ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  protected $current_obj = null;
22 
28  public function __construct($a_gui_obj)
29  {
30  parent::__construct($a_gui_obj);
31  }
32 
37  public function executeCommand()
38  {
39  global $rbacsystem, $ilErr;
40 
41  // access to all functions in this class are only allowed if edit_permission is granted
42  if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
43  {
44  $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
45  }
46 
47  $next_class = $this->ctrl->getNextClass($this);
48 
49  switch($next_class)
50  {
51  case "ilobjrolegui":
52  $this->ctrl->setReturn($this,'perm');
53  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
54  $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
55  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
56  $ret = $this->ctrl->forwardCommand($this->gui_obj);
57  break;
58 
59  case 'ildidactictemplategui':
60  $this->ctrl->setReturn($this,'perm');
61  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
62  $did = new ilDidacticTemplateGUI($this->gui_obj);
63  $this->ctrl->forwardCommand($did);
64  break;
65 
66  case 'ilrepositorysearchgui':
67  // used for owner autocomplete
68  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
69  $rep_search = new ilRepositorySearchGUI();
70  $this->ctrl->forwardCommand($rep_search);
71  break;
72 
73  case 'ilobjectpermissionstatusgui':
74  $this->__initSubTabs("perminfo");
75  include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
76  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
77  $this->ctrl->forwardCommand($perm_stat);
78  break;
79 
80  default:
81  $cmd = $this->ctrl->getCmd();
82  $this->$cmd();
83  break;
84  }
85 
86  return true;
87  }
88 
89 
94  public function getCurrentObject()
95  {
96  return $this->gui_obj->object;
97  }
98 
102  protected function confirmTemplateSwitch()
103  {
104  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
105  $this->ctrl->setReturn($this,'perm');
106  $this->ctrl->setCmdClass('ildidactictemplategui');
107  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
108  $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
109  }
110 
111 
116  public function perm(ilTable2GUI $table = NULL )
117  {
118  global $objDefinition, $ilToolbar;
119 
120  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
121  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
122  if($dtpl->appendToolbarSwitch(
123  $ilToolbar,
124  $this->getCurrentObject()->getType(),
125  $this->getCurrentObject()->getRefId()
126  ))
127  {
128  $ilToolbar->addSeparator();
129  }
130 
131  if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132  !$this->isAdministrationObject()
133  )
134  {
135  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
136 
137  if(!$this->isAdminRoleFolder())
138  {
139  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
140  }
141  $ilToolbar->addButton($this->lng->txt('rbac_import_role'),$this->ctrl->getLinkTarget($this,'displayImportRoleForm'));
142  }
143 
144  $this->__initSubTabs("perm");
145 
146  if(!$table instanceof ilTable2GUI)
147  {
148  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
149  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
150  }
151  $table->parse();
152  $this->tpl->setContent($table->getHTML());
153  }
154 
155 
156 
161  protected function isAdminRoleFolder()
162  {
163  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
164  }
165 
166  protected function isAdministrationObject()
167  {
168  return $this->getCurrentObject()->getType() == 'adm';
169  }
170 
175  protected function isInAdministration()
176  {
177  return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID,$this->getCurrentObject()->getRefId());
178  }
179 
180 
185  protected function applyFilter()
186  {
187  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
188  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
189  $table->resetOffset();
190  $table->writeFilterToSession();
191  return $this->perm($table);
192  }
193 
198  protected function resetFilter()
199  {
200  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
201  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
202  $table->resetOffset();
203  $table->resetFilter();
204 
205  return $this->perm($table);
206  }
207 
213  public function applyRoleFilter($a_roles, $a_filter_id)
214  {
215  global $rbacreview;
216 
217  // Always delete administrator role from view
218  if(isset($a_roles[SYSTEM_ROLE_ID]))
219  {
220  unset($a_roles[SYSTEM_ROLE_ID]);
221  }
222 
223  switch ($a_filter_id)
224  {
225  // all roles in context
226  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
227 
228  return $a_roles;
229 
230  // only global roles
231  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
232 
233  $arr_global_roles = $rbacreview->getGlobalRoles();
234  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
235 
236  foreach ($arr_remove_roles as $role_id)
237  {
238  unset($a_roles[$role_id]);
239  }
240  return $a_roles;
241 
242  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
243  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
244  $arr_global_roles = $rbacreview->getGlobalRoles();
245 
246  foreach ($arr_global_roles as $role_id)
247  {
248  unset($a_roles[$role_id]);
249  }
250 
251  return $a_roles;
252  break;
253 
254  // only roles which use a local policy
255  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256 
257  $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
259 
260  foreach ($arr_remove_roles as $role_id)
261  {
262  unset($a_roles[$role_id]);
263  }
264 
265  return $a_roles;
266 
267  // only true local role defined at current position
268  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
269 
270  $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(),TRUE);
271  $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
272 
273  foreach ($arr_remove_roles as $role_id)
274  {
275  unset($a_roles[$role_id]);
276  }
277 
278  return $a_roles;
279 
280  default:
281  return $a_roles;
282  }
283  }
284 
289  protected function savePermissions()
290  {
291  global $rbacreview,$objDefinition,$rbacadmin;
292 
293  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
294  $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
295 
296  $roles = $this->applyRoleFilter(
297  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
298  $table->getFilterItemByPostVar('role')->getValue()
299  );
300 
301  // Log history
302  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
303  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
304 
305 
306  # all possible create permissions
307  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
308  $this->getCurrentObject()->getType(),
309  'create'
310  );
311 
312  # createable (activated) create permissions
313  $create_types = $objDefinition->getCreatableSubObjects(
314  $this->getCurrentObject()->getType()
315  );
316  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
317 
318  foreach((array) $roles as $role => $role_data)
319  {
320  if($role_data['protected'])
321  {
322  continue;
323  }
324 
325  $new_ops = array_keys((array) $_POST['perm'][$role]);
326  $old_ops = $rbacreview->getRoleOperationsOnObject(
327  $role,
328  $this->getCurrentObject()->getRefId()
329  );
330 
331  // Add operations which were enabled and are not activated.
332  foreach($possible_ops_ids as $create_ops_id)
333  {
334  if(in_array($create_ops_id,$createable_ops_ids))
335  {
336  continue;
337  }
338  if(in_array($create_ops_id,$old_ops))
339  {
340  $new_ops[] = $create_ops_id;
341  }
342  }
343 
344  $rbacadmin->revokePermission(
345  $this->getCurrentObject()->getRefId(),
346  $role
347  );
348 
349  $rbacadmin->grantPermission(
350  $role,
351  array_unique($new_ops),
352  $this->getCurrentObject()->getRefId()
353  );
354  }
355 
356  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
357  {
358  foreach($roles as $role)
359  {
360  // No action for local roles
361  if($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y')
362  {
363  continue;
364  }
365  // Nothing for protected roles
366  if($role['protected'])
367  {
368  continue;
369  }
370  // Stop local policy
371  if(
372  $role['parent'] == $this->getCurrentObject()->getRefId() and
373  !isset($_POST['inherit'][$role['obj_id']]) and
374  !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
375  )
376  {
377  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
378  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
379  $role_obj->setParent($this->getCurrentObject()->getRefId());
380  $role_obj->delete();
381  continue;
382  }
383  // Add local policy
384  if($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']]))
385  {
386  ilLoggerFactory::getLogger('ac')->debug('Create local policy');
387  $rbacadmin->copyRoleTemplatePermissions(
388  $role['obj_id'],
389  $role['parent'],
390  $this->getCurrentObject()->getRefId(),
391  $role['obj_id']
392  );
393  ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
394  $rbacadmin->assignRoleToFolder($role['obj_id'],$this->getCurrentObject()->getRefId(),'n');
395  }
396  }
397  }
398 
399  // Protect permissions
400  if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
401  {
402  foreach($roles as $role)
403  {
404  if($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId()))
405  {
406  if(isset($_POST['protect'][$role['obj_id']]) and
407  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
408  {
409  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
410  }
411  elseif(!isset($_POST['protect'][$role['obj_id']]) and
412  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
413  {
414  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
415  }
416  }
417  }
418  }
419 
420  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
421  $log = ilRbacLog::diffFaPa($log_old, $log_new);
422  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
423 
424  $blocked_info = $this->getModifiedBlockedSettings();
425  ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info,TRUE));
426  if($blocked_info['num'] > 0)
427  {
428  return $this->showConfirmBlockRole($blocked_info);
429  }
430 
431 
432  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
433  $this->ctrl->redirect($this,'perm');
434  #$this->perm();
435  }
436 
442  protected function showConfirmBlockRole($a_blocked_info)
443  {
444  $info = '';
445  if($a_blocked_info['new_blocked'])
446  {
447  $info .= $this->lng->txt('role_confirm_block_role_info');
448  if($a_blocked_info['new_unblocked'])
449  {
450  $info .= '<br /><br />';
451  }
452 
453  }
454  if($a_blocked_info['new_unblocked'])
455  {
456  $info .= ('<br />'. $this->lng->txt('role_confirm_unblock_role_info'));
457  }
458 
459  ilUtil::sendInfo($info);
460 
461  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
462  $confirm = new ilConfirmationGUI();
463  $confirm->setFormAction($this->ctrl->getFormAction($this));
464  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
465  $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
466  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
467 
468  foreach($a_blocked_info['new_blocked'] as $role_id)
469  {
470  include_once './Services/AccessControl/classes/class.ilObjRole.php';
471  $confirm->addItem(
472  'new_block[]',
473  $role_id,
474  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)).' '.$this->lng->txt('role_blocked')
475  );
476  }
477  foreach($a_blocked_info['new_unblocked'] as $role_id)
478  {
479  include_once './Services/AccessControl/classes/class.ilObjRole.php';
480  $confirm->addItem(
481  'new_unblock[]',
482  $role_id,
483  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)).' '.$this->lng->txt('role_unblocked')
484  );
485  }
486  $this->tpl->setContent($confirm->getHTML());
487 
488  }
489 
490  protected function modifyBlockRoles()
491  {
492  $this->blockRoles((array) $_POST['new_block']);
493  $this->unblockRoles((array) $_POST['new_unblock']);
494 
495  ilUtil::sendInfo($this->lng->txt('settings_saved'));
496  $this->ctrl->redirect($this,'perm');
497  }
498 
502  protected function unblockRoles($roles)
503  {
504  global $rbacadmin;
505 
506  foreach($roles as $role)
507  {
508  // delete local policy
509  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
510  $role_obj = ilObjectFactory::getInstanceByObjId($role);
511  $role_obj->setParent($this->getCurrentObject()->getRefId());
512  $role_obj->delete();
513 
514  $role_obj->changeExistingObjects(
515  $this->getCurrentObject()->getRefId(),
516  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
517  array('all')
518  );
519 
520  // finally set blocked status
521  $rbacadmin->setBlockedStatus(
522  $role,
523  $this->getCurrentObject()->getRefId(),
524  FALSE
525  );
526  }
527  }
528 
533  protected function blockRoles($roles)
534  {
535  global $rbacadmin,$rbacreview;
536 
537  foreach($roles as $role)
538  {
539  // Set assign to 'y' only if it is a local role
540  $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
541 
542  // Delete permissions
543  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
544 
545  // Delete template permissions
546  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
547 
548 
549  $rbacadmin->assignRoleToFolder(
550  $role,
551  $this->getCurrentObject()->getRefId(),
552  $assign
553  );
554 
555  // finally set blocked status
556  $rbacadmin->setBlockedStatus(
557  $role,
558  $this->getCurrentObject()->getRefId(),
559  TRUE
560  );
561  }
562 
563  }
564 
565 
571  public static function hasContainerCommands($a_type)
572  {
573  global $objDefinition;
574 
575  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
576  }
577 
582  protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
583  {
584  $GLOBALS['ilTabs']->clearTargets();
585 
586  if(!$form)
587  {
588  $form = $this->initImportForm();
589  }
590  $GLOBALS['tpl']->setContent($form->getHTML());
591  }
592 
596  protected function doImportRole()
597  {
598  global $rbacreview;
599 
600  $form = $this->initImportForm();
601  if($form->checkInput())
602  {
603  try {
604 
605  include_once './Services/Export/classes/class.ilImport.php';
606 
607  // For global roles set import id to parent of current ref_id (adm)
608  $imp = new ilImport($this->getCurrentObject()->getRefId());
609  $imp->getMapping()->addMapping(
610  'Services/AccessControl',
611  'rolf',
612  0,
613  $this->getCurrentObject()->getRefId()
614  );
615 
616  $imp->importObject(
617  null,
618  $_FILES["importfile"]["tmp_name"],
619  $_FILES["importfile"]["name"],
620  'role'
621  );
622  ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'),true);
623  $this->ctrl->redirect($this,'perm');
624  return;
625  }
626  catch(Exception $e)
627  {
628  ilUtil::sendFailure($e->getMessage());
629  $form->setValuesByPost();
630  $this->displayImportRoleForm($form);
631  return;
632  }
633  }
634  $form->setValuesByPost();
635  ilUtil::sendFailure($this->lng->txt('err_check_input'));
636  $this->displayImportRoleForm($form);
637  }
638 
642  protected function initImportForm()
643  {
644  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
645  $form = new ilPropertyFormGUI();
646  $form->setFormAction($this->ctrl->getFormAction($this));
647  $form->setTitle($this->lng->txt('rbac_import_role'));
648  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
649  $form->addCommandButton('perm', $this->lng->txt('cancel'));
650 
651  $zip = new ilFileInputGUI($this->lng->txt('import_file'),'importfile');
652  $zip->setSuffixes(array('zip'));
653  $form->addItem($zip);
654 
655  return $form;
656  }
657 
664  protected function initRoleForm()
665  {
666  global $rbacreview,$objDefinition;
667 
668  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
669  $form = new ilPropertyFormGUI();
670  $form->setFormAction($this->ctrl->getFormAction($this));
671  $form->setTitle($this->lng->txt('role_new'));
672  $form->addCommandButton('addrole',$this->lng->txt('role_new'));
673  $form->addCommandButton('perm', $this->lng->txt('cancel'));
674 
675  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
676  $title->setValidationRegexp('/^(?!il_).*$/');
677  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
678  $title->setSize(40);
679  $title->setMaxLength(70);
680  $title->setRequired(true);
681  $form->addItem($title);
682 
683  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
684  $desc->setCols(40);
685  $desc->setRows(3);
686  $form->addItem($desc);
687 
688  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
689  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
690  $pro->setValue(1);
691  $form->addItem($pro);
692 
693  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
694  $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
695  $pd->setValue(1);
696  $form->addItem($pd);
697 
698 
699  if(!$this->isInAdministration())
700  {
701  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
702  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
703  $rights->addOption($option);
704 
705  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
706  $ids = array();
707  foreach($parent_role_ids as $id => $tmp)
708  {
709  $ids[] = $id;
710  }
711 
712  // Sort ids
713  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
714 
715  $key = 0;
716  foreach($sorted_ids as $id)
717  {
718  $par = $parent_role_ids[$id];
719  if ($par["obj_id"] != SYSTEM_ROLE_ID)
720  {
721  include_once './Services/AccessControl/classes/class.ilObjRole.php';
722  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
723  $option->setInfo($par["desc"]);
724  $rights->addOption($option);
725  }
726  $key++;
727  }
728  $form->addItem($rights);
729  }
730 
731  // Local policy only for containers
732  if($objDefinition->isContainer($this->getCurrentObject()->getType()))
733  {
734  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
735  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
736  $form->addItem($check);
737 
738  }
739 
740  return $form;
741  }
742 
746  protected function displayAddRoleForm()
747  {
748  $GLOBALS['ilTabs']->clearTargets();
749 
750  $form = $this->initRoleForm();
751  $this->tpl->setContent($form->getHTML());
752  }
753 
762  protected function addRole()
763  {
764  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
765 
766  $form = $this->initRoleForm();
767  if($form->checkInput())
768  {
769  $new_title = $form->getInput("title");
770 
771  include_once './Services/AccessControl/classes/class.ilObjRole.php';
772  $role = new ilObjRole();
773  $role->setTitle($new_title);
774  $role->setDescription($form->getInput('desc'));
775  $role->create();
776 
777  $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$this->getCurrentObject()->getRefId());
778 
779  // protect
780  $rbacadmin->setProtected(
781  $this->getCurrentObject()->getRefId(),
782  $role->getId(),
783  $form->getInput('pro') ? 'y' : 'n'
784  );
785 
786  // copy rights
787  $right_id_to_copy = $form->getInput("rights");
788  if($right_id_to_copy)
789  {
790  $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(),true);
791  $rbacadmin->copyRoleTemplatePermissions(
792  $right_id_to_copy,
793  $parentRoles[$right_id_to_copy]["parent"],
794  $this->getCurrentObject()->getRefId(),
795  $role->getId(),
796  false);
797 
798  if($form->getInput('existing'))
799  {
800  if($form->getInput('pro'))
801  {
802  $role->changeExistingObjects(
803  $this->getCurrentObject()->getRefId(),
804  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
805  array('all')
806  );
807  }
808  else
809  {
810  $role->changeExistingObjects(
811  $this->getCurrentObject()->getRefId(),
812  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
813  array('all')
814  );
815  }
816  }
817  }
818 
819  // add to desktop items
820  if($form->getInput("desktop"))
821  {
822  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
823  $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
824  $role_desk_item_obj->add(
825  $this->getCurrentObject()->getRefId(),
826  ilObject::_lookupType($this->getCurrentObject()->getRefId(),true));
827  }
828 
829  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
830  $this->ctrl->redirect($this,'perm');
831  }
832  else
833  {
834  $form->setValuesByPost();
835  $this->tpl->setContent($form->getHTML());
836  }
837  }
838 
843  protected function getModifiedBlockedSettings()
844  {
845  global $rbacreview;
846 
847  $blocked_info['new_blocked'] = array();
848  $blocked_info['new_unblocked'] = array();
849  $blocked_info['num'] = 0;
850  foreach((array) $_POST['visible_block'] as $role => $one)
851  {
852  $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
853  if(isset($_POST['block'][$role]) && !$blocked)
854  {
855  $blocked_info['new_blocked'][] = $role;
856  $blocked_info['num']++;
857  }
858  if(!isset($_POST['block'][$role]) && $blocked)
859  {
860  $blocked_info['new_unblocked'][] = $role;
861  $blocked_info['num']++;
862  }
863  }
864  return $blocked_info;
865  }
866 }
867 ?>
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:5008
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:15
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilRoleDesktopItem\add
add($a_item_id, $a_item_type)
Definition: class.ilRoleDesktopItem.php:43
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
$_POST
$_POST['username']
Definition: cron.php:12
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role type $rbacreview type $objDefinition.
Definition: class.ilPermissionGUI.php:664
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:596
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$ret
$ret
Definition: Structures_BibTex_example.php:7
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:213
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:14
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option &#39;you may add local roles&#39;...
Definition: class.ilPermissionGUI.php:762
ilObjRole\_getTranslation
_getTranslation($a_role_title)
Definition: class.ilObjRole.php:508
$cmd
$cmd
Definition: sahs_server.php:35
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:175
ilImport
Import class.
Definition: class.ilImport.php:11
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:944
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:571
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1874
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:161
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ilFormPropertyGUI\setInfo
setInfo($a_info)
Set Information Text.
Definition: class.ilFormPropertyGUI.php:131
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4964
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:442
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:582
$info
$info
Definition: example_052.php:80
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:198
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:15
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:13
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4890
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:102
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:16
ilObjectFactory\getInstanceByObjId
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:94
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1196
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:746
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4978
ilPermissionGUI\perm
perm(ilTable2GUI $table=NULL)
show permission table
Definition: class.ilPermissionGUI.php:116
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:642
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:533
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:34
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:37
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:19
ilTextInputGUI\setValidationRegexp
setValidationRegexp($a_value)
Set validation regexp.
Definition: class.ilTextInputGUI.php:97
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:16
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:289
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object. ...
Definition: class.ilObjectPermissionStatusGUI.php:15
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:19
ilFileInputGUI\setSuffixes
setSuffixes($a_suffixes)
Set Accepted Suffixes.
Definition: class.ilFileInputGUI.php:125
$log
$log
Definition: inc.setup_header.php:135
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:15
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:185