4include_once 
'./Services/AccessControl/classes/class.ilPermission2GUI.php';
 
   33        parent::__construct($a_gui_obj);
 
   42        global $rbacsystem, 
$ilErr;
 
   45        if (!$rbacsystem->checkAccess(
"edit_permission", $this->gui_obj->object->getRefId())) {
 
   46            $ilErr->raiseError($this->lng->txt(
"permission_denied"), 
$ilErr->MESSAGE);
 
   49        $next_class = $this->ctrl->getNextClass($this);
 
   51        switch ($next_class) {
 
   53                $this->ctrl->setReturn($this, 
'perm');
 
   54                include_once(
"Services/AccessControl/classes/class.ilObjRoleGUI.php");
 
   56                $this->gui_obj->setBackTarget($this->lng->txt(
"perm_settings"), $this->ctrl->getLinkTarget($this, 
"perm"));
 
   57                $ret = $this->ctrl->forwardCommand($this->gui_obj);
 
   60            case 'ildidactictemplategui':
 
   61                $this->ctrl->setReturn($this, 
'perm');
 
   62                include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
   64                $this->ctrl->forwardCommand($did);
 
   67            case 'ilrepositorysearchgui':
 
   69                include_once(
'./Services/Search/classes/class.ilRepositorySearchGUI.php');
 
   71                $this->ctrl->forwardCommand($rep_search);
 
   74            case 'ilobjectpermissionstatusgui':
 
   76                include_once(
'./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
 
   78                $this->ctrl->forwardCommand($perm_stat);
 
   82                $cmd = $this->ctrl->getCmd();
 
   97        return $this->gui_obj->object;
 
  105        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
  106        $this->ctrl->setReturn($this, 
'perm');
 
  107        $this->ctrl->setCmdClass(
'ildidactictemplategui');
 
  109        $this->ctrl->forwardCommand($dtpl_gui, 
'confirmTemplateSwitch');
 
  119        global $objDefinition, $ilToolbar;
 
  121        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
  123        if ($dtpl->appendToolbarSwitch(
 
  125            $this->getCurrentObject()->getType(),
 
  126            $this->getCurrentObject()->getRefId()
 
  128            $ilToolbar->addSeparator();
 
  131        if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
 
  132            !$this->isAdministrationObject()
 
  134            $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
 
  137                $ilToolbar->addButton($this->lng->txt(
'rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 
'displayAddRoleForm'));
 
  139            $ilToolbar->addButton($this->lng->txt(
'rbac_import_role'), $this->ctrl->getLinkTarget($this, 
'displayImportRoleForm'));
 
  145            include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  149        $this->tpl->setContent(
$table->getHTML());
 
  184        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  187        $table->writeFilterToSession();
 
  197        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  215        if (isset($a_roles[SYSTEM_ROLE_ID])) {
 
  216            unset($a_roles[SYSTEM_ROLE_ID]);
 
  219        switch ($a_filter_id) {
 
  228                $arr_global_roles = $rbacreview->getGlobalRoles();
 
  229                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
 
  231                foreach ($arr_remove_roles as $role_id) {
 
  232                    unset($a_roles[$role_id]);
 
  238                $arr_global_roles = $rbacreview->getGlobalRoles();
 
  240                foreach ($arr_global_roles as $role_id) {
 
  241                    unset($a_roles[$role_id]);
 
  251                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
 
  253                foreach ($arr_remove_roles as $role_id) {
 
  254                    unset($a_roles[$role_id]);
 
  263                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
 
  265                foreach ($arr_remove_roles as $role_id) {
 
  266                    unset($a_roles[$role_id]);
 
  282        global $rbacreview,$objDefinition,$rbacadmin;
 
  284        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  288            $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
 
  289            $table->getFilterItemByPostVar(
'role')->getValue()
 
  293        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  297        # all possible create permissions 
  298        $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
 
  303        # createable (activated) create permissions 
  304        $create_types = $objDefinition->getCreatableSubObjects(
 
  309        foreach ((array) $roles as $role => $role_data) {
 
  310            if ($role_data[
'protected']) {
 
  314            $new_ops = array_keys((array) 
$_POST[
'perm'][$role]);
 
  315            $old_ops = $rbacreview->getRoleOperationsOnObject(
 
  321            foreach ($possible_ops_ids as $create_ops_id) {
 
  322                if (in_array($create_ops_id, $createable_ops_ids)) {
 
  325                if (in_array($create_ops_id, $old_ops)) {
 
  326                    $new_ops[] = $create_ops_id;
 
  330            $rbacadmin->revokePermission(
 
  335            $rbacadmin->grantPermission(
 
  337                array_unique($new_ops),
 
  343            foreach ($roles as $role) {
 
  345                if ($role[
'parent'] == $this->
getCurrentObject()->getRefId() and $role[
'assign'] == 
'y') {
 
  349                if ($role[
'protected']) {
 
  355                    !isset(
$_POST[
'inherit'][$role[
'obj_id']]) and
 
  356                    !$rbacreview->isBlockedAtPosition($role[
'obj_id'], $this->getCurrentObject()->getRefId())
 
  365                if ($role[
'parent'] != $this->
getCurrentObject()->getRefId() and isset(
$_POST[
'inherit'][$role[
'obj_id']])) {
 
  367                    $rbacadmin->copyRoleTemplatePermissions(
 
  374                    $rbacadmin->assignRoleToFolder($role[
'obj_id'], $this->
getCurrentObject()->getRefId(), 
'n');
 
  381            foreach ($roles as $role) {
 
  382                if ($rbacreview->isAssignable($role[
'obj_id'], $this->getCurrentObject()->getRefId())) {
 
  383                    if (isset(
$_POST[
'protect'][$role[
'obj_id']]) and
 
  384                        !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role[
'obj_id'])) {
 
  385                        $rbacadmin->setProtected($this->
getCurrentObject()->getRefId(), $role[
'obj_id'], 
'y');
 
  386                    } elseif (!isset(
$_POST[
'protect'][$role[
'obj_id']]) and
 
  387                        $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role[
'obj_id'])) {
 
  388                        $rbacadmin->setProtected($this->
getCurrentObject()->getRefId(), $role[
'obj_id'], 
'n');
 
  400        if ($blocked_info[
'num'] > 0) {
 
  406        $this->ctrl->redirect($this, 
'perm');
 
  418        if ($a_blocked_info[
'new_blocked']) {
 
  419            $info .= $this->lng->txt(
'role_confirm_block_role_info');
 
  420            if ($a_blocked_info[
'new_unblocked']) {
 
  421                $info .= 
'<br /><br />';
 
  424        if ($a_blocked_info[
'new_unblocked']) {
 
  425            $info .= (
'<br />' . $this->lng->txt(
'role_confirm_unblock_role_info'));
 
  430        include_once 
'./Services/Utilities/classes/class.ilConfirmationGUI.php';
 
  432        $confirm->setFormAction($this->ctrl->getFormAction($this));
 
  433        $confirm->setHeaderText($this->lng->txt(
'role_confirm_block_role_header'));
 
  434        $confirm->setConfirm($this->lng->txt(
'role_confirm_block_role'), 
'modifyBlockRoles');
 
  435        $confirm->setCancel($this->lng->txt(
'cancel'), 
'perm');
 
  437        foreach ($a_blocked_info[
'new_blocked'] as $role_id) {
 
  438            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  445        foreach ($a_blocked_info[
'new_unblocked'] as $role_id) {
 
  446            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  453        $this->tpl->setContent($confirm->getHTML());
 
  462        $this->ctrl->redirect($this, 
'perm');
 
  472        foreach ($roles as $role) {
 
  479            $role_obj->changeExistingObjects(
 
  486            $rbacadmin->setBlockedStatus(
 
  500        global $rbacadmin,$rbacreview;
 
  502        foreach ($roles as $role) {
 
  504            $assign = $rbacreview->isAssignable($role, $this->
getCurrentObject()->getRefId()) ? 
'y' : 
'n';
 
  507            $rbacadmin->revokeSubtreePermissions($this->
getCurrentObject()->getRefId(), $role);
 
  510            $rbacadmin->deleteSubtreeTemplates($this->
getCurrentObject()->getRefId(), $role);
 
  513            $rbacadmin->assignRoleToFolder(
 
  520            $rbacadmin->setBlockedStatus(
 
  536        global $objDefinition;
 
  563        if (
$form->checkInput()) {
 
  565                include_once 
'./Services/Export/classes/class.ilImport.php';
 
  569                $imp->getMapping()->addMapping(
 
  570                    'Services/AccessControl',
 
  578                    $_FILES[
"importfile"][
"tmp_name"],
 
  579                    $_FILES[
"importfile"][
"name"],
 
  583                $this->ctrl->redirect($this, 
'perm');
 
  585            } 
catch (Exception $e) {
 
  587                $form->setValuesByPost();
 
  592        $form->setValuesByPost();
 
  602        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  604        $form->setFormAction($this->ctrl->getFormAction($this));
 
  605        $form->setTitle($this->lng->txt(
'rbac_import_role'));
 
  606        $form->addCommandButton(
'doImportRole', $this->lng->txt(
'import'));
 
  607        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
  609        $zip = 
new ilFileInputGUI($this->lng->txt(
'import_file'), 
'importfile');
 
  610        $zip->setSuffixes(array(
'zip'));
 
  611        $form->addItem($zip);
 
  624        global $rbacreview,$objDefinition;
 
  626        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  628        $form->setFormAction($this->ctrl->getFormAction($this));
 
  629        $form->setTitle($this->lng->txt(
'role_new'));
 
  630        $form->addCommandButton(
'addrole', $this->lng->txt(
'role_new'));
 
  631        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
  634        $title->setValidationRegexp(
'/^(?!il_).*$/');
 
  635        $title->setValidationFailureMessage($this->lng->txt(
'msg_role_reserved_prefix'));
 
  638        $title->setRequired(
true);
 
  644        $form->addItem($desc);
 
  647        $pro->setInfo($this->lng->txt(
'role_protect_permissions_desc'));
 
  649        $form->addItem($pro);
 
  652        $pd->setInfo($this->lng->txt(
'rbac_role_add_to_desktop_info'));
 
  659            $option = 
new ilRadioOption($this->lng->txt(
"rbac_role_rights_copy_empty"), 0);
 
  660            $rights->addOption($option);
 
  662            $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), 
true);
 
  664            foreach ($parent_role_ids as 
$id => $tmp) {
 
  669            $sorted_ids = 
ilUtil::_sortIds($ids, 
'object_data', 
'type DESC,title', 
'obj_id');
 
  672            foreach ($sorted_ids as 
$id) {
 
  673                $par = $parent_role_ids[
$id];
 
  674                if ($par[
"obj_id"] != SYSTEM_ROLE_ID) {
 
  675                    include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  677                    $option->setInfo($par[
"desc"]);
 
  678                    $rights->addOption($option);
 
  682            $form->addItem($rights);
 
  686        if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
 
  687            $check = 
new ilCheckboxInputGui($this->lng->txt(
"rbac_role_rights_copy_change_existing"), 
'existing');
 
  688            $check->setInfo($this->lng->txt(
'rbac_change_existing_objects_desc_new_role'));
 
  689            $form->addItem($check);
 
  703        $this->tpl->setContent(
$form->getHTML());
 
  719        if (
$form->checkInput()) {
 
  720            $new_title = 
$form->getInput(
"title");
 
  722            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  724            $role->setTitle($new_title);
 
  725            $role->setDescription(
$form->getInput(
'desc'));
 
  728            $GLOBALS[
'rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
 
  731            $rbacadmin->setProtected(
 
  734                $form->getInput(
'pro') ? 
'y' : 
'n' 
  738            $right_id_to_copy = 
$form->getInput(
"rights");
 
  739            if ($right_id_to_copy) {
 
  740                $parentRoles = $rbacreview->getParentRoleIds($this->
getCurrentObject()->getRefId(), 
true);
 
  741                $rbacadmin->copyRoleTemplatePermissions(
 
  743                    $parentRoles[$right_id_to_copy][
"parent"],
 
  749                if (
$form->getInput(
'existing')) {
 
  750                    if (
$form->getInput(
'pro')) {
 
  751                        $role->changeExistingObjects(
 
  757                        $role->changeExistingObjects(
 
  767            if (
$form->getInput(
"desktop")) {
 
  768                include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  770                $role_desk_item_obj->add(
 
  777            $this->ctrl->redirect($this, 
'perm');
 
  779            $form->setValuesByPost();
 
  780            $this->tpl->setContent(
$form->getHTML());
 
  792        $blocked_info[
'new_blocked'] = array();
 
  793        $blocked_info[
'new_unblocked'] = array();
 
  794        $blocked_info[
'num'] = 0;
 
  795        foreach ((array) 
$_POST[
'visible_block'] as $role => $one) {
 
  796            $blocked = $rbacreview->isBlockedAtPosition($role, $this->
getCurrentObject()->getRefId());
 
  797            if (isset(
$_POST[
'block'][$role]) && !$blocked) {
 
  798                $blocked_info[
'new_blocked'][] = $role;
 
  799                $blocked_info[
'num']++;
 
  801            if (!isset(
$_POST[
'block'][$role]) && $blocked) {
 
  802                $blocked_info[
'new_unblocked'][] = $role;
 
  803                $blocked_info[
'num']++;
 
  806        return $blocked_info;
 
  822        $this->tpl->setContent(
$table->getHTML());
 
  834        foreach ($positions as $position_id) {
 
  836            if (isset(
$_POST[
'local'][$position_id])) {
 
  837                ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
 
  839                ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
 
  843            $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
 
  844            if (isset(
$_POST[
'position_perm'][$position_id])) {
 
  845                $ops = 
$_POST[
'position_perm'][$position_id];
 
  847                foreach ($ops as $op_id => $op) {
 
  850                $ilOrgUnitPermission->setOperations($new_ops);
 
  851            } elseif (!$ilOrgUnitPermission->isNewlyCreated()) {
 
  852                $ilOrgUnitPermission->setOperations([]);
 
  854            $ilOrgUnitPermission->save();
 
  857        $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
 
static getArray($key=null, $values=null)
An exception for terminatinating execution or to throw for unit testing.
Confirmation screen class.
GUI class for didactic template settings inside repository objects.
static getLogger($a_component_id)
Get component logger.
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
This class displays the permission status of a user concerning a specific object.
Table for object role permissions.
const ROLE_FILTER_LOCAL_OBJECT
const ROLE_FILTER_LOCAL_POLICY
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
static findById($operation_id)
Class ilOrgUnitPermissionTableGUI.
Class ilPermissionGUI RBAC related output.
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
blockRoles($roles)
Block role.
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
resetFilter()
Reset filter.
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
const CMD_SAVE_POSITIONS_PERMISSIONS
isAdminRoleFolder()
Check of current location is administration (main) role folder.
__construct($a_gui_obj)
Constructor.
savePositionsPermissions()
getModifiedBlockedSettings()
executeCommand()
Execute command.
displayAddRoleForm()
Show add role form.
savePermissions()
Save permissions.
getCurrentObject()
Get current object.
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
initImportForm()
init import form
perm(ilTable2GUI $table=null)
show permission table
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
doImportRole()
Perform import.
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
isInAdministration()
Check if node is subobject of administration folder.
applyFilter()
Apply filter.
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
This class represents an option in a radio group.
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
if(!array_key_exists('StateId', $_REQUEST)) $id
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
if(empty($password)) $table
if(isset($_POST['submit'])) $form