837  $this->obj_ref_id,
838  $this->object->getId(),
839  $a_show_admin_permissions
840  );
841  if($this->object->getId() != SYSTEM_ROLE_ID)
842  {
843  $options->addMultiCommand(
844  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
845  $this->lng->txt('save')
846  );
847  }
848 
849  $options->parse();
850  $this->tpl->setVariable('OPTIONS_TABLE',$options->getHTML());
851  }
852 
857  protected function adminPermObject()
858  {
859  return $this->permObject(true);
860  }
861 
866  protected function adminPermSaveObject()
867  {
868  return $this->permSaveObject(true);
869  }
870 
871  protected function adoptPermObject()
872  {
873  global $rbacreview;
874 
875  $output = array();
876 
877  $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
878  $ids = array();
879  foreach($parent_role_ids as $id => $tmp)
880  {
881  $ids[] = $id;
882  }
883  // Sort ids
884  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
885  $key = 0;
886  foreach($sorted_ids as $id)
887  {
888  $par = $parent_role_ids[$id];
889  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"])
890  {
891  $output[$key]["role_id"] = $par["obj_id"];
892  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
893  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
894  $output[$key]["role_desc"] = $par["desc"];
895  $key++;
896  }
897  }
898 
899 
900  include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
901 
902  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
903  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
904  $tbl->setData($output);
905 
906  $this->tpl->setContent($tbl->getHTML());
907  }
908 
913  protected function confirmDeleteRoleObject()
914  {
915  global $ilErr,$rbacreview,$ilUser;
916 
917  $access = $this->checkAccess('visible,write','edit_permission');
918  if (!$access)
919  {
920  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
921  }
922 
923  $question = $this->lng->txt('rbac_role_delete_qst');
924  if($rbacreview->isAssigned($ilUser->getId(), $this->object->getId()))
925  {
926  $question .= ('<br />'.$this->lng->txt('rbac_role_delete_self'));
927  }
928  ilUtil::sendQuestion($question);
929 
930  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
931 
932  $confirm = new ilConfirmationGUI();
933  $confirm->setFormAction($this->ctrl->getFormAction($this));
934  $confirm->setHeaderText($question);
935  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
936  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
937 
938  $confirm->addItem(
939  'role',
940  $this->object->getId(),
941  $this->object->getTitle(),
942  ilUtil::getImagePath('icon_role.svg')
943  );
944 
945  $this->tpl->setContent($confirm->getHTML());
946  return true;
947  }
948 
949 
954  protected function performDeleteRoleObject()
955  {
956  global $ilErr;
957 
958  $access = $this->checkAccess('visible,write','edit_permission');
959  if (!$access)
960  {
961  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
962  }
963 
964  $this->object->setParent((int) $this->obj_ref_id);
965  $this->object->delete();
966  ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'),true);
967 
968  $this->ctrl->returnToParent($this);
969  }
970 
976  function permSaveObject($a_show_admin_permissions = false)
977  {
978  global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
979 
980  // for role administration check write of global role folder
981  $access = $this->checkAccess('visible,write','edit_permission');
982 
983  if (!$access)
984  {
985  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
986  }
987 
988  // rbac log
989  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
990  $rbac_log_active = ilRbacLog::isActive();
991  if($rbac_log_active)
992  {
993  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
994  }
995 
996  // delete all template entries of enabled types
997  if($this->obj_ref_id == ROLE_FOLDER_ID)
998  {
999  if($a_show_admin_permissions)
1000  {
1001  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
1002  }
1003  else
1004  {
1005  $subs = $objDefinition->getSubObjectsRecursively('root',true,false);
1006  }
1007  }
1008  else
1009  {
1010  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,false);
1011  }
1012 
1013  foreach($subs as $subtype => $def)
1014  {
1015  // Delete per object type
1016  $rbacadmin->deleteRolePermission($this->object->getId(),$this->obj_ref_id,$subtype);
1017  }
1018 
1019  if (empty($_POST["template_perm"]))
1020  {
1021  $_POST["template_perm"] = array();
1022  }
1023 
1024  foreach ($_POST["template_perm"] as $key => $ops_array)
1025  {
1026  // sets new template permissions
1027  $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
1028  }
1029 
1030  if($rbac_log_active)
1031  {
1032  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
1033  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
1034  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
1035  }
1036 
1037  // update object data entry (to update last modification date)
1038  $this->object->update();
1039 
1040  // set protected flag
1041  if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id))
1042  {
1043  $rbacadmin->setProtected($this->obj_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1044  }
1045 
1046  if($a_show_admin_permissions)
1047  {
1048  $_POST['recursive'] = true;
1049  }
1050 
1051  // Redirect if Change existing objects is not chosen
1052  if(!$_POST['recursive'] and !is_array($_POST['recursive_list']))
1053  {
1054  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1055  if($a_show_admin_permissions)
1056  {
1057  $this->ctrl->redirect($this,'adminPerm');
1058  }
1059  else
1060  {
1061  $this->ctrl->redirect($this,'perm');
1062  }
1063  }
1064  // New implementation
1065  if($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions)
1066  {
1067  $this->showChangeExistingObjectsConfirmation();
1068  return true;
1069  }
1070 
1071  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1072  if($a_show_admin_permissions)
1073  {
1074  $start = $tree->getParentId($this->obj_ref_id);
1075  }
1076 
1077  if($_POST['protected'])
1078  {
1079  $this->object->changeExistingObjects(
1080  $start,
1081  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1082  array('all'),
1083  array()
1084  #$a_show_admin_permissions ? array('adm') : array()
1085  );
1086  }
1087  else
1088  {
1089  $this->object->changeExistingObjects(
1090  $start,
1091  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1092  array('all'),
1093  array()
1094  #$a_show_admin_permissions ? array('adm') : array()
1095  );
1096  }
1097  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1098 
1099  if($a_show_admin_permissions)
1100  {
1101  $this->ctrl->redirect($this,'adminPerm');
1102  }
1103  else
1104  {
1105  $this->ctrl->redirect($this,'perm');
1106  }
1107  return true;
1108  }
1109 
1110 
1116  function adoptPermSaveObject()
1117  {
1118  global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1119 
1120  if(!$_POST['adopt'])
1121  {
1122  ilUtil::sendFailure($this->lng->txt('select_one'));
1123  $this->adoptPermObject();
1124  return false;
1125  }
1126 
1127  $access = $this->checkAccess('visible,write','edit_permission');
1128  if (!$access)
1129  {
1130  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1131  }
1132 
1133  if ($this->object->getId() == $_POST["adopt"])
1134  {
1135  ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"),true);
1136  }
1137  else
1138  {
1139  $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
1140  $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
1141  $rbacadmin->copyRoleTemplatePermissions(
1142  $_POST["adopt"],
1143  $parentRoles[$_POST["adopt"]]["parent"],
1144  $this->obj_ref_id,
1145  $this->object->getId(),
1146  false);
1147 
1148  // update object data entry (to update last modification date)
1149  $this->object->update();
1150 
1151  // send info
1152  $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1153  ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1154  $this->lng->txt("msg_perm_adopted_from2"),true);
1155  }
1156 
1157  $this->ctrl->redirect($this, "perm");
1158  }
1159 
1165  function assignSaveObject()
1166  {
1167  $this->assignUserObject();
1168  }
1169 
1170 
1171 
1177  public function addUserObject($a_user_ids)
1178  {
1179  global $rbacreview,$rbacadmin;
1180 
1181  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1182  {
1183  ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'),true);
1184  return false;
1185  }
1186  if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
1187  $this->obj_ref_id != ROLE_FOLDER_ID)
1188  {
1189  ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'),true);
1190  return false;
1191  }
1192  if(!$a_user_ids)
1193  {
1194  $GLOBALS['lng']->loadLanguageModule('search');
1195  ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'),true);
1196  return false;
1197  }
1198 
1199  $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1200 
1201  // users to assign
1202  $assigned_users_new = array_diff($a_user_ids,array_intersect($a_user_ids,$assigned_users_all));
1203 
1204  // selected users all already assigned. stop
1205  if (count($assigned_users_new) == 0)
1206  {
1207  ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"),true);
1208  $this->ctrl->redirect($this,'userassignment');
1209  }
1210 
1211  // assign new users
1212  foreach ($assigned_users_new as $user)
1213  {
1214  $rbacadmin->assignUser($this->object->getId(),$user,false);
1215  }
1216 
1217  // update object data entry (to update last modification date)
1218  $this->object->update();
1219 
1220  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"),true);
1221  $this->ctrl->redirect($this,'userassignment');
1222  }
1223 
1229  function deassignUserObject()
1230  {
1231  global $rbacsystem, $rbacadmin, $rbacreview;
1232 
1233  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1234  {
1235  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1236  }
1237 
1238  $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1239 
1240  if ($selected_users[0]=== NULL)
1241  {
1242  $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1243  }
1244 
1245  // prevent unassignment of system user from system role
1246  if ($this->object->getId() == SYSTEM_ROLE_ID)
1247  {
1248  if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1249  unset($selected_users[$admin]);
1250  }
1251 
1252  // check for each user if the current role is his last global role before deassigning him
1253  $last_role = array();
1254  $global_roles = $rbacreview->getGlobalRoles();
1255 
1256  foreach ($selected_users as $user)
1257  {
1258  $assigned_roles = $rbacreview->assignedRoles($user);
1259  $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1260 
1261  if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1262  {
1263  $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1264  $last_role[$user] = $userObj->getFullName();
1265  unset($userObj);
1266  }
1267  }
1268 
1269 
1270  // ... else perform deassignment
1271  foreach ($selected_users as $user)
1272  {
1273  if(!isset($last_role[$user]))
1274  {
1275  $rbacadmin->deassignUser($this->object->getId(), $user);
1276  }
1277  }
1278 
1279  // update object data entry (to update last modification date)
1280  $this->object->update();
1281 
1282  // raise error if last role was taken from a user...
1283  if(count($last_role))
1284  {
1285  $user_list = implode(", ",$last_role);
1286  ilUtil::sendFailure($this->lng->txt('msg_is_last_role').': '.$user_list.'<br />'.$this->lng->txt('msg_min_one_role'),true);
1287  }
1288  else
1289  {
1290  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1291  }
1292  $this->ctrl->redirect($this,'userassignment');
1293  }
1294 
1295 
1299  function userassignmentObject()
1300  {
1301  global $rbacreview, $rbacsystem, $lng, $ilUser;
1302 
1303  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1304  {
1305  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1306  }
1307 
1308  $this->tabs_gui->setTabActive('user_assignment');
1309 
1310  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.rbac_ua.html','Services/AccessControl');
1311 
1312  include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1313  $tb = new ilToolbarGUI();
1314 
1315  // protected admin role
1316  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1317  if(
1318  $this->object->getId() != SYSTEM_ROLE_ID ||
1319  (
1320  !$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID) or
1321  !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1322  )
1323  )
1324  {
1325 
1326 
1327  // add member
1328  include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1329  ilRepositorySearchGUI::fillAutoCompleteToolbar(
1330  $this,
1331  $tb,
1332  array(
1333  'auto_complete_name' => $lng->txt('user'),
1334  'submit_name' => $lng->txt('add')
1335  )
1336  );
1337 
1338  /*
1339  // add button
1340  $tb->addFormButton($lng->txt("add"), "assignUser");
1341  */
1342  $tb->addSpacer();
1343 
1344  $tb->addButton(
1345  $this->lng->txt('search_user'),
1346  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI','start')
1347  );
1348  $tb->addSpacer();
1349  }
1350 
1351  $tb->addButton(
1352  $this->lng->txt('role_mailto'),
1353  $this->ctrl->getLinkTarget($this,'mailToRole')
1354  );
1355  $this->tpl->setVariable('BUTTONS_UA',$tb->getHTML());
1356 
1357 
1358  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1359  $role_assignment_editable = true;
1360  if(
1361  $this->object->getId() == SYSTEM_ROLE_ID &&
1362  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId()))
1363  {
1364  $role_assignment_editable = false;
1365  }
1366 
1367  include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1368  $ut = new ilAssignedUsersTableGUI($this,'userassignment',$this->object->getId(),$role_assignment_editable);
1369 
1370  $this->tpl->setVariable('TABLE_UA',$ut->getHTML());
1371 
1372  return true;
1373 
1374  }
1375 
1376 
1381  function cancelObject()
1382  {
1383  if ($_GET["new_type"] != "role")
1384  {
1385  $this->ctrl->redirect($this, "userassignment");
1386  }
1387  else
1388  {
1389  $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1390  }
1391  }
1392 
1393 
1394  function listUsersRoleObject()
1395  {
1396  global $rbacsystem,$rbacreview;
1397 
1398  $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1399 
1400  if (!is_array($_POST["role"]))
1401  {
1402  ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1403  $this->searchObject();
1404 
1405  return false;
1406  }
1407 
1408  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1409  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1410 
1411  // GET ALL MEMBERS
1412  $members = array();
1413 
1414  foreach ($_POST["role"] as $role_id)
1415  {
1416  $members = array_merge($rbacreview->assignedUsers($role_id),$members);
1417  }
1418 
1419  $members = array_unique($members);
1420 
1421  // FORMAT USER DATA
1422  $counter = 0;
1423  $f_result = array();
1424 
1425  foreach($members as $user)
1426  {
1427  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
1428  {
1429  continue;
1430  }
1431 
1432  $user_ids[$counter] = $user;
1433 
1434  // TODO: exclude anonymous user
1435  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
1436  $f_result[$counter][] = $tmp_obj->getLogin();
1437  $f_result[$counter][] = $tmp_obj->getFirstname();
1438  $f_result[$counter][] = $tmp_obj->getLastname();
1439 
1440  unset($tmp_obj);
1441  ++$counter;
1442  }
1443 
1444  $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
1445 
1446  return true;
1447  }
1448 
1449 
1450 
1451  function __formatPath($a_path_arr)
1452  {
1453  $counter = 0;
1454 
1455  foreach ($a_path_arr as $data)
1456  {
1457  if ($counter++)
1458  {
1459  $path .= " -> ";
1460  }
1461 
1462  $path .= $data['title'];
1463  }
1464 
1465  if (strlen($path) > 50)
1466  {
1467  return '...'.substr($path,-50);
1468  }
1469 
1470  return $path;
1471  }
1472 
1473  function __prepareOutput()
1474  {
1475  // output objects
1476  $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1477  $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1478 
1479  // output locator
1480  //$this->__setLocator();
1481 
1482  // output message
1483  if ($this->message)
1484  {
1485  ilUtil::sendInfo($this->message);
1486  }
1487 
1488  // display infopanel if something happened
1489  ilUtil::infoPanel();
1490 
1491  // set header
1492  $this->__setHeader();
1493  }
1494 
1495  function __setHeader()
1496  {
1497  $this->tpl->setTitle($this->lng->txt('role'));
1498  $this->tpl->setDescription($this->object->getTitle());
1499  $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1500 
1501  $this->getTabs($this->tabs_gui);
1502  }
1503 
1504  function __setLocator()
1505  {
1506  global $tree, $ilCtrl;
1507 
1508  return;
1509 
1510  $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html", "Services/Locator");
1511 
1512  $counter = 0;
1513 
1514  foreach ($tree->getPathFull($this->obj_ref_id) as $key => $row)
1515  {
1516  if ($counter++)
1517  {
1518  $this->tpl->touchBlock('locator_separator_prefix');
1519  }
1520 
1521  $this->tpl->setCurrentBlock("locator_item");
1522 
1523  if ($row["type"] == 'rolf')
1524  {
1525  $this->tpl->setVariable("ITEM",$this->object->getTitle());
1526  $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
1527  }
1528  elseif ($row["child"] != $tree->getRootId())
1529  {
1530  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1531  $this->tpl->setVariable("ITEM", $row["title"]);
1532  $this->tpl->setVariable("LINK_ITEM",
1533  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1534  }
1535  else
1536  {
1537  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1538  $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
1539  $this->tpl->setVariable("LINK_ITEM",
1540  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1541  }
1542  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $_GET["ref_id"]);
1543 
1544  $this->tpl->parseCurrentBlock();
1545  }
1546 
1547  $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
1548  $this->tpl->parseCurrentBlock();
1549  }
1550 
1555  function addAdminLocatorItems()
1556  {
1557  global $ilLocator;
1558 
1559  if ($_GET["admin_mode"] == "settings"
1560  && $_GET["ref_id"] == ROLE_FOLDER_ID) // system settings
1561  {
1562  parent::addAdminLocatorItems(true);
1563 
1564  $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
1565  ilObject::_lookupObjId($_GET["ref_id"]))),
1566  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
1567 
1568  if ($_GET["obj_id"] > 0)
1569  {
1570  $ilLocator->addItem($this->object->getTitle(),
1571  $this->ctrl->getLinkTarget($this, "view"));
1572  }
1573  }
1574  else // repository administration
1575  {
1576  // ?
1577  }
1578  }
1579 
1580 
1581 
1582 
1583  function getTabs(&$tabs_gui)
1584  {
1585  global $rbacsystem,$rbacreview, $ilHelp;
1586 
1587  $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1588 
1589 
1590  $activate_role_edit = false;
1591 
1592  // todo: activate the following (allow editing of local roles in
1593  // roles administration)
1594  if (in_array($this->obj_ref_id,$base_role_container) ||
1595  (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1596  $_GET["admin_mode"] == "settings"))
1597  {
1598  $activate_role_edit = true;
1599  }
1600 
1601  // not so nice (workaround for using tabs in repository)
1602  $tabs_gui->clearTargets();
1603 
1604  $ilHelp->setScreenIdComponent("role");
1605 
1606  if ($this->back_target != "")
1607  {
1608  $tabs_gui->setBackTarget(
1609  $this->back_target["text"],$this->back_target["link"]);
1610  }
1611 
1612  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
1613  {
1614  $tabs_gui->addTarget("edit_properties",
1615  $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
1616  }
1617 /*
1618  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1619  {
1620  $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1621  ? true
1622  : false;
1623  $tabs_gui->addTarget("default_perm_settings",
1624  $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1625  get_class($this),
1626  "", $force_active);
1627  }
1628 */
1629  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1630  {
1631  $tabs_gui->addTarget(
1632  "default_perm_settings",
1633  $this->ctrl->getLinkTarget($this, "perm"), array(),get_class($this)
1634  );
1635  }
1636 
1637  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1638  {
1639  $tabs_gui->addTarget("user_assignment",
1640  $this->ctrl->getLinkTarget($this, "userassignment"),
1641  array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1642  get_class($this));
1643  }
1644 
1645  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1646  {
1647  $tabs_gui->addTarget("desktop_items",
1648  $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1649  array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1650  get_class($this));
1651  }
1652  if($this->checkAccess('write','edit_permission'))
1653  {
1654  $tabs_gui->addTarget(
1655  'export',
1656  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1657  array()
1658  );
1659 
1660  }
1661  }
1662 
1663  function mailToRoleObject()
1664  {
1665  global $rbacreview;
1666 
1667  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1668  if(count($obj_ids) > 1)
1669  {
1670  $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
1671  }
1672  else
1673  {
1674  $_SESSION['mail_roles'][] = $rbacreview->getRoleMailboxAddress($this->object->getId());
1675  }
1676 
1677  require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1678  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1679  ilUtil::redirect($script);
1680  }
1681 
1682  function checkAccess($a_perm_global,$a_perm_obj = '')
1683  {
1684  global $rbacsystem,$ilAccess;
1685 
1686  $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1687 
1688  if($this->obj_ref_id == ROLE_FOLDER_ID)
1689  {
1690  return $rbacsystem->checkAccess($a_perm_global,$this->obj_ref_id);
1691  }
1692  else
1693  {
1694  return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
1695  }
1696  }
1697 
1702  protected function isChangeExistingObjectsConfirmationRequired()
1703  {
1704  global $rbacreview;
1705 
1706  if(!(int) $_POST['recursive'] and !is_array($_POST['recursive_list']))
1707  {
1708  return false;
1709  }
1710 
1711  // Role is protected
1712  if($rbacreview->isProtected($this->obj_ref_id, $this->object->getId()))
1713  {
1714  // TODO: check if recursive_list is enabled
1715  // and if yes: check if inheritance is broken for the relevant object types
1716  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1717  }
1718  else
1719  {
1720  // TODO: check if recursive_list is enabled
1721  // and if yes: check if inheritance is broken for the relevant object types
1722  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1723  }
1724  }
1725 
1730  protected function showChangeExistingObjectsConfirmation()
1731  {
1732  $protected = $_POST['protected'];
1733 
1734  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1735  $form = new ilPropertyFormGUI();
1736  $form->setFormAction($this->ctrl->getFormAction($this,'changeExistingObjects'));
1737  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1738 
1739  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1740  $form->addCommandButton('perm',$this->lng->txt('cancel'));
1741 
1742  $hidden = new ilHiddenInputGUI('type_filter');
1743  $hidden->setValue(
1744  $_POST['recursive'] ?
1745  serialize(array('all')) :
1746  serialize($_POST['recursive_list'])
1747  );
1748  $form->addItem($hidden);
1749 
1750  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'),'mode');
1751 
1752  if($protected)
1753  {
1754  $rad->setValue(ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1755  $keep = new ilRadioOption(
1756  $this->lng->txt('rbac_keep_local_policies'),
1757  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1758  $this->lng->txt('rbac_keep_local_policies_info')
1759  );
1760  }
1761  else
1762  {
1763  $rad->setValue(ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1764  $keep = new ilRadioOption(
1765  $this->lng->txt('rbac_keep_local_policies'),
1766  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1767  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1768  );
1769 
1770  }
1771  $rad->addOption($keep);
1772 
1773  if($protected)
1774  {
1775  $del = new ilRadioOption(
1776  $this->lng->txt('rbac_delete_local_policies'),
1777  ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1778  $this->lng->txt('rbac_delete_local_policies_info')
1779  );
1780  }
1781  else
1782  {
1783  $del = new ilRadioOption(
1784  $this->lng->txt('rbac_delete_local_policies'),
1785  ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1786  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1787  );
1788  }
1789  $rad->addOption($del);
1790 
1791  $form->addItem($rad);
1792  $this->tpl->setContent($form->getHTML());
1793  }
1794 
1799  protected function changeExistingObjectsObject()
1800  {
1801  global $tree,$rbacreview,$rbacadmin;
1802 
1803  $mode = (int) $_POST['mode'];
1804  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1805 
1806  $this->object->changeExistingObjects($start,$mode,unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1807 
1808  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1809  $this->ctrl->redirect($this,'perm');
1810  }
1811 
1817  protected function setSubTabs($a_tab)
1818  {
1819  global $ilTabs;
1820 
1821  switch($a_tab)
1822  {
1823  case 'default_perm_settings':
1824  if($this->obj_ref_id != ROLE_FOLDER_ID)
1825  {
1826  return true;
1827  }
1828  $ilTabs->addSubTabTarget(
1829  'rbac_repository_permissions',
1830  $this->ctrl->getLinkTarget($this,'perm')
1831  );
1832  $ilTabs->addSubTabTarget(
1833  'rbac_admin_permissions',
1834  $this->ctrl->getLinkTarget($this,'adminPerm')
1835  );
1836  }
1837  return true;
1838  }
1839 
1840 
1841 } // END class.ilObjRoleGUI
1842 ?>