ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilObjRoleFolderGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\HTTP\GlobalHttpState;
22 use ILIAS\Refinery\Factory;
23 use ILIAS\UI\Factory as UIFactory;
24 
32 class ilObjRoleFolderGUI extends ilObjectGUI
33 {
34  private const COPY_ADD_PERMISSIONS = 1;
35  private const COPY_CLONE_PERMISSIONS = 2;
36  private const COPY_REMOVE_PERMISSIONS = 3;
37  private const COPY_CHANGE_EXISTING_OBJECTS = 1;
38 
39  private ilLogger $logger;
40  protected ilRbacAdmin $rbacadmin;
41 
42  protected GlobalHttpState $http;
43  protected Factory $refinery;
44  protected UIFactory $ui_factory;
45 
50  public function __construct($a_data, int $a_id, bool $a_call_by_reference)
51  {
52  global $DIC;
53 
54  $this->logger = $DIC->logger()->ac();
55  $this->rbacadmin = $DIC['rbacadmin'];
56  $this->http = $DIC->http();
57  $this->refinery = $DIC->refinery();
58  $this->ui_factory = $DIC['ui.factory'];
59 
60  $this->type = "rolf";
61  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
62  $this->lng->loadLanguageModule('rbac');
63  }
64 
65  public function executeCommand(): void
66  {
67  $next_class = $this->ctrl->getNextClass($this);
68  $cmd = $this->ctrl->getCmd();
69  $this->prepareOutput();
70 
71  switch ($next_class) {
72  case 'ilpermissiongui':
73  $perm_gui = new ilPermissionGUI($this);
74  $ret = $this->ctrl->forwardCommand($perm_gui);
75  break;
76 
77  default:
78  $this->ctrl->setReturn($this, "view");
79  if (!$cmd) {
80  $cmd = "view";
81  }
82  $cmd .= "Object";
83  $this->$cmd();
84 
85  break;
86  }
87  }
88 
89  protected function initCopySourceFromGET(): int
90  {
91  if ($this->http->wrapper()->query()->has('csource')) {
92  return $this->http->wrapper()->query()->retrieve(
93  'csource',
94  $this->refinery->kindlyTo()->int()
95  );
96  }
97  return 0;
98  }
99 
103  protected function initRolesFromPOST(): array
104  {
105  if ($this->http->wrapper()->post()->has('roles')) {
106  return $this->http->wrapper()->post()->retrieve(
107  'roles',
108  $this->refinery->byTrying([
109  $this->refinery->kindlyTo()->listOf(
110  $this->refinery->kindlyTo()->int()
111  ),
112  $this->refinery->in()->series([
113  $this->refinery->custom()->transformation(function ($v) {
114  return explode(',', $v);
115  }),
116  $this->refinery->kindlyTo()->listOf(
117  $this->refinery->kindlyTo()->int()
118  )
119  ])
120  ])
121  );
122  }
123  return [];
124  }
125 
126  public function returnObject(): void
127  {
128  $this->viewObject();
129  }
130 
131  protected function buildTargetNamesString(): string
132  {
133  $targets = $this->initRolesFromPOST();
134 
135  if ($targets === []) {
136  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('rbac_copy_no_targets'), true);
137  $this->ctrl->redirect($this, 'roleSearchList');
138  }
139 
140  if (count($targets) > 3) {
141  return sprintf($this->lng->txt('rbac_copy_multi_targets'), '<strong>' . ilObject::_lookupTitle($targets[0]), ilObject::_lookupTitle($targets[1]) . '</strong>', '<strong>' . (string) count($targets) - 2, '</strong>');
142  }
143 
144  if (count($targets) > 1) {
145  $target_names = '<strong>' . ilObject::_lookupTitle(array_shift($targets));
146  foreach ($targets as $target) {
147  $target_names .= ', ' . ilObject::_lookupTitle($target);
148  }
149  return $target_names . '</strong>';
150  }
151 
152  // we have one single target
153  return '<strong>' . ilObject::_lookupTitle($targets[0]) . '</strong>';
154  }
155 
156  public function viewObject(): void
157  {
158  $this->tabs_gui->activateTab('view');
159 
160  if (!$this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
161  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
162  }
163 
164  if ($this->rbac_system->checkAccess('create_role', $this->object->getRefId())) {
165  $this->ctrl->setParameter($this, 'new_type', 'role');
166  $this->toolbar->addComponent(
167  $this->ui_factory->link()->standard(
168  $this->lng->txt('rolf_create_role'),
169  $this->ctrl->getLinkTargetByClass(ilObjRoleGUI::class, 'create')
170  )
171  );
172  }
173  if ($this->rbac_system->checkAccess('create_rolt', $this->object->getRefId())) {
174  $this->ctrl->setParameter($this, 'new_type', 'rolt');
175  $this->toolbar->addComponent(
176  $this->ui_factory->link()->standard(
177  $this->lng->txt('rolf_create_rolt'),
178  $this->ctrl->getLinkTargetByClass(ilObjRoleTemplateGUI::class, 'create')
179  )
180  );
181  $this->ctrl->clearParameters($this);
182  }
183 
184  if (
185  $this->rbac_system->checkAccess('create_rolt', $this->object->getRefId()) ||
186  $this->rbac_system->checkAccess('create_rolt', $this->object->getRefId())
187  ) {
188  $this->toolbar->addComponent(
189  $this->ui_factory->link()->standard(
190  $this->lng->txt('rbac_import_role'),
191  $this->ctrl->getLinkTargetByClass('ilPermissionGUI', 'displayImportRoleForm')
192  )
193  );
194  }
195 
196  $table = new ilRoleTableGUI($this, 'view');
197  $table->init();
198  $table->parse($this->object->getId());
199 
200  $this->tpl->setContent($table->getHTML());
201  }
202 
206  protected function roleSearchObject(): void
207  {
208  $this->tabs_gui->clearTargets();
209  $this->tabs_gui->setBackTarget(
210  $this->lng->txt('rbac_back_to_overview'),
211  $this->ctrl->getLinkTarget($this, 'view')
212  );
213 
214  if (!$this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
215  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
216  }
217 
218  $this->ctrl->setParameter($this, 'csource', $this->initCopySourceFromGET());
219  $this->tpl->setOnScreenMessage(
220  'info',
221  sprintf(
222  $this->lng->txt('rbac_choose_copy_targets'),
223  '<strong>' . ilObject::_lookupTitle($this->initCopySourceFromGET()) . '</strong>'
224  )
225  );
226 
227  $form = $this->initRoleSearchForm();
228  $this->tpl->setContent($form->getHTML());
229  }
230 
234  protected function initRoleSearchForm(): ilPropertyFormGUI
235  {
236  $form = new ilPropertyFormGUI();
237  $form->setTitle($this->lng->txt('rbac_role_title'));
238  $form->setFormAction($this->ctrl->getFormAction($this, 'view'));
239 
240  $search = new ilTextInputGUI($this->lng->txt('title'), 'title');
241  $search->setRequired(true);
242  $search->setSize(30);
243  $search->setMaxLength(255);
244  $form->addItem($search);
245 
246  $form->addCommandButton('roleSearchForm', $this->lng->txt('search'));
247  return $form;
248  }
249 
253  protected function roleSearchFormObject(): void
254  {
255  ilSession::set('rolf_search_query', '');
256  $this->ctrl->setParameter($this, 'csource', $this->initCopySourceFromGET());
257 
258  $form = $this->initRoleSearchForm();
259  if ($form->checkInput()) {
260  ilSession::set('rolf_search_query', $form->getInput('title'));
261  $this->roleSearchListObject();
262  return;
263  }
264 
265  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_search_string'), true);
266  $form->setValuesByPost();
267  $this->ctrl->redirect($this, 'roleSearch');
268  }
269 
273  protected function roleSearchListObject(): void
274  {
275  $this->tabs_gui->clearTargets();
276  $this->tabs_gui->setBackTarget(
277  $this->lng->txt('rbac_back_to_overview'),
278  $this->ctrl->getLinkTarget($this, 'view')
279  );
280 
281  $this->ctrl->setParameter($this, 'csource', $this->initCopySourceFromGET());
282 
283  if (strlen(ilSession::get('rolf_search_query'))) {
284  $this->tpl->setOnScreenMessage(
285  'info',
286  sprintf(
287  $this->lng->txt('rbac_select_copy_targets'),
288  '<strong>' . ilObject::_lookupTitle($this->initCopySourceFromGET()) . '</strong>'
289  )
290  );
291  $table = new ilRoleTableGUI($this, 'roleSearchList');
292  $table->setType(ilRoleTableGUI::TYPE_SEARCH);
293  $table->setRoleTitleFilter(ilSession::get('rolf_search_query'));
294  $table->init();
295  $table->parse($this->object->getId());
296  $this->tpl->setContent($table->getHTML());
297  return;
298  }
299 
300  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_search_string'), true);
301  $this->ctrl->redirect($this, 'roleSearch');
302  }
303 
307  protected function chooseCopyBehaviourObject(?ilPropertyFormGUI $form = null): void
308  {
309  $this->initCopySourceFromGET();
310 
311  $this->ctrl->saveParameter($this, 'csource');
312  $this->tabs_gui->clearTargets();
313  $this->tabs_gui->setBackTarget(
314  $this->lng->txt('rbac_back_to_overview'),
315  $this->ctrl->getLinkTarget($this, 'view')
316  );
317  if (!$form instanceof \ilPropertyFormGUI) {
318  $form = $this->initCopyBehaviourForm();
319  }
320  $this->tpl->setContent($form->getHTML());
321  }
322 
326  protected function initCopyBehaviourForm(): ilPropertyFormGUI
327  {
328  // not only for role templates; add/remove permissions is also applicable for roles
329  $full_featured = true;
330 
331  $this->tpl->setOnScreenMessage(
332  'info',
333  sprintf(
334  $this->lng->txt('rbac_copy_behaviour_info'),
335  '<strong>' . ilObject::_lookupTitle($this->initCopySourceFromGET()) . '</strong>',
336  $this->buildTargetNamesString()
337  ),
338  true
339  );
340 
341  $form = new ilPropertyFormGUI();
342  $form->setTitle($this->lng->txt('rbac_copy_behaviour'));
343  $form->setFormAction($this->ctrl->getFormAction($this, 'chooseCopyBehaviour'));
344 
345  $copy_type = new \ilRadioGroupInputGUI(
346  $this->lng->txt('rbac_form_copy_roles_adjust_type'),
347  'type'
348  );
349  $copy_type->setRequired(true);
350  $copy_type->setValue((string) self::COPY_CLONE_PERMISSIONS);
351 
352  if ($full_featured) {
353  $add = new \ilRadioOption(
354  $this->lng->txt('rbac_form_copy_roles_adjust_type_add'),
355  (string) self::COPY_ADD_PERMISSIONS,
356  $this->lng->txt('rbac_form_copy_roles_adjust_type_add_info')
357  );
358  $copy_type->addOption($add);
359 
360  $ce_type_add = new \ilRadioGroupInputGUI(
361  '',
362  'add_ce_type'
363  );
364  $ce_type_add->setRequired(true);
365  $ce_add_yes = new \ilRadioOption(
366  $this->lng->txt('rbac_form_copy_roles_ce_add_yes'),
367  (string) self::COPY_CHANGE_EXISTING_OBJECTS,
368  $this->lng->txt('rbac_form_copy_roles_ce_add_yes_info')
369  );
370  $ce_type_add->addOption($ce_add_yes);
371  $ce_add_no = new \ilRadioOption(
372  $this->lng->txt('rbac_form_copy_roles_ce_add_no'),
373  (string) 0,
374  $this->lng->txt('rbac_form_copy_roles_ce_add_no_info')
375  );
376  $ce_type_add->addOption($ce_add_no);
377  $add->addSubItem($ce_type_add);
378  }
379  $clone = new \ilRadioOption(
380  $this->lng->txt('rbac_form_copy_roles_adjust_type_clone'),
381  (string) self::COPY_CLONE_PERMISSIONS,
382  $this->lng->txt('rbac_form_copy_roles_adjust_type_clone_info')
383  );
384  $copy_type->addOption($clone);
385 
386  $ce_type_clone = new \ilRadioGroupInputGUI(
387  '',
388  'clone_ce_type'
389  );
390  $ce_type_clone->setRequired(true);
391  $ce_clone_yes = new \ilRadioOption(
392  $this->lng->txt('rbac_form_copy_roles_ce_clone_yes'),
393  (string) self::COPY_CHANGE_EXISTING_OBJECTS,
394  $this->lng->txt('rbac_form_copy_roles_ce_clone_yes_info')
395  );
396  $ce_type_clone->addOption($ce_clone_yes);
397  $ce_clone_no = new \ilRadioOption(
398  $this->lng->txt('rbac_form_copy_roles_ce_clone_no'),
399  (string) 0,
400  $this->lng->txt('rbac_form_copy_roles_ce_clone_no_info')
401  );
402  $ce_type_clone->addOption($ce_clone_no);
403  $clone->addSubItem($ce_type_clone);
404 
405  if ($full_featured) {
406  $remove = new \ilRadioOption(
407  $this->lng->txt('rbac_form_copy_roles_adjust_type_remove'),
408  (string) self::COPY_REMOVE_PERMISSIONS,
409  $this->lng->txt('rbac_form_copy_roles_adjust_type_remove_info')
410  );
411  $copy_type->addOption($remove);
412  $ce_type_remove = new \ilRadioGroupInputGUI(
413  '',
414  'remove_ce_type'
415  );
416  $ce_type_remove->setRequired(true);
417  $ce_remove_yes = new \ilRadioOption(
418  $this->lng->txt('rbac_form_copy_roles_ce_remove_yes'),
419  (string) self::COPY_CHANGE_EXISTING_OBJECTS,
420  $this->lng->txt('rbac_form_copy_roles_ce_remove_yes_info')
421  );
422  $ce_type_remove->addOption($ce_remove_yes);
423  $ce_remove_no = new \ilRadioOption(
424  $this->lng->txt('rbac_form_copy_roles_ce_remove_no'),
425  (string) 0,
426  $this->lng->txt('rbac_form_copy_roles_ce_remove_no_info')
427  );
428  $ce_type_remove->addOption($ce_remove_no);
429  $remove->addSubItem($ce_type_remove);
430  }
431 
432  $form->addItem($copy_type);
433 
434  $roles = new ilHiddenInputGUI('roles');
435  $roles->setValue(implode(',', $this->initRolesFromPOST()));
436  $form->addItem($roles);
437 
438  $form->addCommandButton('roleSearchList', $this->lng->txt('back'));
439  $form->addCommandButton('adjustRole', $this->lng->txt('rbac_form_copy_roles_adjust_button'));
440  return $form;
441  }
442 
446  protected function adjustRoleObject(): void
447  {
448  $this->checkPermission('write');
449 
450  $roles = $this->initRolesFromPOST();
451  $source = $this->initCopySourceFromGET();
452 
453  $form = $this->initCopyBehaviourForm();
454  if (!$form->checkInput()) {
455  $form->setValuesByPost();
456  $this->chooseCopyBehaviourObject($form);
457  return;
458  }
459 
460  $adjustment_type = $form->getInput('type');
461  foreach ((array) $roles as $role_id) {
462  if ($role_id !== $source) {
463  $start_obj = $this->rbac_review->getRoleFolderOfRole($role_id);
464  $this->logger->debug('Start object: ' . $start_obj);
465 
466  switch ($adjustment_type) {
467  case self::COPY_ADD_PERMISSIONS:
468  $change_existing = (bool) $form->getInput('add_ce_type');
469  $this->doAddRolePermissions(
470  $source,
471  $role_id
472  );
473  if ($change_existing) {
474  $this->doChangeExistingObjects(
475  $start_obj,
476  $role_id,
477  \ilObjRole::MODE_ADD_OPERATIONS,
478  $source
479  );
480  }
481  break;
482  case self::COPY_CLONE_PERMISSIONS:
483  $change_existing = (bool) $form->getInput('clone_ce_type');
484  $this->doCopyRole(
485  $source,
486  $role_id
487  );
488  if ($change_existing) {
489  $this->doChangeExistingObjects(
490  $start_obj,
491  $role_id,
492  \ilObjRole::MODE_READ_OPERATIONS,
493  $source
494  );
495  }
496  break;
497  case self::COPY_REMOVE_PERMISSIONS:
498  $change_existing = (bool) $form->getInput('remove_ce_type');
499  $this->doRemoveRolePermissions(
500  $source,
501  $role_id
502  );
503  if ($change_existing) {
504  $this->doChangeExistingObjects(
505  $start_obj,
506  $role_id,
507  \ilObjRole::MODE_REMOVE_OPERATIONS,
508  $source
509  );
510  }
511  break;
512  }
513  }
514 
515  $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_copy_finished'), true);
516  $this->ctrl->redirect($this, 'view');
517  }
518  }
519 
523  protected function doAddRolePermissions(int $source, int $target): void
524  {
525  $source_definition = $this->rbac_review->getRoleFolderOfRole($source);
526  $this->rbacadmin->copyRolePermissionUnion(
527  $source,
528  $source_definition,
529  $target,
530  $this->rbac_review->getRoleFolderOfRole($target),
531  $target,
532  $this->rbac_review->getRoleFolderOfRole($target)
533  );
534  }
535 
539  protected function removeRolePermissionsObject(): void
540  {
541  // Finally copy role/rolt
542  $roles = $this->initRolesFromPOST();
543  $source = $this->initCopySourceFromGET();
544 
545  $form = $this->initCopyBehaviourForm();
546  if ($form->checkInput()) {
547  foreach ((array) $roles as $role_id) {
548  if ($role_id !== $source) {
549  $this->doRemoveRolePermissions($source, $role_id);
550  }
551  }
552  $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_copy_finished'), true);
553  $this->ctrl->redirect($this, 'view');
554  }
555  }
556 
560  protected function doRemoveRolePermissions(int $source, int $target): void
561  {
562  $this->logger->debug('Remove permission source: ' . $source);
563  $this->logger->debug('Remove permission target: ' . $target);
564  $source_obj = $this->rbac_review->getRoleFolderOfRole($source);
565  $this->rbacadmin->copyRolePermissionSubtract(
566  $source,
567  $source_obj,
568  $target,
569  $this->rbac_review->getRoleFolderOfRole($target)
570  );
571  }
572 
576  protected function doCopyRole(int $source, int $target): void
577  {
578  $target_obj = $this->rbac_review->getRoleFolderOfRole($target);
579  $source_obj = $this->rbac_review->getRoleFolderOfRole($source);
580  // Copy role template permissions
581  $this->rbacadmin->copyRoleTemplatePermissions(
582  $source,
583  $source_obj,
584  $target_obj,
585  $target
586  );
587  }
588 
592  protected function doChangeExistingObjects(
593  int $a_start_obj,
594  int $a_target_role,
595  int $a_operation_mode,
596  int $a_source_role
597  ): void {
598  if (!$a_start_obj) {
599  $this->logger->warning('Missing parameter start object.');
600  $this->logger->logStack(\ilLogLevel::WARNING);
601  throw new InvalidArgumentException('Missing parameter: start object');
602  }
603  // the mode is unchanged and read out from the target object
604  $target_ref_id = $this->rbac_review->getRoleFolderOfRole($a_target_role);
605  if ($this->rbac_review->isProtected($target_ref_id, $a_target_role)) {
606  $mode = \ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES;
607  } else {
608  $mode = \ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES;
609  }
610  $operation_stack = [];
611  if ($a_operation_mode !== \ilObjRole::MODE_READ_OPERATIONS) {
612  $operation_stack[] = $this->rbac_review->getAllOperationsOfRole($a_source_role, $this->ref_id);
613  }
614  $this->logger->debug('Current operation stack');
615  $this->logger->dump($operation_stack, ilLogLevel::DEBUG);
616 
617  $role = new ilObjRole($a_target_role);
618  $role->changeExistingObjects(
619  $a_start_obj,
620  $mode,
621  ['all'],
622  [],
623  $a_operation_mode,
624  $operation_stack
625  );
626  }
627 
631  protected function applyFilterObject(): void
632  {
633  $table = new ilRoleTableGUI($this, 'view');
634  $table->init();
635  $table->resetOffset();
636  $table->writeFilterToSession();
637 
638  $this->viewObject();
639  }
640 
644  public function resetFilterObject(): void
645  {
646  $table = new ilRoleTableGUI($this, 'view');
647  $table->init();
648  $table->resetOffset();
649  $table->resetFilter();
650 
651  $this->viewObject();
652  }
653 
657  protected function confirmDeleteObject(): void
658  {
659  $roles = $this->initRolesFromPOST();
660  if ($roles === []) {
661  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
662  $this->ctrl->redirect($this, 'view');
663  }
664 
665  $question = $this->lng->txt('rbac_role_delete_qst');
666 
667  $confirm = new ilConfirmationGUI();
668  $confirm->setHeaderText($question);
669  $confirm->setFormAction($this->ctrl->getFormAction($this));
670  $confirm->setHeaderText($this->lng->txt("info_delete_sure"));
671  $confirm->setConfirm($this->lng->txt('delete'), 'deleteRole');
672  $confirm->setCancel($this->lng->txt('cancel'), 'cancel');
673 
674  foreach ($roles as $role_id) {
675  $confirm->addItem(
676  'roles[]',
677  (string) $role_id,
678  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id))
679  );
680  }
681  $this->tpl->setContent($confirm->getHTML());
682  }
683 
687  protected function deleteRoleObject(): void
688  {
689  if (!$this->rbac_system->checkAccess('delete', $this->object->getRefId())) {
690  $this->error->raiseError(
691  $this->lng->txt('msg_no_perm_delete'),
692  $this->error->MESSAGE
693  );
694  }
695 
696  foreach ($this->initRolesFromPOST() as $id) {
697  // instatiate correct object class (role or rolt)
698  $obj = ilObjectFactory::getInstanceByObjId($id, false);
699 
700  if ($obj->getType() == "role") {
701  $rolf_arr = $this->rbac_review->getFoldersAssignedToRole($obj->getId(), true);
702  $obj->setParent($rolf_arr[0]);
703  }
704 
705  $obj->delete();
706  }
707 
708  // set correct return location if rolefolder is removed
709  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_deleted_roles_rolts"), true);
710  $this->ctrl->redirect($this, 'view');
711  }
712 
719  public function getAdminTabs(): void
720  {
721  if ($this->checkPermissionBool("visible,read")) {
722  $this->tabs_gui->addTarget(
723  "view",
724  $this->ctrl->getLinkTarget($this, "view"),
725  ["", "view"],
726  get_class($this)
727  );
728 
729  $this->tabs_gui->addTarget(
730  "settings",
731  $this->ctrl->getLinkTarget($this, "editSettings"),
732  ["editSettings"],
733  get_class($this)
734  );
735  }
736 
737  if ($this->checkPermissionBool("edit_permission")) {
738  $this->tabs_gui->addTarget(
739  "perm_settings",
740  $this->ctrl->getLinkTargetByClass(
741  [get_class($this), 'ilpermissiongui'],
742  "perm"
743  ),
744  "",
745  "ilpermissiongui"
746  );
747  }
748  }
749 
750  public function editSettingsObject(ilPropertyFormGUI $a_form = null): void
751  {
752  if ($a_form === null) {
753  $a_form = $this->initSettingsForm();
754  }
755 
756  $this->tpl->setContent($a_form->getHTML());
757  }
758 
759  public function saveSettingsObject(): void
760  {
761  global $DIC;
762 
763  $user = $DIC->user();
764 
765  if (!$this->checkPermissionBool("write")) {
766  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
767  }
768 
769  $form = $this->initSettingsForm();
770  if ($form->checkInput()) {
771  $privacy = ilPrivacySettings::getInstance();
772  $privacy->enableRbacLog((bool) $form->getInput('rbac_log'));
773  $privacy->setRbacLogAge((int) $form->getInput('rbac_log_age'));
774  $privacy->save();
775 
776  if ($this->rbac_review->isAssigned($user->getId(), SYSTEM_ROLE_ID)) {
777  $security = ilSecuritySettings::_getInstance();
778  $security->protectedAdminRole((bool) $form->getInput('admin_role'));
779  $security->save();
780  }
781  $this->tpl->setOnScreenMessage('success', $this->lng->txt("settings_saved"), true);
782  $this->ctrl->redirect($this, "editSettings");
783  }
784 
785  $form->setValuesByPost();
786  $this->editSettingsObject($form);
787  }
788 
789  protected function initSettingsForm(): ilPropertyFormGUI
790  {
791  global $DIC;
792 
793  $user = $DIC->user();
794 
795  $this->lng->loadLanguageModule('ps');
796 
797  $privacy = ilPrivacySettings::getInstance();
798  $security = ilSecuritySettings::_getInstance();
799 
800  $form = new ilPropertyFormGUI();
801  $form->setFormAction($this->ctrl->getFormAction($this, "saveSettings"));
802  $form->setTitle($this->lng->txt('settings'));
803 
804  // protected admin
805  $admin = new ilCheckboxInputGUI($GLOBALS['DIC']['lng']->txt('adm_adm_role_protect'), 'admin_role');
806  $admin->setDisabled(!$this->rbac_review->isAssigned($user->getId(), SYSTEM_ROLE_ID));
807  $admin->setInfo($this->lng->txt('adm_adm_role_protect_info'));
808  $admin->setChecked($security->isAdminRoleProtected());
809  $admin->setValue((string) 1);
810  $form->addItem($admin);
811 
812  $check = new ilCheckboxInputGUI($this->lng->txt('rbac_log'), 'rbac_log');
813  $check->setInfo($this->lng->txt('rbac_log_info'));
814  $check->setChecked($privacy->enabledRbacLog());
815  $form->addItem($check);
816 
817  $age = new ilNumberInputGUI($this->lng->txt('rbac_log_age'), 'rbac_log_age');
818  $age->setInfo($this->lng->txt('rbac_log_age_info'));
819  $age->setValue((string) $privacy->getRbacLogAge());
820  $age->setMinValue(1);
821  $age->setMaxValue(24);
822  $age->setSize(2);
823  $age->setMaxLength(2);
824  $check->addSubItem($age);
825 
826  $form->addCommandButton('saveSettings', $this->lng->txt('save'));
827 
828  return $form;
829  }
830 
831  public function addToExternalSettingsForm(int $a_form_id): array
832  {
833  switch ($a_form_id) {
834  case ilAdministrationSettingsFormHandler::FORM_SECURITY:
835 
836  $security = ilSecuritySettings::_getInstance();
837 
838  $fields = ['adm_adm_role_protect' => [$security->isAdminRoleProtected(),
839  ilAdministrationSettingsFormHandler::VALUE_BOOL
840  ]
841  ];
842 
843  return [["editSettings", $fields]];
844 
845  case ilAdministrationSettingsFormHandler::FORM_PRIVACY:
846 
847  $privacy = ilPrivacySettings::getInstance();
848 
849  $subitems = null;
850  if ($privacy->enabledRbacLog()) {
851  $subitems = ['rbac_log_age' => $privacy->getRbacLogAge()];
852  }
853  $fields = ['rbac_log' => [$privacy->enabledRbacLog(),
854  ilAdministrationSettingsFormHandler::VALUE_BOOL,
855  $subitems
856  ]
857  ];
858 
859  return [["editSettings", $fields]];
860  }
861  return [];
862  }
863 } // END class.ilObjRoleFolderGUI
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
ilObjRoleFolderGUI\editSettingsObject
editSettingsObject(ilPropertyFormGUI $a_form=null)
Definition: class.ilObjRoleFolderGUI.php:750
ilObjRoleFolderGUI\confirmDeleteObject
confirmDeleteObject()
Confirm deletion of roles.
Definition: class.ilObjRoleFolderGUI.php:657
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:301
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilObjRoleFolderGUI\getAdminTabs
getAdminTabs()
Add role folder tabs.
Definition: class.ilObjRoleFolderGUI.php:719
ilObjRoleFolderGUI\__construct
__construct($a_data, int $a_id, bool $a_call_by_reference)
Constructor public.
Definition: class.ilObjRoleFolderGUI.php:50
ilObjRoleFolderGUI\addToExternalSettingsForm
addToExternalSettingsForm(int $a_form_id)
Definition: class.ilObjRoleFolderGUI.php:831
ilObjRole\MODE_REMOVE_OPERATIONS
const MODE_REMOVE_OPERATIONS
Definition: class.ilObjRole.php:35
ilObjRoleFolderGUI
Class ilObjRoleFolderGUI.
Definition: class.ilObjRoleFolderGUI.php:32
ilRoleTableGUI
TableGUI for the presentation og roles and role templates.
Definition: class.ilRoleTableGUI.php:26
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObjRole\MODE_READ_OPERATIONS
const MODE_READ_OPERATIONS
Definition: class.ilObjRole.php:34
ilObjRoleFolderGUI\doRemoveRolePermissions
doRemoveRolePermissions(int $source, int $target)
do add role permission
Definition: class.ilObjRoleFolderGUI.php:560
ilHiddenInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilHiddenInputGUI.php:26
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:57
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:831
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:30
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:46
$DIC
global $DIC
Definition: shib_login.php:25
ilObjRoleFolderGUI\initRoleSearchForm
initRoleSearchForm()
Init role search form.
Definition: class.ilObjRoleFolderGUI.php:234
ilObjRoleFolderGUI\removeRolePermissionsObject
removeRolePermissionsObject()
Remove role permissions.
Definition: class.ilObjRoleFolderGUI.php:539
ilObjRoleFolderGUI\applyFilterObject
applyFilterObject()
Apply role filter.
Definition: class.ilObjRoleFolderGUI.php:631
ilObjRoleFolderGUI\doCopyRole
doCopyRole(int $source, int $target)
Perform copy of role.
Definition: class.ilObjRoleFolderGUI.php:576
ilObjectGUI\checkPermissionBool
checkPermissionBool(string $perm, string $cmd="", string $type="", ?int $ref_id=null)
Definition: class.ilObjectGUI.php:1960
ilObjRole\MODE_ADD_OPERATIONS
const MODE_ADD_OPERATIONS
Definition: class.ilObjRole.php:33
ilObjRoleFolderGUI\resetFilterObject
resetFilterObject()
Reset role filter.
Definition: class.ilObjRoleFolderGUI.php:644
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilObjRoleFolderGUI\chooseCopyBehaviourObject
chooseCopyBehaviourObject(?ilPropertyFormGUI $form=null)
Choose option for copying roles/role templates.
Definition: class.ilObjRoleFolderGUI.php:307
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjRoleFolderGUI\doAddRolePermissions
doAddRolePermissions(int $source, int $target)
do add role permission
Definition: class.ilObjRoleFolderGUI.php:523
$check
$check
Definition: buildRTE.php:81
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30
ilObjRoleFolderGUI\roleSearchFormObject
roleSearchFormObject()
Parse search query.
Definition: class.ilObjRoleFolderGUI.php:253
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilObjectGUI\checkPermission
checkPermission(string $perm, string $cmd="", string $type="", ?int $ref_id=null)
Definition: class.ilObjectGUI.php:1936
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:393
ilObjRoleFolderGUI\doChangeExistingObjects
doChangeExistingObjects(int $a_start_obj, int $a_target_role, int $a_operation_mode, int $a_source_role)
Do change existing objects.
Definition: class.ilObjRoleFolderGUI.php:592
ilObjRoleFolderGUI\initCopyBehaviourForm
initCopyBehaviourForm()
Show copy behaviour form.
Definition: class.ilObjRoleFolderGUI.php:326
ilObjRoleFolderGUI\roleSearchObject
roleSearchObject()
Search target roles.
Definition: class.ilObjRoleFolderGUI.php:206