ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilObjectRolePermissionTableGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once('./Services/Table/classes/class.ilTable2GUI.php');
5include_once './Services/AccessControl/classes/class.ilPermissionGUI.php';
6require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7
18{
19 const ROLE_FILTER_ALL = 1;
24
25 private $ref_id = null;
26 private $roles = array();
27
28 private $tree_path_ids = array();
29
30 private $activeOperations = array();
31 private $visible_roles = array();
32
37 public function __construct($a_parent_obj, $a_parent_cmd, $a_ref_id)
38 {
39 global $ilCtrl,$rbacreview,$tpl,$tree;
40
41 parent::__construct($a_parent_obj, $a_parent_cmd);
42
43 $this->lng->loadLanguageModule('rbac');
44
45 $this->ref_id = $a_ref_id;
46 $this->tree_path_ids = $tree->getPathId($this->ref_id);
47
48 $this->setId('objroleperm_' . $this->ref_id);
49
50 $tpl->addJavaScript('./Services/AccessControl/js/ilPermSelect.js');
51
52 $this->setTitle($this->lng->txt('permission_settings'));
53 $this->setEnableHeader(true);
54 $this->disable('sort');
55 $this->setFormAction($ilCtrl->getFormAction($a_parent_obj, $a_parent_cmd));
56 $this->disable('numinfo');
57 $this->setRowTemplate("tpl.obj_role_perm_row.html", "Services/AccessControl");
58 $this->setLimit(100);
59 $this->setShowRowsSelector(false);
60 $this->setDisableFilterHiding(true);
61 $this->setNoEntriesText($this->lng->txt('msg_no_roles_of_type'));
62
63 $this->addCommandButton('savePermissions', $this->lng->txt('save'));
64
65 $this->initFilter();
66 }
67
68
73 public function getPathIds()
74 {
75 return (array) $this->tree_path_ids;
76 }
77
82 public function getRefId()
83 {
84 return $this->ref_id;
85 }
86
91 public function getObjId()
92 {
93 return ilObject::_lookupObjId($this->getRefId());
94 }
95
100 public function getObjType()
101 {
102 return ilObject::_lookupType($this->getObjId());
103 }
104
110 public function addActiveOperation($a_ops_id)
111 {
112 $this->activeOperations[] = $a_ops_id;
113 }
114
119 public function getActiveOperations()
120 {
121 return (array) $this->activeOperations;
122 }
123
129 public function setVisibleRoles($a_ar)
130 {
131 $this->visible_roles = $a_ar;
132 }
133
138 public function getVisibleRoles()
139 {
141 }
142
147 public function initFilter()
148 {
149 global $tree;
150
152 'role',
154 );
155
156 // Limit filter to local roles only for objects with group or course in path
157 if (!$roles->getValue()) {
158 if ($tree->checkForParentType($this->getRefId(), 'crs') or
159 $tree->checkForParentType($this->getRefId(), 'grp')) {
160 $roles->setValue(self::ROLE_FILTER_LOCAL);
161 } else {
162 $roles->setValue(self::ROLE_FILTER_ALL);
163 }
164 }
165
166
167 $roles->setOptions(
168 array(
169 self::ROLE_FILTER_ALL => $this->lng->txt('filter_all_roles'),
170 self::ROLE_FILTER_GLOBAL => $this->lng->txt('filter_global_roles'),
171 self::ROLE_FILTER_LOCAL => $this->lng->txt('filter_local_roles'),
172 self::ROLE_FILTER_LOCAL_POLICY => $this->lng->txt('filter_roles_local_policy'),
173 self::ROLE_FILTER_LOCAL_OBJECT => $this->lng->txt('filter_local_roles_object')
174 )
175 );
176 }
177
183 public function fillRow($row)
184 {
185 global $objDefinition;
186
187
188 // local policy
189 if (isset($row['show_local_policy_row'])) {
190 foreach ($row['roles'] as $role_id => $role_info) {
191 $this->tpl->setCurrentBlock('role_option');
192 $this->tpl->setVariable('INHERIT_ROLE_ID', $role_id);
193 $this->tpl->setVariable('INHERIT_CHECKED', $role_info['local_policy'] ? 'checked=checked' : '');
194 $this->tpl->setVariable('INHERIT_DISABLED', ($role_info['protected'] or $role_info['isLocal'] or $role_info['blocked']) ? 'disabled="disabled"' : '');
195 $this->tpl->setVariable('TXT_INHERIT', $this->lng->txt('rbac_local_policy'));
196 $this->tpl->setVariable('INHERIT_LONG', $this->lng->txt('perm_use_local_policy_desc'));
197 $this->tpl->parseCurrentBlock();
198 }
199 return true;
200 }
201 // protected
202 if (isset($row['show_protected_row'])) {
203 foreach ($row['roles'] as $role_id => $role_info) {
204 $this->tpl->setCurrentBlock('role_protect');
205 $this->tpl->setVariable('PROTECT_ROLE_ID', $role_id);
206 $this->tpl->setVariable('PROTECT_CHECKED', $role_info['protected_status'] ? 'checked=checked' : '');
207 $this->tpl->setVariable('PROTECT_DISABLED', $role_info['protected_allowed'] ? '' : 'disabled="disabled"');
208 $this->tpl->setVariable('TXT_PROTECT', $this->lng->txt('role_protect_permissions'));
209 $this->tpl->setVariable('PROTECT_LONG', $this->lng->txt('role_protect_permissions_desc'));
210 $this->tpl->parseCurrentBlock();
211 }
212 return true;
213 }
214
215 // block role
216 if (isset($row['show_block_row'])) {
217 foreach ($this->getVisibleRoles() as $counter => $role_info) {
218 $this->tpl->setCurrentBlock('role_block');
219 $this->tpl->setVariable('BLOCK_ROLE_ID', $role_info['obj_id']);
220 $this->tpl->setVariable('TXT_BLOCK', $this->lng->txt('role_block_role'));
221 $this->tpl->setVariable('BLOCK_LONG', $this->lng->txt('role_block_role_desc'));
222 if ($role_info['blocked']) {
223 $this->tpl->setVariable('BLOCK_CHECKED', 'checked="checked"');
224 }
225 if (
226 ($role_info['protected'] == 'y') ||
227 ($role_info['assign'] == 'y' and ($role_info['parent'] == $this->getRefId()))
228 ) {
229 $this->tpl->setVariable('BLOCK_DISABLED', 'disabled="disabled');
230 }
231
232 $this->tpl->parseCurrentBlock();
233 }
234 return true;
235 }
236
237 // Select all
238 if (isset($row['show_select_all'])) {
239 foreach ($this->getVisibleRoles() as $role) {
240 $this->tpl->setCurrentBlock('role_select_all');
241 $this->tpl->setVariable('JS_ROLE_ID', $role['obj_id']);
242 $this->tpl->setVariable('JS_SUBID', $row['subtype']);
243 $this->tpl->setVariable('JS_ALL_PERMS', "['" . implode("','", $row['ops']) . "']");
244 $this->tpl->setVariable('JS_FORM_NAME', $this->getFormName());
245 $this->tpl->setVariable('TXT_SEL_ALL', $this->lng->txt('select_all'));
246 $this->tpl->parseCurrentBlock();
247 }
248 return true;
249 }
250
251 // Object permissions
252 if (isset($row['show_start_info'])) {
253 $this->tpl->setCurrentBlock('section_info');
254 $this->tpl->setVariable('SECTION_TITLE', $this->lng->txt('perm_class_object'));
255 $this->tpl->setVariable('SECTION_DESC', $this->lng->txt('perm_class_object_desc'));
256 $this->tpl->parseCurrentBlock();
257
258 return true;
259 }
260
261 if (isset($row['show_create_info'])) {
262 $this->tpl->setCurrentBlock('section_info');
263 $this->tpl->setVariable('SECTION_TITLE', $this->lng->txt('perm_class_create'));
264 $this->tpl->setVariable('SECTION_DESC', $this->lng->txt('perm_class_create_desc'));
265 $this->tpl->parseCurrentBlock();
266
267 return true;
268 }
269
270 foreach ((array) $row['roles'] as $role_id => $role_info) {
271 $perm = "";
272 $this->tpl->setCurrentBlock('role_td');
273 $this->tpl->setVariable('PERM_ROLE_ID', $role_id);
274 $this->tpl->setVariable('PERM_PERM_ID', $row['perm']['ops_id']);
275
276
277 if (substr($row['perm']['operation'], 0, 6) == 'create') {
278 if ($objDefinition->isPlugin(substr($row['perm']['operation'], 7))) {
280 substr($row['perm']['operation'], 7),
281 "obj_" . substr($row['perm']['operation'], 7)
282 );
283 } else {
284 $perm = $this->lng->txt('obj_' . substr($row['perm']['operation'], 7));
285 }
286 } else {
287 if ($objDefinition->isPlugin($this->getObjType())) {
288 if (ilPlugin::langExitsById($this->getObjType(), $row['perm']['operation'])) {
289 $perm = ilObjectPlugin::lookupTxtById($this->getObjType(), $row['perm']['operation']);
290 }
291 }
292
293 if (!$perm) {
294 if ($this->lng->exists($this->getObjType() . '_' . $row['perm']['operation'] . '_short')) {
295 $perm = $this->lng->txt($this->getObjType() . '_' . $row['perm']['operation'] . '_short');
296 } else {
297 $perm = $this->lng->txt($row['perm']['operation']);
298 }
299 }
300 }
301
302 $this->tpl->setVariable('TXT_PERM', $perm);
303
304 if ($objDefinition->isPlugin($this->getObjType())) {
305 $this->tpl->setVariable('PERM_LONG', ilObjectPlugin::lookupTxtById(
306 $this->getObjType(),
307 $this->getObjType() . "_" . $row['perm']['operation']
308 ));
309 } elseif (substr($row['perm']['operation'], 0, 6) == 'create') {
310 $this->tpl->setVariable('PERM_LONG', $this->lng->txt('rbac_' . $row['perm']['operation']));
311 } else {
312 $this->tpl->setVariable('PERM_LONG', $this->lng->txt($this->getObjType() . '_' . $row['perm']['operation']));
313 }
314
315 if ($role_info['protected'] || $role_info['blocked']) {
316 $this->tpl->setVariable('PERM_DISABLED', 'disabled="disabled"');
317 }
318 if ($role_info['permission_set']) {
319 $this->tpl->setVariable('PERM_CHECKED', 'checked="checked"');
320 }
321
322 $this->tpl->parseCurrentBlock();
323 }
324 }
325
326
331 public function parse()
332 {
333 global $rbacreview,$objDefinition;
334
335 $this->initColumns();
336
337 $perms = array();
338 $roles = array();
339
340 if (!count($this->getVisibleRoles())) {
341 return $this->setData(array());
342 }
343
344 // Read operations of role
345 $operations = array();
346 foreach ($this->getVisibleRoles() as $role_data) {
347 $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
348 }
349
350 $counter = 0;
351
352 // Local policy
354 $roles = array();
355 $local_roles = $rbacreview->getRolesOfObject($this->getRefId());
356 foreach ($this->getVisibleRoles() as $role_id => $role_data) {
357 $roles[$role_data['obj_id']] = array(
358 'blocked' => $role_data['blocked'],
359 'protected' => $role_data['protected'],
360 'local_policy' => in_array($role_data['obj_id'], $local_roles),
361 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
362 );
363 }
364 $perms[$counter]['roles'] = $roles;
365 $perms[$counter]['show_local_policy_row'] = 1;
366
367 $counter++;
368 }
369
370 // Protect permissions
372 $roles = array();
373 foreach ($this->getVisibleRoles() as $role_id => $role_data) {
374 $roles[$role_data['obj_id']] = array(
375 'blocked' => $role_data['blocked'],
376 'protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'], $this->getRefId()),
377 'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id']),
378 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
379 );
380 }
381 $perms[$counter]['roles'] = $roles;
382 $perms[$counter]['show_protected_row'] = 1;
383
384 $counter++;
385 }
386 // Block role
388 $perms[$counter++]['show_block_row'] = 1;
389 }
390
391
393 $perms[$counter++]['show_start_info'] = true;
394 }
395
396 // no creation permissions
397 $no_creation_operations = array();
398 foreach ($rbacreview->getOperationsByTypeAndClass($this->getObjType(), 'object') as $operation) {
399 $this->addActiveOperation($operation);
400 $no_creation_operations[] = $operation;
401
402 $roles = array();
403 foreach ($this->getVisibleRoles() as $role_data) {
404 $roles[$role_data['obj_id']] =
405 array(
406 'blocked' => $role_data['blocked'],
407 'protected' => $role_data['protected'],
408 'permission_set' => in_array($operation, (array) $operations[$role_data['obj_id']]),
409 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
410 );
411 }
412
413 $op = $rbacreview->getOperation($operation);
414
415 $perms[$counter]['roles'] = $roles;
416 $perms[$counter]['perm'] = $op;
417 $counter++;
418 }
419
420 /*
421 * Select all
422 */
423 if ($no_creation_operations) {
424 $perms[$counter]['show_select_all'] = 1;
425 $perms[$counter]['ops'] = $no_creation_operations;
426 $perms[$counter]['subtype'] = 'nocreation';
427 $counter++;
428 }
429
430
431 if ($objDefinition->isContainer($this->getObjType())) {
432 $perms[$counter++]['show_create_info'] = true;
433 }
434
435 // Get creatable objects
436 $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
437 $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
438 $creation_operations = array();
439 foreach ($objects as $type => $info) {
440 $ops_id = $ops_ids[$type];
441
442 if (!$ops_id) {
443 continue;
444 }
445
446 $this->addActiveOperation($ops_id);
447 $creation_operations[] = $ops_id;
448
449 $roles = array();
450 foreach ($this->getVisibleRoles() as $role_data) {
451 $roles[$role_data['obj_id']] =
452 array(
453 'blocked' => $role_data['blocked'],
454 'protected' => $role_data['protected'],
455 'permission_set' => in_array($ops_id, (array) $operations[$role_data['obj_id']]),
456 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
457
458 );
459 }
460
461 $op = $rbacreview->getOperation($ops_id);
462
463 $perms[$counter]['roles'] = $roles;
464 $perms[$counter]['perm'] = $op;
465 $counter++;
466 }
467
468
469
470 // Select all
471 if (count($creation_operations)) {
472 $perms[$counter]['show_select_all'] = 1;
473 $perms[$counter]['ops'] = $creation_operations;
474 $perms[$counter]['subtype'] = 'creation';
475 $counter++;
476 }
477
478 $this->setData($perms);
479 }
480
485 protected function initColumns()
486 {
487 global $rbacreview,$ilCtrl;
488
489 $roles = $rbacreview->getParentRoleIds($this->getRefId());
490 $roles = $this->getParentObject()->applyRoleFilter(
491 $roles,
492 $this->getFilterItemByPostVar('role')->getValue()
493 );
494
495 $possible_roles = array();
496 foreach ($roles as $role) {
497 if ($rbacreview->isBlockedInUpperContext($role['obj_id'], $this->getRefId())) {
498 ilLoggerFactory::getLogger('ac')->debug('Ignoring blocked role: ' . $role['obj_id']);
499 continue;
500 }
501 $possible_roles[] = $role;
502 }
503
504
505 if (count($possible_roles)) {
506 $column_width = 100/count($possible_roles);
507 $column_width .= '%';
508 } else {
509 $column_widht = "0%";
510 }
511
512 $all_roles = array();
513 foreach ($possible_roles as $role) {
514 if ($role['obj_id'] == SYSTEM_ROLE_ID) {
515 continue;
516 }
517
518 $role['blocked'] = (bool) $rbacreview->isBlockedAtPosition($role['obj_id'], $this->getRefId());
519 $role['role_type'] = $rbacreview->isGlobalRole($role['obj_id']) ? 'global' : 'local';
520
521 // TODO check filter
522 $this->addColumn(
523 $this->createTitle($role),
524 $role['obj_id'],
525 '',
526 '',
527 false,
528 $this->createTooltip($role)
529 );
530 $all_roles[] = $role;
531 }
532
533 $this->setVisibleRoles($all_roles);
534 return true;
535 }
536
542 protected function createTooltip($role)
543 {
544 global $rbacreview,$tree, $objDefinition;
545
546 #vd($role);
547 $protected_status = $rbacreview->isProtected($role['parent'], $role['obj_id']) ? 'protected_' : '';
548 if ($role['role_type'] == 'global') {
549 $tp = $this->lng->txt('perm_' . $protected_status . 'global_role');
550 } else {
551 $tp = $this->lng->txt('perm_' . $protected_status . 'local_role');
552 }
553
554 $inheritance_seperator = ': ';
555
556 // Show create at info
557 if (
558 ($role['assign'] == 'y' and $role['role_type'] != 'global') or
559 ($role['assign'] == 'n' and $role['role_type'] != 'global')
560 ) {
561 $tp .= ': ';
562
563 $obj = $rbacreview->getObjectOfRole($role['obj_id']);
564 if ($obj) {
565 $type = ilObject::_lookupType($this->getRefId(), true);
566 if ($objDefinition->isPlugin($type)) {
567 $type_text = ilObjectPlugin::lookupTxtById($type, 'obj_' . $type);
568 } else {
569 $type_text = $this->lng->txt('obj_' . ilObject::_lookupType($obj));
570 }
571
572 $tp .= sprintf(
573 $this->lng->txt('perm_role_path_info_created'),
574 $type_text,
576 );
577 $inheritance_seperator = ', ';
578 }
579 }
580
581 $path_hierarchy = $rbacreview->getObjectsWithStopedInheritance(
582 $role['obj_id'],
583 $tree->getPathId($this->getRefId())
584 );
585
586 $reduced_path_hierarchy = (array) array_diff(
587 $path_hierarchy,
588 array(
589 $this->getRefId(),
590 $rbacreview->getObjectReferenceOfRole($role['obj_id'])
591 )
592 );
593
594
595 // Inheritance
596 if ($role['assign'] == 'n' and count($reduced_path_hierarchy)) {
597 $tp .= $inheritance_seperator;
598
599 $parent = end($reduced_path_hierarchy);
602 $tp .= sprintf($this->lng->txt('perm_role_path_info_inheritance'), $this->lng->txt('obj_' . $p_type), $p_title);
603 }
604
605 return $tp;
606 }
607
613 protected function createTitle($role)
614 {
615 global $ilCtrl, $objDefinition;
616
617 include_once './Services/AccessControl/classes/class.ilObjRole.php';
618 $role_title = ilObjRole::_getTranslation($role['title']);
619
620 // No local policies
621 if ($role['parent'] != $this->getRefId()) {
622 return $role_title;
623 }
624
625 $type = ilObject::_lookupType($this->getRefId(), true);
626 if ($objDefinition->isPlugin($type)) {
627 if (preg_match("/^il_./", $role["title"])) {
628 $role_title = ilObjectPlugin::lookupTxtById($type, ilObjRole::_removeObjectId($role["title"]));
629 }
630 }
631
632 if ($role['blocked']) {
633 return $role_title;
634 }
635 $ilCtrl->setParameterByClass('ilobjrolegui', 'obj_id', $role['obj_id']);
636
637 return '<a class="tblheader" href="' . $ilCtrl->getLinkTargetByClass('ilobjrolegui', '') . '" >' . $role_title . '</a>';
638 }
639}
sprintf('%.4f', $callTime)
An exception for terminatinating execution or to throw for unit testing.
static getLogger($a_component_id)
Get component logger.
static _getTranslation($a_role_title)
static _removeObjectId($a_role_title)
static lookupTxtById($plugin_id, $lang_var)
__construct($a_parent_obj, $a_parent_cmd, $a_ref_id)
Constructor.
addActiveOperation($a_ops_id)
Add active operation.
createTooltip($role)
Create a linked title for roles with local policy.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
static langExitsById($pluginId, $langVar)
Is searched lang var available in plugin lang files.
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Class ilTable2GUI.
getFormName()
Get Form name.
setEnableHeader($a_enableheader)
Set Enable Header.
setDisableFilterHiding($a_val=true)
Set disable filter hiding.
setShowRowsSelector($a_value)
Toggle rows-per-page selector.
getParentObject()
Get parent object.
setTitle($a_title, $a_icon=0, $a_icon_alt=0)
Set title and title icon.
setNoEntriesText($a_text)
Set text for an empty table.
setData($a_data)
set table data @access public
setRowTemplate($a_template, $a_template_dir="")
Set row template.
setLimit($a_limit=0, $a_default_limit=0)
set max.
getFilterItemByPostVar($a_post_var)
addColumn( $a_text, $a_sort_field="", $a_width="", $a_is_checkbox_action_column=false, $a_class="", $a_tooltip="", $a_tooltip_with_html=false)
Add a column to the header.
addFilterItemByMetaType($id, $type=self::FILTER_TEXT, $a_optional=false, $caption=null)
Add filter by standard type.
setId($a_val)
Set id.
setFormAction($a_form_action, $a_multipart=false)
Set Form action parameter.
addCommandButton($a_cmd, $a_text, $a_onclick='', $a_id="", $a_class=null)
Add Command button.
disable($a_module_name)
diesables particular modules of table
$counter
global $ilCtrl
Definition: ilias.php:18
$info
Definition: index.php:5
$type