ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  const CMD_PERM_POSITIONS = 'permPositions';
22  const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
23 
24  protected $current_obj = null;
25 
31  public function __construct($a_gui_obj)
32  {
33  parent::__construct($a_gui_obj);
34  }
35 
40  public function executeCommand()
41  {
42  global $rbacsystem, $ilErr;
43 
44  // access to all functions in this class are only allowed if edit_permission is granted
45  if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
46  $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
47  }
48 
49  $next_class = $this->ctrl->getNextClass($this);
50 
51  switch ($next_class) {
52  case "ilobjrolegui":
53  $this->ctrl->setReturn($this, 'perm');
54  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
55  $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
56  $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"), $this->ctrl->getLinkTarget($this, "perm"));
57  $ret = $this->ctrl->forwardCommand($this->gui_obj);
58  break;
59 
60  case 'ildidactictemplategui':
61  $this->ctrl->setReturn($this, 'perm');
62  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
63  $did = new ilDidacticTemplateGUI($this->gui_obj);
64  $this->ctrl->forwardCommand($did);
65  break;
66 
67  case 'ilrepositorysearchgui':
68  // used for owner autocomplete
69  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
70  $rep_search = new ilRepositorySearchGUI();
71  $this->ctrl->forwardCommand($rep_search);
72  break;
73 
74  case 'ilobjectpermissionstatusgui':
75  $this->__initSubTabs("perminfo");
76  include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
77  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
78  $this->ctrl->forwardCommand($perm_stat);
79  break;
80 
81  default:
82  $cmd = $this->ctrl->getCmd();
83  $this->$cmd();
84  break;
85  }
86 
87  return true;
88  }
89 
90 
95  public function getCurrentObject()
96  {
97  return $this->gui_obj->object;
98  }
99 
103  protected function confirmTemplateSwitch()
104  {
105  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
106  $this->ctrl->setReturn($this, 'perm');
107  $this->ctrl->setCmdClass('ildidactictemplategui');
108  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
109  $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
110  }
111 
112 
117  public function perm(ilTable2GUI $table = null)
118  {
119  global $objDefinition, $ilToolbar;
120 
121  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
122  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
123  if ($dtpl->appendToolbarSwitch(
124  $ilToolbar,
125  $this->getCurrentObject()->getType(),
126  $this->getCurrentObject()->getRefId()
127  )) {
128  $ilToolbar->addSeparator();
129  }
130 
131  if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132  !$this->isAdministrationObject()
133  ) {
134  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
135 
136  if (!$this->isAdminRoleFolder()) {
137  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
138  }
139  $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
140  }
141 
142  $this->__initSubTabs("perm");
143 
144  if (!$table instanceof ilTable2GUI) {
145  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
146  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
147  }
148  $table->parse();
149  $this->tpl->setContent($table->getHTML());
150  }
151 
152 
153 
158  protected function isAdminRoleFolder()
159  {
160  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
161  }
162 
163  protected function isAdministrationObject()
164  {
165  return $this->getCurrentObject()->getType() == 'adm';
166  }
167 
172  protected function isInAdministration()
173  {
174  return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
175  }
176 
177 
182  protected function applyFilter()
183  {
184  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
185  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
186  $table->resetOffset();
187  $table->writeFilterToSession();
188  return $this->perm($table);
189  }
190 
195  protected function resetFilter()
196  {
197  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
198  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
199  $table->resetOffset();
200  $table->resetFilter();
201 
202  return $this->perm($table);
203  }
204 
210  public function applyRoleFilter($a_roles, $a_filter_id)
211  {
212  global $rbacreview;
213 
214  // Always delete administrator role from view
215  if (isset($a_roles[SYSTEM_ROLE_ID])) {
216  unset($a_roles[SYSTEM_ROLE_ID]);
217  }
218 
219  switch ($a_filter_id) {
220  // all roles in context
221  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
222 
223  return $a_roles;
224 
225  // only global roles
226  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
227 
228  $arr_global_roles = $rbacreview->getGlobalRoles();
229  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
230 
231  foreach ($arr_remove_roles as $role_id) {
232  unset($a_roles[$role_id]);
233  }
234  return $a_roles;
235 
236  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
237  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
238  $arr_global_roles = $rbacreview->getGlobalRoles();
239 
240  foreach ($arr_global_roles as $role_id) {
241  unset($a_roles[$role_id]);
242  }
243 
244  return $a_roles;
245  break;
246 
247  // only roles which use a local policy
248  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
249 
250  $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
251  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
252 
253  foreach ($arr_remove_roles as $role_id) {
254  unset($a_roles[$role_id]);
255  }
256 
257  return $a_roles;
258 
259  // only true local role defined at current position
260  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
261 
262  $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
263  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
264 
265  foreach ($arr_remove_roles as $role_id) {
266  unset($a_roles[$role_id]);
267  }
268 
269  return $a_roles;
270 
271  default:
272  return $a_roles;
273  }
274  }
275 
280  protected function savePermissions()
281  {
282  global $rbacreview,$objDefinition,$rbacadmin;
283 
284  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
285  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
286 
287  $roles = $this->applyRoleFilter(
288  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
289  $table->getFilterItemByPostVar('role')->getValue()
290  );
291 
292  // Log history
293  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
294  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
295 
296 
297  # all possible create permissions
298  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
299  $this->getCurrentObject()->getType(),
300  'create'
301  );
302 
303  # createable (activated) create permissions
304  $create_types = $objDefinition->getCreatableSubObjects(
305  $this->getCurrentObject()->getType()
306  );
307  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
308 
309  foreach ((array) $roles as $role => $role_data) {
310  if ($role_data['protected']) {
311  continue;
312  }
313 
314  $new_ops = array_keys((array) $_POST['perm'][$role]);
315  $old_ops = $rbacreview->getRoleOperationsOnObject(
316  $role,
317  $this->getCurrentObject()->getRefId()
318  );
319 
320  // Add operations which were enabled and are not activated.
321  foreach ($possible_ops_ids as $create_ops_id) {
322  if (in_array($create_ops_id, $createable_ops_ids)) {
323  continue;
324  }
325  if (in_array($create_ops_id, $old_ops)) {
326  $new_ops[] = $create_ops_id;
327  }
328  }
329 
330  $rbacadmin->revokePermission(
331  $this->getCurrentObject()->getRefId(),
332  $role
333  );
334 
335  $rbacadmin->grantPermission(
336  $role,
337  array_unique($new_ops),
338  $this->getCurrentObject()->getRefId()
339  );
340  }
341 
342  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
343  foreach ($roles as $role) {
344  // No action for local roles
345  if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
346  continue;
347  }
348  // Nothing for protected roles
349  if ($role['protected']) {
350  continue;
351  }
352  // Stop local policy
353  if (
354  $role['parent'] == $this->getCurrentObject()->getRefId() and
355  !isset($_POST['inherit'][$role['obj_id']]) and
356  !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
357  ) {
358  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
359  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
360  $role_obj->setParent($this->getCurrentObject()->getRefId());
361  $role_obj->delete();
362  continue;
363  }
364  // Add local policy
365  if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
366  ilLoggerFactory::getLogger('ac')->debug('Create local policy');
367  $rbacadmin->copyRoleTemplatePermissions(
368  $role['obj_id'],
369  $role['parent'],
370  $this->getCurrentObject()->getRefId(),
371  $role['obj_id']
372  );
373  ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
374  $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
375  }
376  }
377  }
378 
379  // Protect permissions
380  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
381  foreach ($roles as $role) {
382  if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
383  if (isset($_POST['protect'][$role['obj_id']]) and
384  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
385  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
386  } elseif (!isset($_POST['protect'][$role['obj_id']]) and
387  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
388  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
389  }
390  }
391  }
392  }
393 
394  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
395  $log = ilRbacLog::diffFaPa($log_old, $log_new);
396  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
397 
398  $blocked_info = $this->getModifiedBlockedSettings();
399  ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
400  if ($blocked_info['num'] > 0) {
401  return $this->showConfirmBlockRole($blocked_info);
402  }
403 
404 
405  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
406  $this->ctrl->redirect($this, 'perm');
407  #$this->perm();
408  }
409 
415  protected function showConfirmBlockRole($a_blocked_info)
416  {
417  $info = '';
418  if ($a_blocked_info['new_blocked']) {
419  $info .= $this->lng->txt('role_confirm_block_role_info');
420  if ($a_blocked_info['new_unblocked']) {
421  $info .= '<br /><br />';
422  }
423  }
424  if ($a_blocked_info['new_unblocked']) {
425  $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
426  }
427 
428  ilUtil::sendInfo($info);
429 
430  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
431  $confirm = new ilConfirmationGUI();
432  $confirm->setFormAction($this->ctrl->getFormAction($this));
433  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
434  $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
435  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
436 
437  foreach ($a_blocked_info['new_blocked'] as $role_id) {
438  include_once './Services/AccessControl/classes/class.ilObjRole.php';
439  $confirm->addItem(
440  'new_block[]',
441  $role_id,
442  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
443  );
444  }
445  foreach ($a_blocked_info['new_unblocked'] as $role_id) {
446  include_once './Services/AccessControl/classes/class.ilObjRole.php';
447  $confirm->addItem(
448  'new_unblock[]',
449  $role_id,
450  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
451  );
452  }
453  $this->tpl->setContent($confirm->getHTML());
454  }
455 
456  protected function modifyBlockRoles()
457  {
458  $this->blockRoles((array) $_POST['new_block']);
459  $this->unblockRoles((array) $_POST['new_unblock']);
460 
461  ilUtil::sendInfo($this->lng->txt('settings_saved'));
462  $this->ctrl->redirect($this, 'perm');
463  }
464 
468  protected function unblockRoles($roles)
469  {
470  global $rbacadmin;
471 
472  foreach ($roles as $role) {
473  // delete local policy
474  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
475  $role_obj = ilObjectFactory::getInstanceByObjId($role);
476  $role_obj->setParent($this->getCurrentObject()->getRefId());
477  $role_obj->delete();
478 
479  $role_obj->changeExistingObjects(
480  $this->getCurrentObject()->getRefId(),
481  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
482  array('all')
483  );
484 
485  // finally set blocked status
486  $rbacadmin->setBlockedStatus(
487  $role,
488  $this->getCurrentObject()->getRefId(),
489  false
490  );
491  }
492  }
493 
498  protected function blockRoles($roles)
499  {
500  global $rbacadmin,$rbacreview;
501 
502  foreach ($roles as $role) {
503  // Set assign to 'y' only if it is a local role
504  $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
505 
506  // Delete permissions
507  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
508 
509  // Delete template permissions
510  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
511 
512 
513  $rbacadmin->assignRoleToFolder(
514  $role,
515  $this->getCurrentObject()->getRefId(),
516  $assign
517  );
518 
519  // finally set blocked status
520  $rbacadmin->setBlockedStatus(
521  $role,
522  $this->getCurrentObject()->getRefId(),
523  true
524  );
525  }
526  }
527 
528 
534  public static function hasContainerCommands($a_type)
535  {
536  global $objDefinition;
537 
538  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
539  }
540 
545  protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
546  {
547  $GLOBALS['ilTabs']->clearTargets();
548 
549  if (!$form) {
550  $form = $this->initImportForm();
551  }
552  $GLOBALS['tpl']->setContent($form->getHTML());
553  }
554 
558  protected function doImportRole()
559  {
560  global $rbacreview;
561 
562  $form = $this->initImportForm();
563  if ($form->checkInput()) {
564  try {
565  include_once './Services/Export/classes/class.ilImport.php';
566 
567  // For global roles set import id to parent of current ref_id (adm)
568  $imp = new ilImport($this->getCurrentObject()->getRefId());
569  $imp->getMapping()->addMapping(
570  'Services/AccessControl',
571  'rolf',
572  0,
573  $this->getCurrentObject()->getRefId()
574  );
575 
576  $imp->importObject(
577  null,
578  $_FILES["importfile"]["tmp_name"],
579  $_FILES["importfile"]["name"],
580  'role'
581  );
582  ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
583  $this->ctrl->redirect($this, 'perm');
584  return;
585  } catch (Exception $e) {
586  ilUtil::sendFailure($e->getMessage());
587  $form->setValuesByPost();
588  $this->displayImportRoleForm($form);
589  return;
590  }
591  }
592  $form->setValuesByPost();
593  ilUtil::sendFailure($this->lng->txt('err_check_input'));
594  $this->displayImportRoleForm($form);
595  }
596 
600  protected function initImportForm()
601  {
602  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
603  $form = new ilPropertyFormGUI();
604  $form->setFormAction($this->ctrl->getFormAction($this));
605  $form->setTitle($this->lng->txt('rbac_import_role'));
606  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
607  $form->addCommandButton('perm', $this->lng->txt('cancel'));
608 
609  $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
610  $zip->setSuffixes(array('zip'));
611  $form->addItem($zip);
612 
613  return $form;
614  }
615 
622  protected function initRoleForm()
623  {
624  global $rbacreview,$objDefinition;
625 
626  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
627  $form = new ilPropertyFormGUI();
628  $form->setFormAction($this->ctrl->getFormAction($this));
629  $form->setTitle($this->lng->txt('role_new'));
630  $form->addCommandButton('addrole', $this->lng->txt('role_new'));
631  $form->addCommandButton('perm', $this->lng->txt('cancel'));
632 
633  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
634  $title->setValidationRegexp('/^(?!il_).*$/');
635  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
636  $title->setSize(40);
637  $title->setMaxLength(70);
638  $title->setRequired(true);
639  $form->addItem($title);
640 
641  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
642  $desc->setCols(40);
643  $desc->setRows(3);
644  $form->addItem($desc);
645 
646  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
647  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
648  $pro->setValue(1);
649  $form->addItem($pro);
650 
651  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'), 'desktop');
652  $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
653  $pd->setValue(1);
654  $form->addItem($pd);
655 
656 
657  if (!$this->isInAdministration()) {
658  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
659  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
660  $rights->addOption($option);
661 
662  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
663  $ids = array();
664  foreach ($parent_role_ids as $id => $tmp) {
665  $ids[] = $id;
666  }
667 
668  // Sort ids
669  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
670 
671  $key = 0;
672  foreach ($sorted_ids as $id) {
673  $par = $parent_role_ids[$id];
674  if ($par["obj_id"] != SYSTEM_ROLE_ID) {
675  include_once './Services/AccessControl/classes/class.ilObjRole.php';
676  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
677  $option->setInfo($par["desc"]);
678  $rights->addOption($option);
679  }
680  $key++;
681  }
682  $form->addItem($rights);
683  }
684 
685  // Local policy only for containers
686  if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
687  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
688  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
689  $form->addItem($check);
690  }
691 
692  return $form;
693  }
694 
698  protected function displayAddRoleForm()
699  {
700  $GLOBALS['ilTabs']->clearTargets();
701 
702  $form = $this->initRoleForm();
703  $this->tpl->setContent($form->getHTML());
704  }
705 
714  protected function addRole()
715  {
716  global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
717 
718  $form = $this->initRoleForm();
719  if ($form->checkInput()) {
720  $new_title = $form->getInput("title");
721 
722  include_once './Services/AccessControl/classes/class.ilObjRole.php';
723  $role = new ilObjRole();
724  $role->setTitle($new_title);
725  $role->setDescription($form->getInput('desc'));
726  $role->create();
727 
728  $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
729 
730  // protect
731  $rbacadmin->setProtected(
732  $this->getCurrentObject()->getRefId(),
733  $role->getId(),
734  $form->getInput('pro') ? 'y' : 'n'
735  );
736 
737  // copy rights
738  $right_id_to_copy = $form->getInput("rights");
739  if ($right_id_to_copy) {
740  $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
741  $rbacadmin->copyRoleTemplatePermissions(
742  $right_id_to_copy,
743  $parentRoles[$right_id_to_copy]["parent"],
744  $this->getCurrentObject()->getRefId(),
745  $role->getId(),
746  false
747  );
748 
749  if ($form->getInput('existing')) {
750  if ($form->getInput('pro')) {
751  $role->changeExistingObjects(
752  $this->getCurrentObject()->getRefId(),
753  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
754  array('all')
755  );
756  } else {
757  $role->changeExistingObjects(
758  $this->getCurrentObject()->getRefId(),
759  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
760  array('all')
761  );
762  }
763  }
764  }
765 
766  // add to desktop items
767  if ($form->getInput("desktop")) {
768  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
769  $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
770  $role_desk_item_obj->add(
771  $this->getCurrentObject()->getRefId(),
772  ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)
773  );
774  }
775 
776  ilUtil::sendSuccess($this->lng->txt("role_added"), true);
777  $this->ctrl->redirect($this, 'perm');
778  } else {
779  $form->setValuesByPost();
780  $this->tpl->setContent($form->getHTML());
781  }
782  }
783 
788  protected function getModifiedBlockedSettings()
789  {
790  global $rbacreview;
791 
792  $blocked_info['new_blocked'] = array();
793  $blocked_info['new_unblocked'] = array();
794  $blocked_info['num'] = 0;
795  foreach ((array) $_POST['visible_block'] as $role => $one) {
796  $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
797  if (isset($_POST['block'][$role]) && !$blocked) {
798  $blocked_info['new_blocked'][] = $role;
799  $blocked_info['num']++;
800  }
801  if (!isset($_POST['block'][$role]) && $blocked) {
802  $blocked_info['new_unblocked'][] = $role;
803  $blocked_info['num']++;
804  }
805  }
806  return $blocked_info;
807  }
808 
809  //
810  // OrgUnit Position Permissions
811  //
812 
813 
814  protected function permPositions()
815  {
816  $perm = self::CMD_PERM_POSITIONS;
817  $this->__initSubTabs($perm);
818 
819  $ref_id = $this->getCurrentObject()->getRefId();
820  $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
821  $table->collectData();
822  $this->tpl->setContent($table->getHTML());
823  }
824 
825 
826  protected function savePositionsPermissions()
827  {
828  $this->__initSubTabs(self::CMD_PERM_POSITIONS);
829 
830  $positions = ilOrgUnitPosition::getArray(null, 'id');
831  $ref_id = $this->getCurrentObject()->getRefId();
832 
833  // handle local sets
834  foreach ($positions as $position_id) {
835  // handle sets
836  if (isset($_POST['local'][$position_id])) {
837  ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
838  } else {
839  ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
840  continue;
841  }
842  // Handle operations
843  $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
844  if (isset($_POST['position_perm'][$position_id])) {
845  $ops = $_POST['position_perm'][$position_id];
846  $new_ops = [];
847  foreach ($ops as $op_id => $op) {
848  $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
849  }
850  $ilOrgUnitPermission->setOperations($new_ops);
851  } elseif (!$ilOrgUnitPermission->isNewlyCreated()) {
852  $ilOrgUnitPermission->setOperations([]);
853  }
854  $ilOrgUnitPermission->save();
855  }
856  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
857  $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
858  }
859 }
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:4562
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:31
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:8
ilRoleDesktopItem\add
add($a_item_id, $a_item_type)
Definition: class.ilRoleDesktopItem.php:43
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role type $rbacreview type $objDefinition.
Definition: class.ilPermissionGUI.php:622
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:558
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:210
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:14
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option &#39;you may add local roles&#39;...
Definition: class.ilPermissionGUI.php:714
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:172
ilImport
Import class.
Definition: class.ilImport.php:11
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:534
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1266
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:158
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ilFormPropertyGUI\setInfo
setInfo($a_info)
Set Information Text.
Definition: class.ilFormPropertyGUI.php:145
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4514
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:415
$a_type
$a_type
Definition: workflow.php:92
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:545
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:195
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:15
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:13
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4438
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:103
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:16
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:95
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:75
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:484
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:698
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4530
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:600
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:498
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:34
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
$ret
$ret
Definition: parser.php:6
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:40
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:19
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:914
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
$table
if(empty($password)) $table
Definition: pwgen.php:24
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:16
$info
$info
Definition: index.php:5
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:280
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object. ...
Definition: class.ilObjectPermissionStatusGUI.php:16
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:117
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:20
$key
$key
Definition: croninfo.php:18
ilFileInputGUI\setSuffixes
setSuffixes($a_suffixes)
Set Accepted Suffixes.
Definition: class.ilFileInputGUI.php:132
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$log
$log
Definition: inc.setup_header.php:128
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:15
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:182