ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes
ilPermissionGUI Class Reference
Services/AccessControl

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

+ Inheritance diagram for ilPermissionGUI:
+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 __construct ($a_gui_obj)
 Constructor. More...
 
 executeCommand ()
 Execute command. More...
 
 getCurrentObject ()
 Get current object. More...
 
 perm (ilTable2GUI $table=NULL)
 show permission table More...
 
 applyRoleFilter ($a_roles, $a_filter_id)
 Apply filter to roles. More...
 
- Public Member Functions inherited from ilPermission2GUI
 __construct ($a_gui_obj)
 
 owner ()
 
 changeOwner ()
 
 __initSubTabs ($a_cmd)
 
 log ()
 
 applyLogFilter ()
 
 resetLogFilter ()
 

Static Public Member Functions

static hasContainerCommands ($a_type)
 Check if container commands are possible for the current object type. More...
 

Protected Member Functions

 confirmTemplateSwitch ()
 Called after toolbar action applyTemplateSwitch. More...
 
 isAdminRoleFolder ()
 Check of current location is administration (main) role folder. More...
 
 isAdministrationObject ()
 
 isInAdministration ()
 Check if node is subobject of administration folder. More...
 
 applyFilter ()
 Apply filter. More...
 
 resetFilter ()
 Reset filter. More...
 
 savePermissions ()
 Save permissions. More...
 
 showConfirmBlockRole ($a_blocked_info)
 Show block role confirmation screen. More...
 
 modifyBlockRoles ()
 
 unblockRoles ($roles)
 
 blockRoles ($roles)
 Block role. More...
 
 displayImportRoleForm (ilPropertyFormGUI $form=null)
 Show import form. More...
 
 doImportRole ()
 Perform import. More...
 
 initImportForm ()
 init import form More...
 
 initRoleForm ()
 Shoew add role @global type $rbacreview @global type $objDefinition. More...
 
 displayAddRoleForm ()
 Show add role form. More...
 
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'. More...
 
 getModifiedBlockedSettings ()
 

Protected Attributes

 $current_obj = null
 
- Protected Attributes inherited from ilPermission2GUI
 $gui_obj = null
 
 $ilErr = null
 
 $ctrl = null
 
 $lng = null
 

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

@ilCtrl_Calls ilPermissionGUI: ilObjRoleGUI, ilRepositorySearchGUI, ilObjectPermissionStatusGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

◆ __construct()

ilPermissionGUI::__construct (   $a_gui_obj)

Constructor.

Parameters
object$a_gui_obj
Returns

Reimplemented from ilPermission2GUI.

Definition at line 28 of file class.ilPermissionGUI.php.

29 {
30 parent::__construct($a_gui_obj);
31 }

Member Function Documentation

◆ addRole()

ilPermissionGUI::addRole ( )
protected

adds a local role This method is only called when choose the option 'you may add local roles'.

This option is displayed in the permission settings dialogue for an object TODO: this will be changed @access public

Definition at line 762 of file class.ilPermissionGUI.php.

763 {
764 global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
765
766 $form = $this->initRoleForm();
767 if($form->checkInput())
768 {
769 $new_title = $form->getInput("title");
770
771 include_once './Services/AccessControl/classes/class.ilObjRole.php';
772 $role = new ilObjRole();
773 $role->setTitle($new_title);
774 $role->setDescription($form->getInput('desc'));
775 $role->create();
776
777 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$this->getCurrentObject()->getRefId());
778
779 // protect
780 $rbacadmin->setProtected(
781 $this->getCurrentObject()->getRefId(),
782 $role->getId(),
783 $form->getInput('pro') ? 'y' : 'n'
784 );
785
786 // copy rights
787 $right_id_to_copy = $form->getInput("rights");
788 if($right_id_to_copy)
789 {
790 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(),true);
791 $rbacadmin->copyRoleTemplatePermissions(
792 $right_id_to_copy,
793 $parentRoles[$right_id_to_copy]["parent"],
794 $this->getCurrentObject()->getRefId(),
795 $role->getId(),
796 false);
797
798 if($form->getInput('existing'))
799 {
800 if($form->getInput('pro'))
801 {
802 $role->changeExistingObjects(
803 $this->getCurrentObject()->getRefId(),
804 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
805 array('all')
806 );
807 }
808 else
809 {
810 $role->changeExistingObjects(
811 $this->getCurrentObject()->getRefId(),
812 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
813 array('all')
814 );
815 }
816 }
817 }
818
819 // add to desktop items
820 if($form->getInput("desktop"))
821 {
822 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
823 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
824 $role_desk_item_obj->add(
825 $this->getCurrentObject()->getRefId(),
826 ilObject::_lookupType($this->getCurrentObject()->getRefId(),true));
827 }
828
829 ilUtil::sendSuccess($this->lng->txt("role_added"),true);
830 $this->ctrl->redirect($this,'perm');
831 }
832 else
833 {
834 $form->setValuesByPost();
835 $this->tpl->setContent($form->getHTML());
836 }
837 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1196
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:94
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:664
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:5008
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
$ilCtrl
global $ilCtrl
Definition: ilias.php:18

References $GLOBALS, $ilCtrl, ilPermission2GUI\$ilErr, ilObject\_lookupType(), getCurrentObject(), initRoleForm(), ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES, ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ applyFilter()

ilPermissionGUI::applyFilter ( )
protected

Apply filter.

Returns

Definition at line 185 of file class.ilPermissionGUI.php.

186 {
187 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
188 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
189 $table->resetOffset();
190 $table->writeFilterToSession();
191 return $this->perm($table);
192 }
ilPermissionGUI\perm
perm(ilTable2GUI $table=NULL)
show permission table
Definition: class.ilPermissionGUI.php:116

References getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ applyRoleFilter()

ilPermissionGUI::applyRoleFilter (   $a_roles,
  $a_filter_id 
)

Apply filter to roles.

Parameters
int$a_filter_id
Returns

Definition at line 213 of file class.ilPermissionGUI.php.

214 {
215 global $rbacreview;
216
217 // Always delete administrator role from view
218 if(isset($a_roles[SYSTEM_ROLE_ID]))
219 {
220 unset($a_roles[SYSTEM_ROLE_ID]);
221 }
222
223 switch ($a_filter_id)
224 {
225 // all roles in context
226 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
227
228 return $a_roles;
229
230 // only global roles
231 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
232
233 $arr_global_roles = $rbacreview->getGlobalRoles();
234 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
235
236 foreach ($arr_remove_roles as $role_id)
237 {
238 unset($a_roles[$role_id]);
239 }
240 return $a_roles;
241
242 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
243 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
244 $arr_global_roles = $rbacreview->getGlobalRoles();
245
246 foreach ($arr_global_roles as $role_id)
247 {
248 unset($a_roles[$role_id]);
249 }
250
251 return $a_roles;
252 break;
253
254 // only roles which use a local policy
255 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256
257 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
259
260 foreach ($arr_remove_roles as $role_id)
261 {
262 unset($a_roles[$role_id]);
263 }
264
265 return $a_roles;
266
267 // only true local role defined at current position
268 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
269
270 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(),TRUE);
271 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
272
273 foreach ($arr_remove_roles as $role_id)
274 {
275 unset($a_roles[$role_id]);
276 }
277
278 return $a_roles;
279
280 default:
281 return $a_roles;
282 }
283 }

References $GLOBALS, getCurrentObject(), ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ blockRoles()

ilPermissionGUI::blockRoles (   $roles)
protected

Block role.

Returns
void

Definition at line 533 of file class.ilPermissionGUI.php.

534 {
535 global $rbacadmin,$rbacreview;
536
537 foreach($roles as $role)
538 {
539 // Set assign to 'y' only if it is a local role
540 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
541
542 // Delete permissions
543 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
544
545 // Delete template permissions
546 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
547
548
549 $rbacadmin->assignRoleToFolder(
550 $role,
551 $this->getCurrentObject()->getRefId(),
552 $assign
553 );
554
555 // finally set blocked status
556 $rbacadmin->setBlockedStatus(
557 $role,
558 $this->getCurrentObject()->getRefId(),
559 TRUE
560 );
561 }
562
563 }

References getCurrentObject().

Referenced by modifyBlockRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ confirmTemplateSwitch()

ilPermissionGUI::confirmTemplateSwitch ( )
protected

Called after toolbar action applyTemplateSwitch.

Definition at line 102 of file class.ilPermissionGUI.php.

103 {
104 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
105 $this->ctrl->setReturn($this,'perm');
106 $this->ctrl->setCmdClass('ildidactictemplategui');
107 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
108 $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
109 }
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14

◆ displayAddRoleForm()

ilPermissionGUI::displayAddRoleForm ( )
protected

Show add role form.

Definition at line 746 of file class.ilPermissionGUI.php.

747 {
748 $GLOBALS['ilTabs']->clearTargets();
749
750 $form = $this->initRoleForm();
751 $this->tpl->setContent($form->getHTML());
752 }

References $GLOBALS, and initRoleForm().

+ Here is the call graph for this function:

◆ displayImportRoleForm()

ilPermissionGUI::displayImportRoleForm ( ilPropertyFormGUI  $form = null)
protected

Show import form.

Parameters
ilPropertyFormGUI$form

Definition at line 582 of file class.ilPermissionGUI.php.

583 {
584 $GLOBALS['ilTabs']->clearTargets();
585
586 if(!$form)
587 {
588 $form = $this->initImportForm();
589 }
590 $GLOBALS['tpl']->setContent($form->getHTML());
591 }
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:642

References $GLOBALS, and initImportForm().

Referenced by doImportRole().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doImportRole()

ilPermissionGUI::doImportRole ( )
protected

Perform import.

Definition at line 596 of file class.ilPermissionGUI.php.

597 {
598 global $rbacreview;
599
600 $form = $this->initImportForm();
601 if($form->checkInput())
602 {
603 try {
604
605 include_once './Services/Export/classes/class.ilImport.php';
606
607 // For global roles set import id to parent of current ref_id (adm)
608 $imp = new ilImport($this->getCurrentObject()->getRefId());
609 $imp->getMapping()->addMapping(
610 'Services/AccessControl',
611 'rolf',
612 0,
613 $this->getCurrentObject()->getRefId()
614 );
615
616 $imp->importObject(
617 null,
618 $_FILES["importfile"]["tmp_name"],
619 $_FILES["importfile"]["name"],
620 'role'
621 );
622 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'),true);
623 $this->ctrl->redirect($this,'perm');
624 return;
625 }
626 catch(Exception $e)
627 {
628 ilUtil::sendFailure($e->getMessage());
629 $form->setValuesByPost();
630 $this->displayImportRoleForm($form);
631 return;
632 }
633 }
634 $form->setValuesByPost();
635 ilUtil::sendFailure($this->lng->txt('err_check_input'));
636 $this->displayImportRoleForm($form);
637 }
ilImport
Import class.
Definition: class.ilImport.php:12
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:582
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4978

References displayImportRoleForm(), getCurrentObject(), initImportForm(), ilUtil\sendFailure(), and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ executeCommand()

ilPermissionGUI::executeCommand ( )

Execute command.

Returns

Definition at line 37 of file class.ilPermissionGUI.php.

38 {
39 global $rbacsystem, $ilErr;
40
41 // access to all functions in this class are only allowed if edit_permission is granted
42 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
43 {
44 $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
45 }
46
47 $next_class = $this->ctrl->getNextClass($this);
48
49 switch($next_class)
50 {
51 case "ilobjrolegui":
52 $this->ctrl->setReturn($this,'perm');
53 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
54 $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
55 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
56 $ret = $this->ctrl->forwardCommand($this->gui_obj);
57 break;
58
59 case 'ildidactictemplategui':
60 $this->ctrl->setReturn($this,'perm');
61 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
62 $did = new ilDidacticTemplateGUI($this->gui_obj);
63 $this->ctrl->forwardCommand($did);
64 break;
65
66 case 'ilrepositorysearchgui':
67 // used for owner autocomplete
68 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
69 $rep_search = new ilRepositorySearchGUI();
70 $this->ctrl->forwardCommand($rep_search);
71 break;
72
73 case 'ilobjectpermissionstatusgui':
74 $this->__initSubTabs("perminfo");
75 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
76 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
77 $this->ctrl->forwardCommand($perm_stat);
78 break;
79
80 default:
81 $cmd = $this->ctrl->getCmd();
82 $this->$cmd();
83 break;
84 }
85
86 return true;
87 }
$ret
$ret
Definition: Structures_BibTex_example.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:20
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:16
$cmd
$cmd
Definition: sahs_server.php:35

References $_GET, $cmd, ilPermission2GUI\$ilErr, $ret, and ilPermission2GUI\__initSubTabs().

+ Here is the call graph for this function:

◆ getCurrentObject()

ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns
ilObject

Definition at line 94 of file class.ilPermissionGUI.php.

95 {
96 return $this->gui_obj->object;
97 }

Referenced by addRole(), applyFilter(), applyRoleFilter(), blockRoles(), doImportRole(), getModifiedBlockedSettings(), isAdministrationObject(), isAdminRoleFolder(), isInAdministration(), perm(), resetFilter(), savePermissions(), and unblockRoles().

+ Here is the caller graph for this function:

◆ getModifiedBlockedSettings()

ilPermissionGUI::getModifiedBlockedSettings ( )
protected
Parameters
type$a_blocked_info

Definition at line 843 of file class.ilPermissionGUI.php.

844 {
845 global $rbacreview;
846
847 $blocked_info['new_blocked'] = array();
848 $blocked_info['new_unblocked'] = array();
849 $blocked_info['num'] = 0;
850 foreach((array) $_POST['visible_block'] as $role => $one)
851 {
852 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
853 if(isset($_POST['block'][$role]) && !$blocked)
854 {
855 $blocked_info['new_blocked'][] = $role;
856 $blocked_info['num']++;
857 }
858 if(!isset($_POST['block'][$role]) && $blocked)
859 {
860 $blocked_info['new_unblocked'][] = $role;
861 $blocked_info['num']++;
862 }
863 }
864 return $blocked_info;
865 }
$_POST
$_POST['username']
Definition: cron.php:12

References $_POST, and getCurrentObject().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasContainerCommands()

static ilPermissionGUI::hasContainerCommands (   $a_type)
static

Check if container commands are possible for the current object type.

Parameters
object$a_type
Returns

Definition at line 571 of file class.ilPermissionGUI.php.

572 {
573 global $objDefinition;
574
575 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
576 }

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

+ Here is the caller graph for this function:

◆ initImportForm()

ilPermissionGUI::initImportForm ( )
protected

init import form

Definition at line 642 of file class.ilPermissionGUI.php.

643 {
644 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
645 $form = new ilPropertyFormGUI();
646 $form->setFormAction($this->ctrl->getFormAction($this));
647 $form->setTitle($this->lng->txt('rbac_import_role'));
648 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
649 $form->addCommandButton('perm', $this->lng->txt('cancel'));
650
651 $zip = new ilFileInputGUI($this->lng->txt('import_file'),'importfile');
652 $zip->setSuffixes(array('zip'));
653 $form->addItem($zip);
654
655 return $form;
656 }
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48

Referenced by displayImportRoleForm(), and doImportRole().

+ Here is the caller graph for this function:

◆ initRoleForm()

ilPermissionGUI::initRoleForm ( )
protected

Shoew add role @global type $rbacreview @global type $objDefinition.

Returns
ilPropertyFormGUI

Definition at line 664 of file class.ilPermissionGUI.php.

665 {
666 global $rbacreview,$objDefinition;
667
668 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
669 $form = new ilPropertyFormGUI();
670 $form->setFormAction($this->ctrl->getFormAction($this));
671 $form->setTitle($this->lng->txt('role_new'));
672 $form->addCommandButton('addrole',$this->lng->txt('role_new'));
673 $form->addCommandButton('perm', $this->lng->txt('cancel'));
674
675 $title = new ilTextInputGUI($this->lng->txt('title'),'title');
676 $title->setValidationRegexp('/^(?!il_).*$/');
677 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
678 $title->setSize(40);
679 $title->setMaxLength(70);
680 $title->setRequired(true);
681 $form->addItem($title);
682
683 $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
684 $desc->setCols(40);
685 $desc->setRows(3);
686 $form->addItem($desc);
687
688 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
689 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
690 $pro->setValue(1);
691 $form->addItem($pro);
692
693 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
694 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
695 $pd->setValue(1);
696 $form->addItem($pd);
697
698
699 if(!$this->isInAdministration())
700 {
701 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
702 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
703 $rights->addOption($option);
704
705 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
706 $ids = array();
707 foreach($parent_role_ids as $id => $tmp)
708 {
709 $ids[] = $id;
710 }
711
712 // Sort ids
713 $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
714
715 $key = 0;
716 foreach($sorted_ids as $id)
717 {
718 $par = $parent_role_ids[$id];
719 if ($par["obj_id"] != SYSTEM_ROLE_ID)
720 {
721 include_once './Services/AccessControl/classes/class.ilObjRole.php';
722 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
723 $option->setInfo($par["desc"]);
724 $rights->addOption($option);
725 }
726 $key++;
727 }
728 $form->addItem($rights);
729 }
730
731 // Local policy only for containers
732 if($objDefinition->isContainer($this->getCurrentObject()->getType()))
733 {
734 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
735 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
736 $form->addItem($check);
737
738 }
739
740 return $form;
741 }
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilObjRole\_getTranslation
_getTranslation($a_role_title)
Definition: class.ilObjRole.php:508
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:175
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4890

References ilObjRole\_getTranslation(), ilUtil\_sortIds(), and isInAdministration().

Referenced by addRole(), and displayAddRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAdministrationObject()

ilPermissionGUI::isAdministrationObject ( )
protected

Definition at line 166 of file class.ilPermissionGUI.php.

167 {
168 return $this->getCurrentObject()->getType() == 'adm';
169 }

References getCurrentObject().

+ Here is the call graph for this function:

◆ isAdminRoleFolder()

ilPermissionGUI::isAdminRoleFolder ( )
protected

Check of current location is administration (main) role folder.

Returns

Definition at line 161 of file class.ilPermissionGUI.php.

162 {
163 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
164 }

References getCurrentObject().

Referenced by perm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isInAdministration()

ilPermissionGUI::isInAdministration ( )
protected

Check if node is subobject of administration folder.

Returns
type

Definition at line 175 of file class.ilPermissionGUI.php.

176 {
177 return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID,$this->getCurrentObject()->getRefId());
178 }

References $GLOBALS, and getCurrentObject().

Referenced by initRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ modifyBlockRoles()

ilPermissionGUI::modifyBlockRoles ( )
protected

Definition at line 490 of file class.ilPermissionGUI.php.

491 {
492 $this->blockRoles((array) $_POST['new_block']);
493 $this->unblockRoles((array) $_POST['new_unblock']);
494
495 ilUtil::sendInfo($this->lng->txt('settings_saved'));
496 $this->ctrl->redirect($this,'perm');
497 }
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:533
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4964

References $_POST, blockRoles(), ilUtil\sendInfo(), and unblockRoles().

+ Here is the call graph for this function:

◆ perm()

ilPermissionGUI::perm ( ilTable2GUI  $table = NULL)

show permission table

Returns

Definition at line 116 of file class.ilPermissionGUI.php.

117 {
118 global $objDefinition, $ilToolbar;
119
120 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
121 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
122 if($dtpl->appendToolbarSwitch(
123 $ilToolbar,
124 $this->getCurrentObject()->getType(),
125 $this->getCurrentObject()->getRefId()
126 ))
127 {
128 $ilToolbar->addSeparator();
129 }
130
131 if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132 !$this->isAdministrationObject()
133 )
134 {
135 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
136
137 if(!$this->isAdminRoleFolder())
138 {
139 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
140 }
141 $ilToolbar->addButton($this->lng->txt('rbac_import_role'),$this->ctrl->getLinkTarget($this,'displayImportRoleForm'));
142 }
143
144 $this->__initSubTabs("perm");
145
146 if(!$table instanceof ilTable2GUI)
147 {
148 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
149 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
150 }
151 $table->parse();
152 $this->tpl->setContent($table->getHTML());
153 }
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:161
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16
ilTable2GUI\getHTML
getHTML()
Get HTML.
Definition: class.ilTable2GUI.php:1586

References ilPermission2GUI\__initSubTabs(), getCurrentObject(), and isAdminRoleFolder().

Referenced by applyFilter(), and resetFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ resetFilter()

ilPermissionGUI::resetFilter ( )
protected

Reset filter.

Returns

Definition at line 198 of file class.ilPermissionGUI.php.

199 {
200 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
201 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
202 $table->resetOffset();
203 $table->resetFilter();
204
205 return $this->perm($table);
206 }

References getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ savePermissions()

ilPermissionGUI::savePermissions ( )
protected

Save permissions.

Returns

Definition at line 289 of file class.ilPermissionGUI.php.

290 {
291 global $rbacreview,$objDefinition,$rbacadmin;
292
293 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
294 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
295
296 $roles = $this->applyRoleFilter(
297 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
298 $table->getFilterItemByPostVar('role')->getValue()
299 );
300
301 // Log history
302 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
303 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
304
305
306 # all possible create permissions
307 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
308 $this->getCurrentObject()->getType(),
309 'create'
310 );
311
312 # createable (activated) create permissions
313 $create_types = $objDefinition->getCreatableSubObjects(
314 $this->getCurrentObject()->getType()
315 );
316 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
317
318 foreach((array) $roles as $role => $role_data)
319 {
320 if($role_data['protected'])
321 {
322 continue;
323 }
324
325 $new_ops = array_keys((array) $_POST['perm'][$role]);
326 $old_ops = $rbacreview->getRoleOperationsOnObject(
327 $role,
328 $this->getCurrentObject()->getRefId()
329 );
330
331 // Add operations which were enabled and are not activated.
332 foreach($possible_ops_ids as $create_ops_id)
333 {
334 if(in_array($create_ops_id,$createable_ops_ids))
335 {
336 continue;
337 }
338 if(in_array($create_ops_id,$old_ops))
339 {
340 $new_ops[] = $create_ops_id;
341 }
342 }
343
344 $rbacadmin->revokePermission(
345 $this->getCurrentObject()->getRefId(),
346 $role
347 );
348
349 $rbacadmin->grantPermission(
350 $role,
351 array_unique($new_ops),
352 $this->getCurrentObject()->getRefId()
353 );
354 }
355
356 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
357 {
358 foreach($roles as $role)
359 {
360 // No action for local roles
361 if($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y')
362 {
363 continue;
364 }
365 // Nothing for protected roles
366 if($role['protected'])
367 {
368 continue;
369 }
370 // Stop local policy
371 if(
372 $role['parent'] == $this->getCurrentObject()->getRefId() and
373 !isset($_POST['inherit'][$role['obj_id']]) and
374 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
375 )
376 {
377 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
378 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
379 $role_obj->setParent($this->getCurrentObject()->getRefId());
380 $role_obj->delete();
381 continue;
382 }
383 // Add local policy
384 if($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']]))
385 {
386 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
387 $rbacadmin->copyRoleTemplatePermissions(
388 $role['obj_id'],
389 $role['parent'],
390 $this->getCurrentObject()->getRefId(),
391 $role['obj_id']
392 );
393 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
394 $rbacadmin->assignRoleToFolder($role['obj_id'],$this->getCurrentObject()->getRefId(),'n');
395 }
396 }
397 }
398
399 // Protect permissions
400 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
401 {
402 foreach($roles as $role)
403 {
404 if($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId()))
405 {
406 if(isset($_POST['protect'][$role['obj_id']]) and
407 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
408 {
409 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
410 }
411 elseif(!isset($_POST['protect'][$role['obj_id']]) and
412 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
413 {
414 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
415 }
416 }
417 }
418 }
419
420 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
421 $log = ilRbacLog::diffFaPa($log_old, $log_new);
422 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
423
424 $blocked_info = $this->getModifiedBlockedSettings();
425 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info,TRUE));
426 if($blocked_info['num'] > 0)
427 {
428 return $this->showConfirmBlockRole($blocked_info);
429 }
430
431
432 ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
433 $this->ctrl->redirect($this,'perm');
434 #$this->perm();
435 }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjectFactory\getInstanceByObjId
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:571
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:213
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:442
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1874
$log
$log
Definition: inc.setup_header.php:135

References $_POST, $log, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getModifiedBlockedSettings(), hasContainerCommands(), ilRbacReview\lookupCreateOperationIds(), ilUtil\sendSuccess(), and showConfirmBlockRole().

+ Here is the call graph for this function:

◆ showConfirmBlockRole()

ilPermissionGUI::showConfirmBlockRole (   $a_blocked_info)
protected

Show block role confirmation screen.

Parameters
array$a_roles
Returns

Definition at line 442 of file class.ilPermissionGUI.php.

443 {
444 $info = '';
445 if($a_blocked_info['new_blocked'])
446 {
447 $info .= $this->lng->txt('role_confirm_block_role_info');
448 if($a_blocked_info['new_unblocked'])
449 {
450 $info .= '<br /><br />';
451 }
452
453 }
454 if($a_blocked_info['new_unblocked'])
455 {
456 $info .= ('<br />'. $this->lng->txt('role_confirm_unblock_role_info'));
457 }
458
459 ilUtil::sendInfo($info);
460
461 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
462 $confirm = new ilConfirmationGUI();
463 $confirm->setFormAction($this->ctrl->getFormAction($this));
464 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
465 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
466 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
467
468 foreach($a_blocked_info['new_blocked'] as $role_id)
469 {
470 include_once './Services/AccessControl/classes/class.ilObjRole.php';
471 $confirm->addItem(
472 'new_block[]',
473 $role_id,
474 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)).' '.$this->lng->txt('role_blocked')
475 );
476 }
477 foreach($a_blocked_info['new_unblocked'] as $role_id)
478 {
479 include_once './Services/AccessControl/classes/class.ilObjRole.php';
480 $confirm->addItem(
481 'new_unblock[]',
482 $role_id,
483 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)).' '.$this->lng->txt('role_unblocked')
484 );
485 }
486 $this->tpl->setContent($confirm->getHTML());
487
488 }
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
$info
$info
Definition: example_052.php:80

References $info, ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ unblockRoles()

ilPermissionGUI::unblockRoles (   $roles)
protected

Definition at line 502 of file class.ilPermissionGUI.php.

503 {
504 global $rbacadmin;
505
506 foreach($roles as $role)
507 {
508 // delete local policy
509 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
510 $role_obj = ilObjectFactory::getInstanceByObjId($role);
511 $role_obj->setParent($this->getCurrentObject()->getRefId());
512 $role_obj->delete();
513
514 $role_obj->changeExistingObjects(
515 $this->getCurrentObject()->getRefId(),
516 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
517 array('all')
518 );
519
520 // finally set blocked status
521 $rbacadmin->setBlockedStatus(
522 $role,
523 $this->getCurrentObject()->getRefId(),
524 FALSE
525 );
526 }
527 }

References getCurrentObject(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), and ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES.

Referenced by modifyBlockRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $current_obj

ilPermissionGUI::$current_obj = null
protected

Definition at line 21 of file class.ilPermissionGUI.php.

The documentation for this class was generated from the following file: