ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilPermission2GUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 
18 {
19  protected $gui_obj = null;
20  protected $ilErr = null;
21  protected $ctrl = null;
22  protected $lng = null;
23 
24  public function __construct($a_gui_obj)
25  {
26  global $ilias, $objDefinition, $tpl, $tree, $ilCtrl, $ilErr, $lng;
27 
28  if (!isset($ilErr))
29  {
30  $ilErr = new ilErrorHandling();
31  $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK,array($ilErr,'errorHandler'));
32  }
33  else
34  {
35  $this->ilErr =& $ilErr;
36  }
37 
38  $this->objDefinition =& $objDefinition;
39  $this->tpl =& $tpl;
40  $this->lng =& $lng;
41  $this->lng->loadLanguageModule("rbac");
42 
43  $this->ctrl =& $ilCtrl;
44 
45  $this->gui_obj = $a_gui_obj;
46 
47  $this->roles = array();
48  $this->num_roles = 0;
49  }
50 
51 
52 
53 
59  function permSave()
60  {
61  global $rbacreview, $rbacadmin, $rbacsystem;
62 
63  $this->getRolesData();
64 
65  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
66  $log_old = ilRbacLog::gatherFaPa($this->gui_obj->object->getRefId(), array_keys($this->roles));
67 
68  // only revoke permission of roles that are not filtered
69  foreach($this->roles as $role_id => $data)
70  {
71  $rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
72  }
73 
74  if (is_array($_POST["perm"]))
75  {
76  foreach ($_POST["perm"] as $key => $new_role_perms) // $key enthaelt die aktuelle Role_Id
77  {
78  $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
79  }
80  }
81 
82  // update object data entry (to update last modification date)
83  $this->gui_obj->object->update();
84 
85  // Wenn die Vererbung der Rollen Templates unterbrochen werden soll,
86  // muss folgendes geschehen:
87  // - existiert kein RoleFolder, wird er angelegt und die Rechte aus den Permission Templates ausgelesen
88  // - existiert die Rolle im aktuellen RoleFolder werden die Permission Templates dieser Rolle angezeigt
89  // - existiert die Rolle nicht im aktuellen RoleFolder wird sie dort angelegt
90  // und das Permission Template an den Wert des nihst hher gelegenen Permission Templates angepasst
91 
92  // get rolefolder data if a rolefolder already exists
93  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
94  $rolf_id = $rolf_data["child"];
95 
96  $stop_inherit_roles = $_POST["stop_inherit"] ? $_POST["stop_inherit"] : array();
97 
98  if ($stop_inherit_roles)
99  {
100  // rolefolder does not exist, so create one
101  if (empty($rolf_id))
102  {
103  // create a local role folder
104  $rfoldObj = $this->gui_obj->object->createRoleFolder();
105 
106  // set rolf_id again from new rolefolder object
107  $rolf_id = $rfoldObj->getRefId();
108  }
109 
110  $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
111 
112  foreach ($stop_inherit_roles as $stop_inherit)
113  {
114  // create role entries for roles with stopped inheritance
115  if (!in_array($stop_inherit,$roles_of_folder))
116  {
117  $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
118  $rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit]["parent"],
119  $rolf_id,$stop_inherit);
120  $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,'n');
121  }
122  }// END FOREACH
123  }// END STOP INHERIT
124 
125  if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
126  {
127  // get roles where inheritance is stopped was cancelled
128  $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
129  $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
130 
131  // Only delete local policies for filtered roles
132  $linked_roles_to_remove = (array) array_intersect(
133  (array) $linked_roles_to_remove,
134  (array) array_keys($this->roles));
135 
136  // remove roles where stopped inheritance is cancelled and purge rolefolder if empty
137  foreach ($linked_roles_to_remove as $role_id)
138  {
139  if ($rbacreview->isProtected($rolf_id,$role_id))
140  {
141  continue;
142  }
143 
144  $role_obj = ilObjectFactory::getInstanceByObjId($role_id);
145  $role_obj->setParent($rolf_id);
146  $role_obj->delete();
147  unset($role_obj);
148  }
149  }
150 
151  $log_new = ilRbacLog::gatherFaPa($this->gui_obj->object->getRefId(), array_keys($this->roles));
152  $log = ilRbacLog::diffFaPa($log_old, $log_new);
153  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->gui_obj->object->getRefId(), $log);
154 
155  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
156 
157  // redirect to default page if user revokes himself access to the permission panel
158  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
159  {
160  $this->ctrl->redirect($this->gui_obj);
161  }
162 
163  $this->ctrl->redirect($this,'perm');
164  }
165 
166 
174  function addRole()
175  {
176  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
177 
178  $form = $this->initRoleForm();
179  if($form->checkInput())
180  {
181  $new_title = $form->getInput("title");
182  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
183  if($rolf_data['child'])
184  {
185  foreach($rbacreview->getRolesOfRoleFolder($rolf_data['child']) as $role_id)
186  {
187  if(trim($new_title) == ilObject::_lookupTitle($role_id))
188  {
189  $ilErr->raiseError($this->lng->txt('rbac_role_exists_alert'),$ilErr->MESSAGE);
190  }
191  }
192  }
193 
194  // if the current object is no role folder, create one
195  if ($this->gui_obj->object->getType() != "rolf")
196  {
197  $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
198 
199  // is there already a rolefolder?
200  if (!($rolf_id = $rolf_data["child"]))
201  {
202  // can the current object contain a rolefolder?
203  $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
204 
205  if (!isset($subobjects["rolf"]))
206  {
207  ilUtil::sendFailure($this->lng->txt("msg_no_rolf_allowed1")." '".$this->gui_obj->object->getTitle()."' ".
208  $this->lng->txt("msg_no_rolf_allowed2"), true);
209  $ilCtrl->redirect($this, "perm");
210  }
211 
212  // create a rolefolder
213  $rolfObj = $this->gui_obj->object->createRoleFolder();
214  $rolf_id = $rolfObj->getRefId();
215  }
216  }
217  else
218  {
219  // Current object is already a rolefolder. To create the role we take its reference id
220  $rolf_id = $this->gui_obj->object->getRefId();
221  }
222 
223  // create role
224  if ($this->gui_obj->object->getType() == "rolf")
225  {
226  $roleObj = $this->gui_obj->object->createRole($new_title, $form->getInput("desc"));
227  }
228  else
229  {
230  $rfoldObj = ilObjectFactory::getInstanceByRefId($rolf_id);
231  $roleObj = $rfoldObj->createRole($new_title, $form->getInput("desc"));
232  }
233 
234  // protect
235  $rbacadmin->setProtected(
236  $rolf_id,
237  $roleObj->getId(),
238  $form->getInput('pro') ? 'y' : 'n'
239  );
240 
241  // copy rights
242  $right_id_to_copy = $form->getInput("rights");
243  if($right_id_to_copy)
244  {
245  $parentRoles = $rbacreview->getParentRoleIds($rolf_id,true);
246  $rbacadmin->copyRoleTemplatePermissions(
247  $right_id_to_copy,
248  $parentRoles[$right_id_to_copy]["parent"],
249  $rolf_id,
250  $roleObj->getId(),
251  false);
252 
253  if($form->getInput('existing'))
254  {
255  if($form->getInput('pro'))
256  {
257  $roleObj->changeExistingObjects(
258  $this->gui_obj->object->getRefId(),
260  array('all')
261  );
262  }
263  else
264  {
265  $roleObj->changeExistingObjects(
266  $this->gui_obj->object->getRefId(),
268  array('all')
269  );
270  }
271  }
272  }
273 
274  // add to desktop items
275  if($form->getInput("desktop"))
276  {
277  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
278  $role_desk_item_obj =& new ilRoleDesktopItem($roleObj->getId());
279  $role_desk_item_obj->add($this->gui_obj->object->getRefId(),ilObject::_lookupType($this->gui_obj->object->getRefId(),true));
280  }
281 
282  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
283  $this->ctrl->redirect($this,'perm');
284  }
285  else
286  {
287  $form->setValuesByPost();
288  $this->tpl->setContent($form->getHTML());
289  }
290  }
291 
292  function &__initTableGUI()
293  {
294  include_once "Services/Table/classes/class.ilTableGUI.php";
295 
296  return new ilTableGUI(0,false);
297  }
298 
304  function __setTableGUIBasicData(&$tbl,&$result_set,$a_from = "")
305  {
306  switch ($a_from)
307  {
308  case "clipboardObject":
309  $offset = $_GET["offset"];
310  $order = $_GET["sort_by"];
311  $direction = $_GET["sort_order"];
312  $tbl->disable("footer");
313  break;
314 
315  default:
316  $offset = $_GET["offset"];
317  $order = $_GET["sort_by"];
318  $direction = $_GET["sort_order"];
319  break;
320  }
321 
322  $tbl->setOrderColumn($order);
323  $tbl->setOrderDirection($direction);
324  $tbl->setOffset($offset);
325  $tbl->setLimit($_GET["limit"]);
326  $tbl->setFooter("tblfooter",$this->lng->txt("previous"),$this->lng->txt("next"));
327  $tbl->setData($result_set);
328  }
329 
330 
332  {
333  $action[1] = $this->lng->txt('filter_all_roles');
334  $action[2] = $this->lng->txt('filter_global_roles');
335  $action[3] = $this->lng->txt('filter_local_roles');
336  $action[4] = $this->lng->txt('filter_roles_local_policy');
337  $action[5] = $this->lng->txt('filter_local_roles_object');
338  return ilUtil::formSelect($_SESSION['perm_filtered_roles'], "filter",$action,false,true);
339  }
340 
341 
342  function __filterRoles($a_roles,$a_filter)
343  {
344  global $rbacreview;
345 
346  switch ($a_filter)
347  {
348  case 1: // all roles in context
349  return $a_roles;
350  break;
351 
352  case 2: // only global roles
353  $arr_global_roles = $rbacreview->getGlobalRoles();
354  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
355 
356  foreach ($arr_remove_roles as $role_id)
357  {
358  unset($a_roles[$role_id]);
359  }
360 
361  return $a_roles;
362  break;
363 
364  case 3: // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
365  $arr_global_roles = $rbacreview->getGlobalRoles();
366 
367  foreach ($arr_global_roles as $role_id)
368  {
369  unset($a_roles[$role_id]);
370  }
371 
372  return $a_roles;
373  break;
374 
375  case 4: // only roles which use a local policy
376  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
377 
378  if (!$role_folder)
379  {
380  return array();
381  }
382 
383  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
384  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
385 
386  foreach ($arr_remove_roles as $role_id)
387  {
388  unset($a_roles[$role_id]);
389  }
390 
391  return $a_roles;
392  break;
393 
394  case 5: // only true local role defined at current position
395 
396  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
397 
398  if (!$role_folder)
399  {
400  return array();
401  }
402 
403  $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
404  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
405 
406  foreach ($arr_remove_roles as $role_id)
407  {
408  unset($a_roles[$role_id]);
409  }
410 
411  return $a_roles;
412  break;
413  }
414 
415  return $a_roles;
416  }
417 
418  // show owner sub tab
419  function owner()
420  {
421  $this->__initSubTabs("owner");
422 
423  include_once "Services/Form/classes/class.ilPropertyFormGUI.php";
424  $form = new ilPropertyFormGUI();
425  $form->setFormAction($this->ctrl->getFormAction($this, "owner"));
426  $form->setTitle($this->lng->txt("info_owner_of_object"));
427 
428  $login = new ilTextInputGUI($this->lng->txt("username"), "owner");
429  $login->setDataSource($this->ctrl->getLinkTargetByClass(array(get_class($this),
430  'ilRepositorySearchGUI'), 'doUserAutoComplete', '', true));
431  $login->setRequired(true);
432  $login->setSize(50);
433  $login->setInfo($this->lng->txt("chown_warning"));
434  $login->setValue(ilObjUser::_lookupLogin($this->gui_obj->object->getOwner()));
435  $form->addItem($login);
436 
437  $form->addCommandButton("changeOwner", $this->lng->txt("change_owner"));
438 
439  $this->tpl->setContent($form->getHTML());
440  }
441 
442  function changeOwner()
443  {
444  global $rbacsystem,$ilObjDataCache;
445 
446  if(!$user_id = ilObjUser::_lookupId($_POST['owner']))
447  {
448  ilUtil::sendFailure($this->lng->txt('user_not_known'));
449  $this->owner();
450  return true;
451  }
452 
453  // no need to change?
454  if($user_id != $this->gui_obj->object->getOwner())
455  {
456  $this->gui_obj->object->setOwner($user_id);
457  $this->gui_obj->object->updateOwner();
458  $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
459 
460  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
461  if(ilRbacLog::isActive())
462  {
463  ilRbacLog::add(ilRbacLog::CHANGE_OWNER, $this->gui_obj->object->getRefId(), array($user_id));
464  }
465  }
466 
467  ilUtil::sendSuccess($this->lng->txt('owner_updated'),true);
468 
469  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
470  {
471  $this->ctrl->redirect($this->gui_obj);
472  return true;
473  }
474 
475  $this->ctrl->redirect($this,'owner');
476  return true;
477 
478  }
479 
480  // init permission query feature
481  function info()
482  {
483  $this->__initSubTabs("info");
484 
485  include_once('./Services/AccessControl/classes/class.ilObjectStatusGUI.php');
486 
487  $ilInfo = new ilObjectStatusGUI($this->gui_obj->object);
488 
489  $this->tpl->setVariable("ADM_CONTENT",$ilInfo->getHTML());
490  }
491 
492  // init sub tabs
493  function __initSubTabs($a_cmd)
494  {
495  global $ilTabs;
496 
497  $perm = ($a_cmd == 'perm') ? true : false;
498  $info = ($a_cmd == 'info') ? true : false;
499  $owner = ($a_cmd == 'owner') ? true : false;
500  $log = ($a_cmd == 'log') ? true : false;
501 
502  $ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm"),
503  "", "", "", $perm);
504 
505  #$ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm2"),
506  # "", "", "", $perm);
507 
508  $ilTabs->addSubTabTarget("info_status_info", $this->ctrl->getLinkTarget($this, "info"),
509  "", "", "", $info);
510  $ilTabs->addSubTabTarget("owner", $this->ctrl->getLinkTarget($this, "owner"),
511  "", "", "", $owner);
512 
513  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
514  if(ilRbacLog::isActive())
515  {
516  $ilTabs->addSubTabTarget("log", $this->ctrl->getLinkTarget($this, "log"),
517  "", "", "", $log);
518  }
519  }
520 
521  function getRolesData()
522  {
523  global $rbacsystem, $rbacreview, $tree;
524 
525  // first get all roles in
526  $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
527 
528  // filter roles
529  $_SESSION['perm_filtered_roles'] = isset($_POST['filter']) ? $_POST['filter'] : $_SESSION['perm_filtered_roles'];
530 
531  // set default filter (all roles) if no filter is set
532  if ($_SESSION['perm_filtered_roles'] == 0)
533  {
534  if ($tree->checkForParentType($this->gui_obj->object->getRefId(),'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),'grp'))
535  $_SESSION['perm_filtered_roles'] = 3;
536  else
537  $_SESSION['perm_filtered_roles'] = 1;
538  }
539 
540 
541  // remove filtered roles from array
542  $roles = $this->__filterRoles($roles,$_SESSION["perm_filtered_roles"]);
543 
544  // determine status of each role (local role, changed policy, protected)
545 
546  $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
547 
548  $local_roles = array();
549 
550  if (!empty($role_folder))
551  {
552  $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
553  }
554 
555  foreach ($roles as $key => $role)
556  {
557  // exclude system admin role from list
558  if ($role["obj_id"] == SYSTEM_ROLE_ID)
559  {
560  unset($roles[$key]);
561  continue;
562  }
563 
564  $this->roles[$role['obj_id']] = $role;
565 
566  // don't allow local policies for protected roles
567  $this->roles[$role['obj_id']]['keep_protected'] = $rbacreview->isProtected($role['parent'],$role['obj_id']);
568 
569  if (!in_array($role["obj_id"],$local_roles))
570  {
571  $this->roles[$role['obj_id']]['local_policy_enabled'] = false;
572  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
573  }
574  else
575  {
576  // no checkbox for local roles
577  if ($rbacreview->isAssignable($role["obj_id"],$role_folder["ref_id"]))
578  {
579  $this->roles[$role['obj_id']]['local_policy_allowed'] = false;
580  }
581  else
582  {
583  $this->roles[$role['obj_id']]['local_policy_enabled'] = true;
584  $this->roles[$role['obj_id']]['local_policy_allowed'] = true;
585  }
586  }
587 
588  // compute permission settings for each role
589  $grouped_ops = ilRbacReview::_groupOperationsByClass(ilRbacReview::_getOperationList($this->gui_obj->object->getType()));
590  foreach ($grouped_ops as $ops_group => $ops_data)
591  {
592  foreach ($ops_data as $key => $operation)
593  {
594  $grouped_ops[$ops_group][$key]['checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role['obj_id'], $operation['name']);
595  }
596  }
597 
598  $this->roles[$role['obj_id']]['permissions'] = $grouped_ops;
599 
600  unset($grouped_ops);
601  }
602  }
603 
605  {
606  global $objDefinition;
607 
608  $this->tpl->setCurrentBlock("perm_subtitle");
609  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_general'));
610  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_general_desc'));
611  $this->tpl->setVariable("COLSPAN", $this->num_roles);
612  $this->tpl->parseCurrentBlock();
613 
614  foreach ($this->roles as $role)
615  {
616  foreach ($role['permissions']['general'] as $perm)
617  {
618  // exclude delete permission for all role_folders expect main ROLE_FOLDER_ID
619  if ($perm['name'] == 'delete' and $this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
620  {
621  continue;
622  }
623 
624  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
625 
626  $this->tpl->setCurrentBlock("perm_item");
627  $this->tpl->setVariable("PERM_CHECKBOX",$box);
628  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($perm['name']));
629  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
630  {
631  $this->tpl->setVariable("PERM_TOOLTIP",
632  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
633  $this->gui_obj->object->getType()."_".$perm['name']));
634  }
635  else
636  {
637  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
638  }
639  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
640  $this->tpl->parseCurrentBlock();
641  }
642 
643  $this->tpl->setCurrentBlock("perm_table");
644  $this->tpl->parseCurrentBlock();
645  }
646 
647  $this->tpl->setCurrentBlock("perm_settings");
648  $this->tpl->parseCurrentBlock();
649  }
650 
652  {
653  global $objDefinition;
654 
655  // create pointer to first role (only the permission list is needed)
656  reset($this->roles);
657  $first_role =& current($this->roles);
658 
659  if (count($first_role['permissions']['object'])) // check if object type has special operations
660  {
661  $this->tpl->setCurrentBlock("perm_subtitle");
662  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_object'));
663  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_object_desc'));
664  $this->tpl->setVariable("COLSPAN", $this->num_roles);
665  $this->tpl->parseCurrentBlock();
666 
667  foreach ($this->roles as $role)
668  {
669  foreach ($role['permissions']['object'] as $perm)
670  {
671  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
672 
673  $this->tpl->setCurrentBlock("perm_item");
674  $this->tpl->setVariable("PERM_CHECKBOX",$box);
675  $this->tpl->setVariable("PERM_NAME",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
676  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
677  {
678  $this->tpl->setVariable("PERM_TOOLTIP",
679  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
680  $this->gui_obj->object->getType()."_".$perm['name']));
681  }
682  else
683  {
684  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
685  }
686  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
687  $this->tpl->parseCurrentBlock();
688  }
689 
690  $this->tpl->setCurrentBlock("perm_table");
691  $this->tpl->parseCurrentBlock();
692  }
693 
694  $this->tpl->setCurrentBlock("perm_settings");
695  $this->tpl->parseCurrentBlock();
696  }
697  }
698 
700  {
701  global $objDefinition;
702 
703  $this->tpl->setCurrentBlock("perm_subtitle");
704  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_rbac'));
705  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_rbac_desc'));
706  $this->tpl->setVariable("COLSPAN", $this->num_roles);
707  $this->tpl->parseCurrentBlock();
708 
709  foreach ($this->roles as $role)
710  {
711  foreach ($role['permissions']['rbac'] as $perm)
712  {
713  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
714 
715  $this->tpl->setCurrentBlock("perm_item");
716  $this->tpl->setVariable("PERM_CHECKBOX",$box);
717  $this->tpl->setVariable("PERM_NAME",$this->lng->txt('perm_administrate'));
718  if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
719  {
720  $this->tpl->setVariable("PERM_TOOLTIP",
721  ilPlugin::lookupTxt("rep_robj", $this->gui_obj->object->getType(),
722  $this->gui_obj->object->getType()."_".$perm['name']));
723  }
724  else
725  {
726  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
727  }
728  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
729  $this->tpl->parseCurrentBlock();
730  }
731 
732  // use local policy flag
733  // offer option 'use local policy' only to those objects where this option is permitted
734  if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
735  {
736  if ($role['local_policy_allowed'])
737  {
738  $box = ilUtil::formCheckBox($role['local_policy_enabled'],'stop_inherit[]',$role['obj_id'],$role['keep_protected']);
739  $lang = $this->lng->txt("perm_use_local_policy")." (".
740  $this->lng->txt("stop_inheritance").")";
741  $lang_desc = $this->lng->txt("perm_use_local_policy_desc");
742  }
743  else
744  {
745  $box = '&nbsp;';
746  $lang = $this->lng->txt("perm_local_role");
747  $lang_desc = $this->lng->txt("perm_local_role_desc");
748  }
749 
750  $this->tpl->setCurrentBlock("perm_item");
751  $this->tpl->setVariable("PERM_CHECKBOX",$box);
752  $this->tpl->setVariable("PERM_NAME",$lang);
753  $this->tpl->setVariable("PERM_TOOLTIP",$lang_desc);
754  $this->tpl->setVariable("PERM_LABEL",'stop_inherit_'.$role['obj_id']);
755  $this->tpl->parseCurrentBlock();
756  }
757 
758  $this->tpl->setCurrentBlock("perm_table");
759  $this->tpl->parseCurrentBlock();
760  }
761 
762  $this->tpl->setCurrentBlock("perm_settings");
763  $this->tpl->parseCurrentBlock();
764  }
765 
767  {
768  global $objDefinition,$ilSetting;
769 
770  // no create operation for roles/role templates in local role folders
771  // access is controlled by 'administrate' (change permission settings) only
772  if ($this->gui_obj->object->getType() == 'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
773  {
774  return;
775  }
776 
777  // create pointer to first role (only the permission list is needed)
778  reset($this->roles);
779  $first_role =& current($this->roles);
780 
781  if (count($first_role['permissions']['create'])) // check if object type has create operations
782  {
783  $this->tpl->setCurrentBlock("perm_subtitle");
784  $this->tpl->setVariable("TXT_PERM_CLASS",$this->lng->txt('perm_class_create'));
785  $this->tpl->setVariable("TXT_PERM_CLASS_DESC",$this->lng->txt('perm_class_create_desc'));
786  $this->tpl->setVariable("COLSPAN", $this->num_roles);
787  $this->tpl->parseCurrentBlock();
788 
789  // add a checkbox 'select all' for create permissions of the following object types
790  $container_arr = array('cat','grp','crs','fold');
791 
792  if (in_array($this->gui_obj->object->getType(),$container_arr))
793  {
794  $chk_toggle_create = true;
795  }
796 
797  foreach ($this->roles as $role)
798  {
799  $ops_ids = array();
800 
801  foreach ($role['permissions']['create'] as $perm)
802  {
803  $ops_ids[] = $perm['ops_id'];
804  }
805 
806  if ($chk_toggle_create)
807  {
808  $this->tpl->setCurrentBlock('chk_toggle_create');
809  $this->tpl->setVariable('PERM_NAME',$this->lng->txt('check_all')."/".$this->lng->txt('uncheck_all'));
810  $this->tpl->setVariable('PERM_TOOLTIP',$this->lng->txt('check_all'));
811  $this->tpl->setVariable('ROLE_ID',$role['obj_id']);
812  $this->tpl->setVariable('JS_VARNAME','perm_'.$role['obj_id']);
813  $this->tpl->setVariable('JS_ONCLICK',ilUtil::array_php2js($ops_ids));
814  $this->tpl->parseCurrentBlock();
815  }
816 
817  foreach ($role['permissions']['create'] as $perm)
818  {
819  if ($perm["name"] == "create_icrs" and !$ilSetting->get("ilinc_active"))
820  {
821  continue;
822  }
823 
824  $box = ilUtil::formCheckBox($perm['checked'],"perm[".$role["obj_id"]."][]",$perm["ops_id"],$role["protected"]);
825 
826  $this->tpl->setCurrentBlock("perm_item");
827  $this->tpl->setVariable("PERM_CHECKBOX",$box);
828  if ($objDefinition->isPlugin(substr($perm['name'],7)))
829  {
830  $this->tpl->setVariable("PERM_NAME",
831  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
832  "obj_".substr($perm['name'],7)));
833  $this->tpl->setVariable("PERM_TOOLTIP",
834  ilPlugin::lookupTxt("rep_robj", substr($perm['name'],7),
835  $this->gui_obj->object->getType()."_".$perm['name']));
836  }
837  else
838  {
839  $this->tpl->setVariable("PERM_NAME",$this->lng->txt("obj".substr($perm['name'],6)));
840  $this->tpl->setVariable("PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType()."_".$perm['name']));
841  }
842 
843  $this->tpl->setVariable("PERM_LABEL",'perm_'.$role['obj_id'].'_'.$perm['ops_id']);
844  $this->tpl->parseCurrentBlock();
845  }
846 
847  $this->tpl->setCurrentBlock("perm_table");
848  $this->tpl->parseCurrentBlock();
849  }
850 
851  $this->tpl->setCurrentBlock("perm_settings");
852  $this->tpl->parseCurrentBlock();
853  }
854  }
855 
856  function log()
857  {
858  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
859  if(!ilRbacLog::isActive())
860  {
861  $this->ctrl->redirect($this, "perm");
862  }
863 
864  $this->__initSubTabs("log");
865 
866  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
867  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
868  $this->tpl->setContent($table->getHTML());
869  }
870 
871  function applyLogFilter()
872  {
873  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
874  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
875  $table->resetOffset();
876  $table->writeFilterToSession();
877  $this->log();
878  }
879 
880  function resetLogFilter()
881  {
882  include_once "Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
883  $table = new ilRbacLogTableGUI($this, "log", $this->gui_obj->object->getRefId());
884  $table->resetOffset();
885  $table->resetFilter();
886  $this->log();
887  }
888 
889 } // END class.ilPermissionGUI
890 ?>