New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

Inheritance diagram for ilPermissionGUI:

Collaboration diagram for ilPermissionGUI:

Public Member Functions
	__construct ($a_gui_obj)
	Constructor. More...

	executeCommand ()
	Execute command. More...

	getCurrentObject ()
	Get current object. More...

	perm (ilTable2GUI $table=NULL)
	show permission table More...

	applyRoleFilter ($a_roles, $a_filter_id)
	Apply filter to roles. More...

Public Member Functions inherited from ilPermission2GUI
	__construct ($a_gui_obj)

	permSave ()
	save permissions More...

	addRole ()
	adds a local role This method is only called when choose the option 'you may add local roles'. More...

&	__initTableGUI ()

	__setTableGUIBasicData (&$tbl, &$result_set, $a_from="")
	standard implementation for tables use 'from' variable use different initial setting of table More...

	__buildRoleFilterSelect ()

	__filterRoles ($a_roles, $a_filter)

	owner ()

	changeOwner ()

	info ()

	__initSubTabs ($a_cmd)

	getRolesData ()

	__showPermissionsGeneralSection ()

	__showPermissionsObjectSection ()

	__showPermissionsRBACSection ()

	__showPermissionsCreateSection ()

	log ()

	applyLogFilter ()

	resetLogFilter ()

Static Public Member Functions
static	hasContainerCommands ($a_type)
	Check if container commands are possible for the current object type. More...

Protected Member Functions
	confirmTemplateSwitch ()
	Called after toolbar action applyTemplateSwitch. More...

	isAdminRoleFolder ()
	Check of current location is administration (main) role folder. More...

	isAdministrationObject ()

	isInAdministration ()
	Check if node is subobject of administration folder. More...

	applyFilter ()
	Apply filter. More...

	resetFilter ()
	Reset filter. More...

	savePermissions ()
	Save permissions. More...

	showConfirmBlockRole ($a_roles)
	Show block role confirmation screen. More...

	blockRoles ()
	Block role. More...

	initRoleFolder ($a_create=false)
	Init role folder of object. More...

	displayImportRoleForm (ilPropertyFormGUI $form=null)
	Show import form. More...

	doImportRole ()
	Perform import. More...

	initImportForm ()
	init import form More...

	initRoleForm ()
	Shoew add role type $rbacreview type $objDefinition. More...

	displayAddRoleForm ()
	Show add role form. More...

Protected Attributes
	$current_obj = null

Protected Attributes inherited from ilPermission2GUI
	$gui_obj = null

	$ilErr = null

	$ctrl = null

	$lng = null

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e; Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de

Version: $Id$

ilPermissionGUI: ilObjRoleGUI, ilRepositorySearchGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

◆ __construct()

ilPermissionGUI::__construct ( $a_gui_obj )

Constructor.

Parameters

object $a_gui_obj

Returns

Definition at line 28 of file class.ilPermissionGUI.php.

         {
                 parent::__construct($a_gui_obj);
         }

Member Function Documentation

◆ applyFilter()

ilPermissionGUI::applyFilter ( )

protected

Apply filter.

Returns

Definition at line 178 of file class.ilPermissionGUI.php.

References getCurrentObject(), and perm().

         {
                 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
                 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
                 $table->resetOffset();
                 $table->writeFilterToSession();
                 return $this->perm($table);
         }

Here is the call graph for this function:

◆ applyRoleFilter()

ilPermissionGUI::applyRoleFilter	(	$a_roles,
		$a_filter_id
	)

Apply filter to roles.

Parameters

int $a_filter_id

Returns

Definition at line 206 of file class.ilPermissionGUI.php.

References ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

         {
                 global $rbacreview;
                 
                 // Always delete administrator role from view
                 if(isset($a_roles[SYSTEM_ROLE_ID]))
                 {
                         unset($a_roles[SYSTEM_ROLE_ID]);
                 }
 
                 switch ($a_filter_id)
                 {
                         // all roles in context
                         case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
 
                                 return $a_roles;
                         
                         // only global roles
                         case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
         
                                 $arr_global_roles = $rbacreview->getGlobalRoles();
                                 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
 
                                 foreach ($arr_remove_roles as $role_id)
                                 {
                                         unset($a_roles[$role_id]);
                                 }
                                 return $a_roles;
 
                         // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
                         case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
                                 $arr_global_roles = $rbacreview->getGlobalRoles();
 
                                 foreach ($arr_global_roles as $role_id)
                                 {
                                         unset($a_roles[$role_id]);
                                 }
                                 
                                 return $a_roles;
                                 break;
                                 
                         // only roles which use a local policy
                         case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY: 
                                 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
                 
                                 if (!$role_folder)
                                 {
                                         return array();
                                 }
                                 
                                 $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"]);
                                 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
 
                                 foreach ($arr_remove_roles as $role_id)
                                 {
                                         unset($a_roles[$role_id]);
                                 }
 
                                 return $a_roles;
                                 
                         // only true local role defined at current position
                         case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
                                 
                                 $role_folder = $rbacreview->getRoleFolderOfObject($this->gui_obj->object->getRefId());
                 
                                 if (!$role_folder)
                                 {
                                         return array();
                                 }
                                 
                                 $arr_local_roles = $rbacreview->getRolesOfRoleFolder($role_folder["ref_id"],false);
                                 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
 
                                 foreach ($arr_remove_roles as $role_id)
                                 {
                                         unset($a_roles[$role_id]);
                                 }
 
                                 return $a_roles;
                                 
                         default:
                                 return $a_roles;
                 }
         }

Here is the caller graph for this function:

◆ blockRoles()

ilPermissionGUI::blockRoles ( )

protected

Block role.

Returns

Definition at line 474 of file class.ilPermissionGUI.php.

References $_POST, getCurrentObject(), and ilUtil\sendInfo().

         {
                 global $rbacadmin,$rbacreview;
                 
                 $rolf = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
                 
                 $p_roles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId());
                 
                 $roles = $_POST['roles'];
                 foreach($roles as $role)
                 {
                         // Set assign to 'y' only if it is a local role
                         $assign = $rbacreview->isAssignable($role, $rolf) ? 'y' : 'n';
 
                         // Delete permissions
                         $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
                         
                         // Delete template permissions
                         $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
 
                         
                         $rbacadmin->assignRoleToFolder(
                                 $role,
                                 $rolf,
                                 $assign
                         );
                 }
                 
                 ilUtil::sendInfo($this->lng->txt('settings_saved'));
                 $this->ctrl->redirect($this,'perm');
         }

Here is the call graph for this function:

◆ confirmTemplateSwitch()

ilPermissionGUI::confirmTemplateSwitch ( )

protected

Called after toolbar action applyTemplateSwitch.

Definition at line 95 of file class.ilPermissionGUI.php.

         {
                 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
                 $this->ctrl->setReturn($this,'perm');
                 $this->ctrl->setCmdClass('ildidactictemplategui');
                 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
                 $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
         }

◆ displayAddRoleForm()

ilPermissionGUI::displayAddRoleForm ( )

protected

Show add role form.

Definition at line 717 of file class.ilPermissionGUI.php.

References $GLOBALS, and initRoleForm().

         {
                 $GLOBALS['ilTabs']->clearTargets();
 
                 $form = $this->initRoleForm();
                 $this->tpl->setContent($form->getHTML());
         }

Here is the call graph for this function:

◆ displayImportRoleForm()

ilPermissionGUI::displayImportRoleForm ( ilPropertyFormGUI $form = null )

protected

Show import form.

Parameters

ilPropertyFormGUI $form

Definition at line 541 of file class.ilPermissionGUI.php.

References $GLOBALS, and initImportForm().

Referenced by doImportRole().

         {
                 $GLOBALS['ilTabs']->clearTargets();
                 
                 if(!$form)
                 {
                         $form = $this->initImportForm();
                 }
                 $GLOBALS['tpl']->setContent($form->getHTML());
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ doImportRole()

ilPermissionGUI::doImportRole ( )

protected

Perform import.

Definition at line 555 of file class.ilPermissionGUI.php.

References $GLOBALS, displayImportRoleForm(), getCurrentObject(), initImportForm(), isAdminRoleFolder(), ilUtil\sendFailure(), and ilUtil\sendSuccess().

         {
                 global $rbacreview;
                 
                 $form = $this->initImportForm();
                 if($form->checkInput())
                 {
                         try {
                         
                                 include_once './Services/Export/classes/class.ilImport.php';
                                 
                                 // For global roles set import id to parent of current ref_id (adm)
                                 if($this->isAdminRoleFolder())
                                 {
                                         $parent_ref = $GLOBALS['tree']->getParentId($this->getCurrentObject()->getRefId());
                                 }
                                 else
                                 {
                                         $parent_ref = $this->getCurrentObject()->getRefId();
                                 }
                                 
                                 $imp = new ilImport($parent_ref);
                                 $imp->getMapping()->addMapping(
                                                 'Services/AccessControl', 
                                                 'rolf', 
                                                 0, 
                                                 $rbacreview->getRoleFolderIdOfObject($parent_ref)
                                 );
 
                                 $imp->importObject(
                                                 null, 
                                                 $_FILES["importfile"]["tmp_name"],
                                                 $_FILES["importfile"]["name"],
                                                 'role'
                                 );
                                 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'),true);
                                 $this->ctrl->redirect($this,'perm');
                                 return;
                         }
                         catch(Exception $e)
                         {
                                 ilUtil::sendFailure($e->getMessage());
                                 $form->setValuesByPost();
                                 $this->displayImportRoleForm($form);
                                 return;
                         }
                 }
                 $form->setValuesByPost();
                 ilUtil::sendFailure($this->lng->txt('err_check_input'));
                 $this->displayImportRoleForm($form);
         }

Here is the call graph for this function:

◆ executeCommand()

ilPermissionGUI::executeCommand ( )

Execute command.

Returns

Definition at line 37 of file class.ilPermissionGUI.php.

References $_GET, $cmd, ilPermission2GUI\$ilErr, and $ret.

         {
                 global $rbacsystem, $ilErr;
 
                 // access to all functions in this class are only allowed if edit_permission is granted
                 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
                 {
                         $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
                 }
 
                 $next_class = $this->ctrl->getNextClass($this);
 
                 switch($next_class)
                 {
                         case "ilobjrolegui":
                                 $this->ctrl->setReturn($this,'perm');
                                 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
                                 $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
                                 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
                                 $ret = $this->ctrl->forwardCommand($this->gui_obj);
                                 break;
 
                         case 'ildidactictemplategui':
                                 $this->ctrl->setReturn($this,'perm');
                                 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
                                 $did = new ilDidacticTemplateGUI($this->gui_obj);
                                 $this->ctrl->forwardCommand($did);
                                 break;
                         
                         case 'ilrepositorysearchgui':
                                 // used for owner autocomplete
                                 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
                                 $rep_search = new ilRepositorySearchGUI();
                                 $this->ctrl->forwardCommand($rep_search);
                                 break;
                                 
                         default:
                                 $cmd = $this->ctrl->getCmd();
                                 $this->$cmd();
                                 break;
                 }
 
                 return true;
         }

◆ getCurrentObject()

ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns: ilObject

Definition at line 87 of file class.ilPermissionGUI.php.

Referenced by applyFilter(), blockRoles(), doImportRole(), initRoleFolder(), isAdministrationObject(), isAdminRoleFolder(), isInAdministration(), perm(), resetFilter(), and savePermissions().

         {
                 return $this->gui_obj->object;
         }

Here is the caller graph for this function:

◆ hasContainerCommands()

static ilPermissionGUI::hasContainerCommands ( $a_type )

static

Check if container commands are possible for the current object type.

Parameters

object $a_type

Returns

Definition at line 530 of file class.ilPermissionGUI.php.

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

         {
                 global $objDefinition;
                 
                 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
         }

Here is the caller graph for this function:

◆ initImportForm()

ilPermissionGUI::initImportForm ( )

protected

init import form

Definition at line 610 of file class.ilPermissionGUI.php.

References ilFileInputGUI\setSuffixes().

Referenced by displayImportRoleForm(), and doImportRole().

         {
                 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
                 $form = new ilPropertyFormGUI();
                 $form->setFormAction($this->ctrl->getFormAction($this));
                 $form->setTitle($this->lng->txt('rbac_import_role'));
                 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
                 $form->addCommandButton('perm', $this->lng->txt('cancel'));
                 
                 $zip = new ilFileInputGUI($this->lng->txt('import_file'),'importfile');
                 $zip->setSuffixes(array('zip'));
                 $form->addItem($zip);
                 
                 return $form;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initRoleFolder()

ilPermissionGUI::initRoleFolder ( $a_create = false )

protected

Init role folder of object.

Parameters

object $a_create [optional]

Returns

Definition at line 511 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by savePermissions().

         {
                 global $rbacreview;
                 
                 $rolf_id = $rbacreview->getRoleFolderIdOfObject($this->getCurrentObject()->getRefId());
                 
                 if($rolf_id)
                 {
                         return $rolf_id;
                 }
                 $rolf = $this->getCurrentObject()->createRoleFolder();
                 return $rolf->getRefId();
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ initRoleForm()

ilPermissionGUI::initRoleForm ( )

protected

Shoew add role type $rbacreview type $objDefinition.

Returns: ilPropertyFormGUI

Definition at line 632 of file class.ilPermissionGUI.php.

References ilObjRole\_getTranslation(), ilUtil\_sortIds(), isInAdministration(), ilTextAreaInputGUI\setCols(), ilFormPropertyGUI\setInfo(), ilTextInputGUI\setValidationRegexp(), and ilUtil\sortArray().

Referenced by displayAddRoleForm().

     {
                 global $rbacreview,$objDefinition;
                 
                 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
                 $form = new ilPropertyFormGUI();
                 $form->setFormAction($this->ctrl->getFormAction($this));
                 $form->setTitle($this->lng->txt('role_new'));
                 $form->addCommandButton('addrole',$this->lng->txt('role_new'));
                 $form->addCommandButton('perm', $this->lng->txt('cancel'));
 
                 $title = new ilTextInputGUI($this->lng->txt('title'),'title');
                 $title->setValidationRegexp('/^(?!il_).*$/');
                 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
                 $title->setSize(40);
                 $title->setMaxLength(70);
                 $title->setRequired(true);
                 $form->addItem($title);
 
                 $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
                 $desc->setCols(40);
                 $desc->setRows(3);
                 $form->addItem($desc);
 
                 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
                 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
                 $pro->setValue(1);
                 $form->addItem($pro);
 
                 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
                 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
                 $pd->setValue(1);
                 $form->addItem($pd);
 
                 
                 if(!$this->isInAdministration())
                 {
                         $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
                         $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
                         $rights->addOption($option);
 
                         $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
                         $ids = array();
                         foreach($parent_role_ids as $id => $tmp)
                         {
                                 $ids[] = $id;
                         }
 
                         // Sort ids
                         $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
 
                         // Sort roles by title
                         $sorted_roles = ilUtil::sortArray(array_values($parent_role_ids), 'title', ASC);
                         $key = 0;
 
                         foreach($sorted_ids as $id)
                         {
                                 $par = $parent_role_ids[$id];
                                 if ($par["obj_id"] != SYSTEM_ROLE_ID)
                                 {
                                         include_once './Services/AccessControl/classes/class.ilObjRole.php';
                                         $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
                                         $option->setInfo($par["desc"]);
                                         $rights->addOption($option);
                                 }
                                 $key++;
                         }
                         $form->addItem($rights);
                 }
 
                 // Local policy only for containers
                 if($objDefinition->isContainer($this->getCurrentObject()->getType()))
                 {
                         $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
                         $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
                         $form->addItem($check);
                         
                 }
         
                 return $form;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isAdministrationObject()

ilPermissionGUI::isAdministrationObject ( )

protected

Definition at line 159 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by perm().

         {
                 return $this->getCurrentObject()->getType() == 'adm';
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isAdminRoleFolder()

ilPermissionGUI::isAdminRoleFolder ( )

protected

Check of current location is administration (main) role folder.

Returns

Definition at line 154 of file class.ilPermissionGUI.php.

References getCurrentObject().

Referenced by doImportRole(), and perm().

         {
                 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isInAdministration()

ilPermissionGUI::isInAdministration ( )

protected

Check if node is subobject of administration folder.

Returns: type

Definition at line 168 of file class.ilPermissionGUI.php.

References $GLOBALS, and getCurrentObject().

Referenced by initRoleForm().

         {
                 return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID,$this->getCurrentObject()->getRefId());
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ perm()

ilPermissionGUI::perm ( ilTable2GUI $table = NULL )

show permission table

Returns

Definition at line 109 of file class.ilPermissionGUI.php.

References ilPermission2GUI\__initSubTabs(), getCurrentObject(), isAdministrationObject(), and isAdminRoleFolder().

Referenced by applyFilter(), resetFilter(), and savePermissions().

         {
                 global $objDefinition, $ilToolbar;
 
                 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
                 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
                 if($dtpl->appendToolbarSwitch(
                         $ilToolbar,
                         $this->getCurrentObject()->getType(),
                         $this->getCurrentObject()->getRefId()
                 ))
                 {
                         $ilToolbar->addSeparator();
                 }
                 
                 if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
                         !$this->isAdministrationObject()
                 )
                 {
                         $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
 
                         if(!$this->isAdminRoleFolder())
                         {
                                 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
                         }
                         $ilToolbar->addButton($this->lng->txt('rbac_import_role'),$this->ctrl->getLinkTarget($this,'displayImportRoleForm'));
                 }
 
                 $this->__initSubTabs("perm");
                 
                 if(!$table instanceof ilTable2GUI)
                 {
                         include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
                         $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
                 }
                 $table->parse();
                 $this->tpl->setContent($table->getHTML());
         }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ resetFilter()

ilPermissionGUI::resetFilter ( )

protected

Reset filter.

Returns

Definition at line 191 of file class.ilPermissionGUI.php.

References getCurrentObject(), and perm().

         {
                 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
                 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
                 $table->resetOffset();
                 $table->resetFilter();
                 
                 return $this->perm($table);
         }

Here is the call graph for this function:

◆ savePermissions()

ilPermissionGUI::savePermissions ( )

protected

Save permissions.

Returns

Definition at line 295 of file class.ilPermissionGUI.php.

References $_POST, $log, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), hasContainerCommands(), initRoleFolder(), ilRbacReview\lookupCreateOperationIds(), perm(), ilUtil\sendSuccess(), and showConfirmBlockRole().

         {
                 global $rbacreview,$objDefinition,$rbacadmin;
                 
                 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
                 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
                 
                 $roles = $this->applyRoleFilter(
                         $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
                         $table->getFilterItemByPostVar('role')->getValue()
                 );
                 
                 // Log history
                 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
                 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
                 
 
                 # all possible create permissions 
                 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
                         $this->getCurrentObject()->getType(), 
                         'create'
                 );
                 
                 # createable (activated) create permissions
                 $create_types = $objDefinition->getCreatableSubObjects(
                         $this->getCurrentObject()->getType()
                 );
                 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
 
                 foreach((array) $roles as $role => $role_data)
                 {
                         if($role_data['protected'])
                         {
                                 continue;
                         }
 
                         $new_ops = array_keys((array) $_POST['perm'][$role]);
                         $old_ops = $rbacreview->getRoleOperationsOnObject(
                                 $role,
                                 $this->getCurrentObject()->getRefId()
                         );
                         
                         // Add operations which were enabled and are not activated.
                         foreach($possible_ops_ids as $create_ops_id)
                         {
                                 if(in_array($create_ops_id,$createable_ops_ids))
                                 {
                                         continue;
                                 }
                                 if(in_array($create_ops_id,$old_ops))
                                 {
                                         $new_ops[] = $create_ops_id;
                                 }
                         }
                         
                         $rbacadmin->revokePermission(
                                 $this->getCurrentObject()->getRefId(),
                                 $role
                         );
                         
                         $rbacadmin->grantPermission(
                                 $role,
                                 array_unique($new_ops),
                                 $this->getCurrentObject()->getRefId()
                         );
                 }
                 
                 // Handle local policies.
                 $rolf_id = $this->initRoleFolder(count((array) $_POST['inherit']) ? true : false);
                 $relevant_roles = array_intersect(
                         $rbacreview->getRolesOfRoleFolder($rolf_id),
                         array_keys($roles)
                 );
                 
                 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
                 {
                         foreach($roles as $role)
                         {
                                 // No action for local roles
                                 if($role['parent'] == $rolf_id and $role['assign'] == 'y')
                                 {
                                         continue;
                                 }
                                 // Nothing for protected roles
                                 if($role['protected'])
                                 {
                                         continue;
                                 }
                                 // Stop local policy
                                 if($role['parent'] == $rolf_id and !isset($_POST['inherit'][$role['obj_id']]))
                                 {
                                         $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
                                         $role_obj->setParent($rolf_id);
                                         $role_obj->delete();
                                         continue;
                                 }
                                 // Add local policy
                                 if($role['parent'] != $rolf_id and isset($_POST['inherit'][$role['obj_id']]))
                                 {
                                         $rbacadmin->copyRoleTemplatePermissions(
                                                 $role['obj_id'], 
                                                 $role['parent'],
                                                 $rolf_id, 
                                                 $role['obj_id']
                                         );
                                         $rbacadmin->assignRoleToFolder($role['obj_id'],$rolf_id,'n');
                                 }
                         }
                 }
                 
                 // Protect permissions
                 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
                 {
                         foreach($roles as $role)
                         {
                                 if($rbacreview->isAssignable($role['obj_id'], $rolf_id))
                                 {
                                         if(isset($_POST['protect'][$role['obj_id']]) and 
                                                 !$rbacreview->isProtected($rolf_id, $role['obj_id']))
                                         {
                                                 $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'y');
                                         }
                                         elseif(!isset($_POST['protect'][$role['obj_id']]) and 
                                                 $rbacreview->isProtected($rolf_id, $role['obj_id']))
                                         {
                                                 $rbacadmin->setProtected($rolf_id, $role['obj_id'], 'n');
                                         }
                                 }
                         }
                 }
                 
                 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
                 $log = ilRbacLog::diffFaPa($log_old, $log_new);
                 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
                 
                 if(count((array) $_POST['block']))
                 {
                         return $this->showConfirmBlockRole(array_keys($_POST['block']));
                 }
                 
                 
                 ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
                 #$this->ctrl->redirect($this,'perm');
                 $this->perm();
         }

Here is the call graph for this function:

◆ showConfirmBlockRole()

ilPermissionGUI::showConfirmBlockRole ( $a_roles )

protected

Show block role confirmation screen.

Parameters

array $a_roles

Returns

Definition at line 446 of file class.ilPermissionGUI.php.

References ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

         {
                 ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
                 
                 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
                 $confirm = new ilConfirmationGUI();
                 $confirm->setFormAction($this->ctrl->getFormAction($this));
                 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
                 $confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
                 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
                 
                 foreach($a_roles as $role_id)
                 {
                         include_once './Services/AccessControl/classes/class.ilObjRole.php';
                         $confirm->addItem(
                                 'roles[]',
                                 $role_id, 
                                 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
                 }
                 
                 $this->tpl->setContent($confirm->getHTML());
                 
         }

Here is the call graph for this function:

Here is the caller graph for this function:

Field Documentation

◆ $current_obj

ilPermissionGUI::$current_obj = null

protected

Definition at line 21 of file class.ilPermissionGUI.php.

The documentation for this class was generated from the following file:

Services/AccessControl/classes/class.ilPermissionGUI.php

Public Member Functions

Static Public Member Functions

Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ applyFilter()

◆ applyRoleFilter()

◆ blockRoles()

◆ confirmTemplateSwitch()

◆ displayAddRoleForm()

◆ displayImportRoleForm()

◆ doImportRole()

◆ executeCommand()

◆ getCurrentObject()

◆ hasContainerCommands()

◆ initImportForm()

◆ initRoleFolder()

◆ initRoleForm()

◆ isAdministrationObject()

◆ isAdminRoleFolder()

◆ isInAdministration()

◆ perm()

◆ resetFilter()

◆ savePermissions()

◆ showConfirmBlockRole()

Field Documentation

◆ $current_obj