ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilSettingsPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
13 class ilSettingsPermissionGUI
14 {
15  protected $permissions = array(); // permissions selected by context
16  protected $base_permissions = array(); // base permissions of the object type (ops_id -> permission)
17  protected $base_permissions_by_op = array();// base permissions of the object type (permission -> ops_id)
18  protected $role_required_permissions = array();
19  protected $role_prohibited_permissions = array();
20 
26  function __construct($a_gui_obj)
27  {
28  global $objDefinition, $tpl, $ilCtrl, $lng, $rbacreview;
29 
30  $this->objDefinition = $objDefinition;
31  $this->tpl = $tpl;
32  $this->lng = $lng;
33  $this->lng->loadLanguageModule("rbac");
34 
35  $this->ctrl = $ilCtrl;
36 
37  $this->gui_obj = $a_gui_obj;
38  $this->obj = $a_gui_obj->object;
39  $this->red_id = $this->obj->getRefId();
40 
41 
42  foreach (ilRbacReview::_getOperationList($this->obj->getType()) as $p)
43  {
44  $this->base_permissions[$p["ops_id"]] = $p["operation"];
45  $this->base_permissions_by_op[$p["operation"]] = $p["ops_id"];
46  }
47 
48  $this->base_roles = $rbacreview->getParentRoleIds($this->obj->getRefId());
49  }
50 
54  function determineRoles()
55  {
56  global $rbacreview;
57 
58  $roles = array();
59  foreach ($this->base_roles as $k => $r)
60  {
61  $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
62  $use = true;
63  foreach ($this->getRoleRequiredPermissions() as $o)
64  {
65  if (!in_array($o, $ops))
66  {
67  $use = false;
68  }
69  }
70  foreach ($this->getRoleProhibitedPermissions() as $o)
71  {
72  if (in_array($o, $ops))
73  {
74  $use = false;
75  }
76  }
77  if ($use)
78  {
79  $roles[$k] = $r;
80  }
81  }
82  return $roles;
83  }
84 
85 
91  function setRoleRequiredPermissions($a_val)
92  {
93  if (is_array($a_val))
94  {
95  foreach ($a_val as $p)
96  {
97  if (in_array($p, $this->base_permissions))
98  {
99  $this->role_required_permissions[] = $this->base_permissions_by_op[$p];
100  }
101  }
102  }
103  }
104 
110  function getRoleRequiredPermissions()
111  {
112  return $this->role_required_permissions;
113  }
114 
120  function setRoleProhibitedPermissions($a_val)
121  {
122  if (is_array($a_val))
123  {
124  foreach ($a_val as $p)
125  {
126  if (in_array($p, $this->base_permissions))
127  {
128  $this->role_prohibited_permissions[] = $this->base_permissions_by_op[$p];
129  }
130  }
131  }
132  }
133 
139  function getRoleProhibitedPermissions()
140  {
141  return $this->role_prohibited_permissions;
142  }
143 
149  function setPermissions($a_val)
150  {
151  if (is_array($a_val))
152  {
153  foreach ($a_val as $p)
154  {
155  if (in_array($p, $this->base_permissions))
156  {
157  $this->permissions[$this->base_permissions_by_op[$p]] = $p;
158  }
159  }
160  }
161  }
162 
168  function getPermissions()
169  {
170  return $this->permissions;
171  }
172 
176  function executeCommand()
177  {
178  $cmd = $this->ctrl->getCmd("showForm");
179  if (in_array($cmd, array("showForm", "save")))
180  {
181  $this->$cmd();
182  }
183  }
184 
188  function showForm()
189  {
190  $form = $this->initPermissionForm();
191  $this->tpl->setContent($form->getHTML());
192  }
193 
194 
198  public function initPermissionForm()
199  {
200  global $rbacreview;
201 
202  include_once("Services/Form/classes/class.ilPropertyFormGUI.php");
203  $form = new ilPropertyFormGUI();
204 
205  $roles = $this->determineRoles();
206  $ops = array();
207  foreach ($roles as $r)
208  {
209  $ops[$r["rol_id"]] = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
210  }
211 
212  // for each permission, collect all roles that have the permission activated
213  $perm_roles = array();
214  foreach ($ops as $r => $o2)
215  {
216  foreach ($o2 as $o)
217  {
218  $perm_roles[$o][] = $r;
219  }
220  }
221 
222  // for each permission
223  foreach ($this->getPermissions() as $p)
224  {
225  // roles
226  $cb = new ilCheckboxGroupInputGUI($this->lng->txt($p), $p);
227  reset($roles);
228  foreach ($roles as $k => $r)
229  {
230  $option = new ilCheckboxOption($r["title"], $k);
231  $cb->addOption($option);
232  }
233  if (is_array($perm_roles[$this->base_permissions_by_op[$p]]))
234  {
235  $cb->setValue($perm_roles[$this->base_permissions_by_op[$p]]);
236  }
237  $form->addItem($cb);
238 
239  }
240 
241  $form->addCommandButton("save", $this->lng->txt("save"));
242 
243  $form->setTitle($this->lng->txt("rbac_permissions"));
244  $form->setFormAction($this->ctrl->getFormAction($this));
245 
246  return $form;
247  }
248 
252  public function save()
253  {
254  global $rbacreview, $rbacadmin;
255 
256  $form = $this->initPermissionForm();
257  if ($form->checkInput())
258  {
259  foreach ($this->determineRoles() as $r)
260  {
261  // get active operations for role
262  $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
263 
264  // revode all permissions for the role
265  $rbacadmin->revokePermission($this->obj->getRefId(), $r["rol_id"]);
266 
267  // for all permissions of the form...
268  foreach ($this->getPermissions() as $p)
269  {
270  $roles = $form->getInput($p);
271  if (!is_array($roles))
272  {
273  $roles = array();
274  }
275  $o = $this->base_permissions_by_op[$p];
276 
277  // ... if in original operations, but not checked, remove it from operations
278  if (in_array($o, $ops) && !in_array($r["rol_id"], $roles))
279  {
280  if(($key = array_search($o, $ops)) !== false) {
281  unset($ops[$key]);
282  }
283  }
284 
285  // ...if not in original operations, but checked, add to operations
286  if (!in_array($o, $ops) && in_array($r["rol_id"], $roles))
287  {
288  $ops[] = $o;
289  }
290  }
291 
292  // now grant resulting permissions
293  $rbacadmin->grantPermission(
294  $r["rol_id"],
295  array_unique($ops),
296  $this->obj->getRefId()
297  );
298  }
299 
300  ilUtil::sendSuccess($this->lng->txt("msg_obj_modified"), true);
301  $this->ctrl->redirect($this, "");
302  }
303  else
304  {
305  $form->setValuesByPost();
306  $this->tpl->setContent($form->getHtml());
307  }
308  }
309 
310 
311 }
312 
313 ?>
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:5008
ilSettingsPermissionGUI
UI class for handling permissions that can be configured having the write permission for an object...
Definition: class.ilSettingsPermissionGUI.php:13
ilCheckboxOption
This class represents an option in a checkbox group.
Definition: class.ilCheckboxOption.php:31
ilSettingsPermissionGUI\initPermissionForm
initPermissionForm()
Init permission form.
Definition: class.ilSettingsPermissionGUI.php:198
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$cmd
$cmd
Definition: sahs_server.php:35
ilSettingsPermissionGUI\setPermissions
setPermissions($a_val)
Set permissions.
Definition: class.ilSettingsPermissionGUI.php:149
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:2066
$tpl
global $tpl
Definition: ilias.php:8
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$r
$r
Definition: example_031.php:79
ilSettingsPermissionGUI\setRoleRequiredPermissions
setRoleRequiredPermissions($a_val)
Set role required permissions (this permissions are required for a role to be listed) ...
Definition: class.ilSettingsPermissionGUI.php:91
ilCheckboxGroupInputGUI
This class represents a property in a property form.
Definition: class.ilCheckboxGroupInputGUI.php:33
ilSettingsPermissionGUI\setRoleProhibitedPermissions
setRoleProhibitedPermissions($a_val)
Set role prohibited permissions (this permissions are prohibited for a role to be listed) ...
Definition: class.ilSettingsPermissionGUI.php:120
ilSettingsPermissionGUI\getRoleProhibitedPermissions
getRoleProhibitedPermissions()
Get role prohibited permissions.
Definition: class.ilSettingsPermissionGUI.php:139
ilSettingsPermissionGUI\getRoleRequiredPermissions
getRoleRequiredPermissions()
Get role required permissions.
Definition: class.ilSettingsPermissionGUI.php:110
$lng
global $lng
Definition: privfeed.php:40
ilSettingsPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilSettingsPermissionGUI.php:26