ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
ilPermissionGUI Class Reference
Services/AccessControl

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

+ Inheritance diagram for ilPermissionGUI:
+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 __construct ($a_gui_obj)
 Constructor. More...
 
 executeCommand ()
 Execute command. More...
 
 getCurrentObject ()
 Get current object. More...
 
 perm (ilTable2GUI $table=null)
 show permission table More...
 
 applyRoleFilter ($a_roles, $a_filter_id)
 Apply filter to roles. More...
 
- Public Member Functions inherited from ilPermission2GUI
 __construct ($a_gui_obj)
 
 owner ()
 
 changeOwner ()
 
 __initSubTabs ($a_cmd)
 
 log ()
 
 applyLogFilter ()
 
 resetLogFilter ()
 

Static Public Member Functions

static hasContainerCommands ($a_type)
 Check if container commands are possible for the current object type. More...
 

Data Fields

const CMD_PERM_POSITIONS = 'permPositions'
 
const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions'
 
- Data Fields inherited from ilPermission2GUI
const TAB_POSITION_PERMISSION_SETTINGS = "position_permission_settings"
 

Protected Member Functions

 confirmTemplateSwitch ()
 Called after toolbar action applyTemplateSwitch. More...
 
 isAdminRoleFolder ()
 Check of current location is administration (main) role folder. More...
 
 isAdministrationObject ()
 
 isInAdministration ()
 Check if node is subobject of administration folder. More...
 
 applyFilter ()
 Apply filter. More...
 
 resetFilter ()
 Reset filter. More...
 
 savePermissions ()
 Save permissions. More...
 
 showConfirmBlockRole ($a_blocked_info)
 Show block role confirmation screen. More...
 
 modifyBlockRoles ()
 
 unblockRoles ($roles)
 
 blockRoles ($roles)
 Block role. More...
 
 displayImportRoleForm (ilPropertyFormGUI $form=null)
 Show import form. More...
 
 doImportRole ()
 Perform import. More...
 
 initImportForm ()
 init import form More...
 
 initRoleForm ()
 Shoew add role @global type $rbacreview @global type $objDefinition. More...
 
 displayAddRoleForm ()
 Show add role form. More...
 
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'. More...
 
 getModifiedBlockedSettings ()
 
 permPositions ()
 
 savePositionsPermissions ()
 

Protected Attributes

 $current_obj = null
 
- Protected Attributes inherited from ilPermission2GUI
 $gui_obj = null
 
 $ilErr = null
 
 $ctrl = null
 
 $lng = null
 

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

@ilCtrl_Calls ilPermissionGUI: ilObjRoleGUI, ilRepositorySearchGUI, ilObjectPermissionStatusGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

◆ __construct()

ilPermissionGUI::__construct (   $a_gui_obj)

Constructor.

Parameters
object$a_gui_obj
Returns

Reimplemented from ilPermission2GUI.

Definition at line 31 of file class.ilPermissionGUI.php.

32 {
33 parent::__construct($a_gui_obj);
34 }

Member Function Documentation

◆ addRole()

ilPermissionGUI::addRole ( )
protected

adds a local role This method is only called when choose the option 'you may add local roles'.

This option is displayed in the permission settings dialogue for an object TODO: this will be changed @access public

Definition at line 714 of file class.ilPermissionGUI.php.

715 {
716 global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
717
718 $form = $this->initRoleForm();
719 if ($form->checkInput()) {
720 $new_title = $form->getInput("title");
721
722 include_once './Services/AccessControl/classes/class.ilObjRole.php';
723 $role = new ilObjRole();
724 $role->setTitle($new_title);
725 $role->setDescription($form->getInput('desc'));
726 $role->create();
727
728 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
729
730 // protect
731 $rbacadmin->setProtected(
732 $this->getCurrentObject()->getRefId(),
733 $role->getId(),
734 $form->getInput('pro') ? 'y' : 'n'
735 );
736
737 // copy rights
738 $right_id_to_copy = $form->getInput("rights");
739 if ($right_id_to_copy) {
740 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
741 $rbacadmin->copyRoleTemplatePermissions(
742 $right_id_to_copy,
743 $parentRoles[$right_id_to_copy]["parent"],
744 $this->getCurrentObject()->getRefId(),
745 $role->getId(),
746 false
747 );
748
749 if ($form->getInput('existing')) {
750 if ($form->getInput('pro')) {
751 $role->changeExistingObjects(
752 $this->getCurrentObject()->getRefId(),
753 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
754 array('all')
755 );
756 } else {
757 $role->changeExistingObjects(
758 $this->getCurrentObject()->getRefId(),
759 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
760 array('all')
761 );
762 }
763 }
764 }
765
766 // add to desktop items
767 if ($form->getInput("desktop")) {
768 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
769 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
770 $role_desk_item_obj->add(
771 $this->getCurrentObject()->getRefId(),
772 ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)
773 );
774 }
775
776 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
777 $this->ctrl->redirect($this, 'perm');
778 } else {
779 $form->setValuesByPost();
780 $this->tpl->setContent($form->getHTML());
781 }
782 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:95
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:622
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:4562
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63

References $form, $GLOBALS, $ilCtrl, ilPermission2GUI\$ilErr, ilObject\_lookupType(), getCurrentObject(), initRoleForm(), ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES, ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES, and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ applyFilter()

ilPermissionGUI::applyFilter ( )
protected

Apply filter.

Returns

Definition at line 182 of file class.ilPermissionGUI.php.

183 {
184 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
185 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
186 $table->resetOffset();
187 $table->writeFilterToSession();
188 return $this->perm($table);
189 }
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:117
$table
if(empty($password)) $table
Definition: pwgen.php:24

References $table, getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ applyRoleFilter()

ilPermissionGUI::applyRoleFilter (   $a_roles,
  $a_filter_id 
)

Apply filter to roles.

Parameters
int$a_filter_id
Returns

Definition at line 210 of file class.ilPermissionGUI.php.

211 {
212 global $rbacreview;
213
214 // Always delete administrator role from view
215 if (isset($a_roles[SYSTEM_ROLE_ID])) {
216 unset($a_roles[SYSTEM_ROLE_ID]);
217 }
218
219 switch ($a_filter_id) {
220 // all roles in context
221 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
222
223 return $a_roles;
224
225 // only global roles
226 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
227
228 $arr_global_roles = $rbacreview->getGlobalRoles();
229 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
230
231 foreach ($arr_remove_roles as $role_id) {
232 unset($a_roles[$role_id]);
233 }
234 return $a_roles;
235
236 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
237 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
238 $arr_global_roles = $rbacreview->getGlobalRoles();
239
240 foreach ($arr_global_roles as $role_id) {
241 unset($a_roles[$role_id]);
242 }
243
244 return $a_roles;
245 break;
246
247 // only roles which use a local policy
248 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
249
250 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
251 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
252
253 foreach ($arr_remove_roles as $role_id) {
254 unset($a_roles[$role_id]);
255 }
256
257 return $a_roles;
258
259 // only true local role defined at current position
260 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
261
262 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
263 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
264
265 foreach ($arr_remove_roles as $role_id) {
266 unset($a_roles[$role_id]);
267 }
268
269 return $a_roles;
270
271 default:
272 return $a_roles;
273 }
274 }

References $GLOBALS, getCurrentObject(), ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ blockRoles()

ilPermissionGUI::blockRoles (   $roles)
protected

Block role.

Returns
void

Definition at line 498 of file class.ilPermissionGUI.php.

499 {
500 global $rbacadmin,$rbacreview;
501
502 foreach ($roles as $role) {
503 // Set assign to 'y' only if it is a local role
504 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
505
506 // Delete permissions
507 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
508
509 // Delete template permissions
510 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
511
512
513 $rbacadmin->assignRoleToFolder(
514 $role,
515 $this->getCurrentObject()->getRefId(),
516 $assign
517 );
518
519 // finally set blocked status
520 $rbacadmin->setBlockedStatus(
521 $role,
522 $this->getCurrentObject()->getRefId(),
523 true
524 );
525 }
526 }

References getCurrentObject().

Referenced by modifyBlockRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ confirmTemplateSwitch()

ilPermissionGUI::confirmTemplateSwitch ( )
protected

Called after toolbar action applyTemplateSwitch.

Definition at line 103 of file class.ilPermissionGUI.php.

104 {
105 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
106 $this->ctrl->setReturn($this, 'perm');
107 $this->ctrl->setCmdClass('ildidactictemplategui');
108 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
109 $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
110 }
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14

◆ displayAddRoleForm()

ilPermissionGUI::displayAddRoleForm ( )
protected

Show add role form.

Definition at line 698 of file class.ilPermissionGUI.php.

699 {
700 $GLOBALS['ilTabs']->clearTargets();
701
702 $form = $this->initRoleForm();
703 $this->tpl->setContent($form->getHTML());
704 }

References $form, $GLOBALS, and initRoleForm().

+ Here is the call graph for this function:

◆ displayImportRoleForm()

ilPermissionGUI::displayImportRoleForm ( ilPropertyFormGUI  $form = null)
protected

Show import form.

Parameters
ilPropertyFormGUI$form

Definition at line 545 of file class.ilPermissionGUI.php.

546 {
547 $GLOBALS['ilTabs']->clearTargets();
548
549 if (!$form) {
550 $form = $this->initImportForm();
551 }
552 $GLOBALS['tpl']->setContent($form->getHTML());
553 }
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:600

References $form, $GLOBALS, and initImportForm().

Referenced by doImportRole().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doImportRole()

ilPermissionGUI::doImportRole ( )
protected

Perform import.

Definition at line 558 of file class.ilPermissionGUI.php.

559 {
560 global $rbacreview;
561
562 $form = $this->initImportForm();
563 if ($form->checkInput()) {
564 try {
565 include_once './Services/Export/classes/class.ilImport.php';
566
567 // For global roles set import id to parent of current ref_id (adm)
568 $imp = new ilImport($this->getCurrentObject()->getRefId());
569 $imp->getMapping()->addMapping(
570 'Services/AccessControl',
571 'rolf',
572 0,
573 $this->getCurrentObject()->getRefId()
574 );
575
576 $imp->importObject(
577 null,
578 $_FILES["importfile"]["tmp_name"],
579 $_FILES["importfile"]["name"],
580 'role'
581 );
582 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
583 $this->ctrl->redirect($this, 'perm');
584 return;
585 } catch (Exception $e) {
586 ilUtil::sendFailure($e->getMessage());
587 $form->setValuesByPost();
588 $this->displayImportRoleForm($form);
589 return;
590 }
591 }
592 $form->setValuesByPost();
593 ilUtil::sendFailure($this->lng->txt('err_check_input'));
594 $this->displayImportRoleForm($form);
595 }
ilImport
Import class.
Definition: class.ilImport.php:12
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:545
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4530

References $form, displayImportRoleForm(), getCurrentObject(), initImportForm(), ilUtil\sendFailure(), and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ executeCommand()

ilPermissionGUI::executeCommand ( )

Execute command.

Returns

Definition at line 40 of file class.ilPermissionGUI.php.

41 {
42 global $rbacsystem, $ilErr;
43
44 // access to all functions in this class are only allowed if edit_permission is granted
45 if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
46 $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
47 }
48
49 $next_class = $this->ctrl->getNextClass($this);
50
51 switch ($next_class) {
52 case "ilobjrolegui":
53 $this->ctrl->setReturn($this, 'perm');
54 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
55 $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
56 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"), $this->ctrl->getLinkTarget($this, "perm"));
57 $ret = $this->ctrl->forwardCommand($this->gui_obj);
58 break;
59
60 case 'ildidactictemplategui':
61 $this->ctrl->setReturn($this, 'perm');
62 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
63 $did = new ilDidacticTemplateGUI($this->gui_obj);
64 $this->ctrl->forwardCommand($did);
65 break;
66
67 case 'ilrepositorysearchgui':
68 // used for owner autocomplete
69 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
70 $rep_search = new ilRepositorySearchGUI();
71 $this->ctrl->forwardCommand($rep_search);
72 break;
73
74 case 'ilobjectpermissionstatusgui':
75 $this->__initSubTabs("perminfo");
76 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
77 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
78 $this->ctrl->forwardCommand($perm_stat);
79 break;
80
81 default:
82 $cmd = $this->ctrl->getCmd();
83 $this->$cmd();
84 break;
85 }
86
87 return true;
88 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:17
$ret
$ret
Definition: parser.php:6

References $_GET, ilPermission2GUI\$ilErr, $ret, and ilPermission2GUI\__initSubTabs().

+ Here is the call graph for this function:

◆ getCurrentObject()

ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns
ilObject

Definition at line 95 of file class.ilPermissionGUI.php.

96 {
97 return $this->gui_obj->object;
98 }

Referenced by addRole(), applyFilter(), applyRoleFilter(), blockRoles(), doImportRole(), getModifiedBlockedSettings(), isAdministrationObject(), isAdminRoleFolder(), isInAdministration(), perm(), permPositions(), resetFilter(), savePermissions(), savePositionsPermissions(), and unblockRoles().

+ Here is the caller graph for this function:

◆ getModifiedBlockedSettings()

ilPermissionGUI::getModifiedBlockedSettings ( )
protected
Parameters
type$a_blocked_info

Definition at line 788 of file class.ilPermissionGUI.php.

789 {
790 global $rbacreview;
791
792 $blocked_info['new_blocked'] = array();
793 $blocked_info['new_unblocked'] = array();
794 $blocked_info['num'] = 0;
795 foreach ((array) $_POST['visible_block'] as $role => $one) {
796 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
797 if (isset($_POST['block'][$role]) && !$blocked) {
798 $blocked_info['new_blocked'][] = $role;
799 $blocked_info['num']++;
800 }
801 if (!isset($_POST['block'][$role]) && $blocked) {
802 $blocked_info['new_unblocked'][] = $role;
803 $blocked_info['num']++;
804 }
805 }
806 return $blocked_info;
807 }
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11

References $_POST, and getCurrentObject().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasContainerCommands()

static ilPermissionGUI::hasContainerCommands (   $a_type)
static

Check if container commands are possible for the current object type.

Parameters
object$a_type
Returns

Definition at line 534 of file class.ilPermissionGUI.php.

535 {
536 global $objDefinition;
537
538 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
539 }
$a_type
$a_type
Definition: workflow.php:92

References $a_type.

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

+ Here is the caller graph for this function:

◆ initImportForm()

ilPermissionGUI::initImportForm ( )
protected

init import form

Definition at line 600 of file class.ilPermissionGUI.php.

601 {
602 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
603 $form = new ilPropertyFormGUI();
604 $form->setFormAction($this->ctrl->getFormAction($this));
605 $form->setTitle($this->lng->txt('rbac_import_role'));
606 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
607 $form->addCommandButton('perm', $this->lng->txt('cancel'));
608
609 $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
610 $zip->setSuffixes(array('zip'));
611 $form->addItem($zip);
612
613 return $form;
614 }
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48

References $form.

Referenced by displayImportRoleForm(), and doImportRole().

+ Here is the caller graph for this function:

◆ initRoleForm()

ilPermissionGUI::initRoleForm ( )
protected

Shoew add role @global type $rbacreview @global type $objDefinition.

Returns
ilPropertyFormGUI

Definition at line 622 of file class.ilPermissionGUI.php.

623 {
624 global $rbacreview,$objDefinition;
625
626 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
627 $form = new ilPropertyFormGUI();
628 $form->setFormAction($this->ctrl->getFormAction($this));
629 $form->setTitle($this->lng->txt('role_new'));
630 $form->addCommandButton('addrole', $this->lng->txt('role_new'));
631 $form->addCommandButton('perm', $this->lng->txt('cancel'));
632
633 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
634 $title->setValidationRegexp('/^(?!il_).*$/');
635 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
636 $title->setSize(40);
637 $title->setMaxLength(70);
638 $title->setRequired(true);
639 $form->addItem($title);
640
641 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
642 $desc->setCols(40);
643 $desc->setRows(3);
644 $form->addItem($desc);
645
646 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
647 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
648 $pro->setValue(1);
649 $form->addItem($pro);
650
651 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'), 'desktop');
652 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
653 $pd->setValue(1);
654 $form->addItem($pd);
655
656
657 if (!$this->isInAdministration()) {
658 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
659 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
660 $rights->addOption($option);
661
662 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
663 $ids = array();
664 foreach ($parent_role_ids as $id => $tmp) {
665 $ids[] = $id;
666 }
667
668 // Sort ids
669 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
670
671 $key = 0;
672 foreach ($sorted_ids as $id) {
673 $par = $parent_role_ids[$id];
674 if ($par["obj_id"] != SYSTEM_ROLE_ID) {
675 include_once './Services/AccessControl/classes/class.ilObjRole.php';
676 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
677 $option->setInfo($par["desc"]);
678 $rights->addOption($option);
679 }
680 $key++;
681 }
682 $form->addItem($rights);
683 }
684
685 // Local policy only for containers
686 if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
687 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
688 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
689 $form->addItem($check);
690 }
691
692 return $form;
693 }
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:484
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:172
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4438
$key
$key
Definition: croninfo.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

References $form, $id, $key, $title, ilObjRole\_getTranslation(), ilUtil\_sortIds(), and isInAdministration().

Referenced by addRole(), and displayAddRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAdministrationObject()

ilPermissionGUI::isAdministrationObject ( )
protected

Definition at line 163 of file class.ilPermissionGUI.php.

164 {
165 return $this->getCurrentObject()->getType() == 'adm';
166 }

References getCurrentObject().

+ Here is the call graph for this function:

◆ isAdminRoleFolder()

ilPermissionGUI::isAdminRoleFolder ( )
protected

Check of current location is administration (main) role folder.

Returns

Definition at line 158 of file class.ilPermissionGUI.php.

159 {
160 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
161 }

References getCurrentObject().

Referenced by perm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isInAdministration()

ilPermissionGUI::isInAdministration ( )
protected

Check if node is subobject of administration folder.

Returns
type

Definition at line 172 of file class.ilPermissionGUI.php.

173 {
174 return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
175 }

References $GLOBALS, and getCurrentObject().

Referenced by initRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ modifyBlockRoles()

ilPermissionGUI::modifyBlockRoles ( )
protected

Definition at line 456 of file class.ilPermissionGUI.php.

457 {
458 $this->blockRoles((array) $_POST['new_block']);
459 $this->unblockRoles((array) $_POST['new_unblock']);
460
461 ilUtil::sendInfo($this->lng->txt('settings_saved'));
462 $this->ctrl->redirect($this, 'perm');
463 }
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:498
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4514

References $_POST, blockRoles(), ilUtil\sendInfo(), and unblockRoles().

+ Here is the call graph for this function:

◆ perm()

ilPermissionGUI::perm ( ilTable2GUI  $table = null)

show permission table

Returns

Definition at line 117 of file class.ilPermissionGUI.php.

118 {
119 global $objDefinition, $ilToolbar;
120
121 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
122 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
123 if ($dtpl->appendToolbarSwitch(
124 $ilToolbar,
125 $this->getCurrentObject()->getType(),
126 $this->getCurrentObject()->getRefId()
127 )) {
128 $ilToolbar->addSeparator();
129 }
130
131 if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132 !$this->isAdministrationObject()
133 ) {
134 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
135
136 if (!$this->isAdminRoleFolder()) {
137 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
138 }
139 $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
140 }
141
142 $this->__initSubTabs("perm");
143
144 if (!$table instanceof ilTable2GUI) {
145 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
146 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
147 }
148 $table->parse();
149 $this->tpl->setContent($table->getHTML());
150 }
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:158
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16

References $table, ilPermission2GUI\__initSubTabs(), getCurrentObject(), and isAdminRoleFolder().

Referenced by applyFilter(), and resetFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ permPositions()

ilPermissionGUI::permPositions ( )
protected

Definition at line 814 of file class.ilPermissionGUI.php.

815 {
816 $perm = self::CMD_PERM_POSITIONS;
817 $this->__initSubTabs($perm);
818
819 $ref_id = $this->getCurrentObject()->getRefId();
820 $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
821 $table->collectData();
822 $this->tpl->setContent($table->getHTML());
823 }
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:9

References $table, ilPermission2GUI\__initSubTabs(), CMD_PERM_POSITIONS, and getCurrentObject().

+ Here is the call graph for this function:

◆ resetFilter()

ilPermissionGUI::resetFilter ( )
protected

Reset filter.

Returns

Definition at line 195 of file class.ilPermissionGUI.php.

196 {
197 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
198 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
199 $table->resetOffset();
200 $table->resetFilter();
201
202 return $this->perm($table);
203 }

References $table, getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ savePermissions()

ilPermissionGUI::savePermissions ( )
protected

Save permissions.

Returns

Definition at line 280 of file class.ilPermissionGUI.php.

281 {
282 global $rbacreview,$objDefinition,$rbacadmin;
283
284 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
285 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
286
287 $roles = $this->applyRoleFilter(
288 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
289 $table->getFilterItemByPostVar('role')->getValue()
290 );
291
292 // Log history
293 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
294 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
295
296
297 # all possible create permissions
298 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
299 $this->getCurrentObject()->getType(),
300 'create'
301 );
302
303 # createable (activated) create permissions
304 $create_types = $objDefinition->getCreatableSubObjects(
305 $this->getCurrentObject()->getType()
306 );
307 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
308
309 foreach ((array) $roles as $role => $role_data) {
310 if ($role_data['protected']) {
311 continue;
312 }
313
314 $new_ops = array_keys((array) $_POST['perm'][$role]);
315 $old_ops = $rbacreview->getRoleOperationsOnObject(
316 $role,
317 $this->getCurrentObject()->getRefId()
318 );
319
320 // Add operations which were enabled and are not activated.
321 foreach ($possible_ops_ids as $create_ops_id) {
322 if (in_array($create_ops_id, $createable_ops_ids)) {
323 continue;
324 }
325 if (in_array($create_ops_id, $old_ops)) {
326 $new_ops[] = $create_ops_id;
327 }
328 }
329
330 $rbacadmin->revokePermission(
331 $this->getCurrentObject()->getRefId(),
332 $role
333 );
334
335 $rbacadmin->grantPermission(
336 $role,
337 array_unique($new_ops),
338 $this->getCurrentObject()->getRefId()
339 );
340 }
341
342 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
343 foreach ($roles as $role) {
344 // No action for local roles
345 if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
346 continue;
347 }
348 // Nothing for protected roles
349 if ($role['protected']) {
350 continue;
351 }
352 // Stop local policy
353 if (
354 $role['parent'] == $this->getCurrentObject()->getRefId() and
355 !isset($_POST['inherit'][$role['obj_id']]) and
356 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
357 ) {
358 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
359 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
360 $role_obj->setParent($this->getCurrentObject()->getRefId());
361 $role_obj->delete();
362 continue;
363 }
364 // Add local policy
365 if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
366 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
367 $rbacadmin->copyRoleTemplatePermissions(
368 $role['obj_id'],
369 $role['parent'],
370 $this->getCurrentObject()->getRefId(),
371 $role['obj_id']
372 );
373 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
374 $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
375 }
376 }
377 }
378
379 // Protect permissions
380 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
381 foreach ($roles as $role) {
382 if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
383 if (isset($_POST['protect'][$role['obj_id']]) and
384 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
385 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
386 } elseif (!isset($_POST['protect'][$role['obj_id']]) and
387 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
388 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
389 }
390 }
391 }
392 }
393
394 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
395 $log = ilRbacLog::diffFaPa($log_old, $log_new);
396 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
397
398 $blocked_info = $this->getModifiedBlockedSettings();
399 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
400 if ($blocked_info['num'] > 0) {
401 return $this->showConfirmBlockRole($blocked_info);
402 }
403
404
405 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
406 $this->ctrl->redirect($this, 'perm');
407 #$this->perm();
408 }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:75
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:534
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:210
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:415
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1266
$log
$log
Definition: inc.setup_header.php:128

References $_POST, $log, $table, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getModifiedBlockedSettings(), hasContainerCommands(), ilRbacReview\lookupCreateOperationIds(), ilUtil\sendSuccess(), and showConfirmBlockRole().

+ Here is the call graph for this function:

◆ savePositionsPermissions()

ilPermissionGUI::savePositionsPermissions ( )
protected

Definition at line 826 of file class.ilPermissionGUI.php.

827 {
828 $this->__initSubTabs(self::CMD_PERM_POSITIONS);
829
830 $positions = ilOrgUnitPosition::getArray(null, 'id');
831 $ref_id = $this->getCurrentObject()->getRefId();
832
833 // handle local sets
834 foreach ($positions as $position_id) {
835 // handle sets
836 if (isset($_POST['local'][$position_id])) {
837 ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
838 } else {
839 ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
840 continue;
841 }
842 // Handle operations
843 $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
844 if (isset($_POST['position_perm'][$position_id])) {
845 $ops = $_POST['position_perm'][$position_id];
846 $new_ops = [];
847 foreach ($ops as $op_id => $op) {
848 $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
849 }
850 $ilOrgUnitPermission->setOperations($new_ops);
851 } elseif (!$ilOrgUnitPermission->isNewlyCreated()) {
852 $ilOrgUnitPermission->setOperations([]);
853 }
854 $ilOrgUnitPermission->save();
855 }
856 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
857 $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
858 }
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:914

References $_POST, ilPermission2GUI\__initSubTabs(), ilOrgUnitOperationQueries\findById(), ActiveRecord\getArray(), getCurrentObject(), and ilUtil\sendSuccess().

+ Here is the call graph for this function:

◆ showConfirmBlockRole()

ilPermissionGUI::showConfirmBlockRole (   $a_blocked_info)
protected

Show block role confirmation screen.

Parameters
array$a_roles
Returns

Definition at line 415 of file class.ilPermissionGUI.php.

416 {
417 $info = '';
418 if ($a_blocked_info['new_blocked']) {
419 $info .= $this->lng->txt('role_confirm_block_role_info');
420 if ($a_blocked_info['new_unblocked']) {
421 $info .= '<br /><br />';
422 }
423 }
424 if ($a_blocked_info['new_unblocked']) {
425 $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
426 }
427
428 ilUtil::sendInfo($info);
429
430 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
431 $confirm = new ilConfirmationGUI();
432 $confirm->setFormAction($this->ctrl->getFormAction($this));
433 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
434 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
435 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
436
437 foreach ($a_blocked_info['new_blocked'] as $role_id) {
438 include_once './Services/AccessControl/classes/class.ilObjRole.php';
439 $confirm->addItem(
440 'new_block[]',
441 $role_id,
442 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
443 );
444 }
445 foreach ($a_blocked_info['new_unblocked'] as $role_id) {
446 include_once './Services/AccessControl/classes/class.ilObjRole.php';
447 $confirm->addItem(
448 'new_unblock[]',
449 $role_id,
450 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
451 );
452 }
453 $this->tpl->setContent($confirm->getHTML());
454 }
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
$info
$info
Definition: index.php:5

References $info, ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ unblockRoles()

ilPermissionGUI::unblockRoles (   $roles)
protected

Definition at line 468 of file class.ilPermissionGUI.php.

469 {
470 global $rbacadmin;
471
472 foreach ($roles as $role) {
473 // delete local policy
474 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
475 $role_obj = ilObjectFactory::getInstanceByObjId($role);
476 $role_obj->setParent($this->getCurrentObject()->getRefId());
477 $role_obj->delete();
478
479 $role_obj->changeExistingObjects(
480 $this->getCurrentObject()->getRefId(),
481 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
482 array('all')
483 );
484
485 // finally set blocked status
486 $rbacadmin->setBlockedStatus(
487 $role,
488 $this->getCurrentObject()->getRefId(),
489 false
490 );
491 }
492 }

References getCurrentObject(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), and ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES.

Referenced by modifyBlockRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $current_obj

ilPermissionGUI::$current_obj = null
protected

Definition at line 24 of file class.ilPermissionGUI.php.

◆ CMD_PERM_POSITIONS

const ilPermissionGUI::CMD_PERM_POSITIONS = 'permPositions'

Definition at line 21 of file class.ilPermissionGUI.php.

Referenced by ilPermission2GUI\__initSubTabs(), and permPositions().

◆ CMD_SAVE_POSITIONS_PERMISSIONS

const ilPermissionGUI::CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions'

Definition at line 22 of file class.ilPermissionGUI.php.

Referenced by ilOrgUnitPermissionTableGUI\__construct().

The documentation for this class was generated from the following file: