ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once "./Services/Object/classes/class.ilObjectGUI.php";
5 include_once './Services/AccessControl/classes/class.ilObjRole.php';
6 
19 class ilObjRoleGUI extends ilObjectGUI
20 {
21  const MODE_GLOBAL_UPDATE = 1;
22  const MODE_GLOBAL_CREATE = 2;
23  const MODE_LOCAL_UPDATE = 3;
24  const MODE_LOCAL_CREATE = 4;
25 
31  var $type;
32 
38  var $rolf_ref_id;
39 
40  protected $obj_ref_id = 0;
41  protected $obj_obj_id = 0;
42  protected $obj_obj_type = '';
43  protected $container_type = '';
44 
45 
46  var $ctrl;
47 
52  function __construct($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
53  {
54  global $tree,$lng;
55 
56  $lng->loadLanguageModule('rbac');
57 
58  //TODO: move this to class.ilias.php
59  define("USER_FOLDER_ID",7);
60 
61  if($_GET['rolf_ref_id'] != '')
62  {
63  $this->rolf_ref_id = $_GET['rolf_ref_id'];
64  }
65  else
66  {
67  $this->rolf_ref_id = $_GET['ref_id'];
68  }
69  // Add ref_id of object that contains this role folder
70  $this->obj_ref_id = $tree->getParentId($this->rolf_ref_id);
71  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
72  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
73 
74  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
75 
76  $this->type = "role";
77  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,false);
78  $this->ctrl->saveParameter($this, array("obj_id", "rolf_ref_id"));
79  }
80 
81 
82  function &executeCommand()
83  {
84  global $rbacsystem;
85 
86  $this->prepareOutput();
87 
88  $next_class = $this->ctrl->getNextClass($this);
89  $cmd = $this->ctrl->getCmd();
90 
91  switch($next_class)
92  {
93  case 'ilrepositorysearchgui':
94  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
95  $rep_search =& new ilRepositorySearchGUI();
96  $rep_search->setTitle($this->lng->txt('role_add_user'));
97  $rep_search->setCallback($this,'addUserObject');
98 
99  // Set tabs
100  $this->tabs_gui->setTabActive('user_assignment');
101  $this->ctrl->setReturn($this,'userassignment');
102  $ret =& $this->ctrl->forwardCommand($rep_search);
103  break;
104 
105  case 'ilexportgui':
106 
107  $this->tabs_gui->setTabActive('export');
108 
109  include_once './Services/Export/classes/class.ilExportOptions.php';
110  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
111  $eo->addOption(ilExportOptions::KEY_ROOT,0,$this->object->getId(),$this->rolf_ref_id);
112 
113  include_once './Services/Export/classes/class.ilExportGUI.php';
114  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
115  $exp->addFormat('xml');
116  $this->ctrl->forwardCommand($exp);
117  break;
118 
119  default:
120  if(!$cmd)
121  {
122  if($this->showDefaultPermissionSettings())
123  {
124  $cmd = "perm";
125  }
126  else
127  {
128  $cmd = 'userassignment';
129  }
130  }
131  $cmd .= "Object";
132  $this->$cmd();
133 
134  break;
135  }
136 
137  return true;
138  }
139 
144  public function getParentRefId()
145  {
146  return $this->obj_ref_id;
147  }
148 
153  public function getParentObjId()
154  {
155  return $this->obj_obj_id;
156  }
157 
162  public function getParentType()
163  {
164  return $this->obj_obj_type;
165  }
166 
170  function setBackTarget($a_text, $a_link)
171  {
172  $this->back_target = array("text" => $a_text,
173  "link" => $a_link);
174  }
175 
176  public function getBackTarget()
177  {
178  return $this->back_target ? $this->back_target : array();
179  }
180 
184  function getAdminTabs(&$tabs_gui)
185  {
186  $this->getTabs($tabs_gui);
187  }
188 
193  protected function getContainerType()
194  {
195  return $this->container_type;
196  }
197 
202  protected function showDefaultPermissionSettings()
203  {
204  global $objDefinition;
205 
206  return $objDefinition->isContainer($this->getContainerType());
207  }
208 
209 
210  function listDesktopItemsObject()
211  {
212  global $rbacsystem,$rbacreview,$tree;
213 
214 
215  #if(!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
216  /*
217  if(!$this->checkAccess('edit_permission'))
218  {
219  ilUtil::sendFailure()
220  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
221  }
222  */
223  if(!$rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id) &&
224  $this->rolf_ref_id != ROLE_FOLDER_ID)
225  {
226  ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
227  return true;
228  }
229 
230 
231  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
232  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
233 
234  if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
235  {
236  $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
237  }
238  if(!count($items = $role_desk_item_obj->getAll()))
239  {
240  ilUtil::sendInfo($this->lng->txt('role_desk_none_created'));
241  return true;
242  }
243  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_list.html", "Services/AccessControl");
244  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
245  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.png'));
246  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
247  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
248  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
249  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
250  $this->tpl->setVariable("IMG_ARROW",ilUtil::getImagePath('arrow_downright.png'));
251 
252  $counter = 0;
253 
254  foreach($items as $role_item_id => $item)
255  {
256  $tmp_obj = ilObjectFactory::getInstanceByRefId($item['item_id']);
257 
258  if(strlen($desc = $tmp_obj->getDescription()))
259  {
260  $this->tpl->setCurrentBlock("description");
261  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
262  $this->tpl->parseCurrentBlock();
263  }
264  $this->tpl->setCurrentBlock("desk_row");
265  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
266  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
267  $this->tpl->setVariable("CHECK_DESK",ilUtil::formCheckBox(0,'del_desk_item[]',$role_item_id));
268  $this->tpl->setVariable("TXT_PATH",$this->lng->txt('path').':');
269  $this->tpl->setVariable("PATH",$this->__formatPath($tree->getPathFull($item['item_id'])));
270  $this->tpl->parseCurrentBlock();
271  }
272 
273  return true;
274  }
275 
276  function askDeleteDesktopItemObject()
277  {
278  global $rbacsystem;
279 
280 
281  #if(!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
282  if(!$this->checkAccess('edit_permission'))
283  {
284  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
285  }
286  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
287  {
288  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
289  }
290  if(!count($_POST['del_desk_item']))
291  {
292  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
293 
294  $this->listDesktopItemsObject();
295 
296  return true;
297  }
298  ilUtil::sendQuestion($this->lng->txt('role_sure_delete_desk_items'));
299 
300  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_ask_delete_desktop_item.html", "Services/AccessControl");
301  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
302  $this->tpl->setVariable("TBL_TITLE_IMG",ilUtil::getImagePath('icon_role.png'));
303  $this->tpl->setVariable("TBL_TITLE_IMG_ALT",$this->lng->txt('obj_role'));
304  $this->tpl->setVariable("TBL_TITLE",$this->lng->txt('role_assigned_desk_items').' ('.$this->object->getTitle().')');
305  $this->tpl->setVariable("HEADER_DESC",$this->lng->txt('description'));
306  $this->tpl->setVariable("BTN_DELETE",$this->lng->txt('delete'));
307  $this->tpl->setVariable("BTN_CANCEL",$this->lng->txt('cancel'));
308 
309  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
310 
311  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
312 
313  $counter = 0;
314 
315  foreach($_POST['del_desk_item'] as $role_item_id)
316  {
317  $item_data = $role_desk_item_obj->getItem($role_item_id);
318  $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
319 
320  if(strlen($desc = $tmp_obj->getDescription()))
321  {
322  $this->tpl->setCurrentBlock("description");
323  $this->tpl->setVariable("DESCRIPTION_DESK",$desc);
324  $this->tpl->parseCurrentBlock();
325  }
326  $this->tpl->setCurrentBlock("desk_row");
327  $this->tpl->setVariable("DESK_TITLE",$tmp_obj->getTitle());
328  $this->tpl->setVariable("ROW_CLASS",ilUtil::switchColor(++$counter,'tblrow1','tblrow2'));
329  $this->tpl->parseCurrentBlock();
330  }
331 
332  $_SESSION['role_del_desk_items'] = $_POST['del_desk_item'];
333 
334  return true;
335  }
336 
337  function deleteDesktopItemsObject()
338  {
339  global $rbacsystem;
340 
341  #if (!$rbacsystem->checkAccess('edit_permission', $this->rolf_ref_id))
342  if(!$this->checkAccess('edit_permission'))
343  {
344  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
345  }
346 
347  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
348  {
349  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
350  }
351 
352  if (!count($_SESSION['role_del_desk_items']))
353  {
354  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
355 
356  $this->listDesktopItemsObject();
357 
358  return true;
359  }
360 
361  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
362 
363  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
364 
365  foreach ($_SESSION['role_del_desk_items'] as $role_item_id)
366  {
367  $role_desk_item_obj->delete($role_item_id);
368  }
369 
370  ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
371  $this->listDesktopItemsObject();
372 
373  return true;
374  }
375 
376 
377  function selectDesktopItemObject()
378  {
379  global $rbacsystem,$tree;
380 
381  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
382  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
383 
384  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
385  {
386  #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
387  ilUtil::sendFailure($this->lng->txt('permission_denied'));
388  $this->listDesktopItemsObject();
389  return false;
390  }
391 
392  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
393  $this->__showButton('listDesktopItems',$this->lng->txt('back'));
394 
395  ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
396 
397  $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
398  new ilRoleDesktopItem($this->object->getId()));
399  $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
400  $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
401 
402  $exp->setOutput(0);
403 
404  $output = $exp->getOutput();
405  $this->tpl->setVariable("EXPLORER",$output);
406  //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
407 
408  return true;
409  }
410 
411  function assignDesktopItemObject()
412  {
413  global $rbacsystem;
414 
415  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
416  {
417  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
418  return false;
419  }
420 
421 
422  if (!isset($_GET['item_id']))
423  {
424  ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
425  $this->selectDesktopItemObject();
426 
427  return false;
428  }
429 
430  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
431 
432  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
433  $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
434 
435  ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
436 
437  $this->ctrl->redirect($this,'listDesktopItems');
438  return true;
439  }
440 
446  protected function initFormRoleProperties($a_mode)
447  {
448  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
449  $this->form = new ilPropertyFormGUI();
450 
451  if($this->creation_mode)
452  {
453  $this->ctrl->setParameter($this, "new_type", 'role');
454  }
455  $this->form->setFormAction($this->ctrl->getFormAction($this));
456 
457  switch($a_mode)
458  {
459  case self::MODE_GLOBAL_CREATE:
460  $this->form->setTitle($this->lng->txt('role_new'));
461  $this->form->addCommandButton('save',$this->lng->txt('role_new'));
462  break;
463 
464  case self::MODE_GLOBAL_UPDATE:
465  $this->form->setTitle($this->lng->txt('role_edit'));
466  $this->form->addCommandButton('update', $this->lng->txt('save'));
467  break;
468 
469  case self::MODE_LOCAL_CREATE:
470  case self::MODE_LOCAL_UPDATE:
471  }
472  // Fix cancel
473  $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
474 
475  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
476  if(ilObjRole::isAutoGenerated($this->object->getId()))
477  {
478  $title->setDisabled(true);
479  }
480  $title->setValidationRegexp('/^(?!il_).*$/');
481  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
482  $title->setSize(40);
483  $title->setMaxLength(70);
484  $title->setRequired(true);
485  $this->form->addItem($title);
486 
487  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
488  if(ilObjRole::isAutoGenerated($this->object->getId()))
489  {
490  $desc->setDisabled(true);
491  }
492  $desc->setCols(40);
493  $desc->setRows(3);
494  $this->form->addItem($desc);
495 
496  if($this->rolf_ref_id == ROLE_FOLDER_ID)
497  {
498  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'),'reg');
499  $reg->setValue(1);
500  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
501  $this->form->addItem($reg);
502 
503  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'),'la');
504  $la->setValue(1);
505  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
506  $this->form->addItem($la);
507  }
508 
509  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
510  $pro->setValue(1);
511  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
512  $this->form->addItem($pro);
513 
514  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
515  if(ilDiskQuotaActivationChecker::_isActive())
516  {
517  $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'),'disk_quota');
518  $quo->setMinValue(0);
519  $quo->setSize(4);
520  $quo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
521  $this->form->addItem($quo);
522  }
523 
524  return true;
525  }
526 
532  protected function loadRoleProperties(ilObjRole $role)
533  {
534  $role->setTitle($this->form->getInput('title'));
535  $role->setDescription($this->form->getInput('desc'));
536  $role->setAllowRegister($this->form->getInput('reg'));
537  $role->toggleAssignUsersStatus($this->form->getInput('la'));
538  $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
539  return true;
540  }
541 
547  protected function readRoleProperties(ilObjRole $role)
548  {
549  global $rbacreview;
550 
551  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
552 
553  $data['title'] = $role->getTitle();
554  $data['desc'] = $role->getDescription();
555  $data['reg'] = $role->getAllowRegister();
556  $data['la'] = $role->getAssignUsersStatus();
557  if(ilDiskQuotaActivationChecker::_isActive())
558  {
559  $data['disk_quota'] = $role->getDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
560  }
561  $data['pro'] = $rbacreview->isProtected($this->rolf_ref_id, $role->getId());
562 
563  $this->form->setValuesByArray($data);
564  }
565 
566 
567 
568 
574  public function createObject()
575  {
576  global $rbacsystem;
577 
578  if(!$rbacsystem->checkAccess('create_role',$this->rolf_ref_id))
579  {
580  $ilErr->raiseError($this->lng->txt('permission_denied'),$ilErr->MESSAGE);
581  }
582 
583  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
584  $this->tpl->setContent($this->form->getHTML());
585  }
586 
591  public function editObject()
592  {
593  global $rbacsystem, $rbacreview, $ilSetting,$ilErr;
594 
595  if(!$this->checkAccess('write','edit_permission'))
596  {
597  $ilErr->raiseError($this->lng->txt("msg_no_perm_write"),$ilErr->MESSAGE);
598  }
599  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
600  $this->readRoleProperties($this->object);
601  $this->tpl->setContent($this->form->getHTML());
602  }
603 
604 
609  public function saveObject()
610  {
611  global $rbacadmin,$rbacreview;
612 
613  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
614  if($this->form->checkInput() and !$this->checkDuplicate())
615  {
616  include_once './Services/AccessControl/classes/class.ilObjRole.php';
617  $this->loadRoleProperties($this->role = new ilObjRole());
618  $this->role->create();
619  $rbacadmin->assignRoleToFolder($this->role->getId(), $this->rolf_ref_id,'y');
620  $rbacadmin->setProtected(
621  $this->rolf_ref_id,
622  $this->role->getId(),
623  $this->form->getInput('pro') ? 'y' : 'n'
624  );
625  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
626  $this->ctrl->returnToParent($this);
627  }
628 
629  ilUtil::sendFailure($this->lng->txt('err_check_input'));
630  $this->form->setValuesByPost();
631  $this->tpl->setContent($this->form->getHTML());
632  return false;
633  }
634 
639  protected function checkDuplicate($a_role_id = 0)
640  {
641  global $rbacreview;
642 
643  foreach($rbacreview->getRolesOfRoleFolder($this->rolf_ref_id) as $role_id)
644  {
645  if($role_id == $a_role_id)
646  {
647  continue;
648  }
649 
650  $title = trim(ilObject::_lookupTitle($role_id));
651  if(strcmp($title, trim($this->form->getInput('title'))) === 0)
652  {
653  $this->form->getItemByPostVar('title')->setAlert($this->lng->txt('rbac_role_exists_alert'));
654  return true;
655  }
656  }
657  return false;
658  }
659 
664  public function updateObject()
665  {
666  global $rbacadmin;
667 
668  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
669  if($this->form->checkInput() and !$this->checkDuplicate($this->object->getId()))
670  {
671  include_once './Services/AccessControl/classes/class.ilObjRole.php';
672  $this->loadRoleProperties($this->object);
673  $this->object->update();
674  $rbacadmin->setProtected(
675  $this->rolf_ref_id,
676  $this->object->getId(),
677  $this->form->getInput('pro') ? 'y' : 'n'
678  );
679  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
680  $this->ctrl->redirect($this,'edit');
681  }
682 
683  ilUtil::sendFailure($this->lng->txt('err_check_input'));
684  $this->form->setValuesByPost();
685  $this->tpl->setContent($this->form->getHTML());
686  return false;
687  }
688 
693  protected function permObject($a_show_admin_permissions = false)
694  {
695  global $ilTabs, $ilErr, $ilToolbar, $objDefinition,$rbacreview;
696 
697  $ilTabs->setTabActive('default_perm_settings');
698 
699  $this->setSubTabs('default_perm_settings');
700 
701  if($a_show_admin_permissions)
702  {
703  $ilTabs->setSubTabActive('rbac_admin_permissions');
704  }
705  else
706  {
707  $ilTabs->setSubTabActive('rbac_repository_permissions');
708  }
709 
710  if(!$this->checkAccess('write','edit_permission'))
711  {
712  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->MESSAGE);
713  return true;
714  }
715 
716  // Show copy role button
717  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
718  $ilToolbar->addButton(
719  $this->lng->txt("adopt_perm_from_template"),
720  $this->ctrl->getLinkTarget($this,'adoptPerm')
721  );
722  if($rbacreview->isDeleteable($this->object->getId(), $this->rolf_ref_id))
723  {
724  $ilToolbar->addButton(
725  $this->lng->txt('rbac_delete_role'),
726  $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
727  );
728  }
729 
730  $this->tpl->addBlockFile(
731  'ADM_CONTENT',
732  'adm_content',
733  'tpl.rbac_template_permissions.html',
734  'Services/AccessControl'
735  );
736 
737  $this->tpl->setVariable('PERM_ACTION',$this->ctrl->getFormAction($this));
738 
739  include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
740  $acc = new ilAccordionGUI();
741  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
742  $acc->setId('template_perm_'.$this->getParentRefId());
743 
744  if($this->rolf_ref_id == ROLE_FOLDER_ID)
745  {
746  if($a_show_admin_permissions)
747  {
748  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
749  }
750  else
751  {
752  $subs = $objDefinition->getSubObjectsRecursively('root',true,$a_show_admin_permissions);
753  }
754  }
755  else
756  {
757  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,$a_show_admin_permissions);
758  }
759 
760  $sorted = array();
761  foreach($subs as $subtype => $def)
762  {
763  if($objDefinition->isPlugin($subtype))
764  {
765  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
766  }
767  elseif($objDefinition->isSystemObject($subtype))
768  {
769  $translation = $this->lng->txt("obj_".$subtype);
770  }
771  else
772  {
773  $translation = $this->lng->txt('objs_'.$subtype);
774  }
775 
776  $sorted[$subtype] = $def;
777  $sorted[$subtype]['translation'] = $translation;
778  }
779 
780 
781  $sorted = ilUtil::sortArray($sorted, 'translation','asc',true,true);
782  foreach($sorted as $subtype => $def)
783  {
784  if($objDefinition->isPlugin($subtype))
785  {
786  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
787  }
788  elseif($objDefinition->isSystemObject($subtype))
789  {
790  $translation = $this->lng->txt("obj_".$subtype);
791  }
792  else
793  {
794  $translation = $this->lng->txt('objs_'.$subtype);
795  }
796 
797  include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
798  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
799  $this,
800  'perm',
801  $this->getParentRefId(),
802  $this->object->getId(),
803  $subtype,
804  $a_show_admin_permissions
805  );
806  $tbl->parse();
807 
808  $acc->addItem($translation, $tbl->getHTML());
809  }
810 
811  $this->tpl->setVariable('ACCORDION',$acc->getHTML());
812 
813  // Add options table
814  include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
815  $options = new ilObjectRoleTemplateOptionsTableGUI(
816  $this,
817  'perm',
818  $this->rolf_ref_id,
819  $this->object->getId(),
820  $a_show_admin_permissions
821  );
822  $options->addMultiCommand(
823  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
824  $this->lng->txt('save')
825  );
826 
827  $options->parse();
828  $this->tpl->setVariable('OPTIONS_TABLE',$options->getHTML());
829  }
830 
835  protected function adminPermObject()
836  {
837  return $this->permObject(true);
838  }
839 
844  protected function adminPermSaveObject()
845  {
846  return $this->permSaveObject(true);
847  }
848 
849  protected function adoptPermObject()
850  {
851  global $rbacreview;
852 
853  $output = array();
854 
855  $parent_role_ids = $rbacreview->getParentRoleIds($this->rolf_ref_id,true);
856  $ids = array();
857  foreach($parent_role_ids as $id => $tmp)
858  {
859  $ids[] = $id;
860  }
861 
862  // Sort ids
863  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
864  $key = 0;
865  foreach($sorted_ids as $id)
866  {
867  $par = $parent_role_ids[$id];
868  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"])
869  {
870  $radio = ilUtil::formRadioButton(0,"adopt",$par["obj_id"]);
871  $output["adopt"][$key]["css_row_adopt"] = ($key % 2 == 0) ? "tblrow1" : "tblrow2";
872  $output["adopt"][$key]["check_adopt"] = $radio;
873  $output["adopt"][$key]["role_id"] = $par["obj_id"];
874  $output["adopt"][$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
875  $output["adopt"][$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
876  $output["adopt"][$key]["role_desc"] = $par["desc"];
877  $key++;
878  }
879  }
880 
881  $output["formaction_adopt"] = $this->ctrl->getFormAction($this);
882  $output["message_middle"] = $this->lng->txt("adopt_perm_from_template");
883 
884 
885  $tpl = new ilTemplate("tpl.adm_copy_role.html", true, true, "Services/AccessControl");
886 
887  $tpl->setCurrentBlock("ADOPT_PERM_ROW");
888  foreach ($output["adopt"] as $key => $value)
889  {
890  $tpl->setVariable("CSS_ROW_ADOPT",$value["css_row_adopt"]);
891  $tpl->setVariable("CHECK_ADOPT",$value["check_adopt"]);
892  $tpl->setVariable("LABEL_ID",$value["role_id"]);
893  $tpl->setVariable("TYPE",$value["type"]);
894  $tpl->setVariable("ROLE_NAME",$value["role_name"]);
895  if(strlen($value['role_desc']))
896  {
897  $tpl->setVariable('ROLE_DESC',$value['role_desc']);
898  }
899  $tpl->parseCurrentBlock();
900  }
901 
902  $tpl->setVariable("TPLPATH",$this->tpl->tplPath);
903  $tpl->setVariable("MESSAGE_MIDDLE",$output["message_middle"]);
904  $tpl->setVariable("FORMACTION_ADOPT",$output["formaction_adopt"]);
905  $tpl->setVariable("ADOPT",$this->lng->txt('copy'));
906  $tpl->setVariable("CANCEL",$this->lng->txt('cancel'));
907 
908  $tpl->setVariable('HEAD_ROLE',$this->lng->txt('title'));
909  $tpl->setVariable('HEAD_TYPE',$this->lng->txt('type'));
910 
911  $this->tpl->setContent($tpl->get());
912  }
913 
918  protected function confirmDeleteRoleObject()
919  {
920  global $ilErr,$rbacreview,$ilUser;
921 
922  $access = $this->checkAccess('visible,write','edit_permission');
923  if (!$access)
924  {
925  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
926  }
927 
928  $question = $this->lng->txt('rbac_role_delete_qst');
929  if($rbacreview->isAssigned($ilUser->getId(), $this->object->getId()))
930  {
931  $question .= ('<br />'.$this->lng->txt('rbac_role_delete_self'));
932  }
933  ilUtil::sendQuestion($question);
934 
935  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
936 
937  $confirm = new ilConfirmationGUI();
938  $confirm->setFormAction($this->ctrl->getFormAction($this));
939  $confirm->setHeaderText($question);
940  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
941  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
942 
943  $confirm->addItem(
944  'role',
945  $this->object->getId(),
946  $this->object->getTitle(),
947  ilUtil::getImagePath('icon_role.png')
948  );
949 
950  $this->tpl->setContent($confirm->getHTML());
951  return true;
952  }
953 
954 
959  protected function performDeleteRoleObject()
960  {
961  global $ilErr;
962 
963  $access = $this->checkAccess('visible,write','edit_permission');
964  if (!$access)
965  {
966  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
967  }
968 
969  $this->object->setParent((int) $_GET['rolf_ref_id']);
970  $this->object->delete();
971  ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'),true);
972 
973  $this->ctrl->returnToParent($this);
974  }
975 
981  function permSaveObject($a_show_admin_permissions = false)
982  {
983  global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
984 
985  // for role administration check write of global role folder
986  /*
987  if ($this->rolf_ref_id == ROLE_FOLDER_ID)
988  {
989  $access = $rbacsystem->checkAccess('write',$this->rolf_ref_id);
990  }
991  else // for local roles check 'edit permission' of parent object of the local role folder
992  {
993  $access = $rbacsystem->checkAccess('edit_permission',$tree->getParentId($this->rolf_ref_id));
994  }
995  */
996  $access = $this->checkAccess('visible,write','edit_permission');
997 
998  if (!$access)
999  {
1000  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1001  }
1002 
1003  // rbac log
1004  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
1005  $rbac_log_active = ilRbacLog::isActive();
1006  if($rbac_log_active)
1007  {
1008  $rbac_log_old = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
1009  }
1010 
1011  // delete all template entries of enabled types
1012  if($this->rolf_ref_id == ROLE_FOLDER_ID)
1013  {
1014  if($a_show_admin_permissions)
1015  {
1016  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
1017  }
1018  else
1019  {
1020  $subs = $objDefinition->getSubObjectsRecursively('root',true,false);
1021  }
1022  }
1023  else
1024  {
1025  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,false);
1026  }
1027 
1028  foreach($subs as $subtype => $def)
1029  {
1030  // Delete per object type
1031  $rbacadmin->deleteRolePermission($this->object->getId(),$this->rolf_ref_id,$subtype);
1032  }
1033 
1034  if (empty($_POST["template_perm"]))
1035  {
1036  $_POST["template_perm"] = array();
1037  }
1038 
1039  foreach ($_POST["template_perm"] as $key => $ops_array)
1040  {
1041  // sets new template permissions
1042  $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->rolf_ref_id);
1043  }
1044 
1045  if($rbac_log_active)
1046  {
1047  $rbac_log_new = ilRbacLog::gatherTemplate($this->rolf_ref_id, $this->object->getId());
1048  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
1049  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
1050  }
1051 
1052  // update object data entry (to update last modification date)
1053  $this->object->update();
1054 
1055  // set protected flag
1056  if ($this->rolf_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id))
1057  {
1058  $rbacadmin->setProtected($this->rolf_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1059  }
1060 
1061  if($a_show_admin_permissions)
1062  {
1063  $_POST['recursive'] = true;
1064  }
1065 
1066  // Redirect if Change existing objects is not chosen
1067  if(!$_POST['recursive'] and !is_array($_POST['recursive_list']))
1068  {
1069  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1070  if($a_show_admin_permissions)
1071  {
1072  $this->ctrl->redirect($this,'adminPerm');
1073  }
1074  else
1075  {
1076  $this->ctrl->redirect($this,'perm');
1077  }
1078  }
1079  // New implementation
1080  if($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions)
1081  {
1082  $this->showChangeExistingObjectsConfirmation();
1083  return true;
1084  }
1085 
1086  $start = ($this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id));
1087  if($a_show_admin_permissions)
1088  {
1089  $start = $tree->getParentId($this->rolf_ref_id);
1090  }
1091 
1092  if($_POST['protected'])
1093  {
1094  $this->object->changeExistingObjects(
1095  $start,
1096  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1097  array('all'),
1098  array()
1099  #$a_show_admin_permissions ? array('adm') : array()
1100  );
1101  }
1102  else
1103  {
1104  $this->object->changeExistingObjects(
1105  $start,
1106  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1107  array('all'),
1108  array()
1109  #$a_show_admin_permissions ? array('adm') : array()
1110  );
1111  }
1112  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1113 
1114  if($a_show_admin_permissions)
1115  {
1116  $this->ctrl->redirect($this,'adminPerm');
1117  }
1118  else
1119  {
1120  $this->ctrl->redirect($this,'perm');
1121  }
1122  return true;
1123  }
1124 
1125 
1131  function adoptPermSaveObject()
1132  {
1133  global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1134 
1135  if(!$_POST['adopt'])
1136  {
1137  ilUtil::sendFailure($this->lng->txt('select_one'));
1138  $this->adoptPermObject();
1139  return false;
1140  }
1141 
1142  $access = $this->checkAccess('visible,write','edit_permission');
1143  if (!$access)
1144  {
1145  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1146  }
1147 
1148  if ($this->object->getId() == $_POST["adopt"])
1149  {
1150  ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"),true);
1151  }
1152  else
1153  {
1154  $rbacadmin->deleteRolePermission($this->object->getId(), $this->rolf_ref_id);
1155  $parentRoles = $rbacreview->getParentRoleIds($this->rolf_ref_id,true);
1156  $rbacadmin->copyRoleTemplatePermissions(
1157  $_POST["adopt"],
1158  $parentRoles[$_POST["adopt"]]["parent"],
1159  $this->rolf_ref_id,
1160  $this->object->getId(),
1161  false);
1162 
1163  // update object data entry (to update last modification date)
1164  $this->object->update();
1165 
1166  // send info
1167  $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1168  ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1169  $this->lng->txt("msg_perm_adopted_from2"),true);
1170  }
1171 
1172  $this->ctrl->redirect($this, "perm");
1173  }
1174 
1180  function assignSaveObject()
1181  {
1182  $this->assignUserObject();
1183  }
1184 
1185 
1186 
1192  public function addUserObject($a_user_ids)
1193  {
1194  global $rbacreview,$rbacadmin;
1195 
1196  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1197  {
1198  ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'),true);
1199  return false;
1200  }
1201  if(!$rbacreview->isAssignable($this->object->getId(),$this->rolf_ref_id) &&
1202  $this->rolf_ref_id != ROLE_FOLDER_ID)
1203  {
1204  ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'),true);
1205  return false;
1206  }
1207  if(!$a_user_ids)
1208  {
1209  $GLOBALS['lng']->loadLanguageModule('search');
1210  ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'),true);
1211  return false;
1212  }
1213 
1214  $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1215 
1216  // users to assign
1217  $assigned_users_new = array_diff($a_user_ids,array_intersect($a_user_ids,$assigned_users_all));
1218 
1219  // selected users all already assigned. stop
1220  if (count($assigned_users_new) == 0)
1221  {
1222  ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"),true);
1223  $this->ctrl->redirect($this,'userassignment');
1224  }
1225 
1226  // assign new users
1227  foreach ($assigned_users_new as $user)
1228  {
1229  $rbacadmin->assignUser($this->object->getId(),$user,false);
1230  }
1231 
1232  // update object data entry (to update last modification date)
1233  $this->object->update();
1234 
1235  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"),true);
1236  $this->ctrl->redirect($this,'userassignment');
1237  }
1238 
1244  function deassignUserObject()
1245  {
1246  global $rbacsystem, $rbacadmin, $rbacreview;
1247 
1248  #if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1249  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1250  {
1251  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1252  }
1253 
1254  $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1255 
1256  if ($selected_users[0]=== NULL)
1257  {
1258  $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1259  }
1260 
1261  // prevent unassignment of system user from system role
1262  if ($this->object->getId() == SYSTEM_ROLE_ID)
1263  {
1264  if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1265  unset($selected_users[$admin]);
1266  }
1267 
1268  // check for each user if the current role is his last global role before deassigning him
1269  $last_role = array();
1270  $global_roles = $rbacreview->getGlobalRoles();
1271 
1272  foreach ($selected_users as $user)
1273  {
1274  $assigned_roles = $rbacreview->assignedRoles($user);
1275  $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1276 
1277  if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1278  {
1279  $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1280  $last_role[$user] = $userObj->getFullName();
1281  unset($userObj);
1282  }
1283  }
1284 
1285 
1286  // ... else perform deassignment
1287  foreach ($selected_users as $user)
1288  {
1289  if(!isset($last_role[$user]))
1290  {
1291  $rbacadmin->deassignUser($this->object->getId(), $user);
1292  }
1293  }
1294 
1295  // update object data entry (to update last modification date)
1296  $this->object->update();
1297 
1298  // raise error if last role was taken from a user...
1299  if(count($last_role))
1300  {
1301  $user_list = implode(", ",$last_role);
1302  ilUtil::sendFailure($this->lng->txt('msg_is_last_role').': '.$user_list.'<br />'.$this->lng->txt('msg_min_one_role'),true);
1303  }
1304  else
1305  {
1306  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1307  }
1308  $this->ctrl->redirect($this,'userassignment');
1309  }
1310 
1311 
1315  function userassignmentObject()
1316  {
1317  global $rbacreview, $rbacsystem, $lng, $ilUser;
1318 
1319  //if (!$rbacsystem->checkAccess("edit_userassignment", $this->rolf_ref_id))
1320  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1321  {
1322  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1323  }
1324 
1325  $this->tabs_gui->setTabActive('user_assignment');
1326 
1327  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.rbac_ua.html','Services/AccessControl');
1328 
1329  include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1330  $tb = new ilToolbarGUI();
1331 
1332  // protected admin role
1333  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1334  if(
1335  $this->object->getId() != SYSTEM_ROLE_ID ||
1336  (
1337  !$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID) or
1338  !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1339  )
1340  )
1341  {
1342 
1343 
1344  // add member
1345  include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1346  ilRepositorySearchGUI::fillAutoCompleteToolbar(
1347  $this,
1348  $tb,
1349  array(
1350  'auto_complete_name' => $lng->txt('user'),
1351  'submit_name' => $lng->txt('add')
1352  )
1353  );
1354 
1355  /*
1356  // add button
1357  $tb->addFormButton($lng->txt("add"), "assignUser");
1358  */
1359  $tb->addSpacer();
1360 
1361  $tb->addButton(
1362  $this->lng->txt('search_user'),
1363  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI','start')
1364  );
1365  $tb->addSpacer();
1366  }
1367 
1368  $tb->addButton(
1369  $this->lng->txt('role_mailto'),
1370  $this->ctrl->getLinkTarget($this,'mailToRole')
1371  );
1372  $this->tpl->setVariable('BUTTONS_UA',$tb->getHTML());
1373 
1374 
1375  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1376  $role_assignment_editable = true;
1377  if(
1378  $this->object->getId() == SYSTEM_ROLE_ID &&
1379  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId()))
1380  {
1381  $role_assignment_editable = false;
1382  }
1383 
1384  include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1385  $ut = new ilAssignedUsersTableGUI($this,'userassignment',$this->object->getId(),$role_assignment_editable);
1386 
1387  $this->tpl->setVariable('TABLE_UA',$ut->getHTML());
1388 
1389  return true;
1390 
1391  }
1392 
1393 
1398  function cancelObject()
1399  {
1400  if ($_GET["new_type"] != "role")
1401  {
1402  $this->ctrl->redirect($this, "userassignment");
1403  }
1404  else
1405  {
1406  $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1407  }
1408  }
1409 
1410 
1411  function listUsersRoleObject()
1412  {
1413  global $rbacsystem,$rbacreview;
1414 
1415  $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1416 
1417  if (!is_array($_POST["role"]))
1418  {
1419  ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1420  $this->searchObject();
1421 
1422  return false;
1423  }
1424 
1425  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1426  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1427 
1428  // GET ALL MEMBERS
1429  $members = array();
1430 
1431  foreach ($_POST["role"] as $role_id)
1432  {
1433  $members = array_merge($rbacreview->assignedUsers($role_id),$members);
1434  }
1435 
1436  $members = array_unique($members);
1437 
1438  // FORMAT USER DATA
1439  $counter = 0;
1440  $f_result = array();
1441 
1442  foreach($members as $user)
1443  {
1444  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
1445  {
1446  continue;
1447  }
1448 
1449  $user_ids[$counter] = $user;
1450 
1451  // TODO: exclude anonymous user
1452  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
1453  $f_result[$counter][] = $tmp_obj->getLogin();
1454  $f_result[$counter][] = $tmp_obj->getFirstname();
1455  $f_result[$counter][] = $tmp_obj->getLastname();
1456 
1457  unset($tmp_obj);
1458  ++$counter;
1459  }
1460 
1461  $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
1462 
1463  return true;
1464  }
1465 
1466 
1467 
1468  function __formatPath($a_path_arr)
1469  {
1470  $counter = 0;
1471 
1472  foreach ($a_path_arr as $data)
1473  {
1474  if ($counter++)
1475  {
1476  $path .= " -> ";
1477  }
1478 
1479  $path .= $data['title'];
1480  }
1481 
1482  if (strlen($path) > 50)
1483  {
1484  return '...'.substr($path,-50);
1485  }
1486 
1487  return $path;
1488  }
1489 
1490  function __prepareOutput()
1491  {
1492  // output objects
1493  $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1494  $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1495 
1496  // output locator
1497  //$this->__setLocator();
1498 
1499  // output message
1500  if ($this->message)
1501  {
1502  ilUtil::sendInfo($this->message);
1503  }
1504 
1505  // display infopanel if something happened
1506  ilUtil::infoPanel();
1507 
1508  // set header
1509  $this->__setHeader();
1510  }
1511 
1512  function __setHeader()
1513  {
1514  $this->tpl->setTitle($this->lng->txt('role'));
1515  $this->tpl->setDescription($this->object->getTitle());
1516  $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.png"));
1517 
1518  $this->getTabs($this->tabs_gui);
1519  }
1520 
1521  function __setLocator()
1522  {
1523  global $tree, $ilCtrl;
1524 
1525  return;
1526 
1527  $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html", "Services/Locator");
1528 
1529  $counter = 0;
1530 
1531  foreach ($tree->getPathFull($this->rolf_ref_id) as $key => $row)
1532  {
1533  if ($counter++)
1534  {
1535  $this->tpl->touchBlock('locator_separator_prefix');
1536  }
1537 
1538  $this->tpl->setCurrentBlock("locator_item");
1539 
1540  if ($row["type"] == 'rolf')
1541  {
1542  $this->tpl->setVariable("ITEM",$this->object->getTitle());
1543  $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
1544  }
1545  elseif ($row["child"] != $tree->getRootId())
1546  {
1547  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1548  $this->tpl->setVariable("ITEM", $row["title"]);
1549  $this->tpl->setVariable("LINK_ITEM",
1550  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1551  }
1552  else
1553  {
1554  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1555  $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
1556  $this->tpl->setVariable("LINK_ITEM",
1557  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1558  }
1559  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $_GET["ref_id"]);
1560 
1561  $this->tpl->parseCurrentBlock();
1562  }
1563 
1564  $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
1565  $this->tpl->parseCurrentBlock();
1566  }
1567 
1572  function addAdminLocatorItems()
1573  {
1574  global $ilLocator;
1575 
1576  if ($_GET["admin_mode"] == "settings"
1577  && $_GET["ref_id"] == ROLE_FOLDER_ID) // system settings
1578  {
1579  $ilLocator->addItem($this->lng->txt("administration"),
1580  $this->ctrl->getLinkTargetByClass("iladministrationgui", "frameset"),
1581  ilFrameTargetInfo::_getFrame("MainContent"));
1582 
1583  $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
1584  ilObject::_lookupObjId($_GET["ref_id"]))),
1585  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
1586 
1587  if ($_GET["obj_id"] > 0)
1588  {
1589  $ilLocator->addItem($this->object->getTitle(),
1590  $this->ctrl->getLinkTarget($this, "view"));
1591  }
1592  }
1593  else // repository administration
1594  {
1595  // ?
1596  }
1597  }
1598 
1599 
1600 
1601 
1602  function getTabs(&$tabs_gui)
1603  {
1604  global $rbacsystem,$rbacreview, $ilHelp;
1605 
1606  $base_role_folder = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1607 
1608 //var_dump($base_role_folder);
1609 //echo "-".$this->rolf_ref_id."-";
1610 
1611  $activate_role_edit = false;
1612 
1613  // todo: activate the following (allow editing of local roles in
1614  // roles administration)
1615  //if (in_array($this->rolf_ref_id,$base_role_folder))
1616  if (in_array($this->rolf_ref_id,$base_role_folder) ||
1617  (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1618  $_GET["admin_mode"] == "settings"))
1619  {
1620  $activate_role_edit = true;
1621  }
1622 
1623  // not so nice (workaround for using tabs in repository)
1624  $tabs_gui->clearTargets();
1625 
1626  $ilHelp->setScreenIdComponent("role");
1627 
1628  if ($this->back_target != "")
1629  {
1630  $tabs_gui->setBackTarget(
1631  $this->back_target["text"],$this->back_target["link"]);
1632  }
1633 
1634  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
1635  {
1636  $tabs_gui->addTarget("edit_properties",
1637  $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
1638  }
1639 /*
1640  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1641  {
1642  $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1643  ? true
1644  : false;
1645  $tabs_gui->addTarget("default_perm_settings",
1646  $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1647  get_class($this),
1648  "", $force_active);
1649  }
1650 */
1651  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1652  {
1653  $tabs_gui->addTarget(
1654  "default_perm_settings",
1655  $this->ctrl->getLinkTarget($this, "perm"), array(),get_class($this)
1656  );
1657  }
1658 
1659  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1660  {
1661  $tabs_gui->addTarget("user_assignment",
1662  $this->ctrl->getLinkTarget($this, "userassignment"),
1663  array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1664  get_class($this));
1665  }
1666 
1667  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1668  {
1669  $tabs_gui->addTarget("desktop_items",
1670  $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1671  array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1672  get_class($this));
1673  }
1674  if($this->checkAccess('write','edit_permission'))
1675  {
1676  $tabs_gui->addTarget(
1677  'export',
1678  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1679  array()
1680  );
1681 
1682  }
1683  }
1684 
1685  function mailToRoleObject()
1686  {
1687  global $rbacreview;
1688 
1689  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1690  if(count($obj_ids) > 1)
1691  {
1692  $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
1693  }
1694  else
1695  {
1696  $_SESSION['mail_roles'][] = $rbacreview->getRoleMailboxAddress($this->object->getId());
1697  }
1698 
1699  require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1700  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1701  ilUtil::redirect($script);
1702  }
1703 
1704  function checkAccess($a_perm_global,$a_perm_obj = '')
1705  {
1706  global $rbacsystem,$ilAccess;
1707 
1708  $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1709 
1710  if($this->rolf_ref_id == ROLE_FOLDER_ID)
1711  {
1712  return $rbacsystem->checkAccess($a_perm_global,$this->rolf_ref_id);
1713  }
1714  else
1715  {
1716  return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
1717  }
1718  }
1719 
1724  protected function isChangeExistingObjectsConfirmationRequired()
1725  {
1726  global $rbacreview;
1727 
1728  if(!(int) $_POST['recursive'] and !is_array($_POST['recursive_list']))
1729  {
1730  return false;
1731  }
1732 
1733  // Role is protected
1734  if($rbacreview->isProtected($this->rolf_ref_id, $this->object->getId()))
1735  {
1736  // TODO: check if recursive_list is enabled
1737  // and if yes: check if inheritance is broken for the relevant object types
1738  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1739  }
1740  else
1741  {
1742  // TODO: check if recursive_list is enabled
1743  // and if yes: check if inheritance is broken for the relevant object types
1744  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1745  }
1746  }
1747 
1752  protected function showChangeExistingObjectsConfirmation()
1753  {
1754  $protected = $_POST['protected'];
1755 
1756  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1757  $form = new ilPropertyFormGUI();
1758  $form->setFormAction($this->ctrl->getFormAction($this,'changeExistingObjects'));
1759  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1760 
1761  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1762  $form->addCommandButton('perm',$this->lng->txt('cancel'));
1763 
1764  $hidden = new ilHiddenInputGUI('type_filter');
1765  $hidden->setValue(
1766  $_POST['recursive'] ?
1767  serialize(array('all')) :
1768  serialize($_POST['recursive_list'])
1769  );
1770  $form->addItem($hidden);
1771 
1772  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'),'mode');
1773 
1774  if($protected)
1775  {
1776  $rad->setValue(ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1777  $keep = new ilRadioOption(
1778  $this->lng->txt('rbac_keep_local_policies'),
1779  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1780  $this->lng->txt('rbac_keep_local_policies_info')
1781  );
1782  }
1783  else
1784  {
1785  $rad->setValue(ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1786  $keep = new ilRadioOption(
1787  $this->lng->txt('rbac_keep_local_policies'),
1788  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1789  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1790  );
1791 
1792  }
1793  $rad->addOption($keep);
1794 
1795  if($protected)
1796  {
1797  $del = new ilRadioOption(
1798  $this->lng->txt('rbac_delete_local_policies'),
1799  ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1800  $this->lng->txt('rbac_delete_local_policies_info')
1801  );
1802  }
1803  else
1804  {
1805  $del = new ilRadioOption(
1806  $this->lng->txt('rbac_delete_local_policies'),
1807  ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1808  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1809  );
1810  }
1811  $rad->addOption($del);
1812 
1813  $form->addItem($rad);
1814  $this->tpl->setContent($form->getHTML());
1815  }
1816 
1821  protected function changeExistingObjectsObject()
1822  {
1823  global $tree,$rbacreview,$rbacadmin;
1824 
1825  $mode = (int) $_POST['mode'];
1826  $start = ($this->rolf_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $tree->getParentId($this->rolf_ref_id));
1827  $this->object->changeExistingObjects($start,$mode,unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1828 
1829  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1830  $this->ctrl->redirect($this,'perm');
1831  }
1832 
1838  protected function setSubTabs($a_tab)
1839  {
1840  global $ilTabs;
1841 
1842  switch($a_tab)
1843  {
1844  case 'default_perm_settings':
1845  if($this->rolf_ref_id != ROLE_FOLDER_ID)
1846  {
1847  return true;
1848  }
1849  $ilTabs->addSubTabTarget(
1850  'rbac_repository_permissions',
1851  $this->ctrl->getLinkTarget($this,'perm')
1852  );
1853  $ilTabs->addSubTabTarget(
1854  'rbac_admin_permissions',
1855  $this->ctrl->getLinkTarget($this,'adminPerm')
1856  );
1857  }
1858  return true;
1859  }
1860 
1861 
1862 } // END class.ilObjRoleGUI
1863 ?>