ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once "./Services/Object/classes/class.ilObjectGUI.php";
5 include_once './Services/AccessControl/classes/class.ilObjRole.php';
6 
20 {
21  const MODE_GLOBAL_UPDATE = 1;
22  const MODE_GLOBAL_CREATE = 2;
23  const MODE_LOCAL_UPDATE = 3;
24  const MODE_LOCAL_CREATE = 4;
25 
31  var $type;
32 
33 
34  protected $obj_ref_id = 0;
35  protected $obj_obj_id = 0;
36  protected $obj_obj_type = '';
37  protected $container_type = '';
38 
39 
40  var $ctrl;
41 
46  function __construct($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
47  {
48  global $tree,$lng;
49 
50  $lng->loadLanguageModule('rbac');
51 
52  //TODO: move this to class.ilias.php
53  define("USER_FOLDER_ID",7);
54 
55  // Add ref_id of object that contains this role folder
56 
57  $this->obj_ref_id =
58  ((int) $_REQUEST['rolf_ref_id'] ?
59  (int) $_REQUEST['rolf_ref_id'] :
60  (int) $_REQUEST['ref_id']
61  );
62 
63  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
64  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
65 
66  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
67 
68  $this->type = "role";
69  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,false);
70  $this->ctrl->saveParameter($this, array('obj_id', 'rolf_ref_id'));
71  }
72 
73 
74  function &executeCommand()
75  {
76  global $rbacsystem;
77 
78  $this->prepareOutput();
79 
80  $next_class = $this->ctrl->getNextClass($this);
81  $cmd = $this->ctrl->getCmd();
82 
83  switch($next_class)
84  {
85  case 'ilrepositorysearchgui':
86 
87  if(!$GLOBALS['ilAccess']->checkAccess('edit_permission','', $this->obj_ref_id))
88  {
89  $GLOBALS['ilErr']->raiseError($GLOBALS['lng']->txt('permission_denied'), $GLOBALS['ilErr']->WARNING);
90  }
91  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
92  $rep_search =& new ilRepositorySearchGUI();
93  $rep_search->setTitle($this->lng->txt('role_add_user'));
94  $rep_search->setCallback($this,'addUserObject');
95 
96  // Set tabs
97  $this->tabs_gui->setTabActive('user_assignment');
98  $this->ctrl->setReturn($this,'userassignment');
99  $ret =& $this->ctrl->forwardCommand($rep_search);
100  break;
101 
102  case 'ilexportgui':
103 
104  $this->tabs_gui->setTabActive('export');
105 
106  include_once './Services/Export/classes/class.ilExportOptions.php';
108  $eo->addOption(ilExportOptions::KEY_ROOT,0,$this->object->getId(),$this->obj_ref_id);
109 
110  include_once './Services/Export/classes/class.ilExportGUI.php';
111  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
112  $exp->addFormat('xml');
113  $this->ctrl->forwardCommand($exp);
114  break;
115 
116  default:
117  if(!$cmd)
118  {
119  if($this->showDefaultPermissionSettings())
120  {
121  $cmd = "perm";
122  }
123  else
124  {
125  $cmd = 'userassignment';
126  }
127  }
128  $cmd .= "Object";
129  $this->$cmd();
130 
131  break;
132  }
133 
134  return true;
135  }
136 
141  public function getParentRefId()
142  {
143  return $this->obj_ref_id;
144  }
145 
150  public function getParentObjId()
151  {
152  return $this->obj_obj_id;
153  }
154 
159  public function getParentType()
160  {
161  return $this->obj_obj_type;
162  }
163 
167  function setBackTarget($a_text, $a_link)
168  {
169  $this->back_target = array("text" => $a_text,
170  "link" => $a_link);
171  }
172 
173  public function getBackTarget()
174  {
175  return $this->back_target ? $this->back_target : array();
176  }
177 
181  function getAdminTabs(&$tabs_gui)
182  {
183  $this->getTabs($tabs_gui);
184  }
185 
190  protected function getContainerType()
191  {
192  return $this->container_type;
193  }
194 
199  protected function showDefaultPermissionSettings()
200  {
201  global $objDefinition;
202 
203  return $objDefinition->isContainer($this->getContainerType());
204  }
205 
206 
208  {
209  global $rbacsystem,$rbacreview;
210 
211  if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
212  $this->obj_ref_id != ROLE_FOLDER_ID)
213  {
214  ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
215  return true;
216  }
217 
218  if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
219  {
220  $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
221  }
222 
223  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemsTableGUI.php';
224  $tbl = new ilRoleDesktopItemsTableGUI($this, 'listDesktopItems', $this->object);
225  $this->tpl->setContent($tbl->getHTML());
226 
227  return true;
228  }
229 
231  {
232  global $rbacsystem;
233 
234 
235  if(!$this->checkAccess('edit_permission'))
236  {
237  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
238  }
239  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
240  {
241  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
242  }
243  if(!count($_POST['del_desk_item']))
244  {
245  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
246 
247  $this->listDesktopItemsObject();
248 
249  return true;
250  }
251 
252  include_once("./Services/Utilities/classes/class.ilConfirmationGUI.php");
253  $confirmation_gui = new ilConfirmationGUI();
254  $confirmation_gui->setFormAction($this->ctrl->getFormAction($this));
255  $confirmation_gui->setHeaderText($this->lng->txt('role_assigned_desk_items').
256  ' "'.$this->object->getTitle().'": '.
257  $this->lng->txt('role_sure_delete_desk_items'));
258  $confirmation_gui->setCancel($this->lng->txt("cancel"), "listDesktopItems");
259  $confirmation_gui->setConfirm($this->lng->txt("delete"), "deleteDesktopItems");
260 
261  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
262  $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
263  $counter = 0;
264  foreach($_POST['del_desk_item'] as $role_item_id)
265  {
266  $item_data = $role_desk_item_obj->getItem($role_item_id);
267  $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
268 
269  if(strlen($desc = $tmp_obj->getDescription()))
270  {
271  $desc = '<div class="il_Description_no_margin">'.$desc.'</div>';
272  }
273 
274  $confirmation_gui->addItem("del_desk_item[]", $role_item_id, $tmp_obj->getTitle().$desc);
275  }
276 
277  $this->tpl->setContent($confirmation_gui->getHTML());
278 
279  return true;
280  }
281 
283  {
284  global $rbacsystem;
285 
286  if(!$this->checkAccess('edit_permission'))
287  {
288  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
289  }
290 
291  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
292  {
293  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
294  }
295 
296  if (!count($_POST['del_desk_item']))
297  {
298  ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
299 
300  $this->listDesktopItemsObject();
301 
302  return true;
303  }
304 
305  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
306 
307  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
308 
309  foreach ($_POST['del_desk_item'] as $role_item_id)
310  {
311  $role_desk_item_obj->delete($role_item_id);
312  }
313 
314  ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
315  $this->listDesktopItemsObject();
316 
317  return true;
318  }
319 
320 
322  {
323  global $rbacsystem,$tree;
324 
325  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
326  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
327 
328  if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
329  {
330  #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
331  ilUtil::sendFailure($this->lng->txt('permission_denied'));
332  $this->listDesktopItemsObject();
333  return false;
334  }
335 
336  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
337  $this->__showButton('listDesktopItems',$this->lng->txt('back'));
338 
339  ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
340 
341  $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
342  new ilRoleDesktopItem($this->object->getId()));
343  $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
344  $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
345 
346  $exp->setOutput(0);
347 
348  $output = $exp->getOutput();
349  $this->tpl->setVariable("EXPLORER",$output);
350  //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
351 
352  return true;
353  }
354 
356  {
357  global $rbacsystem;
358 
359  if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
360  {
361  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
362  return false;
363  }
364 
365 
366  if (!isset($_GET['item_id']))
367  {
368  ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
369  $this->selectDesktopItemObject();
370 
371  return false;
372  }
373 
374  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
375 
376  $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
377  $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
378 
379  ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
380 
381  $this->ctrl->redirect($this,'listDesktopItems');
382  return true;
383  }
384 
390  protected function initFormRoleProperties($a_mode)
391  {
392  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
393  $this->form = new ilPropertyFormGUI();
394 
395  if($this->creation_mode)
396  {
397  $this->ctrl->setParameter($this, "new_type", 'role');
398  }
399  $this->form->setFormAction($this->ctrl->getFormAction($this));
400 
401  switch($a_mode)
402  {
403  case self::MODE_GLOBAL_CREATE:
404  $this->form->setTitle($this->lng->txt('role_new'));
405  $this->form->addCommandButton('save',$this->lng->txt('role_new'));
406  break;
407 
408  case self::MODE_GLOBAL_UPDATE:
409  $this->form->setTitle($this->lng->txt('role_edit'));
410  $this->form->addCommandButton('update', $this->lng->txt('save'));
411  break;
412 
413  case self::MODE_LOCAL_CREATE:
414  case self::MODE_LOCAL_UPDATE:
415  }
416  // Fix cancel
417  $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
418 
419  $title = new ilTextInputGUI($this->lng->txt('title'),'title');
420  if(ilObjRole::isAutoGenerated($this->object->getId()))
421  {
422  $title->setDisabled(true);
423  }
424  else
425  {
426  //#17111 No validation for disabled fields
427  $title->setValidationRegexp('/^(?!il_).*$/');
428  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
429  }
430 
431  $title->setSize(40);
432  $title->setMaxLength(70);
433  $title->setRequired(true);
434  $this->form->addItem($title);
435 
436  $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
437  if(ilObjRole::isAutoGenerated($this->object->getId()))
438  {
439  $desc->setDisabled(true);
440  }
441  $desc->setCols(40);
442  $desc->setRows(3);
443  $this->form->addItem($desc);
444 
445  if($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE)
446  {
447  $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
448  $this->form->addItem($ilias_id);
449  }
450 
451  if($this->obj_ref_id == ROLE_FOLDER_ID)
452  {
453  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'),'reg');
454  $reg->setValue(1);
455  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
456  $this->form->addItem($reg);
457 
458  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'),'la');
459  $la->setValue(1);
460  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
461  $this->form->addItem($la);
462  }
463 
464  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
465  $pro->setValue(1);
466  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
467  $this->form->addItem($pro);
468 
469  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
471  {
472  $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'),'disk_quota');
473  $quo->setMinValue(0);
474  $quo->setSize(4);
475  $quo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
476  $this->form->addItem($quo);
477  }
479  {
480  $this->lng->loadLanguageModule("file");
481  $wquo = new ilNumberInputGUI($this->lng->txt('personal_workspace_disk_quota'),'wsp_disk_quota');
482  $wquo->setMinValue(0);
483  $wquo->setSize(4);
484  $wquo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
485  $this->form->addItem($wquo);
486  }
487 
488  return true;
489  }
490 
496  protected function loadRoleProperties(ilObjRole $role)
497  {
498  //Don't set if fields are disabled to prevent html manipulation.
499  if(!$this->form->getItemByPostVar('title')->getDisabled())
500  {
501  $role->setTitle($this->form->getInput('title'));
502 
503  }
504  if(!$this->form->getItemByPostVar('desc')->getDisabled())
505  {
506  $role->setDescription($this->form->getInput('desc'));
507  }
508  $role->setAllowRegister($this->form->getInput('reg'));
509  $role->toggleAssignUsersStatus($this->form->getInput('la'));
510  $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
511  $role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
512  return true;
513  }
514 
520  protected function readRoleProperties(ilObjRole $role)
521  {
522  global $rbacreview;
523 
524  include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
525 
526  $data['title'] = $role->getTitle();
527  $data['desc'] = $role->getDescription();
528  $data['ilias_id'] = 'il_'.IL_INST_ID.'_'.ilObject::_lookupType($role->getId()).'_'.$role->getId();
529  $data['reg'] = $role->getAllowRegister();
530  $data['la'] = $role->getAssignUsersStatus();
532  {
533  $data['disk_quota'] = $role->getDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
534  }
536  {
537  $data['wsp_disk_quota'] = $role->getPersonalWorkspaceDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
538  }
539  $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
540 
541  $this->form->setValuesByArray($data);
542  }
543 
544 
545 
546 
552  public function createObject()
553  {
554  global $rbacsystem;
555 
556  if(!$rbacsystem->checkAccess('create_role',$this->obj_ref_id))
557  {
558  $ilErr->raiseError($this->lng->txt('permission_denied'),$ilErr->MESSAGE);
559  }
560 
561  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
562  $this->tpl->setContent($this->form->getHTML());
563  }
564 
569  public function editObject()
570  {
571  global $rbacsystem, $rbacreview, $ilSetting,$ilErr,$ilToolbar;
572 
573  if(!$this->checkAccess('write','edit_permission'))
574  {
575  $ilErr->raiseError($this->lng->txt("msg_no_perm_write"),$ilErr->MESSAGE);
576  }
577 
578  // Show copy role button
579  if($this->object->getId() != SYSTEM_ROLE_ID)
580  {
581  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
582  if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
583  {
584  $ilToolbar->addButton(
585  $this->lng->txt('rbac_delete_role'),
586  $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
587  );
588  }
589  }
590 
591  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
592  $this->readRoleProperties($this->object);
593  $this->tpl->setContent($this->form->getHTML());
594  }
595 
596 
601  public function saveObject()
602  {
603  global $rbacadmin,$rbacreview;
604 
605  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
606  if($this->form->checkInput() and !$this->checkDuplicate())
607  {
608  include_once './Services/AccessControl/classes/class.ilObjRole.php';
609  $this->loadRoleProperties($this->role = new ilObjRole());
610  $this->role->create();
611  $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id,'y');
612  $rbacadmin->setProtected(
613  $this->obj_ref_id,
614  $this->role->getId(),
615  $this->form->getInput('pro') ? 'y' : 'n'
616  );
617  ilUtil::sendSuccess($this->lng->txt("role_added"),true);
618  $this->ctrl->setParameter($this,'obj_id',$this->role->getId());
619  $this->ctrl->redirect($this,'perm');
620  }
621 
622  ilUtil::sendFailure($this->lng->txt('err_check_input'));
623  $this->form->setValuesByPost();
624  $this->tpl->setContent($this->form->getHTML());
625  return false;
626  }
627 
632  protected function checkDuplicate($a_role_id = 0)
633  {
634  // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
635  return FALSE;
636  }
637 
642  public function updateObject()
643  {
644  global $rbacadmin;
645 
646  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
647  if($this->form->checkInput() and !$this->checkDuplicate($this->object->getId()))
648  {
649  include_once './Services/AccessControl/classes/class.ilObjRole.php';
650  $this->loadRoleProperties($this->object);
651  $this->object->update();
652  $rbacadmin->setProtected(
653  $this->obj_ref_id,
654  $this->object->getId(),
655  $this->form->getInput('pro') ? 'y' : 'n'
656  );
657  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
658  $this->ctrl->redirect($this,'edit');
659  }
660 
661  ilUtil::sendFailure($this->lng->txt('err_check_input'));
662  $this->form->setValuesByPost();
663  $this->tpl->setContent($this->form->getHTML());
664  return false;
665  }
666 
671  protected function permObject($a_show_admin_permissions = false)
672  {
673  global $ilTabs, $ilErr, $ilToolbar, $objDefinition,$rbacreview;
674 
675  $ilTabs->setTabActive('default_perm_settings');
676 
677  $this->setSubTabs('default_perm_settings');
678 
679  if($a_show_admin_permissions)
680  {
681  $ilTabs->setSubTabActive('rbac_admin_permissions');
682  }
683  else
684  {
685  $ilTabs->setSubTabActive('rbac_repository_permissions');
686  }
687 
688  if(!$this->checkAccess('write','edit_permission'))
689  {
690  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->MESSAGE);
691  return true;
692  }
693 
694  // Show copy role button
695  if($this->object->getId() != SYSTEM_ROLE_ID)
696  {
697  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
698  $ilToolbar->addButton(
699  $this->lng->txt("adopt_perm_from_template"),
700  $this->ctrl->getLinkTarget($this,'adoptPerm')
701  );
702  if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
703  {
704  $ilToolbar->addButton(
705  $this->lng->txt('rbac_delete_role'),
706  $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
707  );
708  }
709  }
710 
711  $this->tpl->addBlockFile(
712  'ADM_CONTENT',
713  'adm_content',
714  'tpl.rbac_template_permissions.html',
715  'Services/AccessControl'
716  );
717 
718  $this->tpl->setVariable('PERM_ACTION',$this->ctrl->getFormAction($this));
719 
720  include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
721  $acc = new ilAccordionGUI();
722  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
723  $acc->setId('template_perm_'.$this->getParentRefId());
724 
725  if($this->obj_ref_id == ROLE_FOLDER_ID)
726  {
727  if($a_show_admin_permissions)
728  {
729  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
730  }
731  else
732  {
733  $subs = $objDefinition->getSubObjectsRecursively('root',true,$a_show_admin_permissions);
734  }
735  }
736  else
737  {
738  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,$a_show_admin_permissions);
739  }
740 
741  $sorted = array();
742  foreach($subs as $subtype => $def)
743  {
744  if($objDefinition->isPlugin($subtype))
745  {
746  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
747  }
748  elseif($objDefinition->isSystemObject($subtype))
749  {
750  $translation = $this->lng->txt("obj_".$subtype);
751  }
752  else
753  {
754  $translation = $this->lng->txt('objs_'.$subtype);
755  }
756 
757  $sorted[$subtype] = $def;
758  $sorted[$subtype]['translation'] = $translation;
759  }
760 
761 
762  $sorted = ilUtil::sortArray($sorted, 'translation','asc',true,true);
763  foreach($sorted as $subtype => $def)
764  {
765  if($objDefinition->isPlugin($subtype))
766  {
767  $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
768  }
769  elseif($objDefinition->isSystemObject($subtype))
770  {
771  $translation = $this->lng->txt("obj_".$subtype);
772  }
773  else
774  {
775  $translation = $this->lng->txt('objs_'.$subtype);
776  }
777 
778  include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
780  $this,
781  'perm',
782  $this->getParentRefId(),
783  $this->object->getId(),
784  $subtype,
785  $a_show_admin_permissions
786  );
787  $tbl->parse();
788 
789  $acc->addItem($translation, $tbl->getHTML());
790  }
791 
792  $this->tpl->setVariable('ACCORDION',$acc->getHTML());
793 
794  // Add options table
795  include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
797  $this,
798  'perm',
799  $this->obj_ref_id,
800  $this->object->getId(),
801  $a_show_admin_permissions
802  );
803  if($this->object->getId() != SYSTEM_ROLE_ID)
804  {
805  $options->addMultiCommand(
806  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
807  $this->lng->txt('save')
808  );
809  }
810 
811  $options->parse();
812  $this->tpl->setVariable('OPTIONS_TABLE',$options->getHTML());
813  }
814 
819  protected function adminPermObject()
820  {
821  return $this->permObject(true);
822  }
823 
828  protected function adminPermSaveObject()
829  {
830  return $this->permSaveObject(true);
831  }
832 
833  protected function adoptPermObject()
834  {
835  global $rbacreview;
836 
837  $output = array();
838 
839  $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
840  $ids = array();
841  foreach($parent_role_ids as $id => $tmp)
842  {
843  $ids[] = $id;
844  }
845  // Sort ids
846  $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
847  $key = 0;
848  foreach($sorted_ids as $id)
849  {
850  $par = $parent_role_ids[$id];
851  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"])
852  {
853  $output[$key]["role_id"] = $par["obj_id"];
854  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
855  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
856  $output[$key]["role_desc"] = $par["desc"];
857  $key++;
858  }
859  }
860 
861 
862  include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
863 
864  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
865  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
866  $tbl->setData($output);
867 
868  $this->tpl->setContent($tbl->getHTML());
869  }
870 
875  protected function confirmDeleteRoleObject()
876  {
877  global $ilErr,$rbacreview,$ilUser;
878 
879  $access = $this->checkAccess('visible,write','edit_permission');
880  if (!$access)
881  {
882  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
883  }
884 
885  $question = $this->lng->txt('rbac_role_delete_qst');
886  if($rbacreview->isAssigned($ilUser->getId(), $this->object->getId()))
887  {
888  $question .= ('<br />'.$this->lng->txt('rbac_role_delete_self'));
889  }
890  ilUtil::sendQuestion($question);
891 
892  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
893 
894  $confirm = new ilConfirmationGUI();
895  $confirm->setFormAction($this->ctrl->getFormAction($this));
896  $confirm->setHeaderText($question);
897  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
898  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
899 
900  $confirm->addItem(
901  'role',
902  $this->object->getId(),
903  $this->object->getTitle(),
904  ilUtil::getImagePath('icon_role.svg')
905  );
906 
907  $this->tpl->setContent($confirm->getHTML());
908  return true;
909  }
910 
911 
916  protected function performDeleteRoleObject()
917  {
918  global $ilErr;
919 
920  $access = $this->checkAccess('visible,write','edit_permission');
921  if (!$access)
922  {
923  $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
924  }
925 
926  $this->object->setParent((int) $this->obj_ref_id);
927  $this->object->delete();
928  ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'),true);
929 
930  $this->ctrl->returnToParent($this);
931  }
932 
938  function permSaveObject($a_show_admin_permissions = false)
939  {
940  global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
941 
942  // for role administration check write of global role folder
943  $access = $this->checkAccess('visible,write','edit_permission');
944 
945  if (!$access)
946  {
947  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
948  }
949 
950  // rbac log
951  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
952  $rbac_log_active = ilRbacLog::isActive();
953  if($rbac_log_active)
954  {
955  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
956  }
957 
958  // delete all template entries of enabled types
959  if($this->obj_ref_id == ROLE_FOLDER_ID)
960  {
961  if($a_show_admin_permissions)
962  {
963  $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
964  }
965  else
966  {
967  $subs = $objDefinition->getSubObjectsRecursively('root',true,false);
968  }
969  }
970  else
971  {
972  $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,false);
973  }
974 
975  foreach($subs as $subtype => $def)
976  {
977  // Delete per object type
978  $rbacadmin->deleteRolePermission($this->object->getId(),$this->obj_ref_id,$subtype);
979  }
980 
981  if (empty($_POST["template_perm"]))
982  {
983  $_POST["template_perm"] = array();
984  }
985 
986  foreach ($_POST["template_perm"] as $key => $ops_array)
987  {
988  // sets new template permissions
989  $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
990  }
991 
992  if($rbac_log_active)
993  {
994  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
995  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
996  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
997  }
998 
999  // update object data entry (to update last modification date)
1000  $this->object->update();
1001 
1002  // set protected flag
1003  if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id))
1004  {
1005  $rbacadmin->setProtected($this->obj_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1006  }
1007 
1008  if($a_show_admin_permissions)
1009  {
1010  $_POST['recursive'] = true;
1011  }
1012 
1013  // Redirect if Change existing objects is not chosen
1014  if(!$_POST['recursive'] and !is_array($_POST['recursive_list']))
1015  {
1016  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1017  if($a_show_admin_permissions)
1018  {
1019  $this->ctrl->redirect($this,'adminPerm');
1020  }
1021  else
1022  {
1023  $this->ctrl->redirect($this,'perm');
1024  }
1025  }
1026  // New implementation
1027  if($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions)
1028  {
1030  return true;
1031  }
1032 
1033  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1034  if($a_show_admin_permissions)
1035  {
1036  $start = $tree->getParentId($this->obj_ref_id);
1037  }
1038 
1039  if($_POST['protected'])
1040  {
1041  $this->object->changeExistingObjects(
1042  $start,
1044  array('all'),
1045  array()
1046  #$a_show_admin_permissions ? array('adm') : array()
1047  );
1048  }
1049  else
1050  {
1051  $this->object->changeExistingObjects(
1052  $start,
1054  array('all'),
1055  array()
1056  #$a_show_admin_permissions ? array('adm') : array()
1057  );
1058  }
1059  ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1060 
1061  if($a_show_admin_permissions)
1062  {
1063  $this->ctrl->redirect($this,'adminPerm');
1064  }
1065  else
1066  {
1067  $this->ctrl->redirect($this,'perm');
1068  }
1069  return true;
1070  }
1071 
1072 
1079  {
1080  global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1081 
1082  if(!$_POST['adopt'])
1083  {
1084  ilUtil::sendFailure($this->lng->txt('select_one'));
1085  $this->adoptPermObject();
1086  return false;
1087  }
1088 
1089  $access = $this->checkAccess('visible,write','edit_permission');
1090  if (!$access)
1091  {
1092  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1093  }
1094 
1095  if ($this->object->getId() == $_POST["adopt"])
1096  {
1097  ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"),true);
1098  }
1099  else
1100  {
1101  $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
1102  $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
1103  $rbacadmin->copyRoleTemplatePermissions(
1104  $_POST["adopt"],
1105  $parentRoles[$_POST["adopt"]]["parent"],
1106  $this->obj_ref_id,
1107  $this->object->getId(),
1108  false);
1109 
1110  // update object data entry (to update last modification date)
1111  $this->object->update();
1112 
1113  // send info
1114  $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1115  ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1116  $this->lng->txt("msg_perm_adopted_from2"),true);
1117  }
1118 
1119  $this->ctrl->redirect($this, "perm");
1120  }
1121 
1127  function assignSaveObject()
1128  {
1129  $this->assignUserObject();
1130  }
1131 
1132 
1133 
1139  public function addUserObject($a_user_ids)
1140  {
1141  global $rbacreview,$rbacadmin;
1142 
1143  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1144  {
1145  ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'),true);
1146  return false;
1147  }
1148  if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
1149  $this->obj_ref_id != ROLE_FOLDER_ID)
1150  {
1151  ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'),true);
1152  return false;
1153  }
1154  if(!$a_user_ids)
1155  {
1156  $GLOBALS['lng']->loadLanguageModule('search');
1157  ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'),true);
1158  return false;
1159  }
1160 
1161  $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1162 
1163  // users to assign
1164  $assigned_users_new = array_diff($a_user_ids,array_intersect($a_user_ids,$assigned_users_all));
1165 
1166  // selected users all already assigned. stop
1167  if (count($assigned_users_new) == 0)
1168  {
1169  ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"),true);
1170  $this->ctrl->redirect($this,'userassignment');
1171  }
1172 
1173  // assign new users
1174  foreach ($assigned_users_new as $user)
1175  {
1176  $rbacadmin->assignUser($this->object->getId(),$user,false);
1177  }
1178 
1179  // update object data entry (to update last modification date)
1180  $this->object->update();
1181 
1182  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"),true);
1183  $this->ctrl->redirect($this,'userassignment');
1184  }
1185 
1192  {
1193  global $rbacsystem, $rbacadmin, $rbacreview;
1194 
1195  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1196  {
1197  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1198  }
1199 
1200  $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1201 
1202  if ($selected_users[0]=== NULL)
1203  {
1204  $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1205  }
1206 
1207  // prevent unassignment of system user from system role
1208  if ($this->object->getId() == SYSTEM_ROLE_ID)
1209  {
1210  if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1211  unset($selected_users[$admin]);
1212  }
1213 
1214  // check for each user if the current role is his last global role before deassigning him
1215  $last_role = array();
1216  $global_roles = $rbacreview->getGlobalRoles();
1217 
1218  foreach ($selected_users as $user)
1219  {
1220  $assigned_roles = $rbacreview->assignedRoles($user);
1221  $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1222 
1223  if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1224  {
1225  $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1226  $last_role[$user] = $userObj->getFullName();
1227  unset($userObj);
1228  }
1229  }
1230 
1231 
1232  // ... else perform deassignment
1233  foreach ($selected_users as $user)
1234  {
1235  if(!isset($last_role[$user]))
1236  {
1237  $rbacadmin->deassignUser($this->object->getId(), $user);
1238  }
1239  }
1240 
1241  // update object data entry (to update last modification date)
1242  $this->object->update();
1243 
1244  // raise error if last role was taken from a user...
1245  if(count($last_role))
1246  {
1247  $user_list = implode(", ",$last_role);
1248  ilUtil::sendFailure($this->lng->txt('msg_is_last_role').': '.$user_list.'<br />'.$this->lng->txt('msg_min_one_role'),true);
1249  }
1250  else
1251  {
1252  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1253  }
1254  $this->ctrl->redirect($this,'userassignment');
1255  }
1256 
1257 
1262  {
1263  global $rbacreview, $rbacsystem, $lng, $ilUser;
1264 
1265  if(!$this->checkAccess('edit_userassignment','edit_permission'))
1266  {
1267  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1268  }
1269 
1270  $this->tabs_gui->setTabActive('user_assignment');
1271 
1272  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.rbac_ua.html','Services/AccessControl');
1273 
1274  include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1275  $tb = new ilToolbarGUI();
1276 
1277  // protected admin role
1278  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1279  if(
1280  $this->object->getId() != SYSTEM_ROLE_ID ||
1281  (
1282  !$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID) or
1283  !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1284  )
1285  )
1286  {
1287 
1288 
1289  // add member
1290  include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1292  $this,
1293  $tb,
1294  array(
1295  'auto_complete_name' => $lng->txt('user'),
1296  'submit_name' => $lng->txt('add')
1297  )
1298  );
1299 
1300  /*
1301  // add button
1302  $tb->addFormButton($lng->txt("add"), "assignUser");
1303  */
1304  $tb->addSpacer();
1305 
1306  $tb->addButton(
1307  $this->lng->txt('search_user'),
1308  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI','start')
1309  );
1310  $tb->addSpacer();
1311  }
1312 
1313  $tb->addButton(
1314  $this->lng->txt('role_mailto'),
1315  $this->ctrl->getLinkTarget($this,'mailToRole')
1316  );
1317  $this->tpl->setVariable('BUTTONS_UA',$tb->getHTML());
1318 
1319 
1320  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1321  $role_assignment_editable = true;
1322  if(
1323  $this->object->getId() == SYSTEM_ROLE_ID &&
1324  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId()))
1325  {
1326  $role_assignment_editable = false;
1327  }
1328 
1329  include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1330  $ut = new ilAssignedUsersTableGUI($this,'userassignment',$this->object->getId(),$role_assignment_editable);
1331 
1332  $this->tpl->setVariable('TABLE_UA',$ut->getHTML());
1333 
1334  return true;
1335 
1336  }
1337 
1338 
1343  function cancelObject()
1344  {
1345  if ($_GET["new_type"] != "role")
1346  {
1347  $this->ctrl->redirect($this, "userassignment");
1348  }
1349  else
1350  {
1351  $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1352  }
1353  }
1354 
1355 
1357  {
1358  global $rbacsystem,$rbacreview;
1359 
1360  $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1361 
1362  if (!is_array($_POST["role"]))
1363  {
1364  ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1365  $this->searchObject();
1366 
1367  return false;
1368  }
1369 
1370  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1371  $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1372 
1373  // GET ALL MEMBERS
1374  $members = array();
1375 
1376  foreach ($_POST["role"] as $role_id)
1377  {
1378  $members = array_merge($rbacreview->assignedUsers($role_id),$members);
1379  }
1380 
1381  $members = array_unique($members);
1382 
1383  // FORMAT USER DATA
1384  $counter = 0;
1385  $f_result = array();
1386 
1387  foreach($members as $user)
1388  {
1389  if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
1390  {
1391  continue;
1392  }
1393 
1394  $user_ids[$counter] = $user;
1395 
1396  // TODO: exclude anonymous user
1397  $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
1398  $f_result[$counter][] = $tmp_obj->getLogin();
1399  $f_result[$counter][] = $tmp_obj->getFirstname();
1400  $f_result[$counter][] = $tmp_obj->getLastname();
1401 
1402  unset($tmp_obj);
1403  ++$counter;
1404  }
1405 
1406  $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
1407 
1408  return true;
1409  }
1410 
1411  function __prepareOutput()
1412  {
1413  // output objects
1414  $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1415  $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1416 
1417  // output locator
1418  //$this->__setLocator();
1419 
1420  // output message
1421  if ($this->message)
1422  {
1423  ilUtil::sendInfo($this->message);
1424  }
1425 
1426  // display infopanel if something happened
1428 
1429  // set header
1430  $this->__setHeader();
1431  }
1432 
1433  function __setHeader()
1434  {
1435  $this->tpl->setTitle($this->lng->txt('role'));
1436  $this->tpl->setDescription($this->object->getTitle());
1437  $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1438 
1439  $this->getTabs($this->tabs_gui);
1440  }
1441 
1442  function __setLocator()
1443  {
1444  global $tree, $ilCtrl;
1445 
1446  return;
1447 
1448  $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html", "Services/Locator");
1449 
1450  $counter = 0;
1451 
1452  foreach ($tree->getPathFull($this->obj_ref_id) as $key => $row)
1453  {
1454  if ($counter++)
1455  {
1456  $this->tpl->touchBlock('locator_separator_prefix');
1457  }
1458 
1459  $this->tpl->setCurrentBlock("locator_item");
1460 
1461  if ($row["type"] == 'rolf')
1462  {
1463  $this->tpl->setVariable("ITEM",$this->object->getTitle());
1464  $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
1465  }
1466  elseif ($row["child"] != $tree->getRootId())
1467  {
1468  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1469  $this->tpl->setVariable("ITEM", $row["title"]);
1470  $this->tpl->setVariable("LINK_ITEM",
1471  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1472  }
1473  else
1474  {
1475  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1476  $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
1477  $this->tpl->setVariable("LINK_ITEM",
1478  $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1479  }
1480  $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $_GET["ref_id"]);
1481 
1482  $this->tpl->parseCurrentBlock();
1483  }
1484 
1485  $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
1486  $this->tpl->parseCurrentBlock();
1487  }
1488 
1494  {
1495  global $ilLocator;
1496 
1497  if ($_GET["admin_mode"] == "settings"
1498  && $_GET["ref_id"] == ROLE_FOLDER_ID) // system settings
1499  {
1500  parent::addAdminLocatorItems(true);
1501 
1502  $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
1503  ilObject::_lookupObjId($_GET["ref_id"]))),
1504  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
1505 
1506  if ($_GET["obj_id"] > 0)
1507  {
1508  $ilLocator->addItem($this->object->getTitle(),
1509  $this->ctrl->getLinkTarget($this, "view"));
1510  }
1511  }
1512  else // repository administration
1513  {
1514  // ?
1515  }
1516  }
1517 
1518 
1519 
1520 
1521  function getTabs(&$tabs_gui)
1522  {
1523  global $rbacsystem,$rbacreview, $ilHelp;
1524 
1525  $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1526 
1527 
1528  $activate_role_edit = false;
1529 
1530  // todo: activate the following (allow editing of local roles in
1531  // roles administration)
1532  if (in_array($this->obj_ref_id,$base_role_container) ||
1533  (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1534  $_GET["admin_mode"] == "settings"))
1535  {
1536  $activate_role_edit = true;
1537  }
1538 
1539  // not so nice (workaround for using tabs in repository)
1540  $tabs_gui->clearTargets();
1541 
1542  $ilHelp->setScreenIdComponent("role");
1543 
1544  if ($this->back_target != "")
1545  {
1546  $tabs_gui->setBackTarget(
1547  $this->back_target["text"],$this->back_target["link"]);
1548  }
1549 
1550  if($this->checkAccess('write','edit_permission') && $activate_role_edit)
1551  {
1552  $tabs_gui->addTarget("edit_properties",
1553  $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
1554  }
1555 /*
1556  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1557  {
1558  $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1559  ? true
1560  : false;
1561  $tabs_gui->addTarget("default_perm_settings",
1562  $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1563  get_class($this),
1564  "", $force_active);
1565  }
1566 */
1567  if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1568  {
1569  $tabs_gui->addTarget(
1570  "default_perm_settings",
1571  $this->ctrl->getLinkTarget($this, "perm"), array(),get_class($this)
1572  );
1573  }
1574 
1575  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1576  {
1577  $tabs_gui->addTarget("user_assignment",
1578  $this->ctrl->getLinkTarget($this, "userassignment"),
1579  array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1580  get_class($this));
1581  }
1582 
1583  if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1584  {
1585  $tabs_gui->addTarget("desktop_items",
1586  $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1587  array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1588  get_class($this));
1589  }
1590  if($this->checkAccess('write','edit_permission'))
1591  {
1592  $tabs_gui->addTarget(
1593  'export',
1594  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1595  array()
1596  );
1597 
1598  }
1599  }
1600 
1601  function mailToRoleObject()
1602  {
1603  global $rbacreview;
1604 
1605  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1606  if(count($obj_ids) > 1)
1607  {
1608  $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
1609  }
1610  else
1611  {
1612  $_SESSION['mail_roles'][] = $rbacreview->getRoleMailboxAddress($this->object->getId());
1613  }
1614 
1615  require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1616  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1617  ilUtil::redirect($script);
1618  }
1619 
1620  function checkAccess($a_perm_global,$a_perm_obj = '')
1621  {
1622  global $rbacsystem,$ilAccess;
1623 
1624  $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1625 
1626  if($this->obj_ref_id == ROLE_FOLDER_ID)
1627  {
1628  return $rbacsystem->checkAccess($a_perm_global,$this->obj_ref_id);
1629  }
1630  else
1631  {
1632  return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
1633  }
1634  }
1635 
1641  {
1642  global $rbacreview;
1643 
1644  if(!(int) $_POST['recursive'] and !is_array($_POST['recursive_list']))
1645  {
1646  return false;
1647  }
1648 
1649  // Role is protected
1650  if($rbacreview->isProtected($this->obj_ref_id, $this->object->getId()))
1651  {
1652  // TODO: check if recursive_list is enabled
1653  // and if yes: check if inheritance is broken for the relevant object types
1654  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1655  }
1656  else
1657  {
1658  // TODO: check if recursive_list is enabled
1659  // and if yes: check if inheritance is broken for the relevant object types
1660  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1661  }
1662  }
1663 
1669  {
1670  $protected = $_POST['protected'];
1671 
1672  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1673  $form = new ilPropertyFormGUI();
1674  $form->setFormAction($this->ctrl->getFormAction($this,'changeExistingObjects'));
1675  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1676 
1677  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1678  $form->addCommandButton('perm',$this->lng->txt('cancel'));
1679 
1680  $hidden = new ilHiddenInputGUI('type_filter');
1681  $hidden->setValue(
1682  $_POST['recursive'] ?
1683  serialize(array('all')) :
1684  serialize($_POST['recursive_list'])
1685  );
1686  $form->addItem($hidden);
1687 
1688  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'),'mode');
1689 
1690  if($protected)
1691  {
1693  $keep = new ilRadioOption(
1694  $this->lng->txt('rbac_keep_local_policies'),
1696  $this->lng->txt('rbac_keep_local_policies_info')
1697  );
1698  }
1699  else
1700  {
1702  $keep = new ilRadioOption(
1703  $this->lng->txt('rbac_keep_local_policies'),
1705  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1706  );
1707 
1708  }
1709  $rad->addOption($keep);
1710 
1711  if($protected)
1712  {
1713  $del = new ilRadioOption(
1714  $this->lng->txt('rbac_delete_local_policies'),
1716  $this->lng->txt('rbac_delete_local_policies_info')
1717  );
1718  }
1719  else
1720  {
1721  $del = new ilRadioOption(
1722  $this->lng->txt('rbac_delete_local_policies'),
1724  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1725  );
1726  }
1727  $rad->addOption($del);
1728 
1729  $form->addItem($rad);
1730  $this->tpl->setContent($form->getHTML());
1731  }
1732 
1737  protected function changeExistingObjectsObject()
1738  {
1739  global $tree,$rbacreview,$rbacadmin;
1740 
1741  $mode = (int) $_POST['mode'];
1742  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1743 
1744  $this->object->changeExistingObjects($start,$mode,unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1745 
1746  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1747  $this->ctrl->redirect($this,'perm');
1748  }
1749 
1755  protected function setSubTabs($a_tab)
1756  {
1757  global $ilTabs;
1758 
1759  switch($a_tab)
1760  {
1761  case 'default_perm_settings':
1762  if($this->obj_ref_id != ROLE_FOLDER_ID)
1763  {
1764  return true;
1765  }
1766  $ilTabs->addSubTabTarget(
1767  'rbac_repository_permissions',
1768  $this->ctrl->getLinkTarget($this,'perm')
1769  );
1770  $ilTabs->addSubTabTarget(
1771  'rbac_admin_permissions',
1772  $this->ctrl->getLinkTarget($this,'adminPerm')
1773  );
1774  }
1775  return true;
1776  }
1777 
1778 
1779 } // END class.ilObjRoleGUI
1780 ?>
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
adoptPermSaveObject()
copy permissions from role
Class ilObjRole.
This class represents an option in a radio group.
static tf2yn($a_tf)
convert true/false to "y"/"n"
add($a_item_id, $a_item_type)
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
Class ilObjRoleGUI.
setSubTabs($a_tab)
Set sub tabs.
setBackTarget($a_text, $a_link)
set back tab target
$_POST['username']
Definition: cron.php:12
getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
$_SESSION["AccountId"]
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07.01.15 Time: 11:43.
This class represents a property form user interface.
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
getAdminTabs(&$tabs_gui)
admin and normal tabs are equal for roles
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
$_GET["client_id"]
$tbl
Definition: example_048.php:81
adminPermObject()
Show administration permissions.
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
__showButton($a_cmd, $a_text, $a_target='')
_getTranslation($a_role_title)
$cmd
Definition: sahs_server.php:35
deassignUserObject()
de-assign users from role
assignSaveObject()
wrapper for renamed function
toggleAssignUsersStatus($a_assign_users)
This class represents a checkbox property in a property form.
permObject($a_show_admin_permissions=false)
Show template permissions.
adminPermSaveObject()
Save admin permissions.
ilObjectGUI($a_data, $a_id=0, $a_call_by_reference=true, $a_prepare_output=true)
Constructor public.
setAllowRegister($a_allow_register)
set allow_register of role
static isActive()
addAdminLocatorItems()
should be overwritten to add object specific items (repository items are preloaded) ...
static sortArray($array, $a_array_sortby, $a_array_sortorder=0, $a_numeric=false, $a_keep_keys=false)
sortArray
cancelObject()
cancelObject is called when an operation is canceled, method links back public
getAllowRegister()
get allow_register
getDiskQuota()
Gets the minimal disk quota imposed by this role.
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
setTitle($a_title)
set object title
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
global $ilCtrl
Definition: ilias.php:18
saveObject()
Save new role.
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
This class represents a hidden form property in a property form.
static lookupTxt($a_mod_prefix, $a_pl_id, $a_lang_var)
Lookup language text.
static isAutoGenerated($a_role_id)
This class represents a property in a property form.
setValue($a_value)
Set Value.
setMinValue($a_minvalue, $a_display_always=false)
Set Minimum Value.
permSaveObject($a_show_admin_permissions=false)
save permissions
loadRoleProperties(ilObjRole $role)
Store form input in role object.
if(!is_array($argv)) $options
confirmDeleteRoleObject()
Show delete confirmation screen.
getId()
get object id public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
This class represents a number property in a property form.
getParentObjId()
Get obj_id of current object.
performDeleteRoleObject()
Delete role.
Class ilObjectGUI Basic methods of all Output classes.
static _lookupObjId($a_id)
setValue($a_value)
Set Value.
initFormRoleProperties($a_mode)
Create role prperty form.
getParentType()
get type of current object (not role folder)
editObject()
Edit role properties.
This class represents a text property in a property form.
getTitle()
get object title public
static infoPanel($a_keep=true)
getDescription()
get object description
redirection script todo: (a better solution should control the processing via a xml file) ...
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
showDefaultPermissionSettings()
check if default permissions are shown or not
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
prepareOutput()
prepare output
static _lookupType($a_id, $a_reference=false)
lookup object type
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor public.
static _getSizeMagnitude()
Returns the magnitude used for size units.
showChangeExistingObjectsConfirmation()
Show confirmation screen.
static gatherTemplate($a_role_ref_id, $a_role_id)
checkAccess($a_perm_global, $a_perm_obj='')
getParentRefId()
Get ref id of current object (not role folder id)
changeExistingObjectsObject()
Change existing objects.
userassignmentObject()
display user assignment panel
This class represents a non editable value in a property form.
global $ilUser
Definition: imgupload.php:15
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
global $ilSetting
Definition: privfeed.php:40
static getRedirectTarget($gui, $cmd, array $gui_params=array(), array $mail_params=array(), array $context_params=array())
This class represents a text area property in a property form.
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
static diffTemplate(array $a_old, array $a_new)
static _getIdsForTitle($title, $type='', $partialmatch=false)
TableGUI class for role administration.
const USER_FOLDER_ID
Class ilObjUserFolder.
const EDIT_TEMPLATE
setDescription($a_desc)
set object description
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
static allocateExportId()
Allocate a new export id.
static redirect($a_script)
http redirect to other script
Accordion user interface class.
Class ilObjRoleGUI.
updateObject()
Save role settings.
static _getInstance()
Get instance of ilSecuritySettings.
setDisabled($a_disabled)
Set Disabled.
getContainerType()
Get type of role container.
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? public
Confirmation screen class.