38 $this->objDefinition =& $objDefinition;
41 $this->lng->loadLanguageModule(
"rbac");
45 $this->gui_obj = $a_gui_obj;
47 $this->roles = array();
61 global $rbacreview, $rbacadmin, $rbacsystem;
65 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
69 foreach($this->roles as $role_id =>
$data)
71 $rbacadmin->revokePermission($this->gui_obj->object->getRefId(),$role_id);
74 if (is_array(
$_POST[
"perm"]))
76 foreach (
$_POST[
"perm"] as $key => $new_role_perms)
78 $rbacadmin->grantPermission($key,$new_role_perms,$this->gui_obj->object->getRefId());
83 $this->gui_obj->object->update();
93 $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
94 $rolf_id = $rolf_data[
"child"];
96 $stop_inherit_roles =
$_POST[
"stop_inherit"] ?
$_POST[
"stop_inherit"] : array();
98 if ($stop_inherit_roles)
104 $rfoldObj = $this->gui_obj->object->createRoleFolder();
107 $rolf_id = $rfoldObj->getRefId();
110 $roles_of_folder = $rbacreview->getRolesOfRoleFolder($rolf_id);
112 foreach ($stop_inherit_roles as $stop_inherit)
115 if (!in_array($stop_inherit,$roles_of_folder))
117 $parentRoles = $rbacreview->getParentRoleIds($rolf_id);
118 $rbacadmin->copyRoleTemplatePermissions($stop_inherit,$parentRoles[$stop_inherit][
"parent"],
119 $rolf_id,$stop_inherit);
120 $rbacadmin->assignRoleToFolder($stop_inherit,$rolf_id,
'n');
125 if ($rolf_id and $rolf_id != ROLE_FOLDER_ID)
128 $linked_roles = $rbacreview->getLinkedRolesOfRoleFolder($rolf_id);
129 $linked_roles_to_remove = array_diff($linked_roles,$stop_inherit_roles);
132 $linked_roles_to_remove = (array) array_intersect(
133 (array) $linked_roles_to_remove,
134 (array) array_keys($this->roles));
137 foreach ($linked_roles_to_remove as $role_id)
139 if ($rbacreview->isProtected($rolf_id,$role_id))
145 $role_obj->setParent($rolf_id);
158 if (!$rbacsystem->checkAccess(
"edit_permission",$this->gui_obj->object->getRefId()))
160 $this->ctrl->redirect($this->gui_obj);
163 $this->ctrl->redirect($this,
'perm');
178 $form = $this->initRoleForm();
179 if($form->checkInput())
181 $new_title = $form->getInput(
"title");
182 $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
183 if($rolf_data[
'child'])
185 foreach($rbacreview->getRolesOfRoleFolder($rolf_data[
'child']) as $role_id)
189 $ilErr->raiseError($this->lng->txt(
'rbac_role_exists_alert'),$ilErr->MESSAGE);
195 if ($this->gui_obj->object->getType() !=
"rolf")
197 $rolf_data = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
200 if (!($rolf_id = $rolf_data[
"child"]))
203 $subobjects = $this->objDefinition->getSubObjects($this->gui_obj->object->getType());
205 if (!isset($subobjects[
"rolf"]))
207 ilUtil::sendFailure($this->lng->txt(
"msg_no_rolf_allowed1").
" '".$this->gui_obj->object->getTitle().
"' ".
208 $this->lng->txt(
"msg_no_rolf_allowed2"),
true);
209 $ilCtrl->redirect($this,
"perm");
213 $rolfObj = $this->gui_obj->object->createRoleFolder();
214 $rolf_id = $rolfObj->getRefId();
220 $rolf_id = $this->gui_obj->object->getRefId();
224 if ($this->gui_obj->object->getType() ==
"rolf")
226 $roleObj = $this->gui_obj->object->createRole($new_title, $form->getInput(
"desc"));
231 $roleObj = $rfoldObj->createRole($new_title, $form->getInput(
"desc"));
235 $rbacadmin->setProtected(
238 $form->getInput(
'pro') ?
'y' :
'n'
242 $right_id_to_copy = $form->getInput(
"rights");
243 if($right_id_to_copy)
245 $parentRoles = $rbacreview->getParentRoleIds($rolf_id,
true);
246 $rbacadmin->copyRoleTemplatePermissions(
248 $parentRoles[$right_id_to_copy][
"parent"],
253 if($form->getInput(
'existing'))
255 if($form->getInput(
'pro'))
257 $roleObj->changeExistingObjects(
258 $this->gui_obj->object->getRefId(),
265 $roleObj->changeExistingObjects(
266 $this->gui_obj->object->getRefId(),
275 if($form->getInput(
"desktop"))
277 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
279 $role_desk_item_obj->
add($this->gui_obj->object->getRefId(),
ilObject::_lookupType($this->gui_obj->object->getRefId(),
true));
283 $this->ctrl->redirect($this,
'perm');
287 $form->setValuesByPost();
288 $this->tpl->setContent($form->getHTML());
294 include_once
"Services/Table/classes/class.ilTableGUI.php";
308 case "clipboardObject":
309 $offset =
$_GET[
"offset"];
310 $order =
$_GET[
"sort_by"];
311 $direction =
$_GET[
"sort_order"];
312 $tbl->disable(
"footer");
316 $offset =
$_GET[
"offset"];
317 $order =
$_GET[
"sort_by"];
318 $direction =
$_GET[
"sort_order"];
322 $tbl->setOrderColumn($order);
323 $tbl->setOrderDirection($direction);
324 $tbl->setOffset($offset);
325 $tbl->setLimit(
$_GET[
"limit"]);
326 $tbl->setFooter(
"tblfooter",$this->lng->txt(
"previous"),$this->lng->txt(
"next"));
327 $tbl->setData($result_set);
333 $action[1] = $this->lng->txt(
'filter_all_roles');
334 $action[2] = $this->lng->txt(
'filter_global_roles');
335 $action[3] = $this->lng->txt(
'filter_local_roles');
336 $action[4] = $this->lng->txt(
'filter_roles_local_policy');
337 $action[5] = $this->lng->txt(
'filter_local_roles_object');
353 $arr_global_roles = $rbacreview->getGlobalRoles();
354 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
356 foreach ($arr_remove_roles as $role_id)
358 unset($a_roles[$role_id]);
365 $arr_global_roles = $rbacreview->getGlobalRoles();
367 foreach ($arr_global_roles as $role_id)
369 unset($a_roles[$role_id]);
376 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
383 $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder[
"ref_id"]);
384 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
386 foreach ($arr_remove_roles as $role_id)
388 unset($a_roles[$role_id]);
396 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
403 $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder[
"ref_id"],
false);
404 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
406 foreach ($arr_remove_roles as $role_id)
408 unset($a_roles[$role_id]);
423 include_once
"Services/Form/classes/class.ilPropertyFormGUI.php";
425 $form->setFormAction($this->ctrl->getFormAction($this,
"owner"));
426 $form->setTitle($this->lng->txt(
"info_owner_of_object"));
428 $login =
new ilTextInputGUI($this->lng->txt(
"username"),
"owner");
429 $login->
setDataSource($this->ctrl->getLinkTargetByClass(array(get_class($this),
430 'ilRepositorySearchGUI'),
'doUserAutoComplete',
'',
true));
431 $login->setRequired(
true);
433 $login->setInfo($this->lng->txt(
"chown_warning"));
435 $form->addItem($login);
437 $form->addCommandButton(
"changeOwner", $this->lng->txt(
"change_owner"));
439 $this->tpl->setContent($form->getHTML());
444 global $rbacsystem,$ilObjDataCache;
454 if($user_id != $this->gui_obj->object->getOwner())
456 $this->gui_obj->object->setOwner($user_id);
457 $this->gui_obj->object->updateOwner();
458 $ilObjDataCache->deleteCachedEntry($this->gui_obj->object->getId());
460 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
469 if (!$rbacsystem->checkAccess(
"edit_permission",$this->gui_obj->object->getRefId()))
471 $this->ctrl->redirect($this->gui_obj);
475 $this->ctrl->redirect($this,
'owner');
485 include_once(
'./Services/AccessControl/classes/class.ilObjectStatusGUI.php');
489 $this->tpl->setVariable(
"ADM_CONTENT",$ilInfo->getHTML());
497 $perm = ($a_cmd ==
'perm') ?
true :
false;
498 $info = ($a_cmd ==
'info') ?
true :
false;
499 $owner = ($a_cmd ==
'owner') ?
true :
false;
500 $log = ($a_cmd ==
'log') ?
true :
false;
502 $ilTabs->addSubTabTarget(
"permission_settings", $this->ctrl->getLinkTarget($this,
"perm"),
505 #$ilTabs->addSubTabTarget("permission_settings", $this->ctrl->getLinkTarget($this, "perm2"),
506 # "", "", "", $perm);
508 $ilTabs->addSubTabTarget(
"info_status_info", $this->ctrl->getLinkTarget($this,
"info"),
510 $ilTabs->addSubTabTarget(
"owner", $this->ctrl->getLinkTarget($this,
"owner"),
513 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
516 $ilTabs->addSubTabTarget(
"log", $this->ctrl->getLinkTarget($this,
"log"),
523 global $rbacsystem, $rbacreview, $tree;
526 $roles = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId());
532 if (
$_SESSION[
'perm_filtered_roles'] == 0)
534 if ($tree->checkForParentType($this->gui_obj->object->getRefId(),
'crs') || $tree->checkForParentType($this->gui_obj->object->getRefId(),
'grp'))
546 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
548 $local_roles = array();
550 if (!empty($role_folder))
552 $local_roles = $rbacreview->getRolesOfRoleFolder($role_folder[
"ref_id"]);
555 foreach ($roles as $key => $role)
558 if ($role[
"obj_id"] == SYSTEM_ROLE_ID)
564 $this->roles[$role[
'obj_id']] = $role;
567 $this->roles[$role[
'obj_id']][
'keep_protected'] = $rbacreview->isProtected($role[
'parent'],$role[
'obj_id']);
569 if (!in_array($role[
"obj_id"],$local_roles))
571 $this->roles[$role[
'obj_id']][
'local_policy_enabled'] =
false;
572 $this->roles[$role[
'obj_id']][
'local_policy_allowed'] =
true;
577 if ($rbacreview->isAssignable($role[
"obj_id"],$role_folder[
"ref_id"]))
579 $this->roles[$role[
'obj_id']][
'local_policy_allowed'] =
false;
583 $this->roles[$role[
'obj_id']][
'local_policy_enabled'] =
true;
584 $this->roles[$role[
'obj_id']][
'local_policy_allowed'] =
true;
590 foreach ($grouped_ops as $ops_group => $ops_data)
592 foreach ($ops_data as $key => $operation)
594 $grouped_ops[$ops_group][$key][
'checked'] = $rbacsystem->checkPermission($this->gui_obj->object->getRefId(), $role[
'obj_id'], $operation[
'name']);
598 $this->roles[$role[
'obj_id']][
'permissions'] = $grouped_ops;
606 global $objDefinition;
608 $this->tpl->setCurrentBlock(
"perm_subtitle");
609 $this->tpl->setVariable(
"TXT_PERM_CLASS",$this->lng->txt(
'perm_class_general'));
610 $this->tpl->setVariable(
"TXT_PERM_CLASS_DESC",$this->lng->txt(
'perm_class_general_desc'));
611 $this->tpl->setVariable(
"COLSPAN", $this->num_roles);
612 $this->tpl->parseCurrentBlock();
614 foreach ($this->roles as $role)
616 foreach ($role[
'permissions'][
'general'] as $perm)
619 if ($perm[
'name'] ==
'delete' and $this->gui_obj->object->getType() ==
'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
624 $box = ilUtil::formCheckBox($perm[
'checked'],
"perm[".$role[
"obj_id"].
"][]",$perm[
"ops_id"],$role[
"protected"]);
626 $this->tpl->setCurrentBlock(
"perm_item");
627 $this->tpl->setVariable(
"PERM_CHECKBOX",$box);
628 $this->tpl->setVariable(
"PERM_NAME",$this->lng->txt($perm[
'name']));
629 if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
631 $this->tpl->setVariable(
"PERM_TOOLTIP",
633 $this->gui_obj->object->getType().
"_".$perm[
'name']));
637 $this->tpl->setVariable(
"PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType().
"_".$perm[
'name']));
639 $this->tpl->setVariable(
"PERM_LABEL",
'perm_'.$role[
'obj_id'].
'_'.$perm[
'ops_id']);
640 $this->tpl->parseCurrentBlock();
643 $this->tpl->setCurrentBlock(
"perm_table");
644 $this->tpl->parseCurrentBlock();
647 $this->tpl->setCurrentBlock(
"perm_settings");
648 $this->tpl->parseCurrentBlock();
653 global $objDefinition;
657 $first_role =& current($this->roles);
659 if (count($first_role[
'permissions'][
'object']))
661 $this->tpl->setCurrentBlock(
"perm_subtitle");
662 $this->tpl->setVariable(
"TXT_PERM_CLASS",$this->lng->txt(
'perm_class_object'));
663 $this->tpl->setVariable(
"TXT_PERM_CLASS_DESC",$this->lng->txt(
'perm_class_object_desc'));
664 $this->tpl->setVariable(
"COLSPAN", $this->num_roles);
665 $this->tpl->parseCurrentBlock();
667 foreach ($this->roles as $role)
669 foreach ($role[
'permissions'][
'object'] as $perm)
671 $box = ilUtil::formCheckBox($perm[
'checked'],
"perm[".$role[
"obj_id"].
"][]",$perm[
"ops_id"],$role[
"protected"]);
673 $this->tpl->setCurrentBlock(
"perm_item");
674 $this->tpl->setVariable(
"PERM_CHECKBOX",$box);
675 $this->tpl->setVariable(
"PERM_NAME",$this->lng->txt($this->gui_obj->object->getType().
"_".$perm[
'name']));
676 if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
678 $this->tpl->setVariable(
"PERM_TOOLTIP",
680 $this->gui_obj->object->getType().
"_".$perm[
'name']));
684 $this->tpl->setVariable(
"PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType().
"_".$perm[
'name']));
686 $this->tpl->setVariable(
"PERM_LABEL",
'perm_'.$role[
'obj_id'].
'_'.$perm[
'ops_id']);
687 $this->tpl->parseCurrentBlock();
690 $this->tpl->setCurrentBlock(
"perm_table");
691 $this->tpl->parseCurrentBlock();
694 $this->tpl->setCurrentBlock(
"perm_settings");
695 $this->tpl->parseCurrentBlock();
701 global $objDefinition;
703 $this->tpl->setCurrentBlock(
"perm_subtitle");
704 $this->tpl->setVariable(
"TXT_PERM_CLASS",$this->lng->txt(
'perm_class_rbac'));
705 $this->tpl->setVariable(
"TXT_PERM_CLASS_DESC",$this->lng->txt(
'perm_class_rbac_desc'));
706 $this->tpl->setVariable(
"COLSPAN", $this->num_roles);
707 $this->tpl->parseCurrentBlock();
709 foreach ($this->roles as $role)
711 foreach ($role[
'permissions'][
'rbac'] as $perm)
713 $box = ilUtil::formCheckBox($perm[
'checked'],
"perm[".$role[
"obj_id"].
"][]",$perm[
"ops_id"],$role[
"protected"]);
715 $this->tpl->setCurrentBlock(
"perm_item");
716 $this->tpl->setVariable(
"PERM_CHECKBOX",$box);
717 $this->tpl->setVariable(
"PERM_NAME",$this->lng->txt(
'perm_administrate'));
718 if ($objDefinition->isPlugin($this->gui_obj->object->getType()))
720 $this->tpl->setVariable(
"PERM_TOOLTIP",
722 $this->gui_obj->object->getType().
"_".$perm[
'name']));
726 $this->tpl->setVariable(
"PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType().
"_".$perm[
'name']));
728 $this->tpl->setVariable(
"PERM_LABEL",
'perm_'.$role[
'obj_id'].
'_'.$perm[
'ops_id']);
729 $this->tpl->parseCurrentBlock();
734 if ($this->objDefinition->stopInheritance($this->gui_obj->object->getType()))
736 if ($role[
'local_policy_allowed'])
738 $box = ilUtil::formCheckBox($role[
'local_policy_enabled'],
'stop_inherit[]',$role[
'obj_id'],$role[
'keep_protected']);
739 $lang = $this->lng->txt(
"perm_use_local_policy").
" (".
740 $this->lng->txt(
"stop_inheritance").
")";
741 $lang_desc = $this->lng->txt(
"perm_use_local_policy_desc");
746 $lang = $this->lng->txt(
"perm_local_role");
747 $lang_desc = $this->lng->txt(
"perm_local_role_desc");
750 $this->tpl->setCurrentBlock(
"perm_item");
751 $this->tpl->setVariable(
"PERM_CHECKBOX",$box);
752 $this->tpl->setVariable(
"PERM_NAME",
$lang);
753 $this->tpl->setVariable(
"PERM_TOOLTIP",$lang_desc);
754 $this->tpl->setVariable(
"PERM_LABEL",
'stop_inherit_'.$role[
'obj_id']);
755 $this->tpl->parseCurrentBlock();
758 $this->tpl->setCurrentBlock(
"perm_table");
759 $this->tpl->parseCurrentBlock();
762 $this->tpl->setCurrentBlock(
"perm_settings");
763 $this->tpl->parseCurrentBlock();
772 if ($this->gui_obj->object->getType() ==
'rolf' and $this->gui_obj->object->getRefId() != ROLE_FOLDER_ID)
779 $first_role =& current($this->roles);
781 if (count($first_role[
'permissions'][
'create']))
783 $this->tpl->setCurrentBlock(
"perm_subtitle");
784 $this->tpl->setVariable(
"TXT_PERM_CLASS",$this->lng->txt(
'perm_class_create'));
785 $this->tpl->setVariable(
"TXT_PERM_CLASS_DESC",$this->lng->txt(
'perm_class_create_desc'));
786 $this->tpl->setVariable(
"COLSPAN", $this->num_roles);
787 $this->tpl->parseCurrentBlock();
790 $container_arr = array(
'cat',
'grp',
'crs',
'fold');
792 if (in_array($this->gui_obj->object->getType(),$container_arr))
794 $chk_toggle_create =
true;
797 foreach ($this->roles as $role)
801 foreach ($role[
'permissions'][
'create'] as $perm)
803 $ops_ids[] = $perm[
'ops_id'];
806 if ($chk_toggle_create)
808 $this->tpl->setCurrentBlock(
'chk_toggle_create');
809 $this->tpl->setVariable(
'PERM_NAME',$this->lng->txt(
'check_all').
"/".$this->lng->txt(
'uncheck_all'));
810 $this->tpl->setVariable(
'PERM_TOOLTIP',$this->lng->txt(
'check_all'));
811 $this->tpl->setVariable(
'ROLE_ID',$role[
'obj_id']);
812 $this->tpl->setVariable(
'JS_VARNAME',
'perm_'.$role[
'obj_id']);
814 $this->tpl->parseCurrentBlock();
817 foreach ($role[
'permissions'][
'create'] as $perm)
819 if ($perm[
"name"] ==
"create_icrs" and !$ilSetting->get(
"ilinc_active"))
824 $box = ilUtil::formCheckBox($perm[
'checked'],
"perm[".$role[
"obj_id"].
"][]",$perm[
"ops_id"],$role[
"protected"]);
826 $this->tpl->setCurrentBlock(
"perm_item");
827 $this->tpl->setVariable(
"PERM_CHECKBOX",$box);
828 if ($objDefinition->isPlugin(substr($perm[
'name'],7)))
830 $this->tpl->setVariable(
"PERM_NAME",
832 "obj_".substr($perm[
'name'],7)));
833 $this->tpl->setVariable(
"PERM_TOOLTIP",
835 $this->gui_obj->object->getType().
"_".$perm[
'name']));
839 $this->tpl->setVariable(
"PERM_NAME",$this->lng->txt(
"obj".substr($perm[
'name'],6)));
840 $this->tpl->setVariable(
"PERM_TOOLTIP",$this->lng->txt($this->gui_obj->object->getType().
"_".$perm[
'name']));
843 $this->tpl->setVariable(
"PERM_LABEL",
'perm_'.$role[
'obj_id'].
'_'.$perm[
'ops_id']);
844 $this->tpl->parseCurrentBlock();
847 $this->tpl->setCurrentBlock(
"perm_table");
848 $this->tpl->parseCurrentBlock();
851 $this->tpl->setCurrentBlock(
"perm_settings");
852 $this->tpl->parseCurrentBlock();
858 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
861 $this->ctrl->redirect($this,
"perm");
866 include_once
"Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
867 $table =
new ilRbacLogTableGUI($this,
"log", $this->gui_obj->object->getRefId());
868 $this->tpl->setContent($table->getHTML());
873 include_once
"Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
874 $table =
new ilRbacLogTableGUI($this,
"log", $this->gui_obj->object->getRefId());
876 $table->writeFilterToSession();
882 include_once
"Services/AccessControl/classes/class.ilRbacLogTableGUI.php";
883 $table =
new ilRbacLogTableGUI($this,
"log", $this->gui_obj->object->getRefId());
885 $table->resetFilter();