ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermission2GUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
17 class ilPermission2GUI
18 {
19  protected $gui_obj = null;
20  protected $ilErr = null;
21  protected $ctrl = null;
22  protected $lng = null;
23 
24  public function __construct($a_gui_obj)
25  {
26  global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
27 
28  if (!isset($ilErr))
29  {
30  $ilErr = new ilErrorHandling();
31  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
32  }
33  else
34  {
35  $this->ilErr =& $ilErr;
36  }
37 
38  $this->objDefinition =& $objDefinition;
39  $this->tpl =& $tpl;
40  $this->lng =& $lng;
41  $this->lng->loadLanguageModule("rbac");
42 
43  $this->ctrl =& $ilCtrl;
44 
45  $this->gui_obj = $a_gui_obj;
46 
47  $this->roles = array();
48  $this->num_roles = 0;
49  }
50 
51 
56  public function executeCommand()
57  {
58  global $rbacsystem, $ilErr;
59 
60  // access to all functions in this class are only allowed if edit_permission is granted
61  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
62  {
63  $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
64  }
65 
66  $next_class = $this->ctrl->getNextClass($this);
67 
68  switch($next_class)
69  {
70  case "ilobjrolegui":
71  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
72  $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
73  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
74  $ret = $this->ctrl->forwardCommand($this->gui_obj);
75  break;
76 
77  default:
78  $cmd = $this->ctrl->getCmd();
79  $this->$cmd();
80  break;
81  }
82 
83  return true;
84  }
85 
91  function perm()
92  {
93  global $rbacsystem, $rbacreview,$tree,$ilToolbar;
94 
95  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content","tpl.edit_permissions.html", "Services/AccessControl");
96 
97  // do not display this option for admin section and root node
98  $object_types_exclude = array("adm","root","objf","taxf");
99 
100  // can the current object contain a rolefolder?
101  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
102  if (isset($subobjects["rolf"]) && !in_array($this->gui_obj->object->getType(),$object_types_exclude) && $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
103  {
104  // Show new role button
105  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
106  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
107  }
108 
109  $this->getRolesData();
110 
112  // START DATA OUTPUT
114  $this->__initSubTabs("perm");
115 
116  $this->num_roles = count($this->roles);
117 
118  // render filter form
119  $this->tpl->setCurrentBlock("filter");
120  $this->tpl->setVariable("FILTER_TXT_FILTER",$this->lng->txt('filter'));
121  $this->tpl->setVariable("SELECT_FILTER",$this->__buildRoleFilterSelect());
122  $this->tpl->setVariable("FILTER_ACTION",$this->ctrl->getFormAction($this)."&cmd=perm");
123  $this->tpl->setVariable("FILTER_NAME",'view');
124  $this->tpl->setVariable("FILTER_VALUE",$this->lng->txt('apply_filter'));
125  $this->tpl->parseCurrentBlock();
126 
127  // don't display table if no role in list
128  if ($this->num_roles < 1)
129  {
130  ilUtil::sendInfo($this->lng->txt("msg_no_roles_of_type"),false);
131  return true;
132  }
133 
134  $this->tpl->addBlockFile("PERM_PERMISSIONS", "permissions", "tpl.obj_perm_permissions.html");
135 
136  $this->tpl->setVariable("TXT_TITLE", $this->lng->txt("permission_settings"));
137  $this->tpl->setVariable("IMG_PERM", ilUtil::getImagePath("icon_perm.gif"));
138  $this->tpl->setVariable("TXT_TITLE_INFO",
139  sprintf($this->lng->txt("permission_settings_info"),
140  $this->gui_obj->object->getTitle()
141  ));
142  $this->tpl->setVariable("COLSPAN", $this->num_roles);
143  $this->tpl->setVariable("FORMACTION",
144  $this->ctrl->getLinkTarget($this,"permSave"));
145  $this->tpl->setVariable("TXT_SAVE", $this->lng->txt("save"));
146 
147  // needed for display correct role context of global roles
148  $global_roles = $rbacreview->getGlobalRoles();
149 
150  foreach ($this->roles as $role)
151  {
152  $tmp_role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
153  $tmp_local_roles = array();
154 
155  if ($tmp_role_folder)
156  {
157  $tmp_local_roles = $rbacreview->getRolesOfRoleFolder($tmp_role_folder["ref_id"]);
158  }
159 
160  // Is it a real or linked lokal role
161  if ($role['protected'] == false and in_array($role['obj_id'],$tmp_local_roles))
162  {
163  $role_folder_data = $rbacreview->getRoleFolderOfObject($_GET['ref_id']);
164  $role_folder_id = $role_folder_data['ref_id'];
165 
166 
167  $this->tpl->setCurrentBlock("rolelink_open");
168 
169  $up_path = defined('ILIAS_MODULE') ? "../" : "";
170  $this->ctrl->setParameterByClass("ilobjrolegui", "obj_id",
171  $role['obj_id']);
172  $this->ctrl->setParameterByClass("ilobjrolegui", "rolf_ref_id",
173  $role_folder_id);
174  $this->tpl->setVariable("LINK_ROLE_RULESET",
175  $this->ctrl->getLinkTargetByClass("ilobjrolegui", ""));
176 
177  $this->tpl->setVariable("TXT_ROLE_RULESET",$this->lng->txt("edit_perm_ruleset"));
178  $this->tpl->parseCurrentBlock();
179 
180  $this->tpl->touchBlock("rolelink_close");
181  }
182 
183  $this->tpl->setCurrentBlock("role_infos");
184 
185  // display human readable role names for autogenerated roles
186  include_once ('Services/AccessControl/classes/class.ilObjRole.php');
187  $this->tpl->setVariable("ROLE_NAME",str_replace(" ","&nbsp;",ilObjRole::_getTranslation($role["title"])));
188  //var_dump("<pre>",$role,"</pre>");
189 
190  // display role context
191  if (in_array($role["obj_id"],$global_roles))
192  {
193  $this->tpl->setVariable("ROLE_CONTEXT_TYPE","global");
194  }
195  else
196  {
197  if($rolf = $rbacreview->getFoldersAssignedToRole($role["obj_id"],true))
198  {
199  $parent_node = $tree->getParentNodeData($rolf[0]);
200  //$this->tpl->setVariable("ROLE_CONTEXT_TYPE",$this->lng->txt("obj_".$parent_node["type"])."&nbsp;(#".$parent_node["obj_id"].")");
201  //$this->tpl->setVariable("ROLE_CONTEXT",$parent_node["title"]);
202  $this->tpl->setVariable("ROLE_CONTEXT_TYPE",$parent_node["title"]);
203  }
204  }
205 
206  $this->tpl->parseCurrentBlock();
207  }
208  $this->ctrl->clearParametersByClass("ilobjrolegui");
209 
210 // show permission settings
211 
212  // general section
213  $this->__showPermissionsGeneralSection();
214 
215  // object section
216  $this->__showPermissionsObjectSection();
217 
218  // rbac section
219  $this->__showPermissionsRBACSection();
220 
221  // create section
222  $this->__showPermissionsCreateSection();
223 
224  $this->tpl->setVariable("COLSPAN", $this->num_roles);
225  }
226 
232  function permSave()
233  {
234  global $rbacreview, $rbacadmin, $rbacsystem;
235 
236  $this->getRolesData();
237 
238  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
239  $log_old = ilRbacLog::gatherFaPa($this->gui_obj->object->getRefId(), array_keys($this->roles));
240 
241  // only revoke permission of roles that are not filtered
242  foreach($this->roles as $role_id => $data)
243  {
244  $rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
245  }
246 
247  if (is_array($_POST["perm"]))
248  {
249  foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
250  {
251  $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
252  }
253  }
254 
255  // update object data entry (to update last modification date)
256  $this->gui_obj->object->update();
257 
258  // Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
259  // muss folgendes geschehen:
260  // - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
261  // - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
262  // - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
263  // und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
264 
265  // get rolefolder data if a rolefolder already exists
266  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
267  $rolf_id = $rolf_data["child"];
268 
269  $stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
270 
271  if ($stop_inherit_roles)
272  {
273  // rolefolder does not exist, so create one
274  if (empty($rolf_id))
275  {
276  // create a local role folder
277  $rfoldObj = $this->gui_obj->object->createRoleFolder();
278 
279  // set rolf_id again from new rolefolder object
280  $rolf_id = $rfoldObj->getRefId();
281  }
282 
283  $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
284 
285  foreach ($stop_inherit_roles as $stop_inherit)
286  {
287  // create role entries for roles with stopped inheritance
288  if (!in_array($stop_inherit,$roles_of_folder))
289  {
290  $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
291  $rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit]["parent"],
292  $rolf_id,$stop_inherit);
293  $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
294  }
295  }// END FOREACH
296  }// END STOP INHERIT
297 
298  if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
299  {
300  // get roles where inheritance is stopped was cancelled
301  $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
302  $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
303 
304  // Only delete local policies for filtered roles
305  $linked_roles_to_remove = (array) array_intersect(
306  (array) $linked_roles_to_remove,
307  (array) array_keys($this->roles));
308 
309  // remove roles where stopped inheritance is cancelled and purge rolefolder if empty
310  foreach ($linked_roles_to_remove as $role_id)
311  {
312  if ($rbacreview->isProtected($rolf_id,$role_id))
313  {
314  continue;
315  }
316 
317  $role_obj = ilObjectFactory::getInstanceByObjId($role_id);
318  $role_obj->setParent($rolf_id);
319  $role_obj->delete();
320  unset($role_obj);
321  }
322  }
323 
324  $log_new = ilRbacLog::gatherFaPa($this->gui_obj->object->getRefId(), array_keys($this->roles));
325  $log = ilRbacLog::diffFaPa($log_old, $log_new);
326  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->gui_obj->object->getRefId(), $log);
327 
328  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
329 
330  // redirect to default page if user revokes himself access to the permission panel
331  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
332  {
333  $this->ctrl->redirect($this->gui_obj);
334  }
335 
336  $this->ctrl->redirect($this,'perm');
337  }
338 
339  function initRoleForm()
340  {
341  global $rbacreview,$objDefinition;
342 
343  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
344  $form = new ilPropertyFormGUI();
345  $form->setFormAction($this->ctrl->getFormAction($this));
346  $form->setTitle($this->lng->txt('role_new'));
347  $form->addCommandButton('addrole',$this->lng->txt('role_new'));
348  $form->addCommandButton('perm', $this->lng->txt('cancel'));
349 
350  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
351  $title->setValidationRegexp('/^(?!il_).*$/');
352  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
353  $title->setSize(40);
354  $title->setMaxLength(70);
355  $title->setRequired(true);
356  $form->addItem($title);
357 
358  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
359  $desc->setCols(40);
360  $desc->setRows(3);
361  $form->addItem($desc);
362 
363  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
364  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
365  $pro->setValue(1);
366  $form->addItem($pro);
367 
368  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
369  $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
370  $pd->setValue(1);
371  $form->addItem($pd);
372 
373  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
374  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
375  $rights->addOption($option);
376 
377  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
378  $ids = array();
379  foreach($parent_role_ids as $id => $tmp)
380  {
381  $ids[] = $id;
382  }
383 
384  // Sort ids
385  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
386 
387  // Sort roles by title
388  $sorted_roles = ilUtil::sortArray(array_values($parent_role_ids), 'title', ASC);
389  $key = 0;
390 
391  foreach($sorted_ids as $id)
392  {
393  $par = $parent_role_ids[$id];
394  if ($par["obj_id"] != SYSTEM_ROLE_ID)
395  {
396  include_once './Services/AccessControl/classes/class.ilObjRole.php';
397  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
398  $option->setInfo($par["desc"]);
399  $rights->addOption($option);
400  }
401  $key++;
402  }
403  $form->addItem($rights);
404 
405  // Local policy only for containers
406  if($objDefinition->isContainer($this->getCurrentObject()->getType()))
407  {
408  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
409  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
410  $form->addItem($check);
411 
412  }
413 
414  return $form;
415  }
416 
417  function displayAddRoleForm()
418  {
419  $form = $this->initRoleForm();
420  $this->tpl->setContent($form->getHTML());
421  }
422 
430  function addRole()
431  {
432  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
433 
434  $form = $this->initRoleForm();
435  if($form->checkInput())
436  {
437  $new_title = $form->getInput("title");
438  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
439  if($rolf_data['child'])
440  {
441  foreach($rbacreview->getRolesOfRoleFolder($rolf_data['child']) as $role_id)
442  {
443  if(trim($new_title) == ilObject::_lookupTitle($role_id))
444  {
445  $ilErr->raiseError($this->lng->txt('rbac_role_exists_alert'),$ilErr->MESSAGE);
446  }
447  }
448  }
449 
450  // if the current object is no role folder, create one
451  if ($this->gui_obj->object->getType() != "rolf")
452  {
453  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
454 
455  // is there already a rolefolder?
456  if (!($rolf_id = $rolf_data["child"]))
457  {
458  // can the current object contain a rolefolder?
459  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
460 
461  if (!isset($subobjects["rolf"]))
462  {
463  ilUtil::sendFailure($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
464  $this->lng->txt("msg_no_rolf_allowed2"), true);
465  $ilCtrl->redirect($this, "perm");
466  }
467 
468  // create a rolefolder
469  $rolfObj = $this->gui_obj->object->createRoleFolder();
470  $rolf_id = $rolfObj->getRefId();
471  }
472  }
473  else
474  {
475  // Current object is already a rolefolder. To create the role we take its reference id
476  $rolf_id = $this->gui_obj->object->getRefId();
477  }
478 
479  // create role
480  if ($this->gui_obj->object->getType() == "rolf")
481  {
482  $roleObj = $this->gui_obj->object->createRole($new_title, $form->getInput("desc"));
483  }
484  else
485  {
486  $rfoldObj = ilObjectFactory::getInstanceByRefId($rolf_id);
487  $roleObj = $rfoldObj->createRole($new_title, $form->getInput("desc"));
488  }
489 
490  // protect
491  $rbacadmin->setProtected(
492  $rolf_id,
493  $roleObj->getId(),
494  $form->getInput('pro') ? 'y' : 'n'
495  );
496 
497  // copy rights
498  $right_id_to_copy = $form->getInput("rights");
499  if($right_id_to_copy)
500  {
501  $parentRoles = $rbacreview->getParentRoleIds($rolf_id,true);
502  $rbacadmin->copyRoleTemplatePermissions(
503  $right_id_to_copy,
504  $parentRoles[$right_id_to_copy]["parent"],
505  $rolf_id,
506  $roleObj->getId(),
507  false);
508 
509  if($form->getInput('existing'))
510  {
511  if($form->getInput('pro'))
512  {
513  $roleObj->changeExistingObjects(
514  $this->gui_obj->object->getRefId(),
515  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
516  array('all')
517  );
518  }
519  else
520  {
521  $roleObj->changeExistingObjects(
522  $this->gui_obj->object->getRefId(),
523  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
524  array('all')
525  );
526  }
527  }
528  }
529 
530  // add to desktop items
531  if($form->getInput("desktop"))
532  {
533  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
534  $role_desk_item_obj =& new ilRoleDesktopItem($roleObj->getId());
535  $role_desk_item_obj->add($this->gui_obj->object->getRefId(),ilObject::_lookupType($this->gui_obj->object->getRefId(),true));
536  }
537 
538  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
539  $this->ctrl->redirect($this,'perm');
540  }
541  else
542  {
543  $form->setValuesByPost();
544  $this->tpl->setContent($form->getHTML());
545  }
546  }
547 
548  function &__initTableGUI()
549  {
550  include_once "Services/Table/classes/class.ilTableGUI.php";
551 
552  return new ilTableGUI(0,false);
553  }
554 
560  function __setTableGUIBasicData(&$tbl,&$result_set,$a_from = "")
561  {
562  switch ($a_from)
563  {
564  case "clipboardObject":
565  $offset = $_GET["offset"];
566  $order = $_GET["sort_by"];
567  $direction = $_GET["sort_order"];
568  $tbl->disable("footer");
569  break;
570 
571  default:
572  $offset = $_GET["offset"];
573  $order = $_GET["sort_by"];
574  $direction = $_GET["sort_order"];
575  break;
576  }
577 
578  $tbl->setOrderColumn($order);
579  $tbl->setOrderDirection($direction);
580  $tbl->setOffset($offset);
581  $tbl->setLimit($_GET["limit"]);
582  $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
583  $tbl->setData($result_set);
584  }
585 
586 
587  function __buildRoleFilterSelect()
588  {
589  $action[1] = $this->lng->txt('filter_all_roles');
590  $action[2] = $this->lng->txt('filter_global_roles');
591  $action[3] = $this->lng->txt('filter_local_roles');
592  $action[4] = $this->lng->txt('filter_roles_local_policy');
593  $action[5] = $this->lng->txt('filter_local_roles_object');
594  return ilUtil::formSelect($_SESSION['perm_filtered_roles'], "filter",$action,false,true);
595  }
596 
597 
598  function __filterRoles($a_roles,$a_filter)
599  {
600  global $rbacreview;
601 
602  switch ($a_filter)
603  {
604  case 1: // all roles in context
605  return $a_roles;
606  break;
607 
608  case 2: // only global roles
609  $arr_global_roles = $rbacreview->getGlobalRoles();
610  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
611 
612  foreach ($arr_remove_roles as $role_id)
613  {
614  unset($a_roles[$role_id]);
615  }
616 
617  return $a_roles;
618  break;
619 
620  case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
621  $arr_global_roles = $rbacreview->getGlobalRoles();
622 
623  foreach ($arr_global_roles as $role_id)
624  {
625  unset($a_roles[$role_id]);
626  }
627 
628  return $a_roles;
629  break;
630 
631  case 4: // only roles which use a local policy
632  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
633 
634  if (!$role_folder)
635  {
636  return array();
637  }
638 
639  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
640  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
641 
642  foreach ($arr_remove_roles as $role_id)
643  {
644  unset($a_roles[$role_id]);
645  }
646 
647  return $a_roles;
648  break;
649 
650  case 5: // only true local role defined at current position
651 
652  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
653 
654  if (!$role_folder)
655  {
656  return array();
657  }
658 
659  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
660  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
661 
662  foreach ($arr_remove_roles as $role_id)
663  {
664  unset($a_roles[$role_id]);
665  }
666 
667  return $a_roles;
668  break;
669  }
670 
671  return $a_roles;
672  }
673 
674  // show owner sub tab
675  function owner()
676  {
677  global $ilObjDataCache,$ilUser;
678 
679  $this->__initSubTabs("owner");
680 
681  $this->tpl->addBlockfile('ADM_CONTENT','adm_content','tpl.obj_owner.html');
682 
683  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
684  $this->tpl->setVariable("USERNAME",ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
685  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_usr.gif'));
686  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('owner'));
687  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('info_owner_of_object'));
688  $this->tpl->setVariable("BTN_CHOWN",$this->lng->txt('change_owner'));
689  $this->tpl->setVariable("TXT_USERNAME",$this->lng->txt('username'));
690  $this->tpl->setVariable("CHOWN_WARNING",$this->lng->txt('chown_warning'));
691  }
692 
693  function changeOwner()
694  {
695  global $rbacsystem,$ilErr,$ilObjDataCache;
696 
697  if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
698  {
699  ilUtil::sendFailure($this->lng->txt('user_not_known'));
700  $this->owner();
701  return true;
702  }
703 
704  $this->gui_obj->object->setOwner($user_id);
705  $this->gui_obj->object->updateOwner();
706  $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
707  ilUtil::sendSuccess($this->lng->txt('owner_updated'),true);
708 
709  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
710  if(ilRbacLog::isActive())
711  {
712  ilRbacLog::add(ilRbacLog::CHANGE_OWNER, $this->gui_obj->object->getRefId(), array($user_id));
713  }
714 
715  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
716  {
717  $this->ctrl->redirect($this->gui_obj);
718  return true;
719  }
720 
721  $this->ctrl->redirect($this,'owner');
722  return true;
723 
724  }
725 
726  // init permission query feature
727  function info()
728  {
729  $this->__initSubTabs("info");
730 
731  include_once('classes/class.ilObjectStatusGUI.php');
732 
733  $ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
734 
735  $this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
736  }
737 
738  // init sub tabs
739  function __initSubTabs($a_cmd)
740  {
741  global $ilTabs;
742 
743  $perm = ($a_cmd == 'perm') ? true : false;
744  $info = ($a_cmd == 'info') ? true : false;
745  $owner = ($a_cmd == 'owner') ? true : false;
746  $log = ($a_cmd == 'log') ? true : false;
747 
748  $ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
749  "", "", "", $perm);
750 
751  #$ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm2"),
752  # "", "", "", $perm);
753 
754  $ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
755  "", "", "", $info);
756  $ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
757  "", "", "", $owner);
758 
759  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
760  if(ilRbacLog::isActive())
761  {
762  $ilTabs->addSubTabTarget("log", $this->ctrl->getLinkTarget($this, "log"),
763  "", "", "", $log);
764  }
765  }
766 
767  function getRolesData()
768  {
769  global $rbacsystem, $rbacreview, $tree;
770 
771  // first get all roles in
772  $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
773 
774  // filter roles
775  $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
776 
777  // set default filter (all roles) if no filter is set
778  if ($_SESSION['perm_filtered_roles'] == 0)
779  {
780  if ($tree->checkForParentType($this->gui_obj->object->getRefId(),'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),'grp'))
781  $_SESSION['perm_filtered_roles'] = 3;
782  else
783  $_SESSION['perm_filtered_roles'] = 1;
784  }
785 
786 
787  // remove filtered roles from array
788  $roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
789 
790  // determine status of each role (local role, changed policy, protected)
791 
792  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
793 
794  $local_roles = array();
795 
796  if (!empty($role_folder))
797  {
798  $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
799  }
800 
801  foreach ($roles as $key => $role)
802  {
803  // exclude system admin role from list
804  if ($role["obj_id"] == SYSTEM_ROLE_ID)
805  {
806  unset($roles[$key]);
807  continue;
808  }
809 
810  $this->roles[$role['obj_id']] = $role;
811 
812  // don't allow local policies for protected roles
813  $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
814 
815  if (!in_array($role["obj_id"],$local_roles))
816  {
817  $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
818  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
819  }
820  else
821  {
822  // no checkbox for local roles
823  if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
824  {
825  $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
826  }
827  else
828  {
829  $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
830  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
831  }
832  }
833 
834  // compute permission settings for each role
835  $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
836  foreach ($grouped_ops as $ops_group => $ops_data)
837  {
838  foreach ($ops_data as $key => $operation)
839  {
840  $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
841  }
842  }
843 
844  $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
845 
846  unset($grouped_ops);
847  }
848  }
849 
850  function __showPermissionsGeneralSection()
851  {
852  global $objDefinition;
853 
854  $this->tpl->setCurrentBlock("perm_subtitle");
855  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
856  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
857  $this->tpl->setVariable("COLSPAN", $this->num_roles);
858  $this->tpl->parseCurrentBlock();
859 
860  foreach ($this->roles as $role)
861  {
862  foreach ($role['permissions']['general'] as $perm)
863  {
864  // exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
865  if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
866  {
867  continue;
868  }
869 
870  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
871 
872  $this->tpl->setCurrentBlock("perm_item");
873  $this->tpl->setVariable("PERM_CHECKBOX",$box);
874  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
875  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
876  {
877  $this->tpl->setVariable("PERM_TOOLTIP",
878  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
879  $this->gui_obj->object->getType()."_".$perm['name']));
880  }
881  else
882  {
883  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
884  }
885  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
886  $this->tpl->parseCurrentBlock();
887  }
888 
889  $this->tpl->setCurrentBlock("perm_table");
890  $this->tpl->parseCurrentBlock();
891  }
892 
893  $this->tpl->setCurrentBlock("perm_settings");
894  $this->tpl->parseCurrentBlock();
895  }
896 
897  function __showPermissionsObjectSection()
898  {
899  global $objDefinition;
900 
901  // create pointer to first role (only the permission list is needed)
902  reset($this->roles);
903  $first_role =& current($this->roles);
904 
905  if (count($first_role['permissions']['object'])) // check if object type has special operations
906  {
907  $this->tpl->setCurrentBlock("perm_subtitle");
908  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
909  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
910  $this->tpl->setVariable("COLSPAN", $this->num_roles);
911  $this->tpl->parseCurrentBlock();
912 
913  foreach ($this->roles as $role)
914  {
915  foreach ($role['permissions']['object'] as $perm)
916  {
917  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
918 
919  $this->tpl->setCurrentBlock("perm_item");
920  $this->tpl->setVariable("PERM_CHECKBOX",$box);
921  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
922  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
923  {
924  $this->tpl->setVariable("PERM_TOOLTIP",
925  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
926  $this->gui_obj->object->getType()."_".$perm['name']));
927  }
928  else
929  {
930  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
931  }
932  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
933  $this->tpl->parseCurrentBlock();
934  }
935 
936  $this->tpl->setCurrentBlock("perm_table");
937  $this->tpl->parseCurrentBlock();
938  }
939 
940  $this->tpl->setCurrentBlock("perm_settings");
941  $this->tpl->parseCurrentBlock();
942  }
943  }
944 
945  function __showPermissionsRBACSection()
946  {
947  global $objDefinition;
948 
949  $this->tpl->setCurrentBlock("perm_subtitle");
950  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
951  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
952  $this->tpl->setVariable("COLSPAN", $this->num_roles);
953  $this->tpl->parseCurrentBlock();
954 
955  foreach ($this->roles as $role)
956  {
957  foreach ($role['permissions']['rbac'] as $perm)
958  {
959  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
960 
961  $this->tpl->setCurrentBlock("perm_item");
962  $this->tpl->setVariable("PERM_CHECKBOX",$box);
963  $this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
964  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
965  {
966  $this->tpl->setVariable("PERM_TOOLTIP",
967  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
968  $this->gui_obj->object->getType()."_".$perm['name']));
969  }
970  else
971  {
972  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
973  }
974  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
975  $this->tpl->parseCurrentBlock();
976  }
977 
978  // use local policy flag
979  // offer option 'use local policy' only to those objects where this option is permitted
980  if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
981  {
982  if ($role['local_policy_allowed'])
983  {
984  $box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
985  $lang = $this->lng->txt("perm_use_local_policy")." (".
986  $this->lng->txt("stop_inheritance").")";
987  $lang_desc = $this->lng->txt("perm_use_local_policy_desc");
988  }
989  else
990  {
991  $box = '&nbsp;';
992  $lang = $this->lng->txt("perm_local_role");
993  $lang_desc = $this->lng->txt("perm_local_role_desc");
994  }
995 
996  $this->tpl->setCurrentBlock("perm_item");
997  $this->tpl->setVariable("PERM_CHECKBOX",$box);
998  $this->tpl->setVariable("PERM_NAME",$lang);
999  $this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
1000  $this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
1001  $this->tpl->parseCurrentBlock();
1002  }
1003 
1004  $this->tpl->setCurrentBlock("perm_table");
1005  $this->tpl->parseCurrentBlock();
1006  }
1007 
1008  $this->tpl->setCurrentBlock("perm_settings");
1009  $this->tpl->parseCurrentBlock();
1010  }
1011 
1012  function __showPermissionsCreateSection()
1013  {
1014  global $objDefinition,$ilSetting;
1015 
1016  // no create operation for roles/role templates in local role folders
1017  // access is controlled by 'administrate' (change permission settings) only
1018  if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
1019  {
1020  return;
1021  }
1022 
1023  // create pointer to first role (only the permission list is needed)
1024  reset($this->roles);
1025  $first_role =& current($this->roles);
1026 
1027  if (count($first_role['permissions']['create'])) // check if object type has create operations
1028  {
1029  $this->tpl->setCurrentBlock("perm_subtitle");
1030  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
1031  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
1032  $this->tpl->setVariable("COLSPAN", $this->num_roles);
1033  $this->tpl->parseCurrentBlock();
1034 
1035  // add a checkbox 'select all' for create permissions of the following object types
1036  $container_arr = array('cat','grp','crs','fold');
1037 
1038  if (in_array($this->gui_obj->object->getType(),$container_arr))
1039  {
1040  $chk_toggle_create = true;
1041  }
1042 
1043  foreach ($this->roles as $role)
1044  {
1045  $ops_ids = array();
1046 
1047  foreach ($role['permissions']['create'] as $perm)
1048  {
1049  $ops_ids[] = $perm['ops_id'];
1050  }
1051 
1052  if ($chk_toggle_create)
1053  {
1054  $this->tpl->setCurrentBlock('chk_toggle_create');
1055  $this->tpl->setVariable('PERM_NAME',$this->lng->txt('check_all')."/".$this->lng->txt('uncheck_all'));
1056  $this->tpl->setVariable('PERM_TOOLTIP',$this->lng->txt('check_all'));
1057  $this->tpl->setVariable('ROLE_ID',$role['obj_id']);
1058  $this->tpl->setVariable('JS_VARNAME','perm_'.$role['obj_id']);
1059  $this->tpl->setVariable('JS_ONCLICK',ilUtil::array_php2js($ops_ids));
1060  $this->tpl->parseCurrentBlock();
1061  }
1062 
1063  foreach ($role['permissions']['create'] as $perm)
1064  {
1065  if ($perm["name"] == "create_icrs" and !$ilSetting->get("ilinc_active"))
1066  {
1067  continue;
1068  }
1069 
1070  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
1071 
1072  $this->tpl->setCurrentBlock("perm_item");
1073  $this->tpl->setVariable("PERM_CHECKBOX",$box);
1074  if ($objDefinition->isPlugin(substr($perm['name'],7)))
1075  {
1076  $this->tpl->setVariable("PERM_NAME",
1077  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
1078  "obj_".substr($perm['name'],7)));
1079  $this->tpl->setVariable("PERM_TOOLTIP",
1080  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
1081  $this->gui_obj->object->getType()."_".$perm['name']));
1082  }
1083  else
1084  {
1085  $this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
1086  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
1087  }
1088 
1089  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
1090  $this->tpl->parseCurrentBlock();
1091  }
1092 
1093  $this->tpl->setCurrentBlock("perm_table");
1094  $this->tpl->parseCurrentBlock();
1095  }
1096 
1097  $this->tpl->setCurrentBlock("perm_settings");
1098  $this->tpl->parseCurrentBlock();
1099  }
1100  }
1101 
1102  function log()
1103  {
1104  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1105  if(!ilRbacLog::isActive())
1106  {
1107  $this->ctrl->redirect($this, "perm");
1108  }
1109 
1110  $this->__initSubTabs("log");
1111 
1112  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
1113  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
1114  $this->tpl->setContent($table->getHTML());
1115  }
1116 
1117  function applyLogFilter()
1118  {
1119  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
1120  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
1121  $table->resetOffset();
1122  $table->writeFilterToSession();
1123  $this->log();
1124  }
1125 
1126  function resetLogFilter()
1127  {
1128  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
1129  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
1130  $table->resetOffset();
1131  $table->resetFilter();
1132  $this->log();
1133  }
1134 
1135 } // END class.ilPermissionGUI
1136 ?>