ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes
ilPermissionGUI Class Reference
Services/AccessControl

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

+ Inheritance diagram for ilPermissionGUI:
+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 __construct ($a_gui_obj)
 Constructor. More...
 
 executeCommand ()
 Execute command. More...
 
 getCurrentObject ()
 Get current object. More...
 
 perm (ilTable2GUI $table=NULL)
 show permission table More...
 
 applyRoleFilter ($a_roles, $a_filter_id)
 Apply filter to roles. More...
 
- Public Member Functions inherited from ilPermission2GUI
 __construct ($a_gui_obj)
 
 owner ()
 
 changeOwner ()
 
 __initSubTabs ($a_cmd)
 
 log ()
 
 applyLogFilter ()
 
 resetLogFilter ()
 

Static Public Member Functions

static hasContainerCommands ($a_type)
 Check if container commands are possible for the current object type. More...
 

Protected Member Functions

 confirmTemplateSwitch ()
 Called after toolbar action applyTemplateSwitch. More...
 
 isAdminRoleFolder ()
 Check of current location is administration (main) role folder. More...
 
 isAdministrationObject ()
 
 isInAdministration ()
 Check if node is subobject of administration folder. More...
 
 applyFilter ()
 Apply filter. More...
 
 resetFilter ()
 Reset filter. More...
 
 savePermissions ()
 Save permissions. More...
 
 showConfirmBlockRole ($a_roles)
 Show block role confirmation screen. More...
 
 blockRoles ()
 Block role. More...
 
 displayImportRoleForm (ilPropertyFormGUI $form=null)
 Show import form. More...
 
 doImportRole ()
 Perform import. More...
 
 initImportForm ()
 init import form More...
 
 initRoleForm ()
 Shoew add role @global type $rbacreview @global type $objDefinition. More...
 
 displayAddRoleForm ()
 Show add role form. More...
 
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'. More...
 

Protected Attributes

 $current_obj = null
 
- Protected Attributes inherited from ilPermission2GUI
 $gui_obj = null
 
 $ilErr = null
 
 $ctrl = null
 
 $lng = null
 

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

@ilCtrl_Calls ilPermissionGUI: ilObjRoleGUI, ilRepositorySearchGUI, ilObjectPermissionStatusGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

◆ __construct()

ilPermissionGUI::__construct (   $a_gui_obj)

Constructor.

Parameters
object$a_gui_obj
Returns

Reimplemented from ilPermission2GUI.

Definition at line 28 of file class.ilPermissionGUI.php.

29 {
30 parent::__construct($a_gui_obj);
31 }

Member Function Documentation

◆ addRole()

ilPermissionGUI::addRole ( )
protected

adds a local role This method is only called when choose the option 'you may add local roles'.

This option is displayed in the permission settings dialogue for an object TODO: this will be changed @access public

Definition at line 695 of file class.ilPermissionGUI.php.

696 {
697 global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
698
699 $form = $this->initRoleForm();
700 if($form->checkInput())
701 {
702 $new_title = $form->getInput("title");
703
704 include_once './Services/AccessControl/classes/class.ilObjRole.php';
705 $role = new ilObjRole();
706 $role->setTitle($new_title);
707 $role->setDescription($form->getInput('desc'));
708 $role->create();
709
710 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$this->getCurrentObject()->getRefId());
711
712 // protect
713 $rbacadmin->setProtected(
714 $this->getCurrentObject()->getRefId(),
715 $role->getId(),
716 $form->getInput('pro') ? 'y' : 'n'
717 );
718
719 // copy rights
720 $right_id_to_copy = $form->getInput("rights");
721 if($right_id_to_copy)
722 {
723 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(),true);
724 $rbacadmin->copyRoleTemplatePermissions(
725 $right_id_to_copy,
726 $parentRoles[$right_id_to_copy]["parent"],
727 $this->getCurrentObject()->getRefId(),
728 $role->getId(),
729 false);
730
731 if($form->getInput('existing'))
732 {
733 if($form->getInput('pro'))
734 {
735 $role->changeExistingObjects(
736 $this->getCurrentObject()->getRefId(),
737 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
738 array('all')
739 );
740 }
741 else
742 {
743 $role->changeExistingObjects(
744 $this->getCurrentObject()->getRefId(),
745 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
746 array('all')
747 );
748 }
749 }
750 }
751
752 // add to desktop items
753 if($form->getInput("desktop"))
754 {
755 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
756 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
757 $role_desk_item_obj->add(
758 $this->getCurrentObject()->getRefId(),
759 ilObject::_lookupType($this->getCurrentObject()->getRefId(),true));
760 }
761
762 ilUtil::sendSuccess($this->lng->txt("role_added"),true);
763 $this->ctrl->redirect($this,'perm');
764 }
765 else
766 {
767 $form->setValuesByPost();
768 $this->tpl->setContent($form->getHTML());
769 }
770 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1183
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:94
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:597
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:4925
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilCtrl
global $ilCtrl
Definition: ilias.php:18

References $GLOBALS, $ilCtrl, ilPermission2GUI\$ilErr, ilObject\_lookupType(), getCurrentObject(), initRoleForm(), ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES, ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ applyFilter()

ilPermissionGUI::applyFilter ( )
protected

Apply filter.

Returns

Definition at line 185 of file class.ilPermissionGUI.php.

186 {
187 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
188 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
189 $table->resetOffset();
190 $table->writeFilterToSession();
191 return $this->perm($table);
192 }
ilPermissionGUI\perm
perm(ilTable2GUI $table=NULL)
show permission table
Definition: class.ilPermissionGUI.php:116

References getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ applyRoleFilter()

ilPermissionGUI::applyRoleFilter (   $a_roles,
  $a_filter_id 
)

Apply filter to roles.

Parameters
int$a_filter_id
Returns

Definition at line 213 of file class.ilPermissionGUI.php.

214 {
215 global $rbacreview;
216
217 // Always delete administrator role from view
218 if(isset($a_roles[SYSTEM_ROLE_ID]))
219 {
220 unset($a_roles[SYSTEM_ROLE_ID]);
221 }
222
223 switch ($a_filter_id)
224 {
225 // all roles in context
226 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
227
228 return $a_roles;
229
230 // only global roles
231 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
232
233 $arr_global_roles = $rbacreview->getGlobalRoles();
234 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
235
236 foreach ($arr_remove_roles as $role_id)
237 {
238 unset($a_roles[$role_id]);
239 }
240 return $a_roles;
241
242 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
243 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
244 $arr_global_roles = $rbacreview->getGlobalRoles();
245
246 foreach ($arr_global_roles as $role_id)
247 {
248 unset($a_roles[$role_id]);
249 }
250
251 return $a_roles;
252 break;
253
254 // only roles which use a local policy
255 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256
257 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
259
260 foreach ($arr_remove_roles as $role_id)
261 {
262 unset($a_roles[$role_id]);
263 }
264
265 return $a_roles;
266
267 // only true local role defined at current position
268 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
269
270 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(),TRUE);
271 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
272
273 foreach ($arr_remove_roles as $role_id)
274 {
275 unset($a_roles[$role_id]);
276 }
277
278 return $a_roles;
279
280 default:
281 return $a_roles;
282 }
283 }

References $GLOBALS, getCurrentObject(), ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ blockRoles()

ilPermissionGUI::blockRoles ( )
protected

Block role.

Returns
void

Definition at line 461 of file class.ilPermissionGUI.php.

462 {
463 global $rbacadmin,$rbacreview;
464
465 $roles = $_POST['roles'];
466 foreach($roles as $role)
467 {
468 // Set assign to 'y' only if it is a local role
469 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
470
471 // Delete permissions
472 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
473
474 // Delete template permissions
475 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
476
477
478 $rbacadmin->assignRoleToFolder(
479 $role,
480 $this->getCurrentObject()->getRefId(),
481 $assign
482 );
483 }
484
485 ilUtil::sendInfo($this->lng->txt('settings_saved'));
486 $this->ctrl->redirect($this,'perm');
487 }
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4885
$_POST
$_POST['username']
Definition: cron.php:12

References $_POST, getCurrentObject(), and ilUtil\sendInfo().

+ Here is the call graph for this function:

◆ confirmTemplateSwitch()

ilPermissionGUI::confirmTemplateSwitch ( )
protected

Called after toolbar action applyTemplateSwitch.

Definition at line 102 of file class.ilPermissionGUI.php.

103 {
104 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
105 $this->ctrl->setReturn($this,'perm');
106 $this->ctrl->setCmdClass('ildidactictemplategui');
107 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
108 $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
109 }
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14

◆ displayAddRoleForm()

ilPermissionGUI::displayAddRoleForm ( )
protected

Show add role form.

Definition at line 679 of file class.ilPermissionGUI.php.

680 {
681 $GLOBALS['ilTabs']->clearTargets();
682
683 $form = $this->initRoleForm();
684 $this->tpl->setContent($form->getHTML());
685 }

References $GLOBALS, and initRoleForm().

+ Here is the call graph for this function:

◆ displayImportRoleForm()

ilPermissionGUI::displayImportRoleForm ( ilPropertyFormGUI  $form = null)
protected

Show import form.

Parameters
ilPropertyFormGUI$form

Definition at line 506 of file class.ilPermissionGUI.php.

507 {
508 $GLOBALS['ilTabs']->clearTargets();
509
510 if(!$form)
511 {
512 $form = $this->initImportForm();
513 }
514 $GLOBALS['tpl']->setContent($form->getHTML());
515 }
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:575

References $GLOBALS, and initImportForm().

Referenced by doImportRole().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doImportRole()

ilPermissionGUI::doImportRole ( )
protected

Perform import.

Definition at line 520 of file class.ilPermissionGUI.php.

521 {
522 global $rbacreview;
523
524 $form = $this->initImportForm();
525 if($form->checkInput())
526 {
527 try {
528
529 include_once './Services/Export/classes/class.ilImport.php';
530
531 // For global roles set import id to parent of current ref_id (adm)
532 if($this->isAdminRoleFolder())
533 {
534 $parent_ref = $GLOBALS['tree']->getParentId($this->getCurrentObject()->getRefId());
535 }
536 else
537 {
538 $parent_ref = $this->getCurrentObject()->getRefId();
539 }
540
541 $imp = new ilImport($parent_ref);
542 $imp->getMapping()->addMapping(
543 'Services/AccessControl',
544 'rolf',
545 0,
546 $parent_ref
547 );
548
549 $imp->importObject(
550 null,
551 $_FILES["importfile"]["tmp_name"],
552 $_FILES["importfile"]["name"],
553 'role'
554 );
555 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'),true);
556 $this->ctrl->redirect($this,'perm');
557 return;
558 }
559 catch(Exception $e)
560 {
561 ilUtil::sendFailure($e->getMessage());
562 $form->setValuesByPost();
563 $this->displayImportRoleForm($form);
564 return;
565 }
566 }
567 $form->setValuesByPost();
568 ilUtil::sendFailure($this->lng->txt('err_check_input'));
569 $this->displayImportRoleForm($form);
570 }
ilImport
Import class.
Definition: class.ilImport.php:12
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:506
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:161
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4899

References $GLOBALS, displayImportRoleForm(), getCurrentObject(), initImportForm(), isAdminRoleFolder(), ilUtil\sendFailure(), and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ executeCommand()

ilPermissionGUI::executeCommand ( )

Execute command.

Returns

Definition at line 37 of file class.ilPermissionGUI.php.

38 {
39 global $rbacsystem, $ilErr;
40
41 // access to all functions in this class are only allowed if edit_permission is granted
42 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
43 {
44 $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
45 }
46
47 $next_class = $this->ctrl->getNextClass($this);
48
49 switch($next_class)
50 {
51 case "ilobjrolegui":
52 $this->ctrl->setReturn($this,'perm');
53 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
54 $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
55 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
56 $ret = $this->ctrl->forwardCommand($this->gui_obj);
57 break;
58
59 case 'ildidactictemplategui':
60 $this->ctrl->setReturn($this,'perm');
61 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
62 $did = new ilDidacticTemplateGUI($this->gui_obj);
63 $this->ctrl->forwardCommand($did);
64 break;
65
66 case 'ilrepositorysearchgui':
67 // used for owner autocomplete
68 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
69 $rep_search = new ilRepositorySearchGUI();
70 $this->ctrl->forwardCommand($rep_search);
71 break;
72
73 case 'ilobjectpermissionstatusgui':
74 $this->__initSubTabs("perminfo");
75 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
76 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
77 $this->ctrl->forwardCommand($perm_stat);
78 break;
79
80 default:
81 $cmd = $this->ctrl->getCmd();
82 $this->$cmd();
83 break;
84 }
85
86 return true;
87 }
$ret
$ret
Definition: Structures_BibTex_example.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:20
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:16
$cmd
$cmd
Definition: sahs_server.php:35

References $_GET, $cmd, ilPermission2GUI\$ilErr, $ret, and ilPermission2GUI\__initSubTabs().

+ Here is the call graph for this function:

◆ getCurrentObject()

ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns
ilObject

Definition at line 94 of file class.ilPermissionGUI.php.

95 {
96 return $this->gui_obj->object;
97 }

Referenced by addRole(), applyFilter(), applyRoleFilter(), blockRoles(), doImportRole(), isAdministrationObject(), isAdminRoleFolder(), isInAdministration(), perm(), resetFilter(), and savePermissions().

+ Here is the caller graph for this function:

◆ hasContainerCommands()

static ilPermissionGUI::hasContainerCommands (   $a_type)
static

Check if container commands are possible for the current object type.

Parameters
object$a_type
Returns

Definition at line 495 of file class.ilPermissionGUI.php.

496 {
497 global $objDefinition;
498
499 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
500 }

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

+ Here is the caller graph for this function:

◆ initImportForm()

ilPermissionGUI::initImportForm ( )
protected

init import form

Definition at line 575 of file class.ilPermissionGUI.php.

576 {
577 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
578 $form = new ilPropertyFormGUI();
579 $form->setFormAction($this->ctrl->getFormAction($this));
580 $form->setTitle($this->lng->txt('rbac_import_role'));
581 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
582 $form->addCommandButton('perm', $this->lng->txt('cancel'));
583
584 $zip = new ilFileInputGUI($this->lng->txt('import_file'),'importfile');
585 $zip->setSuffixes(array('zip'));
586 $form->addItem($zip);
587
588 return $form;
589 }
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48

Referenced by displayImportRoleForm(), and doImportRole().

+ Here is the caller graph for this function:

◆ initRoleForm()

ilPermissionGUI::initRoleForm ( )
protected

Shoew add role @global type $rbacreview @global type $objDefinition.

Returns
ilPropertyFormGUI

Definition at line 597 of file class.ilPermissionGUI.php.

598 {
599 global $rbacreview,$objDefinition;
600
601 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
602 $form = new ilPropertyFormGUI();
603 $form->setFormAction($this->ctrl->getFormAction($this));
604 $form->setTitle($this->lng->txt('role_new'));
605 $form->addCommandButton('addrole',$this->lng->txt('role_new'));
606 $form->addCommandButton('perm', $this->lng->txt('cancel'));
607
608 $title = new ilTextInputGUI($this->lng->txt('title'),'title');
609 $title->setValidationRegexp('/^(?!il_).*$/');
610 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
611 $title->setSize(40);
612 $title->setMaxLength(70);
613 $title->setRequired(true);
614 $form->addItem($title);
615
616 $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
617 $desc->setCols(40);
618 $desc->setRows(3);
619 $form->addItem($desc);
620
621 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
622 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
623 $pro->setValue(1);
624 $form->addItem($pro);
625
626 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
627 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
628 $pd->setValue(1);
629 $form->addItem($pd);
630
631
632 if(!$this->isInAdministration())
633 {
634 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
635 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
636 $rights->addOption($option);
637
638 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
639 $ids = array();
640 foreach($parent_role_ids as $id => $tmp)
641 {
642 $ids[] = $id;
643 }
644
645 // Sort ids
646 $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
647
648 $key = 0;
649 foreach($sorted_ids as $id)
650 {
651 $par = $parent_role_ids[$id];
652 if ($par["obj_id"] != SYSTEM_ROLE_ID)
653 {
654 include_once './Services/AccessControl/classes/class.ilObjRole.php';
655 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
656 $option->setInfo($par["desc"]);
657 $rights->addOption($option);
658 }
659 $key++;
660 }
661 $form->addItem($rights);
662 }
663
664 // Local policy only for containers
665 if($objDefinition->isContainer($this->getCurrentObject()->getType()))
666 {
667 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
668 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
669 $form->addItem($check);
670
671 }
672
673 return $form;
674 }
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilObjRole\_getTranslation
_getTranslation($a_role_title)
Definition: class.ilObjRole.php:504
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:175
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4811

References ilObjRole\_getTranslation(), ilUtil\_sortIds(), and isInAdministration().

Referenced by addRole(), and displayAddRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAdministrationObject()

ilPermissionGUI::isAdministrationObject ( )
protected

Definition at line 166 of file class.ilPermissionGUI.php.

167 {
168 return $this->getCurrentObject()->getType() == 'adm';
169 }

References getCurrentObject().

+ Here is the call graph for this function:

◆ isAdminRoleFolder()

ilPermissionGUI::isAdminRoleFolder ( )
protected

Check of current location is administration (main) role folder.

Returns

Definition at line 161 of file class.ilPermissionGUI.php.

162 {
163 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
164 }

References getCurrentObject().

Referenced by doImportRole(), and perm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isInAdministration()

ilPermissionGUI::isInAdministration ( )
protected

Check if node is subobject of administration folder.

Returns
type

Definition at line 175 of file class.ilPermissionGUI.php.

176 {
177 return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID,$this->getCurrentObject()->getRefId());
178 }

References $GLOBALS, and getCurrentObject().

Referenced by initRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ perm()

ilPermissionGUI::perm ( ilTable2GUI  $table = NULL)

show permission table

Returns

Definition at line 116 of file class.ilPermissionGUI.php.

117 {
118 global $objDefinition, $ilToolbar;
119
120 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
121 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
122 if($dtpl->appendToolbarSwitch(
123 $ilToolbar,
124 $this->getCurrentObject()->getType(),
125 $this->getCurrentObject()->getRefId()
126 ))
127 {
128 $ilToolbar->addSeparator();
129 }
130
131 if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132 !$this->isAdministrationObject()
133 )
134 {
135 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
136
137 if(!$this->isAdminRoleFolder())
138 {
139 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
140 }
141 $ilToolbar->addButton($this->lng->txt('rbac_import_role'),$this->ctrl->getLinkTarget($this,'displayImportRoleForm'));
142 }
143
144 $this->__initSubTabs("perm");
145
146 if(!$table instanceof ilTable2GUI)
147 {
148 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
149 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
150 }
151 $table->parse();
152 $this->tpl->setContent($table->getHTML());
153 }
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16
ilTable2GUI\getHTML
getHTML()
Get HTML.
Definition: class.ilTable2GUI.php:1577

References ilPermission2GUI\__initSubTabs(), getCurrentObject(), and isAdminRoleFolder().

Referenced by applyFilter(), resetFilter(), and savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ resetFilter()

ilPermissionGUI::resetFilter ( )
protected

Reset filter.

Returns

Definition at line 198 of file class.ilPermissionGUI.php.

199 {
200 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
201 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
202 $table->resetOffset();
203 $table->resetFilter();
204
205 return $this->perm($table);
206 }

References getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ savePermissions()

ilPermissionGUI::savePermissions ( )
protected

Save permissions.

Returns

Definition at line 289 of file class.ilPermissionGUI.php.

290 {
291 global $rbacreview,$objDefinition,$rbacadmin;
292
293 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
294 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
295
296 $roles = $this->applyRoleFilter(
297 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
298 $table->getFilterItemByPostVar('role')->getValue()
299 );
300
301 // Log history
302 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
303 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
304
305
306 # all possible create permissions
307 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
308 $this->getCurrentObject()->getType(),
309 'create'
310 );
311
312 # createable (activated) create permissions
313 $create_types = $objDefinition->getCreatableSubObjects(
314 $this->getCurrentObject()->getType()
315 );
316 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
317
318 foreach((array) $roles as $role => $role_data)
319 {
320 if($role_data['protected'])
321 {
322 continue;
323 }
324
325 $new_ops = array_keys((array) $_POST['perm'][$role]);
326 $old_ops = $rbacreview->getRoleOperationsOnObject(
327 $role,
328 $this->getCurrentObject()->getRefId()
329 );
330
331 // Add operations which were enabled and are not activated.
332 foreach($possible_ops_ids as $create_ops_id)
333 {
334 if(in_array($create_ops_id,$createable_ops_ids))
335 {
336 continue;
337 }
338 if(in_array($create_ops_id,$old_ops))
339 {
340 $new_ops[] = $create_ops_id;
341 }
342 }
343
344 $rbacadmin->revokePermission(
345 $this->getCurrentObject()->getRefId(),
346 $role
347 );
348
349 $rbacadmin->grantPermission(
350 $role,
351 array_unique($new_ops),
352 $this->getCurrentObject()->getRefId()
353 );
354 }
355
356 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
357 {
358 foreach($roles as $role)
359 {
360 // No action for local roles
361 if($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y')
362 {
363 continue;
364 }
365 // Nothing for protected roles
366 if($role['protected'])
367 {
368 continue;
369 }
370 // Stop local policy
371 if($role['parent'] == $this->getCurrentObject()->getRefId() and !isset($_POST['inherit'][$role['obj_id']]))
372 {
373 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
374 $role_obj->setParent($this->getCurrentObject()->getRefId());
375 $role_obj->delete();
376 continue;
377 }
378 // Add local policy
379 if($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']]))
380 {
381 $rbacadmin->copyRoleTemplatePermissions(
382 $role['obj_id'],
383 $role['parent'],
384 $this->getCurrentObject()->getRefId(),
385 $role['obj_id']
386 );
387 $rbacadmin->assignRoleToFolder($role['obj_id'],$this->getCurrentObject()->getRefId(),'n');
388 }
389 }
390 }
391
392 // Protect permissions
393 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
394 {
395 foreach($roles as $role)
396 {
397 if($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId()))
398 {
399 if(isset($_POST['protect'][$role['obj_id']]) and
400 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
401 {
402 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
403 }
404 elseif(!isset($_POST['protect'][$role['obj_id']]) and
405 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
406 {
407 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
408 }
409 }
410 }
411 }
412
413 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
414 $log = ilRbacLog::diffFaPa($log_old, $log_new);
415 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
416
417 if(count((array) $_POST['block']))
418 {
419 return $this->showConfirmBlockRole(array_keys($_POST['block']));
420 }
421
422
423 ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
424 #$this->ctrl->redirect($this,'perm');
425 $this->perm();
426 }
ilObjectFactory\getInstanceByObjId
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_roles)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:433
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:495
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:213
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1866
$log
$log
Definition: inc.setup_header.php:131

References $_POST, $log, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), hasContainerCommands(), ilRbacReview\lookupCreateOperationIds(), perm(), ilUtil\sendSuccess(), and showConfirmBlockRole().

+ Here is the call graph for this function:

◆ showConfirmBlockRole()

ilPermissionGUI::showConfirmBlockRole (   $a_roles)
protected

Show block role confirmation screen.

Parameters
array$a_roles
Returns

Definition at line 433 of file class.ilPermissionGUI.php.

434 {
435 ilUtil::sendInfo($this->lng->txt('role_confirm_block_role_info'));
436
437 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
438 $confirm = new ilConfirmationGUI();
439 $confirm->setFormAction($this->ctrl->getFormAction($this));
440 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
441 $confirm->setConfirm($this->lng->txt('role_block_role'), 'blockRoles');
442 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
443
444 foreach($a_roles as $role_id)
445 {
446 include_once './Services/AccessControl/classes/class.ilObjRole.php';
447 $confirm->addItem(
448 'roles[]',
449 $role_id,
450 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)));
451 }
452
453 $this->tpl->setContent($confirm->getHTML());
454
455 }
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:931

References ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $current_obj

ilPermissionGUI::$current_obj = null
protected

Definition at line 21 of file class.ilPermissionGUI.php.

The documentation for this class was generated from the following file: