ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilPermissionGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5
19class ilPermissionGUI extends ilPermission2GUI
20{
21 protected $current_obj = null;
22
28 public function __construct($a_gui_obj)
29 {
30 parent::__construct($a_gui_obj);
31 }
32
37 public function executeCommand()
38 {
39 global $rbacsystem, $ilErr;
40
41 // access to all functions in this class are only allowed if edit_permission is granted
42 if (!$rbacsystem->checkAccess("edit_permission",$this->gui_obj->object->getRefId()))
43 {
44 $ilErr->raiseError($this->lng->txt("permission_denied"),$ilErr->MESSAGE);
45 }
46
47 $next_class = $this->ctrl->getNextClass($this);
48
49 switch($next_class)
50 {
51 case "ilobjrolegui":
52 $this->ctrl->setReturn($this,'perm');
53 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
54 $this->gui_obj = new ilObjRoleGUI("",(int) $_GET["obj_id"], false, false);
55 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"),$this->ctrl->getLinkTarget($this, "perm"));
56 $ret = $this->ctrl->forwardCommand($this->gui_obj);
57 break;
58
59 case 'ildidactictemplategui':
60 $this->ctrl->setReturn($this,'perm');
61 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
62 $did = new ilDidacticTemplateGUI($this->gui_obj);
63 $this->ctrl->forwardCommand($did);
64 break;
65
66 case 'ilrepositorysearchgui':
67 // used for owner autocomplete
68 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
69 $rep_search = new ilRepositorySearchGUI();
70 $this->ctrl->forwardCommand($rep_search);
71 break;
72
73 case 'ilobjectpermissionstatusgui':
74 $this->__initSubTabs("perminfo");
75 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
76 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
77 $this->ctrl->forwardCommand($perm_stat);
78 break;
79
80 default:
81 $cmd = $this->ctrl->getCmd();
82 $this->$cmd();
83 break;
84 }
85
86 return true;
87 }
88
89
94 public function getCurrentObject()
95 {
96 return $this->gui_obj->object;
97 }
98
102 protected function confirmTemplateSwitch()
103 {
104 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
105 $this->ctrl->setReturn($this,'perm');
106 $this->ctrl->setCmdClass('ildidactictemplategui');
107 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
108 $this->ctrl->forwardCommand($dtpl_gui,'confirmTemplateSwitch');
109 }
110
111
116 public function perm(ilTable2GUI $table = NULL )
117 {
118 global $objDefinition, $ilToolbar;
119
120 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
121 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
122 if($dtpl->appendToolbarSwitch(
123 $ilToolbar,
124 $this->getCurrentObject()->getType(),
125 $this->getCurrentObject()->getRefId()
126 ))
127 {
128 $ilToolbar->addSeparator();
129 }
130
131 if($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132 !$this->isAdministrationObject()
133 )
134 {
135 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
136
137 if(!$this->isAdminRoleFolder())
138 {
139 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'),$this->ctrl->getLinkTarget($this,'displayAddRoleForm'));
140 }
141 $ilToolbar->addButton($this->lng->txt('rbac_import_role'),$this->ctrl->getLinkTarget($this,'displayImportRoleForm'));
142 }
143
144 $this->__initSubTabs("perm");
145
146 if(!$table instanceof ilTable2GUI)
147 {
148 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
149 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
150 }
151 $table->parse();
152 $this->tpl->setContent($table->getHTML());
153 }
154
155
156
161 protected function isAdminRoleFolder()
162 {
163 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
164 }
165
166 protected function isAdministrationObject()
167 {
168 return $this->getCurrentObject()->getType() == 'adm';
169 }
170
175 protected function isInAdministration()
176 {
177 return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID,$this->getCurrentObject()->getRefId());
178 }
179
180
185 protected function applyFilter()
186 {
187 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
188 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
189 $table->resetOffset();
190 $table->writeFilterToSession();
191 return $this->perm($table);
192 }
193
198 protected function resetFilter()
199 {
200 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
201 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
202 $table->resetOffset();
203 $table->resetFilter();
204
205 return $this->perm($table);
206 }
207
213 public function applyRoleFilter($a_roles, $a_filter_id)
214 {
215 global $rbacreview;
216
217 // Always delete administrator role from view
218 if(isset($a_roles[SYSTEM_ROLE_ID]))
219 {
220 unset($a_roles[SYSTEM_ROLE_ID]);
221 }
222
223 switch ($a_filter_id)
224 {
225 // all roles in context
226 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
227
228 return $a_roles;
229
230 // only global roles
231 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
232
233 $arr_global_roles = $rbacreview->getGlobalRoles();
234 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_global_roles);
235
236 foreach ($arr_remove_roles as $role_id)
237 {
238 unset($a_roles[$role_id]);
239 }
240 return $a_roles;
241
242 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
243 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
244 $arr_global_roles = $rbacreview->getGlobalRoles();
245
246 foreach ($arr_global_roles as $role_id)
247 {
248 unset($a_roles[$role_id]);
249 }
250
251 return $a_roles;
252 break;
253
254 // only roles which use a local policy
255 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256
257 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
259
260 foreach ($arr_remove_roles as $role_id)
261 {
262 unset($a_roles[$role_id]);
263 }
264
265 return $a_roles;
266
267 // only true local role defined at current position
268 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
269
270 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(),TRUE);
271 $arr_remove_roles = array_diff(array_keys($a_roles),$arr_local_roles);
272
273 foreach ($arr_remove_roles as $role_id)
274 {
275 unset($a_roles[$role_id]);
276 }
277
278 return $a_roles;
279
280 default:
281 return $a_roles;
282 }
283 }
284
289 protected function savePermissions()
290 {
291 global $rbacreview,$objDefinition,$rbacadmin;
292
293 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
294 $table = new ilObjectRolePermissionTableGUI($this,'perm',$this->getCurrentObject()->getRefId());
295
296 $roles = $this->applyRoleFilter(
297 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
298 $table->getFilterItemByPostVar('role')->getValue()
299 );
300
301 // Log history
302 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
303 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
304
305
306 # all possible create permissions
307 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
308 $this->getCurrentObject()->getType(),
309 'create'
310 );
311
312 # createable (activated) create permissions
313 $create_types = $objDefinition->getCreatableSubObjects(
314 $this->getCurrentObject()->getType()
315 );
316 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
317
318 foreach((array) $roles as $role => $role_data)
319 {
320 if($role_data['protected'])
321 {
322 continue;
323 }
324
325 $new_ops = array_keys((array) $_POST['perm'][$role]);
326 $old_ops = $rbacreview->getRoleOperationsOnObject(
327 $role,
328 $this->getCurrentObject()->getRefId()
329 );
330
331 // Add operations which were enabled and are not activated.
332 foreach($possible_ops_ids as $create_ops_id)
333 {
334 if(in_array($create_ops_id,$createable_ops_ids))
335 {
336 continue;
337 }
338 if(in_array($create_ops_id,$old_ops))
339 {
340 $new_ops[] = $create_ops_id;
341 }
342 }
343
344 $rbacadmin->revokePermission(
345 $this->getCurrentObject()->getRefId(),
346 $role
347 );
348
349 $rbacadmin->grantPermission(
350 $role,
351 array_unique($new_ops),
352 $this->getCurrentObject()->getRefId()
353 );
354 }
355
356 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
357 {
358 foreach($roles as $role)
359 {
360 // No action for local roles
361 if($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y')
362 {
363 continue;
364 }
365 // Nothing for protected roles
366 if($role['protected'])
367 {
368 continue;
369 }
370 // Stop local policy
371 if(
372 $role['parent'] == $this->getCurrentObject()->getRefId() and
373 !isset($_POST['inherit'][$role['obj_id']]) and
374 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
375 )
376 {
377 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
378 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
379 $role_obj->setParent($this->getCurrentObject()->getRefId());
380 $role_obj->delete();
381 continue;
382 }
383 // Add local policy
384 if($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']]))
385 {
386 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
387 $rbacadmin->copyRoleTemplatePermissions(
388 $role['obj_id'],
389 $role['parent'],
390 $this->getCurrentObject()->getRefId(),
391 $role['obj_id']
392 );
393 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
394 $rbacadmin->assignRoleToFolder($role['obj_id'],$this->getCurrentObject()->getRefId(),'n');
395 }
396 }
397 }
398
399 // Protect permissions
400 if(ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType()))
401 {
402 foreach($roles as $role)
403 {
404 if($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId()))
405 {
406 if(isset($_POST['protect'][$role['obj_id']]) and
407 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
408 {
409 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
410 }
411 elseif(!isset($_POST['protect'][$role['obj_id']]) and
412 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id']))
413 {
414 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
415 }
416 }
417 }
418 }
419
420 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(),array_keys((array) $roles));
421 $log = ilRbacLog::diffFaPa($log_old, $log_new);
422 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
423
424 $blocked_info = $this->getModifiedBlockedSettings();
425 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info,TRUE));
426 if($blocked_info['num'] > 0)
427 {
428 return $this->showConfirmBlockRole($blocked_info);
429 }
430
431
432 ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
433 $this->ctrl->redirect($this,'perm');
434 #$this->perm();
435 }
436
442 protected function showConfirmBlockRole($a_blocked_info)
443 {
444 $info = '';
445 if($a_blocked_info['new_blocked'])
446 {
447 $info .= $this->lng->txt('role_confirm_block_role_info');
448 if($a_blocked_info['new_unblocked'])
449 {
450 $info .= '<br /><br />';
451 }
452
453 }
454 if($a_blocked_info['new_unblocked'])
455 {
456 $info .= ('<br />'. $this->lng->txt('role_confirm_unblock_role_info'));
457 }
458
459 ilUtil::sendInfo($info);
460
461 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
462 $confirm = new ilConfirmationGUI();
463 $confirm->setFormAction($this->ctrl->getFormAction($this));
464 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
465 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
466 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
467
468 foreach($a_blocked_info['new_blocked'] as $role_id)
469 {
470 include_once './Services/AccessControl/classes/class.ilObjRole.php';
471 $confirm->addItem(
472 'new_block[]',
473 $role_id,
474 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)).' '.$this->lng->txt('role_blocked')
475 );
476 }
477 foreach($a_blocked_info['new_unblocked'] as $role_id)
478 {
479 include_once './Services/AccessControl/classes/class.ilObjRole.php';
480 $confirm->addItem(
481 'new_unblock[]',
482 $role_id,
483 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)).' '.$this->lng->txt('role_unblocked')
484 );
485 }
486 $this->tpl->setContent($confirm->getHTML());
487
488 }
489
490 protected function modifyBlockRoles()
491 {
492 $this->blockRoles((array) $_POST['new_block']);
493 $this->unblockRoles((array) $_POST['new_unblock']);
494
495 ilUtil::sendInfo($this->lng->txt('settings_saved'));
496 $this->ctrl->redirect($this,'perm');
497 }
498
502 protected function unblockRoles($roles)
503 {
504 global $rbacadmin;
505
506 foreach($roles as $role)
507 {
508 // delete local policy
509 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
510 $role_obj = ilObjectFactory::getInstanceByObjId($role);
511 $role_obj->setParent($this->getCurrentObject()->getRefId());
512 $role_obj->delete();
513
514 $role_obj->changeExistingObjects(
515 $this->getCurrentObject()->getRefId(),
516 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
517 array('all')
518 );
519
520 // finally set blocked status
521 $rbacadmin->setBlockedStatus(
522 $role,
523 $this->getCurrentObject()->getRefId(),
524 FALSE
525 );
526 }
527 }
528
533 protected function blockRoles($roles)
534 {
535 global $rbacadmin,$rbacreview;
536
537 foreach($roles as $role)
538 {
539 // Set assign to 'y' only if it is a local role
540 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
541
542 // Delete permissions
543 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
544
545 // Delete template permissions
546 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
547
548
549 $rbacadmin->assignRoleToFolder(
550 $role,
551 $this->getCurrentObject()->getRefId(),
552 $assign
553 );
554
555 // finally set blocked status
556 $rbacadmin->setBlockedStatus(
557 $role,
558 $this->getCurrentObject()->getRefId(),
559 TRUE
560 );
561 }
562
563 }
564
565
571 public static function hasContainerCommands($a_type)
572 {
573 global $objDefinition;
574
575 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
576 }
577
582 protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
583 {
584 $GLOBALS['ilTabs']->clearTargets();
585
586 if(!$form)
587 {
588 $form = $this->initImportForm();
589 }
590 $GLOBALS['tpl']->setContent($form->getHTML());
591 }
592
596 protected function doImportRole()
597 {
598 global $rbacreview;
599
600 $form = $this->initImportForm();
601 if($form->checkInput())
602 {
603 try {
604
605 include_once './Services/Export/classes/class.ilImport.php';
606
607 // For global roles set import id to parent of current ref_id (adm)
608 $imp = new ilImport($this->getCurrentObject()->getRefId());
609 $imp->getMapping()->addMapping(
610 'Services/AccessControl',
611 'rolf',
612 0,
613 $this->getCurrentObject()->getRefId()
614 );
615
616 $imp->importObject(
617 null,
618 $_FILES["importfile"]["tmp_name"],
619 $_FILES["importfile"]["name"],
620 'role'
621 );
622 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'),true);
623 $this->ctrl->redirect($this,'perm');
624 return;
625 }
626 catch(Exception $e)
627 {
628 ilUtil::sendFailure($e->getMessage());
629 $form->setValuesByPost();
630 $this->displayImportRoleForm($form);
631 return;
632 }
633 }
634 $form->setValuesByPost();
635 ilUtil::sendFailure($this->lng->txt('err_check_input'));
636 $this->displayImportRoleForm($form);
637 }
638
642 protected function initImportForm()
643 {
644 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
645 $form = new ilPropertyFormGUI();
646 $form->setFormAction($this->ctrl->getFormAction($this));
647 $form->setTitle($this->lng->txt('rbac_import_role'));
648 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
649 $form->addCommandButton('perm', $this->lng->txt('cancel'));
650
651 $zip = new ilFileInputGUI($this->lng->txt('import_file'),'importfile');
652 $zip->setSuffixes(array('zip'));
653 $form->addItem($zip);
654
655 return $form;
656 }
657
664 protected function initRoleForm()
665 {
666 global $rbacreview,$objDefinition;
667
668 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
669 $form = new ilPropertyFormGUI();
670 $form->setFormAction($this->ctrl->getFormAction($this));
671 $form->setTitle($this->lng->txt('role_new'));
672 $form->addCommandButton('addrole',$this->lng->txt('role_new'));
673 $form->addCommandButton('perm', $this->lng->txt('cancel'));
674
675 $title = new ilTextInputGUI($this->lng->txt('title'),'title');
676 $title->setValidationRegexp('/^(?!il_).*$/');
677 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
678 $title->setSize(40);
679 $title->setMaxLength(70);
680 $title->setRequired(true);
681 $form->addItem($title);
682
683 $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
684 $desc->setCols(40);
685 $desc->setRows(3);
686 $form->addItem($desc);
687
688 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
689 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
690 $pro->setValue(1);
691 $form->addItem($pro);
692
693 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'),'desktop');
694 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
695 $pd->setValue(1);
696 $form->addItem($pd);
697
698
699 if(!$this->isInAdministration())
700 {
701 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
702 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
703 $rights->addOption($option);
704
705 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(),true);
706 $ids = array();
707 foreach($parent_role_ids as $id => $tmp)
708 {
709 $ids[] = $id;
710 }
711
712 // Sort ids
713 $sorted_ids = ilUtil::_sortIds($ids,'object_data','type DESC,title','obj_id');
714
715 $key = 0;
716 foreach($sorted_ids as $id)
717 {
718 $par = $parent_role_ids[$id];
719 if ($par["obj_id"] != SYSTEM_ROLE_ID)
720 {
721 include_once './Services/AccessControl/classes/class.ilObjRole.php';
722 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')).": ".ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
723 $option->setInfo($par["desc"]);
724 $rights->addOption($option);
725 }
726 $key++;
727 }
728 $form->addItem($rights);
729 }
730
731 // Local policy only for containers
732 if($objDefinition->isContainer($this->getCurrentObject()->getType()))
733 {
734 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
735 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
736 $form->addItem($check);
737
738 }
739
740 return $form;
741 }
742
746 protected function displayAddRoleForm()
747 {
748 $GLOBALS['ilTabs']->clearTargets();
749
750 $form = $this->initRoleForm();
751 $this->tpl->setContent($form->getHTML());
752 }
753
762 protected function addRole()
763 {
764 global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
765
766 $form = $this->initRoleForm();
767 if($form->checkInput())
768 {
769 $new_title = $form->getInput("title");
770
771 include_once './Services/AccessControl/classes/class.ilObjRole.php';
772 $role = new ilObjRole();
773 $role->setTitle($new_title);
774 $role->setDescription($form->getInput('desc'));
775 $role->create();
776
777 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(),$this->getCurrentObject()->getRefId());
778
779 // protect
780 $rbacadmin->setProtected(
781 $this->getCurrentObject()->getRefId(),
782 $role->getId(),
783 $form->getInput('pro') ? 'y' : 'n'
784 );
785
786 // copy rights
787 $right_id_to_copy = $form->getInput("rights");
788 if($right_id_to_copy)
789 {
790 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(),true);
791 $rbacadmin->copyRoleTemplatePermissions(
792 $right_id_to_copy,
793 $parentRoles[$right_id_to_copy]["parent"],
794 $this->getCurrentObject()->getRefId(),
795 $role->getId(),
796 false);
797
798 if($form->getInput('existing'))
799 {
800 if($form->getInput('pro'))
801 {
802 $role->changeExistingObjects(
803 $this->getCurrentObject()->getRefId(),
804 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
805 array('all')
806 );
807 }
808 else
809 {
810 $role->changeExistingObjects(
811 $this->getCurrentObject()->getRefId(),
812 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
813 array('all')
814 );
815 }
816 }
817 }
818
819 // add to desktop items
820 if($form->getInput("desktop"))
821 {
822 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
823 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
824 $role_desk_item_obj->add(
825 $this->getCurrentObject()->getRefId(),
826 ilObject::_lookupType($this->getCurrentObject()->getRefId(),true));
827 }
828
829 ilUtil::sendSuccess($this->lng->txt("role_added"),true);
830 $this->ctrl->redirect($this,'perm');
831 }
832 else
833 {
834 $form->setValuesByPost();
835 $this->tpl->setContent($form->getHTML());
836 }
837 }
838
843 protected function getModifiedBlockedSettings()
844 {
845 global $rbacreview;
846
847 $blocked_info['new_blocked'] = array();
848 $blocked_info['new_unblocked'] = array();
849 $blocked_info['num'] = 0;
850 foreach((array) $_POST['visible_block'] as $role => $one)
851 {
852 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
853 if(isset($_POST['block'][$role]) && !$blocked)
854 {
855 $blocked_info['new_blocked'][] = $role;
856 $blocked_info['num']++;
857 }
858 if(!isset($_POST['block'][$role]) && $blocked)
859 {
860 $blocked_info['new_unblocked'][] = $role;
861 $blocked_info['num']++;
862 }
863 }
864 return $blocked_info;
865 }
866}
867?>
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
php
An exception for terminatinating execution or to throw for unit testing.
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilImport
Import class.
Definition: class.ilImport.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:508
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:72
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:17
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:924
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1176
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:17
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:20
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:533
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:582
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:198
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:102
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:161
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:28
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:37
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:746
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:289
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:94
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:664
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:642
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:571
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:596
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:213
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:442
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:175
ilPermissionGUI\perm
perm(ilTable2GUI $table=NULL)
show permission table
Definition: class.ilPermissionGUI.php:116
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:185
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
Definition: class.ilPermissionGUI.php:762
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:77
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:162
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:36
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1347
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4683
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:4801
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4771
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4757
$info
$info
Definition: example_052.php:80
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$log
$log
Definition: inc.setup_header.php:129
$ret
$ret
Definition: parser.php:6
$cmd
$cmd
Definition: sahs_server.php:35
$a_type
$a_type
Definition: workflow.php:93