ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilSettingsPermissionGUI.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE */
4
14{
15 protected $permissions = array(); // permissions selected by context
16 protected $base_permissions = array(); // base permissions of the object type (ops_id -> permission)
17 protected $base_permissions_by_op = array();// base permissions of the object type (permission -> ops_id)
18 protected $role_required_permissions = array();
19 protected $role_prohibited_permissions = array();
20
26 function __construct($a_gui_obj)
27 {
28 global $objDefinition, $tpl, $ilCtrl, $lng, $rbacreview;
29
30 $this->objDefinition = $objDefinition;
31 $this->tpl = $tpl;
32 $this->lng = $lng;
33 $this->lng->loadLanguageModule("rbac");
34
35 $this->ctrl = $ilCtrl;
36
37 $this->gui_obj = $a_gui_obj;
38 $this->obj = $a_gui_obj->object;
39 $this->red_id = $this->obj->getRefId();
40
41
42 foreach (ilRbacReview::_getOperationList($this->obj->getType()) as $p)
43 {
44 $this->base_permissions[$p["ops_id"]] = $p["operation"];
45 $this->base_permissions_by_op[$p["operation"]] = $p["ops_id"];
46 }
47
48 $this->base_roles = $rbacreview->getParentRoleIds($this->obj->getRefId());
49 }
50
54 function determineRoles()
55 {
56 global $rbacreview;
57
58 $roles = array();
59 foreach ($this->base_roles as $k => $r)
60 {
61 $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
62 $use = true;
63 foreach ($this->getRoleRequiredPermissions() as $o)
64 {
65 if (!in_array($o, $ops))
66 {
67 $use = false;
68 }
69 }
70 foreach ($this->getRoleProhibitedPermissions() as $o)
71 {
72 if (in_array($o, $ops))
73 {
74 $use = false;
75 }
76 }
77 if ($use)
78 {
79 $roles[$k] = $r;
80 }
81 }
82 return $roles;
83 }
84
85
92 {
93 if (is_array($a_val))
94 {
95 foreach ($a_val as $p)
96 {
97 if (in_array($p, $this->base_permissions))
98 {
99 $this->role_required_permissions[] = $this->base_permissions_by_op[$p];
100 }
101 }
102 }
103 }
104
111 {
113 }
114
121 {
122 if (is_array($a_val))
123 {
124 foreach ($a_val as $p)
125 {
126 if (in_array($p, $this->base_permissions))
127 {
128 $this->role_prohibited_permissions[] = $this->base_permissions_by_op[$p];
129 }
130 }
131 }
132 }
133
140 {
142 }
143
149 function setPermissions($a_val)
150 {
151 if (is_array($a_val))
152 {
153 foreach ($a_val as $p)
154 {
155 if (in_array($p, $this->base_permissions))
156 {
157 $this->permissions[$this->base_permissions_by_op[$p]] = $p;
158 }
159 }
160 }
161 }
162
168 function getPermissions()
169 {
170 return $this->permissions;
171 }
172
176 function executeCommand()
177 {
178 $cmd = $this->ctrl->getCmd("showForm");
179 if (in_array($cmd, array("showForm", "save")))
180 {
181 $this->$cmd();
182 }
183 }
184
188 function showForm()
189 {
190 $form = $this->initPermissionForm();
191 $this->tpl->setContent($form->getHTML());
192 }
193
194
198 public function initPermissionForm()
199 {
200 global $rbacreview;
201
202 include_once("Services/Form/classes/class.ilPropertyFormGUI.php");
203 $form = new ilPropertyFormGUI();
204
205 $roles = $this->determineRoles();
206 $ops = array();
207 foreach ($roles as $r)
208 {
209 $ops[$r["rol_id"]] = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
210 }
211
212 // for each permission, collect all roles that have the permission activated
213 $perm_roles = array();
214 foreach ($ops as $r => $o2)
215 {
216 foreach ($o2 as $o)
217 {
218 $perm_roles[$o][] = $r;
219 }
220 }
221
222 // for each permission
223 foreach ($this->getPermissions() as $p)
224 {
225 // roles
226 $cb = new ilCheckboxGroupInputGUI($this->lng->txt($p), $p);
227 reset($roles);
228 foreach ($roles as $k => $r)
229 {
230 $option = new ilCheckboxOption($r["title"], $k);
231 $cb->addOption($option);
232 }
233 if (is_array($perm_roles[$this->base_permissions_by_op[$p]]))
234 {
235 $cb->setValue($perm_roles[$this->base_permissions_by_op[$p]]);
236 }
237 $form->addItem($cb);
238
239 }
240
241 $form->addCommandButton("save", $this->lng->txt("save"));
242
243 $form->setTitle($this->lng->txt("rbac_permissions"));
244 $form->setFormAction($this->ctrl->getFormAction($this));
245
246 return $form;
247 }
248
252 public function save()
253 {
254 global $rbacreview, $rbacadmin;
255
256 $form = $this->initPermissionForm();
257 if ($form->checkInput())
258 {
259 foreach ($this->determineRoles() as $r)
260 {
261 // get active operations for role
262 $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
263
264 // revode all permissions for the role
265 $rbacadmin->revokePermission($this->obj->getRefId(), $r["rol_id"]);
266
267 // for all permissions of the form...
268 foreach ($this->getPermissions() as $p)
269 {
270 $roles = $form->getInput($p);
271 if (!is_array($roles))
272 {
273 $roles = array();
274 }
275 $o = $this->base_permissions_by_op[$p];
276
277 // ... if in original operations, but not checked, remove it from operations
278 if (in_array($o, $ops) && !in_array($r["rol_id"], $roles))
279 {
280 if(($key = array_search($o, $ops)) !== false) {
281 unset($ops[$key]);
282 }
283 }
284
285 // ...if not in original operations, but checked, add to operations
286 if (!in_array($o, $ops) && in_array($r["rol_id"], $roles))
287 {
288 $ops[] = $o;
289 }
290 }
291
292 // now grant resulting permissions
293 $rbacadmin->grantPermission(
294 $r["rol_id"],
295 array_unique($ops),
296 $this->obj->getRefId()
297 );
298 }
299
300 ilUtil::sendSuccess($this->lng->txt("msg_obj_modified"), true);
301 $this->ctrl->redirect($this, "");
302 }
303 else
304 {
305 $form->setValuesByPost();
306 $this->tpl->setContent($form->getHtml());
307 }
308 }
309
310
311}
312
313?>
global $tpl
Definition: ilias.php:8
This class represents a property in a property form.
This class represents an option in a checkbox group.
This class represents a property form user interface.
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
UI class for handling permissions that can be configured having the write permission for an object.
setPermissions($a_val)
Set permissions.
getRoleProhibitedPermissions()
Get role prohibited permissions.
getRoleRequiredPermissions()
Get role required permissions.
setRoleRequiredPermissions($a_val)
Set role required permissions (this permissions are required for a role to be listed)
setRoleProhibitedPermissions($a_val)
Set role prohibited permissions (this permissions are prohibited for a role to be listed)
initPermissionForm()
Init permission form.
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
$r
Definition: example_031.php:79
global $ilCtrl
Definition: ilias.php:18
global $lng
Definition: privfeed.php:40
$cmd
Definition: sahs_server.php:35