ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once "./Services/Object/classes/class.ilObjectGUI.php";
5include_once './Services/AccessControl/classes/class.ilObjRole.php';
6require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7
21{
26
32 var $type;
33
34
35 protected $obj_ref_id = 0;
36 protected $obj_obj_id = 0;
37 protected $obj_obj_type = '';
38 protected $container_type = '';
39
40
41 var $ctrl;
42
47 function __construct($a_data,$a_id,$a_call_by_reference = false,$a_prepare_output = true)
48 {
49 global $tree,$lng;
50
51 $lng->loadLanguageModule('rbac');
52
53 //TODO: move this to class.ilias.php
54 define("USER_FOLDER_ID",7);
55
56 // Add ref_id of object that contains this role folder
57
58 $this->obj_ref_id =
59 ((int) $_REQUEST['rolf_ref_id'] ?
60 (int) $_REQUEST['rolf_ref_id'] :
61 (int) $_REQUEST['ref_id']
62 );
63
64 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
65 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
66
67 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
68
69 $this->type = "role";
70 parent::__construct($a_data,$a_id,$a_call_by_reference,false);
71 $this->ctrl->saveParameter($this, array('obj_id', 'rolf_ref_id'));
72 }
73
74
75 function executeCommand()
76 {
77 global $rbacsystem;
78
79 $this->prepareOutput();
80
81 $next_class = $this->ctrl->getNextClass($this);
82 $cmd = $this->ctrl->getCmd();
83
85
86 switch($next_class)
87 {
88 case 'ilrepositorysearchgui':
89
90 if(!$GLOBALS['ilAccess']->checkAccess('edit_permission','', $this->obj_ref_id))
91 {
92 $GLOBALS['ilErr']->raiseError($GLOBALS['lng']->txt('permission_denied'), $GLOBALS['ilErr']->WARNING);
93 }
94 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
95 $rep_search = new ilRepositorySearchGUI();
96 $rep_search->setTitle($this->lng->txt('role_add_user'));
97 $rep_search->setCallback($this,'addUserObject');
98
99 // Set tabs
100 $this->tabs_gui->setTabActive('user_assignment');
101 $this->ctrl->setReturn($this,'userassignment');
102 $ret =& $this->ctrl->forwardCommand($rep_search);
103 break;
104
105 case 'ilexportgui':
106
107 $this->tabs_gui->setTabActive('export');
108
109 include_once './Services/Export/classes/class.ilExportOptions.php';
111 $eo->addOption(ilExportOptions::KEY_ROOT,0,$this->object->getId(),$this->obj_ref_id);
112
113 include_once './Services/Export/classes/class.ilExportGUI.php';
114 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
115 $exp->addFormat('xml');
116 $this->ctrl->forwardCommand($exp);
117 break;
118
119 default:
120 if(!$cmd)
121 {
123 {
124 $cmd = "perm";
125 }
126 else
127 {
128 $cmd = 'userassignment';
129 }
130 }
131 $cmd .= "Object";
132 $this->$cmd();
133
134 break;
135 }
136
137 return true;
138 }
139
144 public function getParentRefId()
145 {
146 return $this->obj_ref_id;
147 }
148
153 public function getParentObjId()
154 {
155 return $this->obj_obj_id;
156 }
157
162 public function getParentType()
163 {
164 return $this->obj_obj_type;
165 }
166
170 function setBackTarget($a_text, $a_link)
171 {
172 $this->back_target = array("text" => $a_text,
173 "link" => $a_link);
174 }
175
176 public function getBackTarget()
177 {
178 return $this->back_target ? $this->back_target : array();
179 }
180
184 function getAdminTabs()
185 {
186 $this->getTabs();
187 }
188
193 protected function getContainerType()
194 {
196 }
197
202 protected function showDefaultPermissionSettings()
203 {
204 global $objDefinition;
205
206 return $objDefinition->isContainer($this->getContainerType());
207 }
208
209
211 {
212 global $rbacsystem,$rbacreview;
213
214 if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
215 $this->obj_ref_id != ROLE_FOLDER_ID)
216 {
217 ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
218 return true;
219 }
220
221 if($rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
222 {
223 $this->__showButton('selectDesktopItem',$this->lng->txt('role_desk_add'));
224 }
225
226 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemsTableGUI.php';
227 $tbl = new ilRoleDesktopItemsTableGUI($this, 'listDesktopItems', $this->object);
228 $this->tpl->setContent($tbl->getHTML());
229
230 return true;
231 }
232
234 {
235 global $rbacsystem;
236
237
238 if(!$this->checkAccess('edit_permission'))
239 {
240 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
241 }
242 if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
243 {
244 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
245 }
246 if(!count($_POST['del_desk_item']))
247 {
248 ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
249
250 $this->listDesktopItemsObject();
251
252 return true;
253 }
254
255 include_once("./Services/Utilities/classes/class.ilConfirmationGUI.php");
256 $confirmation_gui = new ilConfirmationGUI();
257 $confirmation_gui->setFormAction($this->ctrl->getFormAction($this));
258 $confirmation_gui->setHeaderText($this->lng->txt('role_assigned_desk_items').
259 ' "'.$this->object->getTitle().'": '.
260 $this->lng->txt('role_sure_delete_desk_items'));
261 $confirmation_gui->setCancel($this->lng->txt("cancel"), "listDesktopItems");
262 $confirmation_gui->setConfirm($this->lng->txt("delete"), "deleteDesktopItems");
263
264 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
265 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
266 $counter = 0;
267 foreach($_POST['del_desk_item'] as $role_item_id)
268 {
269 $item_data = $role_desk_item_obj->getItem($role_item_id);
270 $tmp_obj =& ilObjectFactory::getInstanceByRefId($item_data['item_id']);
271
272 if(strlen($desc = $tmp_obj->getDescription()))
273 {
274 $desc = '<div class="il_Description_no_margin">'.$desc.'</div>';
275 }
276
277 $confirmation_gui->addItem("del_desk_item[]", $role_item_id, $tmp_obj->getTitle().$desc);
278 }
279
280 $this->tpl->setContent($confirmation_gui->getHTML());
281
282 return true;
283 }
284
286 {
287 global $rbacsystem;
288
289 if(!$this->checkAccess('edit_permission'))
290 {
291 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
292 }
293
294 if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
295 {
296 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
297 }
298
299 if (!count($_POST['del_desk_item']))
300 {
301 ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
302
303 $this->listDesktopItemsObject();
304
305 return true;
306 }
307
308 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
309
310 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
311
312 foreach ($_POST['del_desk_item'] as $role_item_id)
313 {
314 $role_desk_item_obj->delete($role_item_id);
315 }
316
317 ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
318 $this->listDesktopItemsObject();
319
320 return true;
321 }
322
323
325 {
326 global $rbacsystem,$tree;
327
328 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
329 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
330
331 if(!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
332 {
333 #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
334 ilUtil::sendFailure($this->lng->txt('permission_denied'));
335 $this->listDesktopItemsObject();
336 return false;
337 }
338
339 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
340 $this->__showButton('listDesktopItems',$this->lng->txt('back'));
341
342 ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
343
344 $exp = new ilRoleDesktopItemSelector($this->ctrl->getLinkTarget($this,'selectDesktopItem'),
345 new ilRoleDesktopItem($this->object->getId()));
346 $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
347 $exp->setExpandTarget($this->ctrl->getLinkTarget($this,'selectDesktopItem'));
348
349 $exp->setOutput(0);
350
351 $output = $exp->getOutput();
352 $this->tpl->setVariable("EXPLORER",$output);
353 //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
354
355 return true;
356 }
357
359 {
360 global $rbacsystem;
361
362 if (!$rbacsystem->checkAccess('push_desktop_items',USER_FOLDER_ID))
363 {
364 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
365 return false;
366 }
367
368
369 if (!isset($_GET['item_id']))
370 {
371 ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
373
374 return false;
375 }
376
377 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
378
379 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
380 $role_desk_item_obj->add((int) $_GET['item_id'],ilObject::_lookupType((int) $_GET['item_id'],true));
381
382 ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
383
384 $this->ctrl->redirect($this,'listDesktopItems');
385 return true;
386 }
387
393 protected function initFormRoleProperties($a_mode)
394 {
395 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
396 $this->form = new ilPropertyFormGUI();
397
398 if($this->creation_mode)
399 {
400 $this->ctrl->setParameter($this, "new_type", 'role');
401 }
402 $this->form->setFormAction($this->ctrl->getFormAction($this));
403
404 switch($a_mode)
405 {
407 $this->form->setTitle($this->lng->txt('role_new'));
408 $this->form->addCommandButton('save',$this->lng->txt('role_new'));
409 break;
410
412 $this->form->setTitle($this->lng->txt('role_edit'));
413 $this->form->addCommandButton('update', $this->lng->txt('save'));
414 break;
415
418 }
419 // Fix cancel
420 $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
421
422 $title = new ilTextInputGUI($this->lng->txt('title'),'title');
423 if(ilObjRole::isAutoGenerated($this->object->getId()))
424 {
425 $title->setDisabled(true);
426 }
427 else
428 {
429 //#17111 No validation for disabled fields
430 $title->setValidationRegexp('/^(?!il_).*$/');
431 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
432 }
433
434 $title->setSize(40);
435 $title->setMaxLength(70);
436 $title->setRequired(true);
437 $this->form->addItem($title);
438
439 $desc = new ilTextAreaInputGUI($this->lng->txt('description'),'desc');
440 if(ilObjRole::isAutoGenerated($this->object->getId()))
441 {
442 $desc->setDisabled(true);
443 }
444 $desc->setCols(40);
445 $desc->setRows(3);
446 $this->form->addItem($desc);
447
448 if($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE)
449 {
450 $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
451 $this->form->addItem($ilias_id);
452 }
453
454 if($this->obj_ref_id == ROLE_FOLDER_ID)
455 {
456 $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'),'reg');
457 $reg->setValue(1);
458 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
459 $this->form->addItem($reg);
460
461 $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'),'la');
462 $la->setValue(1);
463 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
464 $this->form->addItem($la);
465 }
466
467 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'),'pro');
468 $pro->setValue(1);
469 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
470 $this->form->addItem($pro);
471
472 include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
474 {
475 $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'),'disk_quota');
476 $quo->setMinValue(0);
477 $quo->setSize(4);
478 $quo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
479 $this->form->addItem($quo);
480 }
482 {
483 $this->lng->loadLanguageModule("file");
484 $wquo = new ilNumberInputGUI($this->lng->txt('personal_workspace_disk_quota'),'wsp_disk_quota');
485 $wquo->setMinValue(0);
486 $wquo->setSize(4);
487 $wquo->setInfo($this->lng->txt('enter_in_mb_desc').'<br />'.$this->lng->txt('disk_quota_on_role_desc'));
488 $this->form->addItem($wquo);
489 }
490
491 return true;
492 }
493
499 protected function loadRoleProperties(ilObjRole $role)
500 {
501 //Don't set if fields are disabled to prevent html manipulation.
502 if(!$this->form->getItemByPostVar('title')->getDisabled())
503 {
504 $role->setTitle($this->form->getInput('title'));
505
506 }
507 if(!$this->form->getItemByPostVar('desc')->getDisabled())
508 {
509 $role->setDescription($this->form->getInput('desc'));
510 }
511 $role->setAllowRegister($this->form->getInput('reg'));
512 $role->toggleAssignUsersStatus($this->form->getInput('la'));
513 $role->setDiskQuota(ilUtil::MB2Bytes($this->form->getInput('disk_quota')));
514 $role->setPersonalWorkspaceDiskQuota(ilUtil::MB2Bytes($this->form->getInput('wsp_disk_quota')));
515 return true;
516 }
517
523 protected function readRoleProperties(ilObjRole $role)
524 {
525 global $rbacreview;
526
527 include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
528
529 $data['title'] = $role->getTitle();
530 $data['desc'] = $role->getDescription();
531 $data['ilias_id'] = 'il_'.IL_INST_ID.'_'.ilObject::_lookupType($role->getId()).'_'.$role->getId();
532 $data['reg'] = $role->getAllowRegister();
533 $data['la'] = $role->getAssignUsersStatus();
535 {
536 $data['disk_quota'] = ilUtil::Bytes2MB($role->getDiskQuota());
537 }
539 {
540 $data['wsp_disk_quota'] = ilUtil::Bytes2MB($role->getPersonalWorkspaceDiskQuota());
541 }
542 $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
543
544 $this->form->setValuesByArray($data);
545 }
546
547
548
549
555 public function createObject()
556 {
557 global $rbacsystem;
558
559 if(!$rbacsystem->checkAccess('create_role',$this->obj_ref_id))
560 {
561 $ilErr->raiseError($this->lng->txt('permission_denied'),$ilErr->MESSAGE);
562 }
563
564 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
565 $this->tpl->setContent($this->form->getHTML());
566 }
567
572 public function editObject()
573 {
574 global $rbacsystem, $rbacreview, $ilSetting,$ilErr,$ilToolbar;
575
576 if(!$this->checkAccess('write','edit_permission'))
577 {
578 $ilErr->raiseError($this->lng->txt("msg_no_perm_write"),$ilErr->MESSAGE);
579 }
580
581 // Show copy role button
582 if($this->object->getId() != SYSTEM_ROLE_ID)
583 {
584 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
585 if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
586 {
587 $ilToolbar->addButton(
588 $this->lng->txt('rbac_delete_role'),
589 $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
590 );
591 }
592 }
593
594 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
595 $this->readRoleProperties($this->object);
596 $this->tpl->setContent($this->form->getHTML());
597 }
598
599
604 public function saveObject()
605 {
606 global $rbacadmin,$rbacreview;
607
608 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
609 if($this->form->checkInput() and !$this->checkDuplicate())
610 {
611 include_once './Services/AccessControl/classes/class.ilObjRole.php';
612 $this->loadRoleProperties($this->role = new ilObjRole());
613 $this->role->create();
614 $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id,'y');
615 $rbacadmin->setProtected(
616 $this->obj_ref_id,
617 $this->role->getId(),
618 $this->form->getInput('pro') ? 'y' : 'n'
619 );
620 ilUtil::sendSuccess($this->lng->txt("role_added"),true);
621 $this->ctrl->setParameter($this,'obj_id',$this->role->getId());
622 $this->ctrl->redirect($this,'perm');
623 }
624
625 ilUtil::sendFailure($this->lng->txt('err_check_input'));
626 $this->form->setValuesByPost();
627 $this->tpl->setContent($this->form->getHTML());
628 return false;
629 }
630
635 protected function checkDuplicate($a_role_id = 0)
636 {
637 // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
638 return FALSE;
639 }
640
645 public function updateObject()
646 {
647 global $rbacadmin;
648
649 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
650 if($this->form->checkInput() and !$this->checkDuplicate($this->object->getId()))
651 {
652 include_once './Services/AccessControl/classes/class.ilObjRole.php';
653 $this->loadRoleProperties($this->object);
654 $this->object->update();
655 $rbacadmin->setProtected(
656 $this->obj_ref_id,
657 $this->object->getId(),
658 $this->form->getInput('pro') ? 'y' : 'n'
659 );
660 ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
661 $this->ctrl->redirect($this,'edit');
662 }
663
664 ilUtil::sendFailure($this->lng->txt('err_check_input'));
665 $this->form->setValuesByPost();
666 $this->tpl->setContent($this->form->getHTML());
667 return false;
668 }
669
674 protected function permObject($a_show_admin_permissions = false)
675 {
676 global $ilTabs, $ilErr, $ilToolbar, $objDefinition,$rbacreview;
677
678 $ilTabs->setTabActive('default_perm_settings');
679
680 $this->setSubTabs('default_perm_settings');
681
682 if($a_show_admin_permissions)
683 {
684 $ilTabs->setSubTabActive('rbac_admin_permissions');
685 }
686 else
687 {
688 $ilTabs->setSubTabActive('rbac_repository_permissions');
689 }
690
691 if(!$this->checkAccess('write','edit_permission'))
692 {
693 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->MESSAGE);
694 return true;
695 }
696
697 // Show copy role button
698 if($this->object->getId() != SYSTEM_ROLE_ID)
699 {
700 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
701 $ilToolbar->addButton(
702 $this->lng->txt("adopt_perm_from_template"),
703 $this->ctrl->getLinkTarget($this,'adoptPerm')
704 );
705 if($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id))
706 {
707 $ilToolbar->addButton(
708 $this->lng->txt('rbac_delete_role'),
709 $this->ctrl->getLinkTarget($this,'confirmDeleteRole')
710 );
711 }
712 }
713
714 $this->tpl->addBlockFile(
715 'ADM_CONTENT',
716 'adm_content',
717 'tpl.rbac_template_permissions.html',
718 'Services/AccessControl'
719 );
720
721 $this->tpl->setVariable('PERM_ACTION',$this->ctrl->getFormAction($this));
722
723 include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
724 $acc = new ilAccordionGUI();
725 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
726 $acc->setId('template_perm_'.$this->getParentRefId());
727
728 if($this->obj_ref_id == ROLE_FOLDER_ID)
729 {
730 if($a_show_admin_permissions)
731 {
732 $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
733 }
734 else
735 {
736 $subs = $objDefinition->getSubObjectsRecursively('root',true,$a_show_admin_permissions);
737 }
738 }
739 else
740 {
741 $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,$a_show_admin_permissions);
742 }
743
744 $sorted = array();
745 foreach($subs as $subtype => $def)
746 {
747 if($objDefinition->isPlugin($subtype))
748 {
749 $translation = ilObjectPlugin::lookupTxtById($subtype,"obj_".$subtype);
750 }
751 elseif($objDefinition->isSystemObject($subtype))
752 {
753 $translation = $this->lng->txt("obj_".$subtype);
754 }
755 else
756 {
757 $translation = $this->lng->txt('objs_'.$subtype);
758 }
759
760 $sorted[$subtype] = $def;
761 $sorted[$subtype]['translation'] = $translation;
762 }
763
764
765 $sorted = ilUtil::sortArray($sorted, 'translation','asc',true,true);
766 foreach($sorted as $subtype => $def)
767 {
768 if($objDefinition->isPlugin($subtype))
769 {
770 $translation = ilObjectPlugin::lookupTxtById($subtype,"obj_".$subtype);
771 }
772 elseif($objDefinition->isSystemObject($subtype))
773 {
774 $translation = $this->lng->txt("obj_".$subtype);
775 }
776 else
777 {
778 $translation = $this->lng->txt('objs_'.$subtype);
779 }
780
781 include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
783 $this,
784 'perm',
785 $this->getParentRefId(),
786 $this->object->getId(),
787 $subtype,
788 $a_show_admin_permissions
789 );
790 $tbl->parse();
791
792 $acc->addItem($translation, $tbl->getHTML());
793 }
794
795 $this->tpl->setVariable('ACCORDION',$acc->getHTML());
796
797 // Add options table
798 include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
800 $this,
801 'perm',
802 $this->obj_ref_id,
803 $this->object->getId(),
804 $a_show_admin_permissions
805 );
806 if($this->object->getId() != SYSTEM_ROLE_ID)
807 {
808 $options->addMultiCommand(
809 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
810 $this->lng->txt('save')
811 );
812 }
813
814 $options->parse();
815 $this->tpl->setVariable('OPTIONS_TABLE',$options->getHTML());
816 }
817
822 protected function adminPermObject()
823 {
824 return $this->permObject(true);
825 }
826
831 protected function adminPermSaveObject()
832 {
833 return $this->permSaveObject(true);
834 }
835
836 protected function adoptPermObject()
837 {
838 global $rbacreview;
839
840 $output = array();
841
842 $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
843 $ids = array();
844 foreach($parent_role_ids as $id => $tmp)
845 {
846 $ids[] = $id;
847 }
848 // Sort ids
849 $sorted_ids = ilUtil::_sortIds($ids,'object_data','type,title','obj_id');
850 $key = 0;
851 foreach($sorted_ids as $id)
852 {
853 $par = $parent_role_ids[$id];
854 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"])
855 {
856 $output[$key]["role_id"] = $par["obj_id"];
857 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
858 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
859 $output[$key]["role_desc"] = $par["desc"];
860 $key++;
861 }
862 }
863
864
865 include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
866
867 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
868 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
869 $tbl->setData($output);
870
871 $this->tpl->setContent($tbl->getHTML());
872 }
873
878 protected function confirmDeleteRoleObject()
879 {
880 global $ilErr,$rbacreview,$ilUser;
881
882 $access = $this->checkAccess('visible,write','edit_permission');
883 if (!$access)
884 {
885 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
886 }
887
888 $question = $this->lng->txt('rbac_role_delete_qst');
889 if($rbacreview->isAssigned($ilUser->getId(), $this->object->getId()))
890 {
891 $question .= ('<br />'.$this->lng->txt('rbac_role_delete_self'));
892 }
893 ilUtil::sendQuestion($question);
894
895 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
896
897 $confirm = new ilConfirmationGUI();
898 $confirm->setFormAction($this->ctrl->getFormAction($this));
899 $confirm->setHeaderText($question);
900 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
901 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
902
903 $confirm->addItem(
904 'role',
905 $this->object->getId(),
906 $this->object->getTitle(),
907 ilUtil::getImagePath('icon_role.svg')
908 );
909
910 $this->tpl->setContent($confirm->getHTML());
911 return true;
912 }
913
914
919 protected function performDeleteRoleObject()
920 {
921 global $ilErr;
922
923 $access = $this->checkAccess('visible,write','edit_permission');
924 if (!$access)
925 {
926 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'),$ilErr->WARNING);
927 }
928
929 $this->object->setParent((int) $this->obj_ref_id);
930 $this->object->delete();
931 ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'),true);
932
933 $this->ctrl->returnToParent($this);
934 }
935
941 function permSaveObject($a_show_admin_permissions = false)
942 {
943 global $rbacsystem, $rbacadmin, $rbacreview, $objDefinition, $tree;
944
945 // for role administration check write of global role folder
946 $access = $this->checkAccess('visible,write','edit_permission');
947
948 if (!$access)
949 {
950 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
951 }
952
953 // rbac log
954 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
955 $rbac_log_active = ilRbacLog::isActive();
956 if($rbac_log_active)
957 {
958 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
959 }
960
961 // delete all template entries of enabled types
962 if($this->obj_ref_id == ROLE_FOLDER_ID)
963 {
964 if($a_show_admin_permissions)
965 {
966 $subs = $objDefinition->getSubObjectsRecursively('adm',true,true);
967 }
968 else
969 {
970 $subs = $objDefinition->getSubObjectsRecursively('root',true,false);
971 }
972 }
973 else
974 {
975 $subs = $objDefinition->getSubObjectsRecursively($this->getParentType(),true,false);
976 }
977
978 foreach($subs as $subtype => $def)
979 {
980 // Delete per object type
981 $rbacadmin->deleteRolePermission($this->object->getId(),$this->obj_ref_id,$subtype);
982 }
983
984 if (empty($_POST["template_perm"]))
985 {
986 $_POST["template_perm"] = array();
987 }
988
989 foreach ($_POST["template_perm"] as $key => $ops_array)
990 {
991 // sets new template permissions
992 $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
993 }
994
995 if($rbac_log_active)
996 {
997 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
998 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
999 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
1000 }
1001
1002 // update object data entry (to update last modification date)
1003 $this->object->update();
1004
1005 // set protected flag
1006 if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id))
1007 {
1008 $rbacadmin->setProtected($this->obj_ref_id,$this->object->getId(),ilUtil::tf2yn($_POST['protected']));
1009 }
1010
1011 if($a_show_admin_permissions)
1012 {
1013 $_POST['recursive'] = true;
1014 }
1015
1016 // Redirect if Change existing objects is not chosen
1017 if(!$_POST['recursive'] and !is_array($_POST['recursive_list']))
1018 {
1019 ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1020 if($a_show_admin_permissions)
1021 {
1022 $this->ctrl->redirect($this,'adminPerm');
1023 }
1024 else
1025 {
1026 $this->ctrl->redirect($this,'perm');
1027 }
1028 }
1029 // New implementation
1030 if($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions)
1031 {
1033 return true;
1034 }
1035
1036 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1037 if($a_show_admin_permissions)
1038 {
1039 $start = $tree->getParentId($this->obj_ref_id);
1040 }
1041
1042 if($_POST['protected'])
1043 {
1044 $this->object->changeExistingObjects(
1045 $start,
1047 array('all'),
1048 array()
1049 #$a_show_admin_permissions ? array('adm') : array()
1050 );
1051 }
1052 else
1053 {
1054 $this->object->changeExistingObjects(
1055 $start,
1057 array('all'),
1058 array()
1059 #$a_show_admin_permissions ? array('adm') : array()
1060 );
1061 }
1062 ilUtil::sendSuccess($this->lng->txt("saved_successfully"),true);
1063
1064 if($a_show_admin_permissions)
1065 {
1066 $this->ctrl->redirect($this,'adminPerm');
1067 }
1068 else
1069 {
1070 $this->ctrl->redirect($this,'perm');
1071 }
1072 return true;
1073 }
1074
1075
1082 {
1083 global $rbacadmin, $rbacsystem, $rbacreview, $tree;
1084
1085 if(!$_POST['adopt'])
1086 {
1087 ilUtil::sendFailure($this->lng->txt('select_one'));
1088 $this->adoptPermObject();
1089 return false;
1090 }
1091
1092 $access = $this->checkAccess('visible,write','edit_permission');
1093 if (!$access)
1094 {
1095 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"),$this->ilias->error_obj->MESSAGE);
1096 }
1097
1098 if ($this->object->getId() == $_POST["adopt"])
1099 {
1100 ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"),true);
1101 }
1102 else
1103 {
1104 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
1105 $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id,true);
1106 $rbacadmin->copyRoleTemplatePermissions(
1107 $_POST["adopt"],
1108 $parentRoles[$_POST["adopt"]]["parent"],
1109 $this->obj_ref_id,
1110 $this->object->getId(),
1111 false);
1112
1113 // update object data entry (to update last modification date)
1114 $this->object->update();
1115
1116 // send info
1117 $obj_data =& $this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1118 ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1")." '".$obj_data->getTitle()."'.<br/>".
1119 $this->lng->txt("msg_perm_adopted_from2"),true);
1120 }
1121
1122 $this->ctrl->redirect($this, "perm");
1123 }
1124
1131 {
1132 $this->assignUserObject();
1133 }
1134
1135
1136
1142 public function addUserObject($a_user_ids)
1143 {
1144 global $rbacreview,$rbacadmin;
1145
1146 if(!$this->checkAccess('edit_userassignment','edit_permission'))
1147 {
1148 ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'),true);
1149 return false;
1150 }
1151 if(!$rbacreview->isAssignable($this->object->getId(),$this->obj_ref_id) &&
1152 $this->obj_ref_id != ROLE_FOLDER_ID)
1153 {
1154 ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'),true);
1155 return false;
1156 }
1157 if(!$a_user_ids)
1158 {
1159 $GLOBALS['lng']->loadLanguageModule('search');
1160 ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'),true);
1161 return false;
1162 }
1163
1164 $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1165
1166 // users to assign
1167 $assigned_users_new = array_diff($a_user_ids,array_intersect($a_user_ids,$assigned_users_all));
1168
1169 // selected users all already assigned. stop
1170 if (count($assigned_users_new) == 0)
1171 {
1172 ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"),true);
1173 $this->ctrl->redirect($this,'userassignment');
1174 }
1175
1176 // assign new users
1177 foreach ($assigned_users_new as $user)
1178 {
1179 $rbacadmin->assignUser($this->object->getId(),$user,false);
1180 }
1181
1182 // update object data entry (to update last modification date)
1183 $this->object->update();
1184
1185 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"),true);
1186 $this->ctrl->redirect($this,'userassignment');
1187 }
1188
1195 {
1196 global $rbacsystem, $rbacadmin, $rbacreview;
1197
1198 if(!$this->checkAccess('edit_userassignment','edit_permission'))
1199 {
1200 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1201 }
1202
1203 $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1204
1205 if ($selected_users[0]=== NULL)
1206 {
1207 $this->ilias->raiseError($this->lng->txt("no_checkbox"),$this->ilias->error_obj->MESSAGE);
1208 }
1209
1210 // prevent unassignment of system user from system role
1211 if ($this->object->getId() == SYSTEM_ROLE_ID)
1212 {
1213 if ($admin = array_search(SYSTEM_USER_ID,$selected_users) !== false)
1214 unset($selected_users[$admin]);
1215 }
1216
1217 // check for each user if the current role is his last global role before deassigning him
1218 $last_role = array();
1219 $global_roles = $rbacreview->getGlobalRoles();
1220
1221 foreach ($selected_users as $user)
1222 {
1223 $assigned_roles = $rbacreview->assignedRoles($user);
1224 $assigned_global_roles = array_intersect($assigned_roles,$global_roles);
1225
1226 if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(),$assigned_global_roles)))
1227 {
1228 $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1229 $last_role[$user] = $userObj->getFullName();
1230 unset($userObj);
1231 }
1232 }
1233
1234
1235 // ... else perform deassignment
1236 foreach ($selected_users as $user)
1237 {
1238 if(!isset($last_role[$user]))
1239 {
1240 $rbacadmin->deassignUser($this->object->getId(), $user);
1241 }
1242 }
1243
1244 // update object data entry (to update last modification date)
1245 $this->object->update();
1246
1247 // raise error if last role was taken from a user...
1248 if(count($last_role))
1249 {
1250 $user_list = implode(", ",$last_role);
1251 ilUtil::sendFailure($this->lng->txt('msg_is_last_role').': '.$user_list.'<br />'.$this->lng->txt('msg_min_one_role'),true);
1252 }
1253 else
1254 {
1255 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1256 }
1257 $this->ctrl->redirect($this,'userassignment');
1258 }
1259
1260
1265 {
1266 global $rbacreview, $rbacsystem, $lng, $ilUser;
1267
1268 if(!$this->checkAccess('edit_userassignment','edit_permission'))
1269 {
1270 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"),$this->ilias->error_obj->MESSAGE);
1271 }
1272
1273 $this->tabs_gui->setTabActive('user_assignment');
1274
1275 $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.rbac_ua.html','Services/AccessControl');
1276
1277 include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1278 $tb = new ilToolbarGUI();
1279
1280 // protected admin role
1281 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1282 if(
1283 $this->object->getId() != SYSTEM_ROLE_ID ||
1284 (
1285 !$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID) or
1286 !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1287 )
1288 )
1289 {
1290
1291
1292 // add member
1293 include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1295 $this,
1296 $tb,
1297 array(
1298 'auto_complete_name' => $lng->txt('user'),
1299 'submit_name' => $lng->txt('add')
1300 )
1301 );
1302
1303 /*
1304 // add button
1305 $tb->addFormButton($lng->txt("add"), "assignUser");
1306 */
1307 $tb->addSpacer();
1308
1309 $tb->addButton(
1310 $this->lng->txt('search_user'),
1311 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI','start')
1312 );
1313 $tb->addSpacer();
1314 }
1315
1316 $tb->addButton(
1317 $this->lng->txt('role_mailto'),
1318 $this->ctrl->getLinkTarget($this,'mailToRole')
1319 );
1320 $this->tpl->setVariable('BUTTONS_UA',$tb->getHTML());
1321
1322
1323 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1324 $role_assignment_editable = true;
1325 if(
1326 $this->object->getId() == SYSTEM_ROLE_ID &&
1327 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId()))
1328 {
1329 $role_assignment_editable = false;
1330 }
1331
1332 include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1333 $ut = new ilAssignedUsersTableGUI($this,'userassignment',$this->object->getId(),$role_assignment_editable);
1334
1335 $this->tpl->setVariable('TABLE_UA',$ut->getHTML());
1336
1337 return true;
1338
1339 }
1340
1341
1346 function cancelObject()
1347 {
1348 if ($_GET["new_type"] != "role")
1349 {
1350 $this->ctrl->redirect($this, "userassignment");
1351 }
1352 else
1353 {
1354 $this->ctrl->redirectByClass("ilobjrolefoldergui","view");
1355 }
1356 }
1357
1358
1360 {
1361 global $rbacsystem,$rbacreview;
1362
1363 $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1364
1365 if (!is_array($_POST["role"]))
1366 {
1367 ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1368 $this->searchObject();
1369
1370 return false;
1371 }
1372
1373 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1374 $this->__showButton("searchUserForm",$this->lng->txt("role_new_search"));
1375
1376 // GET ALL MEMBERS
1377 $members = array();
1378
1379 foreach ($_POST["role"] as $role_id)
1380 {
1381 $members = array_merge($rbacreview->assignedUsers($role_id),$members);
1382 }
1383
1384 $members = array_unique($members);
1385
1386 // FORMAT USER DATA
1387 $counter = 0;
1388 $f_result = array();
1389
1390 foreach($members as $user)
1391 {
1392 if(!$tmp_obj = ilObjectFactory::getInstanceByObjId($user,false))
1393 {
1394 continue;
1395 }
1396
1397 $user_ids[$counter] = $user;
1398
1399 // TODO: exclude anonymous user
1400 $f_result[$counter][] = ilUtil::formCheckbox(0,"user[]",$user);
1401 $f_result[$counter][] = $tmp_obj->getLogin();
1402 $f_result[$counter][] = $tmp_obj->getFirstname();
1403 $f_result[$counter][] = $tmp_obj->getLastname();
1404
1405 unset($tmp_obj);
1406 ++$counter;
1407 }
1408
1409 $this->__showSearchUserTable($f_result,$user_ids,"listUsersRole");
1410
1411 return true;
1412 }
1413
1415 {
1416 // output objects
1417 $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1418 $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1419
1420 // output locator
1421 //$this->__setLocator();
1422
1423 // output message
1424 if ($this->message)
1425 {
1426 ilUtil::sendInfo($this->message);
1427 }
1428
1429 // display infopanel if something happened
1431
1432 // set header
1433 $this->__setHeader();
1434 }
1435
1436 function __setHeader()
1437 {
1438 $this->tpl->setTitle($this->lng->txt('role'));
1439 $this->tpl->setDescription($this->object->getTitle());
1440 $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1441
1442 $this->getTabs($this->tabs_gui);
1443 }
1444
1445 function __setLocator()
1446 {
1447 global $tree, $ilCtrl;
1448
1449 return;
1450
1451 $this->tpl->addBlockFile("LOCATOR", "locator", "tpl.locator.html", "Services/Locator");
1452
1453 $counter = 0;
1454
1455 foreach ($tree->getPathFull($this->obj_ref_id) as $key => $row)
1456 {
1457 if ($counter++)
1458 {
1459 $this->tpl->touchBlock('locator_separator_prefix');
1460 }
1461
1462 $this->tpl->setCurrentBlock("locator_item");
1463
1464 if ($row["type"] == 'rolf')
1465 {
1466 $this->tpl->setVariable("ITEM",$this->object->getTitle());
1467 $this->tpl->setVariable("LINK_ITEM",$this->ctrl->getLinkTarget($this));
1468 }
1469 elseif ($row["child"] != $tree->getRootId())
1470 {
1471 $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1472 $this->tpl->setVariable("ITEM", $row["title"]);
1473 $this->tpl->setVariable("LINK_ITEM",
1474 $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1475 }
1476 else
1477 {
1478 $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $row["child"]);
1479 $this->tpl->setVariable("ITEM", $this->lng->txt("repository"));
1480 $this->tpl->setVariable("LINK_ITEM",
1481 $ilCtrl->getLinkTargetByClass("ilrepositorygui", ""));
1482 }
1483 $ilCtrl->setParameterByClass("ilrepositorygui", "ref_id", $_GET["ref_id"]);
1484
1485 $this->tpl->parseCurrentBlock();
1486 }
1487
1488 $this->tpl->setVariable("TXT_LOCATOR",$this->lng->txt("locator"));
1489 $this->tpl->parseCurrentBlock();
1490 }
1491
1496 function addAdminLocatorItems($a_do_not_add_object = false)
1497 {
1498 global $ilLocator;
1499
1500 if ($_GET["admin_mode"] == "settings"
1501 && $_GET["ref_id"] == ROLE_FOLDER_ID) // system settings
1502 {
1503 parent::addAdminLocatorItems(true);
1504
1505 $ilLocator->addItem($this->lng->txt("obj_".ilObject::_lookupType(
1506 ilObject::_lookupObjId($_GET["ref_id"]))),
1507 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", "view"));
1508
1509 if ($_GET["obj_id"] > 0)
1510 {
1511 $ilLocator->addItem($this->object->getTitle(),
1512 $this->ctrl->getLinkTarget($this, "view"));
1513 }
1514 }
1515 else // repository administration
1516 {
1517 // ?
1518 }
1519 }
1520
1521
1522
1523
1524 function getTabs()
1525 {
1526 global $rbacreview, $ilHelp;
1527
1528 $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(),true);
1529
1530
1531 $activate_role_edit = false;
1532
1533 // todo: activate the following (allow editing of local roles in
1534 // roles administration)
1535 if (in_array($this->obj_ref_id,$base_role_container) ||
1536 (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1537 $_GET["admin_mode"] == "settings"))
1538 {
1539 $activate_role_edit = true;
1540 }
1541
1542 // not so nice (workaround for using tabs in repository)
1543 $this->tabs_gui->clearTargets();
1544
1545 $ilHelp->setScreenIdComponent("role");
1546
1547 if ($this->back_target != "")
1548 {
1549 $this->tabs_gui->setBackTarget(
1550 $this->back_target["text"],$this->back_target["link"]);
1551 }
1552
1553 if($this->checkAccess('write','edit_permission') && $activate_role_edit)
1554 {
1555 $this->tabs_gui->addTarget("edit_properties",
1556 $this->ctrl->getLinkTarget($this, "edit"), array("edit","update"), get_class($this));
1557 }
1558/*
1559 if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1560 {
1561 $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1562 ? true
1563 : false;
1564 $this->tabs_gui->addTarget("default_perm_settings",
1565 $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1566 get_class($this),
1567 "", $force_active);
1568 }
1569*/
1570 if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1571 {
1572 $this->tabs_gui->addTarget(
1573 "default_perm_settings",
1574 $this->ctrl->getLinkTarget($this, "perm"), array(),get_class($this)
1575 );
1576 }
1577
1578 if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1579 {
1580 $this->tabs_gui->addTarget("user_assignment",
1581 $this->ctrl->getLinkTarget($this, "userassignment"),
1582 array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1583 get_class($this));
1584 }
1585
1586 if($this->checkAccess('write','edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID)
1587 {
1588 $this->tabs_gui->addTarget("desktop_items",
1589 $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1590 array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1591 get_class($this));
1592 }
1593 if($this->checkAccess('write','edit_permission'))
1594 {
1595 $this->tabs_gui->addTarget(
1596 'export',
1597 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1598 array()
1599 );
1600
1601 }
1602 }
1603
1605 {
1606 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1607 if(count($obj_ids) > 1)
1608 {
1609 $_SESSION['mail_roles'][] = '#il_role_'.$this->object->getId();
1610 }
1611 else
1612 {
1613 require_once 'Services/Mail/classes/Address/Type/class.ilMailRoleAddressType.php';
1614 $_SESSION['mail_roles'][] = ilMailRoleAddressType::getRoleMailboxAddress($this->object->getId());
1615 }
1616
1617 require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1618 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1619 ilUtil::redirect($script);
1620 }
1621
1622 function checkAccess($a_perm_global,$a_perm_obj = '')
1623 {
1624 global $rbacsystem,$ilAccess;
1625
1626 $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1627
1628 if($this->obj_ref_id == ROLE_FOLDER_ID)
1629 {
1630 return $rbacsystem->checkAccess($a_perm_global,$this->obj_ref_id);
1631 }
1632 else
1633 {
1634 return $ilAccess->checkAccess($a_perm_obj,'',$this->obj_ref_id);
1635 }
1636 }
1637
1643 {
1644 global $rbacreview;
1645
1646 if(!(int) $_POST['recursive'] and !is_array($_POST['recursive_list']))
1647 {
1648 return false;
1649 }
1650
1651 // Role is protected
1652 if($rbacreview->isProtected($this->obj_ref_id, $this->object->getId()))
1653 {
1654 // TODO: check if recursive_list is enabled
1655 // and if yes: check if inheritance is broken for the relevant object types
1656 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1657 }
1658 else
1659 {
1660 // TODO: check if recursive_list is enabled
1661 // and if yes: check if inheritance is broken for the relevant object types
1662 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1663 }
1664 }
1665
1671 {
1672 $protected = $_POST['protected'];
1673
1674 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1675 $form = new ilPropertyFormGUI();
1676 $form->setFormAction($this->ctrl->getFormAction($this,'changeExistingObjects'));
1677 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1678
1679 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1680 $form->addCommandButton('perm',$this->lng->txt('cancel'));
1681
1682 $hidden = new ilHiddenInputGUI('type_filter');
1683 $hidden->setValue(
1684 $_POST['recursive'] ?
1685 serialize(array('all')) :
1686 serialize($_POST['recursive_list'])
1687 );
1688 $form->addItem($hidden);
1689
1690 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'),'mode');
1691
1692 if($protected)
1693 {
1695 $keep = new ilRadioOption(
1696 $this->lng->txt('rbac_keep_local_policies'),
1698 $this->lng->txt('rbac_keep_local_policies_info')
1699 );
1700 }
1701 else
1702 {
1704 $keep = new ilRadioOption(
1705 $this->lng->txt('rbac_keep_local_policies'),
1707 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1708 );
1709
1710 }
1711 $rad->addOption($keep);
1712
1713 if($protected)
1714 {
1715 $del = new ilRadioOption(
1716 $this->lng->txt('rbac_delete_local_policies'),
1718 $this->lng->txt('rbac_delete_local_policies_info')
1719 );
1720 }
1721 else
1722 {
1723 $del = new ilRadioOption(
1724 $this->lng->txt('rbac_delete_local_policies'),
1726 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1727 );
1728 }
1729 $rad->addOption($del);
1730
1731 $form->addItem($rad);
1732 $this->tpl->setContent($form->getHTML());
1733 }
1734
1739 protected function changeExistingObjectsObject()
1740 {
1741 global $tree,$rbacreview,$rbacadmin;
1742
1743 $mode = (int) $_POST['mode'];
1744 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1745
1746 $this->object->changeExistingObjects($start,$mode,unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1747
1748 ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1749 $this->ctrl->redirect($this,'perm');
1750 }
1751
1757 protected function setSubTabs($a_tab)
1758 {
1759 global $ilTabs;
1760
1761 switch($a_tab)
1762 {
1763 case 'default_perm_settings':
1764 if($this->obj_ref_id != ROLE_FOLDER_ID)
1765 {
1766 return true;
1767 }
1768 $ilTabs->addSubTabTarget(
1769 'rbac_repository_permissions',
1770 $this->ctrl->getLinkTarget($this,'perm')
1771 );
1772 $ilTabs->addSubTabTarget(
1773 'rbac_admin_permissions',
1774 $this->ctrl->getLinkTarget($this,'adminPerm')
1775 );
1776 }
1777 return true;
1778 }
1779
1783 protected function addToClipboardObject()
1784 {
1785 global $lng, $ilCtrl;
1786
1787 $users = (array) $_POST['user_id'];
1788 if(!count($users))
1789 {
1790 ilUtil::sendFailure($this->lng->txt('select_one'),true);
1791 $ilCtrl->redirect($this, 'userassignment');
1792 }
1793 include_once './Services/User/classes/class.ilUserClipboard.php';
1794 $clip = ilUserClipboard::getInstance($GLOBALS['ilUser']->getId());
1795 $clip->add($users);
1796 $clip->save();
1797
1798 $lng->loadLanguageModule('user');
1799 ilUtil::sendSuccess($this->lng->txt('clipboard_user_added'),true);
1800 $ilCtrl->redirect($this, 'userassignment');
1801 }
1802
1807 protected function ensureRoleAccessForContext()
1808 {
1809 global $DIC;
1810
1811 $review = $DIC->rbac()->review();
1812 $logger = $DIC->logger()->ac();
1813
1814 // creation of roles
1815 if(
1816 !$this->object->getId() ||
1817 $this->object->getId() == ROLE_FOLDER_ID
1818 )
1819 {
1820 return true;
1821 }
1822
1823
1824 $possible_roles = [];
1825 try {
1826 $possible_roles = $review->getRolesOfObject(
1827 $this->obj_ref_id,
1828 false
1829 );
1830 }
1831 catch(\InvalidArgumentException $e) {
1832 $logger->warning('Role access check failed: ' . $e);
1833
1834 include_once "Services/Object/exceptions/class.ilObjectException.php";
1835 throw new \ilObjectException($this->lng->txt('permission_denied'));
1836 }
1837
1838 if(!in_array($this->object->getId(), $possible_roles))
1839 {
1840 $logger->warning('Object id: ' . $this->object->getId() .' is not accessible for ref_id: ' . $this->obj_ref_id);
1841 include_once "Services/Object/exceptions/class.ilObjectException.php";
1842 throw new \ilObjectException($this->lng->txt('permission_denied'));
1843 }
1844 return true;
1845 }
1846} // END class.ilObjRoleGUI
1847?>
$_GET["client_id"]
$_POST["username"]
$_SESSION["AccountId"]
An exception for terminatinating execution or to throw for unit testing.
const USER_FOLDER_ID
Class ilObjUserFolder.
Accordion user interface class.
TableGUI class for role administration.
This class represents a checkbox property in a property form.
Confirmation screen class.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
static allocateExportId()
Allocate a new export id.
This class represents a hidden form property in a property form.
static getRedirectTarget($gui, $cmd, array $gui_params=array(), array $mail_params=array(), array $context_params=array())
This class represents a non editable value in a property form.
This class represents a number property in a property form.
Class ilObjRoleGUI.
getAdminTabs()
admin and normal tabs are equal for roles
editObject()
Edit role properties.
getTabs()
get tabs abstract method.
performDeleteRoleObject()
Delete role.
saveObject()
Save new role.
updateObject()
Save role settings.
initFormRoleProperties($a_mode)
Create role prperty form.
userassignmentObject()
display user assignment panel
showChangeExistingObjectsConfirmation()
Show confirmation screen.
ensureRoleAccessForContext()
Ensure access to role for ref_id.
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
setBackTarget($a_text, $a_link)
set back tab target
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
deassignUserObject()
de-assign users from role
permObject($a_show_admin_permissions=false)
Show template permissions.
loadRoleProperties(ilObjRole $role)
Store form input in role object.
assignSaveObject()
wrapper for renamed function
permSaveObject($a_show_admin_permissions=false)
save permissions
getParentType()
get type of current object (not role folder)
getContainerType()
Get type of role container.
addAdminLocatorItems($a_do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
checkAccess($a_perm_global, $a_perm_obj='')
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
showDefaultPermissionSettings()
check if default permissions are shown or not
adminPermObject()
Show administration permissions.
executeCommand()
execute command
adminPermSaveObject()
Save admin permissions.
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
confirmDeleteRoleObject()
Show delete confirmation screen.
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
getParentRefId()
Get ref id of current object (not role folder id)
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
adoptPermSaveObject()
copy permissions from role
getParentObjId()
Get obj_id of current object.
setSubTabs($a_tab)
Set sub tabs.
addToClipboardObject()
Add selected users to user clipboard.
changeExistingObjectsObject()
Change existing objects.
Class ilObjRole.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
getPersonalWorkspaceDiskQuota()
getAllowRegister()
get allow_register
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static isAutoGenerated($a_role_id)
toggleAssignUsersStatus($a_assign_users)
setDiskQuota($a_disk_quota)
setPersonalWorkspaceDiskQuota($a_disk_quota)
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Class ilObjectGUI Basic methods of all Output classes.
__showButton($a_cmd, $a_text, $a_target='')
prepareOutput($a_show_subobjects=true)
prepare output
static lookupTxtById($plugin_id, $lang_var)
static _lookupObjId($a_id)
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getDescription()
get object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
getTitle()
get object title @access public
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
static diffTemplate(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherTemplate($a_role_ref_id, $a_role_id)
const EDIT_TEMPLATE
static isActive()
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
static _getInstance()
Get instance of ilSecuritySettings.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static getInstance($a_usr_id)
Get singelton instance.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
static tf2yn($a_tf)
convert true/false to "y"/"n"
static sortArray($array, $a_array_sortby, $a_array_sortorder=0, $a_numeric=false, $a_keep_keys=false)
sortArray
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
static redirect($a_script)
http redirect to other script
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static MB2Bytes($a_value)
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static infoPanel($a_keep=true)
static Bytes2MB($a_value)
$counter
$tbl
Definition: example_048.php:81
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\s+" &#(? foreach( $entity_files as $file) $output
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
global $ilCtrl
Definition: ilias.php:18
redirection script todo: (a better solution should control the processing via a xml file)
$ret
Definition: parser.php:6
global $ilSetting
Definition: privfeed.php:17
global $ilErr
Definition: raiseError.php:16
$cmd
Definition: sahs_server.php:35
if(!is_array($argv)) $options
global $DIC
$ilUser
Definition: imgupload.php:18