ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjectRolePermissionTableGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once ('./Services/Table/classes/class.ilTable2GUI.php');
5 include_once './Services/AccessControl/classes/class.ilPermissionGUI.php';
6 
17 {
18  const ROLE_FILTER_ALL = 1;
19  const ROLE_FILTER_GLOBAL = 2;
20  const ROLE_FILTER_LOCAL = 3;
23 
24  private $ref_id = null;
25  private $role_folder_id = 0;
26  private $roles = array();
27 
28  private $tree_path_ids = array();
29 
30  private $activeOperations = array();
31  private $visible_roles = array();
32 
37  public function __construct($a_parent_obj,$a_parent_cmd, $a_ref_id)
38  {
39  global $ilCtrl,$rbacreview,$tpl,$tree;
40 
41  parent::__construct($a_parent_obj,$a_parent_cmd);
42 
43  $this->lng->loadLanguageModule('rbac');
44 
45  $this->ref_id = $a_ref_id;
46  $this->tree_path_ids = $tree->getPathId($this->ref_id);
47  $this->role_folder_id = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
48 
49  $this->setId('objroleperm_'.$this->ref_id);
50 
51  $tpl->addJavaScript('./Services/AccessControl/js/ilPermSelect.js');
52 
53  $this->setTitle($this->lng->txt('permission_settings'));
54  $this->setEnableHeader(true);
55  $this->disable('sort');
56  $this->setFormAction($ilCtrl->getFormAction($a_parent_obj, $a_parent_cmd));
57  $this->disable('numinfo');
58  $this->setRowTemplate("tpl.obj_role_perm_row.html", "Services/AccessControl");
59  $this->setLimit(100);
60  $this->setShowRowsSelector(false);
61  $this->setDisableFilterHiding(true);
62  $this->setNoEntriesText($this->lng->txt('msg_no_roles_of_type'));
63 
64  $this->addCommandButton('savePermissions', $this->lng->txt('save'));
65 
66  $this->initFilter();
67  }
68 
73  public function getRoleFolderId()
74  {
75  return $this->role_folder_id;
76  }
77 
82  public function getPathIds()
83  {
84  return (array) $this->tree_path_ids;
85  }
86 
91  public function getRefId()
92  {
93  return $this->ref_id;
94  }
95 
100  public function getObjId()
101  {
102  return ilObject::_lookupObjId($this->getRefId());
103  }
104 
109  public function getObjType()
110  {
111  return ilObject::_lookupType($this->getObjId());
112  }
113 
119  public function addActiveOperation($a_ops_id)
120  {
121  $this->activeOperations[] = $a_ops_id;
122  }
123 
128  public function getActiveOperations()
129  {
130  return (array) $this->activeOperations;
131  }
132 
138  public function setVisibleRoles($a_ar)
139  {
140  $this->visible_roles = $a_ar;
141  }
142 
147  public function getVisibleRoles()
148  {
149  return $this->visible_roles;
150  }
151 
156  public function initFilter()
157  {
158  global $tree;
159 
161  'role',
163  );
164 
165  // Limit filter to local roles only for objects with group or course in path
166  if(!$roles->getValue())
167  {
168  if ($tree->checkForParentType($this->getRefId(), 'crs') or
169  $tree->checkForParentType($this->getRefId(), 'grp'))
170  {
171  $roles->setValue(self::ROLE_FILTER_LOCAL);
172  }
173  else
174  {
175  $roles->setValue(self::ROLE_FILTER_ALL);
176  }
177  }
178 
179 
180  $roles->setOptions(
181  array(
182  self::ROLE_FILTER_ALL => $this->lng->txt('filter_all_roles'),
183  self::ROLE_FILTER_GLOBAL => $this->lng->txt('filter_global_roles'),
184  self::ROLE_FILTER_LOCAL => $this->lng->txt('filter_local_roles'),
185  self::ROLE_FILTER_LOCAL_POLICY => $this->lng->txt('filter_roles_local_policy'),
186  self::ROLE_FILTER_LOCAL_OBJECT => $this->lng->txt('filter_local_roles_object')
187  )
188  );
189 
190  }
191 
197  public function fillRow($row)
198  {
199  global $objDefinition;
200 
201 
202  // local policy
203  if(isset($row['show_local_policy_row']))
204  {
205  foreach($row['roles'] as $role_id => $role_info)
206  {
207  $this->tpl->setCurrentBlock('role_option');
208  $this->tpl->setVariable('INHERIT_ROLE_ID',$role_id);
209  $this->tpl->setVariable('INHERIT_CHECKED',$role_info['local_policy'] ? 'checked=checked' : '');
210  $this->tpl->setVariable('INHERIT_DISABLED',($role_info['protected'] or $role_info['isLocal']) ? 'disabled="disabled"' : '');
211  $this->tpl->setVariable('TXT_INHERIT',$this->lng->txt('rbac_local_policy'));
212  $this->tpl->setVariable('INHERIT_LONG',$this->lng->txt('perm_use_local_policy_desc'));
213  $this->tpl->parseCurrentBlock();
214  }
215  return true;
216  }
217  // protected
218  if(isset($row['show_protected_row']))
219  {
220  foreach($row['roles'] as $role_id => $role_info)
221  {
222  $this->tpl->setCurrentBlock('role_protect');
223  $this->tpl->setVariable('PROTECT_ROLE_ID',$role_id);
224  $this->tpl->setVariable('PROTECT_CHECKED',$role_info['protected_status'] ? 'checked=checked' : '');
225  $this->tpl->setVariable('PROTECT_DISABLED',$role_info['protected_allowed'] ? '' : 'disabled="disabled"');
226  $this->tpl->setVariable('TXT_PROTECT',$this->lng->txt('role_protect_permissions'));
227  $this->tpl->setVariable('PROTECT_LONG',$this->lng->txt('role_protect_permissions_desc'));
228  $this->tpl->parseCurrentBlock();
229  }
230  return true;
231  }
232 
233  // block role
234  if(isset($row['show_block_row']))
235  {
236  foreach($this->getVisibleRoles() as $counter => $role_info)
237  {
238  $this->tpl->setCurrentBlock('role_block');
239  $this->tpl->setVariable('BLOCK_ROLE_ID',$role_info['obj_id']);
240  $this->tpl->setVariable('TXT_BLOCK',$this->lng->txt('role_block_role'));
241  $this->tpl->setVariable('BLOCK_LONG',$this->lng->txt('role_block_role_desc'));
242  if($role_info['protected'] == 'y')
243  {
244  $this->tpl->setVariable('BLOCK_DISABLED','disabled="disabled');
245  }
246 
247  $this->tpl->parseCurrentBlock();
248  }
249  return true;
250  }
251 
252  // Select all
253  if(isset($row['show_select_all']))
254  {
255  foreach($this->getVisibleRoles() as $role)
256  {
257  $this->tpl->setCurrentBlock('role_select_all');
258  $this->tpl->setVariable('JS_ROLE_ID',$role['obj_id']);
259  $this->tpl->setVariable('JS_SUBID',$row['subtype']);
260  $this->tpl->setVariable('JS_ALL_PERMS',"['".implode("','",$row['ops'])."']");
261  $this->tpl->setVariable('JS_FORM_NAME',$this->getFormName());
262  $this->tpl->setVariable('TXT_SEL_ALL',$this->lng->txt('select_all'));
263  $this->tpl->parseCurrentBlock();
264  }
265  return true;
266  }
267 
268  // Object permissions
269  if(isset($row['show_start_info']))
270  {
271  $this->tpl->setCurrentBlock('section_info');
272  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_object'));
273  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_object_desc'));
274  $this->tpl->parseCurrentBlock();
275 
276  return true;
277  }
278 
279  if(isset($row['show_create_info']))
280  {
281  $this->tpl->setCurrentBlock('section_info');
282  $this->tpl->setVariable('SECTION_TITLE',$this->lng->txt('perm_class_create'));
283  $this->tpl->setVariable('SECTION_DESC',$this->lng->txt('perm_class_create_desc'));
284  $this->tpl->parseCurrentBlock();
285 
286  return true;
287  }
288 
289  foreach((array) $row['roles'] as $role_id => $role_info)
290  {
291  $this->tpl->setCurrentBlock('role_td');
292  $this->tpl->setVariable('PERM_ROLE_ID',$role_id);
293  $this->tpl->setVariable('PERM_PERM_ID',$row['perm']['ops_id']);
294 
295 
296  if(substr($row['perm']['operation'],0,6) == 'create')
297  {
298  if ($objDefinition->isPlugin(substr($row['perm']['operation'],7)))
299  {
300  $perm = ilPlugin::lookupTxt("rep_robj", substr($row['perm']['operation'],7),
301  "obj_".substr($row['perm']['operation'],7));
302  }
303  else
304  {
305  $perm = $this->lng->txt('obj_'.substr($row['perm']['operation'],7));
306  }
307  }
308  else
309  {
310  $perm = $this->lng->txt($row['perm']['operation']);
311  }
312 
313  $this->tpl->setVariable('TXT_PERM',$perm);
314 
315  if ($objDefinition->isPlugin($this->getObjType()))
316  {
317  $this->tpl->setVariable('PERM_LONG',ilPlugin::lookupTxt("rep_robj", $this->getObjType(),
318  $this->getObjType()."_".$row['perm']['operation']));
319  }
320  else
321  {
322  $this->tpl->setVariable('PERM_LONG',$this->lng->txt($this->getObjType().'_'.$row['perm']['operation']));
323  }
324 
325  if($role_info['protected'])
326  {
327  $this->tpl->setVariable('PERM_DISABLED',$role_info['protected'] ? 'disabled="disabled"' : '');
328  }
329  if($role_info['permission_set'])
330  {
331  $this->tpl->setVariable('PERM_CHECKED','checked="checked"');
332  }
333 
334  $this->tpl->parseCurrentBlock();
335  }
336  }
337 
338 
343  public function parse()
344  {
345  global $rbacreview,$objDefinition;
346 
347  $this->initColumns();
348 
349  $perms = array();
350  $roles = array();
351 
352  if(!count($this->getVisibleRoles()))
353  {
354  return $this->setData(array());
355  }
356 
357  // Read operations of role
358  $operations = array();
359  foreach($this->getVisibleRoles() as $role_data)
360  {
361  $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
362  }
363 
364  $counter = 0;
365 
366  $rolf = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
367 
368  // Local policy
370  {
371  $roles = array();
372  $local_roles = $rbacreview->getRoleFolderIdOfObject($this->getRefId());
373  $local_roles = $rbacreview->getRolesOfRoleFolder($local_roles);
374  foreach($this->getVisibleRoles() as $role_id => $role_data)
375  {
376  $roles[$role_data['obj_id']] = array(
377  'protected' => $role_data['protected'],
378  'local_policy' => in_array($role_data['obj_id'],$local_roles),
379  'isLocal' => ($rolf == $role_data['parent']) && $role_data['assign'] == 'y'
380  );
381  }
382  $perms[$counter]['roles'] = $roles;
383  $perms[$counter]['show_local_policy_row'] = 1;
384 
385  $counter++;
386  }
387 
388  // Protect permissions
390  {
391  $roles = array();
392  foreach($this->getVisibleRoles() as $role_id => $role_data)
393  {
394  $roles[$role_data['obj_id']] = array(
395  'protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'],$rolf),
396  'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id'])
397  );
398  }
399  $perms[$counter]['roles'] = $roles;
400  $perms[$counter]['show_protected_row'] = 1;
401 
402  $counter++;
403  }
404  // Block role
406  {
407  $perms[$counter++]['show_block_row'] = 1;
408  }
409 
410 
412  {
413  $perms[$counter++]['show_start_info'] = true;
414  }
415 
416  // no creation permissions
417  $no_creation_operations = array();
418  foreach($rbacreview->getOperationsByTypeAndClass($this->getObjType(),'object') as $operation)
419  {
420  $this->addActiveOperation($operation);
421  $no_creation_operations[] = $operation;
422 
423  $roles = array();
424  foreach($this->getVisibleRoles() as $role_data)
425  {
426 
427  $roles[$role_data['obj_id']] =
428  array(
429  'protected' => $role_data['protected'],
430  'permission_set' => in_array($operation,(array) $operations[$role_data['obj_id']])
431  );
432  }
433 
434  $op = $rbacreview->getOperation($operation);
435 
436  $perms[$counter]['roles'] = $roles;
437  $perms[$counter]['perm'] = $op;
438  $counter++;
439 
440  }
441 
442  /*
443  * Select all
444  */
445  if($no_creation_operations)
446  {
447  $perms[$counter]['show_select_all'] = 1;
448  $perms[$counter]['ops'] = $no_creation_operations;
449  $perms[$counter]['subtype'] = 'nocreation';
450  $counter++;
451  }
452 
453 
454  if($objDefinition->isContainer($this->getObjType()))
455  {
456  $perms[$counter++]['show_create_info'] = true;
457  }
458 
459  // Get creatable objects
460  $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
461  $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
462  $creation_operations = array();
463  foreach($objects as $type => $info)
464  {
465  $ops_id = $ops_ids[$type];
466 
467  if(!$ops_id)
468  {
469  continue;
470  }
471 
472  $this->addActiveOperation($ops_id);
473  $creation_operations[] = $ops_id;
474 
475  $roles = array();
476  foreach($this->getVisibleRoles() as $role_data)
477  {
478  $roles[$role_data['obj_id']] =
479  array(
480  'protected' => $role_data['protected'],
481  'permission_set' => in_array($ops_id,(array) $operations[$role_data['obj_id']])
482  );
483  }
484 
485  $op = $rbacreview->getOperation($ops_id);
486 
487  $perms[$counter]['roles'] = $roles;
488  $perms[$counter]['perm'] = $op;
489  $counter++;
490 
491  }
492 
493 
494 
495  // Select all
496  if(count($creation_operations))
497  {
498  $perms[$counter]['show_select_all'] = 1;
499  $perms[$counter]['ops'] = $creation_operations;
500  $perms[$counter]['subtype'] = 'creation';
501  $counter++;
502  }
503 
504  $this->setData($perms);
505  }
506 
511  protected function initColumns()
512  {
513  global $rbacreview,$ilCtrl;
514 
515  $roles = $rbacreview->getParentRoleIds($this->getRefId());
516  $roles = $this->getParentObject()->applyRoleFilter(
517  $roles,
518  $this->getFilterItemByPostVar('role')->getValue()
519  );
520 
521  if(count($roles))
522  {
523  $column_width = 100/count($roles);
524  $column_width .= '%';
525  }
526  else
527  {
528  $column_widht = "0%";
529  }
530 
531  $all_roles = array();
532  foreach($roles as $role)
533  {
534  if($role['obj_id'] == SYSTEM_ROLE_ID)
535  {
536  continue;
537  }
538 
539  $role['role_type'] = $rbacreview->isGlobalRole($role['obj_id']) ? 'global' : 'local';
540 
541  // TODO check filter
542  $this->addColumn(
543  $this->createTitle($role),
544  $role['obj_id'],
545  '',
546  '',
547  false,
548  $this->createTooltip($role)
549  );
550  $all_roles[] = $role;
551  }
552 
553  $this->setVisibleRoles($all_roles);
554  return true;
555  }
556 
562  protected function createTooltip($role)
563  {
564  global $rbacreview,$tree;
565 
566  #vd($role);
567  $protected_status = $rbacreview->isProtected($role['parent'], $role['obj_id']) ? 'protected_' : '';
568  if($role['role_type'] == 'global')
569  {
570  $tp = $this->lng->txt('perm_'.$protected_status.'global_role');
571  }
572  else
573  {
574  $tp = $this->lng->txt('perm_'.$protected_status.'local_role');
575  }
576 
577  $inheritance_seperator = ': ';
578 
579  // Show create at info
580  if(
581  ($role['assign'] == 'y' and $role['role_type'] != 'global') or
582  ($role['assign'] == 'n' and $role['role_type'] != 'global')
583  )
584  {
585  $tp .= ': ';
586 
587  $obj = $rbacreview->getObjectOfRole($role['obj_id']);
588  if($obj)
589  {
590  $tp .= sprintf(
591  $this->lng->txt('perm_role_path_info_created'),
592  $this->lng->txt('obj_'.ilObject::_lookupType($obj)),ilObject::_lookupTitle($obj)
593  );
594  $inheritance_seperator = ', ';
595  }
596  }
597 
598  $role_hierarchy = $rbacreview->getObjectsWithStopedInheritance($role['obj_id']);
599  $path_hierarchy = array_intersect($role_hierarchy, $this->getPathIds());
600  $reduced_path_hierarchy = (array) array_diff(
601  $path_hierarchy,
602  array(
603  $this->getRefId(),
604  $rbacreview->getObjectReferenceOfRole($role['obj_id'])
605  )
606  );
607 
608  // Inheritance
609  if($role['assign'] == 'n' and count($reduced_path_hierarchy))
610  {
611  $tp .= $inheritance_seperator;
612 
613  $parent = end($reduced_path_hierarchy);
614  $p_type = ilObject::_lookupType(ilObject::_lookupObjId($parent));
615  $p_title = ilObject::_lookupTitle(ilObject::_lookupObjId($parent));
616  $tp .= sprintf($this->lng->txt('perm_role_path_info_inheritance'),$this->lng->txt('obj_'.$p_type),$p_title);
617  }
618 
619  return $tp;
620  }
621 
627  protected function createTitle($role)
628  {
629  global $ilCtrl;
630 
631  include_once './Services/AccessControl/classes/class.ilObjRole.php';
632  $role['title'] = ilObjRole::_getTranslation($role['title']);
633 
634  // No local policies
635  if($role['parent'] != $this->getRoleFolderId())
636  {
637  return $role['title'];
638  }
639  $ilCtrl->setParameterByClass('ilobjrolegui', 'rolf_ref_id', $this->getRoleFolderId());
640  $ilCtrl->setParameterByClass('ilobjrolegui', 'obj_id', $role['obj_id']);
641 
642  return '<a class="tblheader" href="'.$ilCtrl->getLinkTargetByClass('ilobjrolegui','').'" >'.$role['title'].'</a>';
643  }
644 }
645 ?>