ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once "./Services/Object/classes/class.ilObjectGUI.php";
5include_once './Services/AccessControl/classes/class.ilObjRole.php';
6
20{
25
31 var $type;
32
33
34 protected $obj_ref_id = 0;
35 protected $obj_obj_id = 0;
36 protected $obj_obj_type = '';
37 protected $container_type = '';
38
39
40 var $ctrl;
41
46 function __construct($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
47 {
48 global $tree,$lng;
49
50 $lng->loadLanguageModule('rbac');
51
52 //TODO: move this to class.ilias.php
53 define("USER_FOLDER_ID",7);
54
55 // Add ref_id of object that contains this role folder
56
57 $this->obj_ref_id =
58 ((int) $_REQUEST['rolf_ref_id'] ?
59 (int) $_REQUEST['rolf_ref_id'] :
60 (int) $_REQUEST['ref_id']
61 );
62
63 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
64 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
65
66 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
67
68 $this->type = "role";
69 $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,false);
70 $this->ctrl->saveParameter($this, array('obj_id', 'rolf_ref_id'));
71 }
72
73
74 function &executeCommand()
75 {
76 global $rbacsystem;
77
78 $this->prepareOutput();
79
80 $next_class = $this->ctrl->getNextClass($this);
81 $cmd = $this->ctrl->getCmd();
82
83 switch($next_class)
84 {
85 case 'ilrepositorysearchgui':
86
87 if(!$GLOBALS['ilAccess']->checkAccess('edit_permission','', $this->obj_ref_id))
88 {
89 $GLOBALS['ilErr']->raiseError($GLOBALS['lng']->txt('permission_denied'), $GLOBALS['ilErr']->WARNING);
90 }
91 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
92 $rep_search =& new ilRepositorySearchGUI();
93 $rep_search->setTitle($this->lng->txt('role_add_user'));
94 $rep_search->setCallback($this,'addUserObject');
95
96 // Set tabs
97 $this->tabs_gui->setTabActive('user_assignment');
98 $this->ctrl->setReturn($this,'userassignment');
99 $ret =& $this->ctrl->forwardCommand($rep_search);
100 break;
101
102 case 'ilexportgui':
103
104 $this->tabs_gui->setTabActive('export');
105
106 include_once './Services/Export/classes/class.ilExportOptions.php';
108 $eo->addOption(ilExportOptions::KEY_ROOT,0,$this->object->getId(),$this->obj_ref_id);
109
110 include_once './Services/Export/classes/class.ilExportGUI.php';
111 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
112 $exp->addFormat('xml');
113 $this->ctrl->forwardCommand($exp);
114 break;
115
116 default:
117 if(!$cmd)
118 {
120 {
121 $cmd = "perm";
122 }
123 else
124 {
125 $cmd = 'userassignment';
126 }
127 }
128 $cmd .= "Object";
129 $this->$cmd();
130
131 break;
132 }
133
134 return true;
135 }
136
141 public function getParentRefId()
142 {
143 return $this->obj_ref_id;
144 }
145
150 public function getParentObjId()
151 {
152 return $this->obj_obj_id;
153 }
154
159 public function getParentType()
160 {
161 return $this->obj_obj_type;
162 }
163
167 function setBackTarget($a_text, $a_link)
168 {
169 $this->back_target = array("text" => $a_text,
170 "link" => $a_link);
171 }
172
173 public function getBackTarget()
174 {
175 return $this->back_target ? $this->back_target : array();
176 }
177
181 function getAdminTabs(&$tabs_gui)
182 {
183 $this->getTabs($tabs_gui);
184 }
185
190 protected function getContainerType()
191 {
193 }
194
199 protected function showDefaultPermissionSettings()
200 {
201 global $objDefinition;
202
203 return $objDefinition->isContainer($this->getContainerType());
204 }
205
206
208 {
209 global $rbacsystem,$rbacreview;
210
211 if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
212 $this->obj_ref_id != ROLE_FOLDER_ID)
213 {
214 ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
215 return true;
216 }
217
218 if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
219 {
220 $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
221 }
222
223 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemsTableGUI.php';
224 $tbl = new ilRoleDesktopItemsTableGUI($this, 'listDesktopItems', $this->object);
225 $this->tpl->setContent($tbl->getHTML());
226
227 return true;
228 }
229
231 {
232 global $rbacsystem;
233
234
235 if(!$this->checkAccess('edit_permission'))
236 {
237 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
238 }
239 if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
240 {
241 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
242 }
243 if(!count($_POST['del_desk_item']))
244 {
245 ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
246
247 $this->listDesktopItemsObject();
248
249 return true;
250 }
251
252 include_once("./Services/Utilities/classes/class.ilConfirmationGUI.php");
253 $confirmation_gui = new ilConfirmationGUI();
254 $confirmation_gui->setFormAction($this->ctrl->getFormAction($this));
255 $confirmation_gui->setHeaderText($this->lng->txt('role_assigned_desk_items').
256 ' "'.$this->object->getTitle().'": '.
257 $this->lng->txt('role_sure_delete_desk_items'));
258 $confirmation_gui->setCancel($this->lng->txt("cancel"), "listDesktopItems");
259 $confirmation_gui->setConfirm($this->lng->txt("delete"), "deleteDesktopItems");
260
261 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
262 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
263 $counter = 0;
264 foreach($_POST['del_desk_item'] as $role_item_id)
265 {
266 $item_data = $role_desk_item_obj->getItem($role_item_id);
267 $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
268
269 if(strlen($desc = $tmp_obj->getDescription()))
270 {
271 $desc = '<div class="il_Description_no_margin">'.$desc.'</div>';
272 }
273
274 $confirmation_gui->addItem("del_desk_item[]", $role_item_id, $tmp_obj->getTitle().$desc);
275 }
276
277 $this->tpl->setContent($confirmation_gui->getHTML());
278
279 return true;
280 }
281
283 {
284 global $rbacsystem;
285
286 if(!$this->checkAccess('edit_permission'))
287 {
288 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
289 }
290
291 if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
292 {
293 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
294 }
295
296 if (!count($_POST['del_desk_item']))
297 {
298 ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
299
300 $this->listDesktopItemsObject();
301
302 return true;
303 }
304
305 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
306
307 $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
308
309 foreach ($_POST['del_desk_item'] as $role_item_id)
310 {
311 $role_desk_item_obj->delete($role_item_id);
312 }
313
314 ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
315 $this->listDesktopItemsObject();
316
317 return true;
318 }
319
320
322 {
323 global $rbacsystem,$tree;
324
325 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
326 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
327
328 if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
329 {
330 #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
331 ilUtil::sendFailure($this->lng->txt('permission_denied'));
332 $this->listDesktopItemsObject();
333 return false;
334 }
335
336 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
337 $this->__showButton('listDesktopItems',$this->lng->txt('back'));
338
339 ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
340
341 $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
342 new ilRoleDesktopItem($this->object->getId()));
343 $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
344 $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
345
346 $exp->setOutput(0);
347
348 $output = $exp->getOutput();
349 $this->tpl->setVariable("EXPLORER",$output);
350 //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
351
352 return true;
353 }
354
356 {
357 global $rbacsystem;
358
359 if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
360 {
361 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
362 return false;
363 }
364
365
366 if (!isset($_GET['item_id']))
367 {
368 ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
370
371 return false;
372 }
373
374 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
375
376 $role_desk_item_obj =& new ilRoleDesktopItem($this->object->getId());
377 $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
378
379 ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
380
381 $this->ctrl->redirect($this,'listDesktopItems');
382 return true;
383 }
384
390 protected function initFormRoleProperties($a_mode)
391 {
392 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
393 $this->form = new ilPropertyFormGUI();
394
395 if($this->creation_mode)
396 {
397 $this->ctrl->setParameter($this, "new_type", 'role');
398 }
399 $this->form->setFormAction($this->ctrl->getFormAction($this));
400
401 switch($a_mode)
402 {
404 $this->form->setTitle($this->lng->txt('role_new'));
405 $this->form->addCommandButton('save',$this->lng->txt('role_new'));
406 break;
407
409 $this->form->setTitle($this->lng->txt('role_edit'));
410 $this->form->addCommandButton('update', $this->lng->txt('save'));
411 break;
412
415 }
416 // Fix cancel
417 $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
418
419 $title = new ilTextInputGUI($this->lng->txt('title'),'title');
420 if(ilObjRole::isAutoGenerated($this->object->getId()))
421 {
422 $title->setDisabled(true);
423 }
424 else
425 {
426 //#17111 No validation for disabled fields
427 $title->setValidationRegexp('/^(?!il_).*$/');
428 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
429 }
430
431 $title->setSize(40);
432 $title->setMaxLength(70);
433 $title->setRequired(true);
434 $this->form->addItem($title);
435
436 $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
437 if(ilObjRole::isAutoGenerated($this->object->getId()))
438 {
439 $desc->setDisabled(true);
440 }
441 $desc->setCols(40);
442 $desc->setRows(3);
443 $this->form->addItem($desc);
444
445 if($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE)
446 {
447 $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
448 $this->form->addItem($ilias_id);
449 }
450
451 if($this->obj_ref_id == ROLE_FOLDER_ID)
452 {
453 $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'),'reg');
454 $reg->setValue(1);
455 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
456 $this->form->addItem($reg);
457
458 $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'),'la');
459 $la->setValue(1);
460 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
461 $this->form->addItem($la);
462 }
463
464 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
465 $pro->setValue(1);
466 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
467 $this->form->addItem($pro);
468
469 include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
471 {
472 $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'),'disk_quota');
473 $quo->setMinValue(0);
474 $quo->setSize(4);
475 $quo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
476 $this->form->addItem($quo);
477 }
479 {
480 $this->lng->loadLanguageModule("file");
481 $wquo = new ilNumberInputGUI($this->lng->txt('personal_workspace_disk_quota'),'wsp_disk_quota');
482 $wquo->setMinValue(0);
483 $wquo->setSize(4);
484 $wquo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
485 $this->form->addItem($wquo);
486 }
487
488 return true;
489 }
490
496 protected function loadRoleProperties(ilObjRole $role)
497 {
498 //Don't set if fields are disabled to prevent html manipulation.
499 if(!$this->form->getItemByPostVar('title')->getDisabled())
500 {
501 $role->setTitle($this->form->getInput('title'));
502
503 }
504 if(!$this->form->getItemByPostVar('desc')->getDisabled())
505 {
506 $role->setDescription($this->form->getInput('desc'));
507 }
508 $role->setAllowRegister($this->form->getInput('reg'));
509 $role->toggleAssignUsersStatus($this->form->getInput('la'));
510 $role->setDiskQuota($this->form->getInput('disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
511 $role->setPersonalWorkspaceDiskQuota($this->form->getInput('wsp_disk_quota') * pow(ilFormat::_getSizeMagnitude(),2));
512 return true;
513 }
514
520 protected function readRoleProperties(ilObjRole $role)
521 {
522 global $rbacreview;
523
524 include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
525
526 $data['title'] = $role->getTitle();
527 $data['desc'] = $role->getDescription();
528 $data['ilias_id'] = 'il_'.IL_INST_ID.'_'.ilObject::_lookupType($role->getId()).'_'.$role->getId();
529 $data['reg'] = $role->getAllowRegister();
530 $data['la'] = $role->getAssignUsersStatus();
532 {
533 $data['disk_quota'] = $role->getDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
534 }
536 {
537 $data['wsp_disk_quota'] = $role->getPersonalWorkspaceDiskQuota() / (pow(ilFormat::_getSizeMagnitude(),2));
538 }
539 $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
540
541 $this->form->setValuesByArray($data);
542 }
543
544
545
546
552 public function createObject()
553 {
554 global $rbacsystem;
555
556 if(!$rbacsystem->checkAccess('create_role',$this->obj_ref_id))
557 {
558 $ilErr->raiseError($this->lng->txt('permission_denied'),$ilErr->MESSAGE);
559 }
560
561 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
562 $this->tpl->setContent($this->form->getHTML());
563 }
564
569 public function editObject()
570 {
571 global $rbacsystem, $rbacreview, $ilSetting,$ilErr,$ilToolbar;
572
573 if(!$this->checkAccess('write','edit_permission'))
574 {
575 $ilErr->raiseError($this->lng->txt("msg_no_perm_write"),$ilErr->MESSAGE);
576 }
577
578 // Show copy role button
579 if($this->object->getId() != SYSTEM_ROLE_ID)
580 {
581 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
582 if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
583 {
584 $ilToolbar->addButton(
585 $this->lng->txt('rbac_delete_role'),
586 $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
587 );
588 }
589 }
590
591 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
592 $this->readRoleProperties($this->object);
593 $this->tpl->setContent($this->form->getHTML());
594 }
595
596
601 public function saveObject()
602 {
603 global $rbacadmin,$rbacreview;
604
605 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
606 if($this->form->checkInput() and !$this->checkDuplicate())
607 {
608 include_once './Services/AccessControl/classes/class.ilObjRole.php';
609 $this->loadRoleProperties($this->role = new ilObjRole());
610 $this->role->create();
611 $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id,'y');
612 $rbacadmin->setProtected(
613 $this->obj_ref_id,
614 $this->role->getId(),
615 $this->form->getInput('pro') ? 'y' : 'n'
616 );
617 ilUtil::sendSuccess($this->lng->txt("role_added"),true);
618 $this->ctrl->setParameter($this,'obj_id',$this->role->getId());
619 $this->ctrl->redirect($this,'perm');
620 }
621
622 ilUtil::sendFailure($this->lng->txt('err_check_input'));
623 $this->form->setValuesByPost();
624 $this->tpl->setContent($this->form->getHTML());
625 return false;
626 }
627
632 protected function checkDuplicate($a_role_id = 0)
633 {
634 // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
635 return FALSE;
636 }
637
642 public function updateObject()
643 {
644 global $rbacadmin;
645
646 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
647 if($this->form->checkInput() and !$this->checkDuplicate($this->object->getId()))
648 {
649 include_once './Services/AccessControl/classes/class.ilObjRole.php';
650 $this->loadRoleProperties($this->object);
651 $this->object->update();
652 $rbacadmin->setProtected(
653 $this->obj_ref_id,
654 $this->object->getId(),
655 $this->form->getInput('pro') ? 'y' : 'n'
656 );
657 ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
658 $this->ctrl->redirect($this,'edit');
659 }
660
661 ilUtil::sendFailure($this->lng->txt('err_check_input'));
662 $this->form->setValuesByPost();
663 $this->tpl->setContent($this->form->getHTML());
664 return false;
665 }
666
671 protected function permObject($a_show_admin_permissions = false)
672 {
673 global $ilTabs, $ilErr, $ilToolbar, $objDefinition,$rbacreview;
674
675 $ilTabs->setTabActive('default_perm_settings');
676
677 $this->setSubTabs('default_perm_settings');
678
679 if($a_show_admin_permissions)
680 {
681 $ilTabs->setSubTabActive('rbac_admin_permissions');
682 }
683 else
684 {
685 $ilTabs->setSubTabActive('rbac_repository_permissions');
686 }
687
688 if(!$this->checkAccess('write','edit_permission'))
689 {
690 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->MESSAGE);
691 return true;
692 }
693
694 // Show copy role button
695 if($this->object->getId() != SYSTEM_ROLE_ID)
696 {
697 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
698 $ilToolbar->addButton(
699 $this->lng->txt("adopt_perm_from_template"),
700 $this->ctrl->getLinkTarget($this,'adoptPerm')
701 );
702 if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
703 {
704 $ilToolbar->addButton(
705 $this->lng->txt('rbac_delete_role'),
706 $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
707 );
708 }
709 }
710
711 $this->tpl->addBlockFile(
712 'ADM_CONTENT',
713 'adm_content',
714 'tpl.rbac_template_permissions.html',
715 'Services/AccessControl'
716 );
717
718 $this->tpl->setVariable('PERM_ACTION',$this->ctrl->getFormAction($this));
719
720 include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
721 $acc = new ilAccordionGUI();
722 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
723 $acc->setId('template_perm_'.$this->getParentRefId());
724
725 if($this->obj_ref_id == ROLE_FOLDER_ID)
726 {
727 if($a_show_admin_permissions)
728 {
729 $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
730 }
731 else
732 {
733 $subs = $objDefinition->getSubObjectsRecursively('root',true,$a_show_admin_permissions);
734 }
735 }
736 else
737 {
738 $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,$a_show_admin_permissions);
739 }
740
741 $sorted = array();
742 foreach($subs as $subtype => $def)
743 {
744 if($objDefinition->isPlugin($subtype))
745 {
746 $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
747 }
748 elseif($objDefinition->isSystemObject($subtype))
749 {
750 $translation = $this->lng->txt("obj_".$subtype);
751 }
752 else
753 {
754 $translation = $this->lng->txt('objs_'.$subtype);
755 }
756
757 $sorted[$subtype] = $def;
758 $sorted[$subtype]['translation'] = $translation;
759 }
760
761
762 $sorted = ilUtil::sortArray($sorted, 'translation','asc',true,true);
763 foreach($sorted as $subtype => $def)
764 {
765 if($objDefinition->isPlugin($subtype))
766 {
767 $translation = ilPlugin::lookupTxt("rep_robj", $subtype,"obj_".$subtype);
768 }
769 elseif($objDefinition->isSystemObject($subtype))
770 {
771 $translation = $this->lng->txt("obj_".$subtype);
772 }
773 else
774 {
775 $translation = $this->lng->txt('objs_'.$subtype);
776 }
777
778 include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
780 $this,
781 'perm',
782 $this->getParentRefId(),
783 $this->object->getId(),
784 $subtype,
785 $a_show_admin_permissions
786 );
787 $tbl->parse();
788
789 $acc->addItem($translation, $tbl->getHTML());
790 }
791
792 $this->tpl->setVariable('ACCORDION',$acc->getHTML());
793
794 // Add options table
795 include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
797 $this,
798 'perm',
799 $this->obj_ref_id,
800 $this->object->getId(),
801 $a_show_admin_permissions
802 );
803 if($this->object->getId() != SYSTEM_ROLE_ID)
804 {
805 $options->addMultiCommand(
806 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
807 $this->lng->txt('save')
808 );
809 }
810
811 $options->parse();
812 $this->tpl->setVariable('OPTIONS_TABLE',$options->getHTML());
813 }
814
819 protected function adminPermObject()
820 {
821 return $this->permObject(true);
822 }
823
828 protected function adminPermSaveObject()
829 {
830 return $this->permSaveObject(true);
831 }
832
833 protected function adoptPermObject()
834 {
835 global $rbacreview;
836
837 $output = array();
838
839 $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
840 $ids = array();
841 foreach($parent_role_ids as $id => $tmp)
842 {
843 $ids[] = $id;
844 }
845 // Sort ids
846 $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
847 $key = 0;
848 foreach($sorted_ids as $id)
849 {
850 $par = $parent_role_ids[$id];
851 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"])
852 {
853 $output[$key]["role_id"] = $par["obj_id"];
854 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
855 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
856 $output[$key]["role_desc"] = $par["desc"];
857 $key++;
858 }
859 }
860
861
862 include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
863
864 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
865 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
866 $tbl->setData($output);
867
868 $this->tpl->setContent($tbl->getHTML());
869 }
870
875 protected function confirmDeleteRoleObject()
876 {
877 global $ilErr,$rbacreview,$ilUser;
878
879 $access = $this->checkAccess('visible,write','edit_permission');
880 if (!$access)
881 {
882 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
883 }
884
885 $question = $this->lng->txt('rbac_role_delete_qst');
886 if($rbacreview->isAssigned($ilUser->getId(), $this->object->getId()))
887 {
888 $question .= ('<br />'.$this->lng->txt('rbac_role_delete_self'));
889 }
890 ilUtil::sendQuestion($question);
891
892 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
893
894 $confirm = new ilConfirmationGUI();
895 $confirm->setFormAction($this->ctrl->getFormAction($this));
896 $confirm->setHeaderText($question);
897 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
898 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
899
900 $confirm->addItem(
901 'role',
902 $this->object->getId(),
903 $this->object->getTitle(),
904 ilUtil::getImagePath('icon_role.svg')
905 );
906
907 $this->tpl->setContent($confirm->getHTML());
908 return true;
909 }
910
911
916 protected function performDeleteRoleObject()
917 {
918 global $ilErr;
919
920 $access = $this->checkAccess('visible,write','edit_permission');
921 if (!$access)
922 {
923 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
924 }
925
926 $this->object->setParent((int) $this->obj_ref_id);
927 $this->object->delete();
928 ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'),true);
929
930 $this->ctrl->returnToParent($this);
931 }
932
938 function permSaveObject($a_show_admin_permissions = false)
939 {
940 global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
941
942 // for role administration check write of global role folder
943 $access = $this->checkAccess('visible,write','edit_permission');
944
945 if (!$access)
946 {
947 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
948 }
949
950 // rbac log
951 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
952 $rbac_log_active = ilRbacLog::isActive();
953 if($rbac_log_active)
954 {
955 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
956 }
957
958 // delete all template entries of enabled types
959 if($this->obj_ref_id == ROLE_FOLDER_ID)
960 {
961 if($a_show_admin_permissions)
962 {
963 $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
964 }
965 else
966 {
967 $subs = $objDefinition->getSubObjectsRecursively('root',true,false);
968 }
969 }
970 else
971 {
972 $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,false);
973 }
974
975 foreach($subs as $subtype => $def)
976 {
977 // Delete per object type
978 $rbacadmin->deleteRolePermission($this->object->getId(),$this->obj_ref_id,$subtype);
979 }
980
981 if (empty($_POST["template_perm"]))
982 {
983 $_POST["template_perm"] = array();
984 }
985
986 foreach ($_POST["template_perm"] as $key => $ops_array)
987 {
988 // sets new template permissions
989 $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
990 }
991
992 if($rbac_log_active)
993 {
994 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
995 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
996 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
997 }
998
999 // update object data entry (to update last modification date)
1000 $this->object->update();
1001
1002 // set protected flag
1003 if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id))
1004 {
1005 $rbacadmin->setProtected($this->obj_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1006 }
1007
1008 if($a_show_admin_permissions)
1009 {
1010 $_POST['recursive'] = true;
1011 }
1012
1013 // Redirect if Change existing objects is not chosen
1014 if(!$_POST['recursive'] and !is_array($_POST['recursive_list']))
1015 {
1016 ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1017 if($a_show_admin_permissions)
1018 {
1019 $this->ctrl->redirect($this,'adminPerm');
1020 }
1021 else
1022 {
1023 $this->ctrl->redirect($this,'perm');
1024 }
1025 }
1026 // New implementation
1027 if($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions)
1028 {
1030 return true;
1031 }
1032
1033 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1034 if($a_show_admin_permissions)
1035 {
1036 $start = $tree->getParentId($this->obj_ref_id);
1037 }
1038
1039 if($_POST['protected'])
1040 {
1041 $this->object->changeExistingObjects(
1042 $start,
1044 array('all'),
1045 array()
1046 #$a_show_admin_permissions ? array('adm') : array()
1047 );
1048 }
1049 else
1050 {
1051 $this->object->changeExistingObjects(
1052 $start,
1054 array('all'),
1055 array()
1056 #$a_show_admin_permissions ? array('adm') : array()
1057 );
1058 }
1059 ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1060
1061 if($a_show_admin_permissions)
1062 {
1063 $this->ctrl->redirect($this,'adminPerm');
1064 }
1065 else
1066 {
1067 $this->ctrl->redirect($this,'perm');
1068 }
1069 return true;
1070 }
1071
1072
1079 {
1080 global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1081
1082 if(!$_POST['adopt'])
1083 {
1084 ilUtil::sendFailure($this->lng->txt('select_one'));
1085 $this->adoptPermObject();
1086 return false;
1087 }
1088
1089 $access = $this->checkAccess('visible,write','edit_permission');
1090 if (!$access)
1091 {
1092 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1093 }
1094
1095 if ($this->object->getId() == $_POST["adopt"])
1096 {
1097 ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"),true);
1098 }
1099 else
1100 {
1101 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
1102 $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
1103 $rbacadmin->copyRoleTemplatePermissions(
1104 $_POST["adopt"],
1105 $parentRoles[$_POST["adopt"]]["parent"],
1106 $this->obj_ref_id,
1107 $this->object->getId(),
1108 false);
1109
1110 // update object data entry (to update last modification date)
1111 $this->object->update();
1112
1113 // send info
1114 $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1115 ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1116 $this->lng->txt("msg_perm_adopted_from2"),true);
1117 }
1118
1119 $this->ctrl->redirect($this, "perm");
1120 }
1121
1128 {
1129 $this->assignUserObject();
1130 }
1131
1132
1133
1139 public function addUserObject($a_user_ids)
1140 {
1141 global $rbacreview,$rbacadmin;
1142
1143 if(!$this->checkAccess('edit_userassignment','edit_permission'))
1144 {
1145 ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'),true);
1146 return false;
1147 }
1148 if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
1149 $this->obj_ref_id != ROLE_FOLDER_ID)
1150 {
1151 ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'),true);
1152 return false;
1153 }
1154 if(!$a_user_ids)
1155 {
1156 $GLOBALS['lng']->loadLanguageModule('search');
1157 ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'),true);
1158 return false;
1159 }
1160
1161 $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1162
1163 // users to assign
1164 $assigned_users_new = array_diff($a_user_ids,array_intersect($a_user_ids,$assigned_users_all));
1165
1166 // selected users all already assigned. stop
1167 if (count($assigned_users_new) == 0)
1168 {
1169 ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"),true);
1170 $this->ctrl->redirect($this,'userassignment');
1171 }
1172
1173 // assign new users
1174 foreach ($assigned_users_new as $user)
1175 {
1176 $rbacadmin->assignUser($this->object->getId(),$user,false);
1177 }
1178
1179 // update object data entry (to update last modification date)
1180 $this->object->update();
1181
1182 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"),true);
1183 $this->ctrl->redirect($this,'userassignment');
1184 }
1185
1192 {
1193 global $rbacsystem, $rbacadmin, $rbacreview;
1194
1195 if(!$this->checkAccess('edit_userassignment','edit_permission'))
1196 {
1197 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1198 }
1199
1200 $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1201
1202 if ($selected_users[0]=== NULL)
1203 {
1204 $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1205 }
1206
1207 // prevent unassignment of system user from system role
1208 if ($this->object->getId() == SYSTEM_ROLE_ID)
1209 {
1210 if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1211 unset($selected_users[$admin]);
1212 }
1213
1214 // check for each user if the current role is his last global role before deassigning him
1215 $last_role = array();
1216 $global_roles = $rbacreview->getGlobalRoles();
1217
1218 foreach ($selected_users as $user)
1219 {
1220 $assigned_roles = $rbacreview->assignedRoles($user);
1221 $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1222
1223 if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1224 {
1225 $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1226 $last_role[$user] = $userObj->getFullName();
1227 unset($userObj);
1228 }
1229 }
1230
1231
1232 // ... else perform deassignment
1233 foreach ($selected_users as $user)
1234 {
1235 if(!isset($last_role[$user]))
1236 {
1237 $rbacadmin->deassignUser($this->object->getId(), $user);
1238 }
1239 }
1240
1241 // update object data entry (to update last modification date)
1242 $this->object->update();
1243
1244 // raise error if last role was taken from a user...
1245 if(count($last_role))
1246 {
1247 $user_list = implode(", ",$last_role);
1248 ilUtil::sendFailure($this->lng->txt('msg_is_last_role').': '.$user_list.'<br />'.$this->lng->txt('msg_min_one_role'),true);
1249 }
1250 else
1251 {
1252 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1253 }
1254 $this->ctrl->redirect($this,'userassignment');
1255 }
1256
1257
1262 {
1263 global $rbacreview, $rbacsystem, $lng, $ilUser;
1264
1265 if(!$this->checkAccess('edit_userassignment','edit_permission'))
1266 {
1267 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1268 }
1269
1270 $this->tabs_gui->setTabActive('user_assignment');
1271
1272 $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.rbac_ua.html','Services/AccessControl');
1273
1274 include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1275 $tb = new ilToolbarGUI();
1276
1277 // protected admin role
1278 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1279 if(
1280 $this->object->getId() != SYSTEM_ROLE_ID ||
1281 (
1282 !$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID) or
1283 !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1284 )
1285 )
1286 {
1287
1288
1289 // add member
1290 include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1292 $this,
1293 $tb,
1294 array(
1295 'auto_complete_name' => $lng->txt('user'),
1296 'submit_name' => $lng->txt('add')
1297 )
1298 );
1299
1300 /*
1301 // add button
1302 $tb->addFormButton($lng->txt("add"), "assignUser");
1303 */
1304 $tb->addSpacer();
1305
1306 $tb->addButton(
1307 $this->lng->txt('search_user'),
1308 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI','start')
1309 );
1310 $tb->addSpacer();
1311 }
1312
1313 $tb->addButton(
1314 $this->lng->txt('role_mailto'),
1315 $this->ctrl->getLinkTarget($this,'mailToRole')
1316 );
1317 $this->tpl->setVariable('BUTTONS_UA',$tb->getHTML());
1318
1319
1320 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1321 $role_assignment_editable = true;
1322 if(
1323 $this->object->getId() == SYSTEM_ROLE_ID &&
1324 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId()))
1325 {
1326 $role_assignment_editable = false;
1327 }
1328
1329 include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1330 $ut = new ilAssignedUsersTableGUI($this,'userassignment',$this->object->getId(),$role_assignment_editable);
1331
1332 $this->tpl->setVariable('TABLE_UA',$ut->getHTML());
1333
1334 return true;
1335
1336 }
1337
1338
1343 function cancelObject()
1344 {
1345 if ($_GET["new_type"] != "role")
1346 {
1347 $this->ctrl->redirect($this, "userassignment");
1348 }
1349 else
1350 {
1351 $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1352 }
1353 }
1354
1355
1357 {
1358 global $rbacsystem,$rbacreview;
1359
1360 $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1361
1362 if (!is_array($_POST["role"]))
1363 {
1364 ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1365 $this->searchObject();
1366
1367 return false;
1368 }
1369
1370 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1371 $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1372
1373 // GET ALL MEMBERS
1374 $members = array();
1375
1376 foreach ($_POST["role"] as $role_id)
1377 {
1378 $members = array_merge($rbacreview->assignedUsers($role_id),$members);
1379 }
1380
1381 $members = array_unique($members);
1382
1383 // FORMAT USER DATA
1384 $counter = 0;
1385 $f_result = array();
1386
1387 foreach($members as $user)
1388 {
1389 if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
1390 {
1391 continue;
1392 }
1393
1394 $user_ids[$counter] = $user;
1395
1396 // TODO: exclude anonymous user
1397 $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
1398 $f_result[$counter][] = $tmp_obj->getLogin();
1399 $f_result[$counter][] = $tmp_obj->getFirstname();
1400 $f_result[$counter][] = $tmp_obj->getLastname();
1401
1402 unset($tmp_obj);
1403 ++$counter;
1404 }
1405
1406 $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
1407
1408 return true;
1409 }
1410
1412 {
1413 // output objects
1414 $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1415 $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1416
1417 // output locator
1418 //$this->__setLocator();
1419
1420 // output message
1421 if ($this->message)
1422 {
1423 ilUtil::sendInfo($this->message);
1424 }
1425
1426 // display infopanel if something happened
1428
1429 // set header
1430 $this->__setHeader();
1431 }
1432
1433 function __setHeader()
1434 {
1435 $this->tpl->setTitle($this->lng->txt('role'));
1436 $this->tpl->setDescription($this->object->getTitle());
1437 $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1438
1439 $this->getTabs($this->tabs_gui);
1440 }
1441
1442 function __setLocator()
1443 {
1444 global $tree, $ilCtrl;
1445
1446 return;
1447
1448 $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html", "Services/Locator");
1449
1450 $counter = 0;
1451
1452 foreach ($tree->getPathFull($this->obj_ref_id) as $key => $row)
1453 {
1454 if ($counter++)
1455 {
1456 $this->tpl->touchBlock('locator_separator_prefix');
1457 }
1458
1459 $this->tpl->setCurrentBlock("locator_item");
1460
1461 if ($row["type"] == 'rolf')
1462 {
1463 $this->tpl->setVariable("ITEM",$this->object->getTitle());
1464 $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
1465 }
1466 elseif ($row["child"] != $tree->getRootId())
1467 {
1468 $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1469 $this->tpl->setVariable("ITEM", $row["title"]);
1470 $this->tpl->setVariable("LINK_ITEM",
1471 $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1472 }
1473 else
1474 {
1475 $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1476 $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
1477 $this->tpl->setVariable("LINK_ITEM",
1478 $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1479 }
1480 $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $_GET["ref_id"]);
1481
1482 $this->tpl->parseCurrentBlock();
1483 }
1484
1485 $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
1486 $this->tpl->parseCurrentBlock();
1487 }
1488
1494 {
1495 global $ilLocator;
1496
1497 if ($_GET["admin_mode"] == "settings"
1498 && $_GET["ref_id"] == ROLE_FOLDER_ID) // system settings
1499 {
1500 parent::addAdminLocatorItems(true);
1501
1502 $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
1503 ilObject::_lookupObjId($_GET["ref_id"]))),
1504 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
1505
1506 if ($_GET["obj_id"] > 0)
1507 {
1508 $ilLocator->addItem($this->object->getTitle(),
1509 $this->ctrl->getLinkTarget($this, "view"));
1510 }
1511 }
1512 else // repository administration
1513 {
1514 // ?
1515 }
1516 }
1517
1518
1519
1520
1521 function getTabs(&$tabs_gui)
1522 {
1523 global $rbacsystem,$rbacreview, $ilHelp;
1524
1525 $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1526
1527
1528 $activate_role_edit = false;
1529
1530 // todo: activate the following (allow editing of local roles in
1531 // roles administration)
1532 if (in_array($this->obj_ref_id,$base_role_container) ||
1533 (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1534 $_GET["admin_mode"] == "settings"))
1535 {
1536 $activate_role_edit = true;
1537 }
1538
1539 // not so nice (workaround for using tabs in repository)
1540 $tabs_gui->clearTargets();
1541
1542 $ilHelp->setScreenIdComponent("role");
1543
1544 if ($this->back_target != "")
1545 {
1546 $tabs_gui->setBackTarget(
1547 $this->back_target["text"],$this->back_target["link"]);
1548 }
1549
1550 if($this->checkAccess('write','edit_permission') && $activate_role_edit)
1551 {
1552 $tabs_gui->addTarget("edit_properties",
1553 $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
1554 }
1555/*
1556 if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1557 {
1558 $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1559 ? true
1560 : false;
1561 $tabs_gui->addTarget("default_perm_settings",
1562 $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1563 get_class($this),
1564 "", $force_active);
1565 }
1566*/
1567 if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1568 {
1569 $tabs_gui->addTarget(
1570 "default_perm_settings",
1571 $this->ctrl->getLinkTarget($this, "perm"), array(),get_class($this)
1572 );
1573 }
1574
1575 if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1576 {
1577 $tabs_gui->addTarget("user_assignment",
1578 $this->ctrl->getLinkTarget($this, "userassignment"),
1579 array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1580 get_class($this));
1581 }
1582
1583 if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1584 {
1585 $tabs_gui->addTarget("desktop_items",
1586 $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1587 array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1588 get_class($this));
1589 }
1590 if($this->checkAccess('write','edit_permission'))
1591 {
1592 $tabs_gui->addTarget(
1593 'export',
1594 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1595 array()
1596 );
1597
1598 }
1599 }
1600
1602 {
1603 global $rbacreview;
1604
1605 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1606 if(count($obj_ids) > 1)
1607 {
1608 $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
1609 }
1610 else
1611 {
1612 $_SESSION['mail_roles'][] = $rbacreview->getRoleMailboxAddress($this->object->getId());
1613 }
1614
1615 require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1616 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1617 ilUtil::redirect($script);
1618 }
1619
1620 function checkAccess($a_perm_global,$a_perm_obj = '')
1621 {
1622 global $rbacsystem,$ilAccess;
1623
1624 $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1625
1626 if($this->obj_ref_id == ROLE_FOLDER_ID)
1627 {
1628 return $rbacsystem->checkAccess($a_perm_global,$this->obj_ref_id);
1629 }
1630 else
1631 {
1632 return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
1633 }
1634 }
1635
1641 {
1642 global $rbacreview;
1643
1644 if(!(int) $_POST['recursive'] and !is_array($_POST['recursive_list']))
1645 {
1646 return false;
1647 }
1648
1649 // Role is protected
1650 if($rbacreview->isProtected($this->obj_ref_id, $this->object->getId()))
1651 {
1652 // TODO: check if recursive_list is enabled
1653 // and if yes: check if inheritance is broken for the relevant object types
1654 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1655 }
1656 else
1657 {
1658 // TODO: check if recursive_list is enabled
1659 // and if yes: check if inheritance is broken for the relevant object types
1660 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1661 }
1662 }
1663
1669 {
1670 $protected = $_POST['protected'];
1671
1672 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1673 $form = new ilPropertyFormGUI();
1674 $form->setFormAction($this->ctrl->getFormAction($this,'changeExistingObjects'));
1675 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1676
1677 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1678 $form->addCommandButton('perm',$this->lng->txt('cancel'));
1679
1680 $hidden = new ilHiddenInputGUI('type_filter');
1681 $hidden->setValue(
1682 $_POST['recursive'] ?
1683 serialize(array('all')) :
1684 serialize($_POST['recursive_list'])
1685 );
1686 $form->addItem($hidden);
1687
1688 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'),'mode');
1689
1690 if($protected)
1691 {
1693 $keep = new ilRadioOption(
1694 $this->lng->txt('rbac_keep_local_policies'),
1696 $this->lng->txt('rbac_keep_local_policies_info')
1697 );
1698 }
1699 else
1700 {
1702 $keep = new ilRadioOption(
1703 $this->lng->txt('rbac_keep_local_policies'),
1705 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1706 );
1707
1708 }
1709 $rad->addOption($keep);
1710
1711 if($protected)
1712 {
1713 $del = new ilRadioOption(
1714 $this->lng->txt('rbac_delete_local_policies'),
1716 $this->lng->txt('rbac_delete_local_policies_info')
1717 );
1718 }
1719 else
1720 {
1721 $del = new ilRadioOption(
1722 $this->lng->txt('rbac_delete_local_policies'),
1724 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1725 );
1726 }
1727 $rad->addOption($del);
1728
1729 $form->addItem($rad);
1730 $this->tpl->setContent($form->getHTML());
1731 }
1732
1737 protected function changeExistingObjectsObject()
1738 {
1739 global $tree,$rbacreview,$rbacadmin;
1740
1741 $mode = (int) $_POST['mode'];
1742 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1743
1744 $this->object->changeExistingObjects($start,$mode,unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1745
1746 ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1747 $this->ctrl->redirect($this,'perm');
1748 }
1749
1755 protected function setSubTabs($a_tab)
1756 {
1757 global $ilTabs;
1758
1759 switch($a_tab)
1760 {
1761 case 'default_perm_settings':
1762 if($this->obj_ref_id != ROLE_FOLDER_ID)
1763 {
1764 return true;
1765 }
1766 $ilTabs->addSubTabTarget(
1767 'rbac_repository_permissions',
1768 $this->ctrl->getLinkTarget($this,'perm')
1769 );
1770 $ilTabs->addSubTabTarget(
1771 'rbac_admin_permissions',
1772 $this->ctrl->getLinkTarget($this,'adminPerm')
1773 );
1774 }
1775 return true;
1776 }
1777
1778
1779} // END class.ilObjRoleGUI
1780?>
$_GET["client_id"]
$_SESSION["AccountId"]
const USER_FOLDER_ID
Class ilObjUserFolder.
Accordion user interface class.
TableGUI class for role administration.
This class represents a checkbox property in a property form.
Confirmation screen class.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
static allocateExportId()
Allocate a new export id.
static _getSizeMagnitude()
Returns the magnitude used for size units.
This class represents a hidden form property in a property form.
static getRedirectTarget($gui, $cmd, array $gui_params=array(), array $mail_params=array(), array $context_params=array())
This class represents a non editable value in a property form.
This class represents a number property in a property form.
Class ilObjRoleGUI.
editObject()
Edit role properties.
performDeleteRoleObject()
Delete role.
saveObject()
Save new role.
updateObject()
Save role settings.
initFormRoleProperties($a_mode)
Create role prperty form.
userassignmentObject()
display user assignment panel
showChangeExistingObjectsConfirmation()
Show confirmation screen.
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
setBackTarget($a_text, $a_link)
set back tab target
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
deassignUserObject()
de-assign users from role
permObject($a_show_admin_permissions=false)
Show template permissions.
loadRoleProperties(ilObjRole $role)
Store form input in role object.
assignSaveObject()
wrapper for renamed function
permSaveObject($a_show_admin_permissions=false)
save permissions
& executeCommand()
execute command
getParentType()
get type of current object (not role folder)
getContainerType()
Get type of role container.
getTabs(&$tabs_gui)
get tabs abstract method.
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
checkAccess($a_perm_global, $a_perm_obj='')
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
showDefaultPermissionSettings()
check if default permissions are shown or not
adminPermObject()
Show administration permissions.
adminPermSaveObject()
Save admin permissions.
addAdminLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
confirmDeleteRoleObject()
Show delete confirmation screen.
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
getParentRefId()
Get ref id of current object (not role folder id)
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
adoptPermSaveObject()
copy permissions from role
getParentObjId()
Get obj_id of current object.
setSubTabs($a_tab)
Set sub tabs.
getAdminTabs(&$tabs_gui)
admin and normal tabs are equal for roles
changeExistingObjectsObject()
Change existing objects.
Class ilObjRole.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
getPersonalWorkspaceDiskQuota()
getAllowRegister()
get allow_register
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static isAutoGenerated($a_role_id)
toggleAssignUsersStatus($a_assign_users)
setDiskQuota($a_disk_quota)
_getTranslation($a_role_title)
setPersonalWorkspaceDiskQuota($a_disk_quota)
getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Class ilObjectGUI Basic methods of all Output classes.
__showButton($a_cmd, $a_text, $a_target='')
ilObjectGUI($a_data, $a_id=0, $a_call_by_reference=true, $a_prepare_output=true)
Constructor @access public.
prepareOutput()
prepare output
static _lookupObjId($a_id)
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getDescription()
get object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
getTitle()
get object title @access public
static lookupTxt($a_mod_prefix, $a_pl_id, $a_lang_var)
Lookup language text.
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
static diffTemplate(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherTemplate($a_role_ref_id, $a_role_id)
const EDIT_TEMPLATE
static isActive()
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
static _getInstance()
Get instance of ilSecuritySettings.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
static tf2yn($a_tf)
convert true/false to "y"/"n"
static sortArray($array, $a_array_sortby, $a_array_sortorder=0, $a_numeric=false, $a_keep_keys=false)
sortArray
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
static redirect($a_script)
http redirect to other script
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static infoPanel($a_keep=true)
$_POST['username']
Definition: cron.php:12
$tbl
Definition: example_048.php:81
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
global $ilCtrl
Definition: ilias.php:18
redirection script todo: (a better solution should control the processing via a xml file)
global $ilSetting
Definition: privfeed.php:40
$cmd
Definition: sahs_server.php:35
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
if(!is_array($argv)) $options
global $ilUser
Definition: imgupload.php:15