ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilPermissionGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5
19class ilPermissionGUI extends ilPermission2GUI
20{
21 const CMD_PERM_POSITIONS = 'permPositions';
22 const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
23
24 protected $current_obj = null;
25
31 public function __construct($a_gui_obj)
32 {
33 parent::__construct($a_gui_obj);
34 }
35
40 public function executeCommand()
41 {
42 global $rbacsystem, $ilErr;
43
44 // access to all functions in this class are only allowed if edit_permission is granted
45 if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
46 $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
47 }
48
49 $next_class = $this->ctrl->getNextClass($this);
50
51 switch ($next_class) {
52 case "ilobjrolegui":
53 $this->ctrl->setReturn($this, 'perm');
54 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
55 $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
56 $this->gui_obj->setBackTarget($this->lng->txt("perm_settings"), $this->ctrl->getLinkTarget($this, "perm"));
57 $ret = $this->ctrl->forwardCommand($this->gui_obj);
58 break;
59
60 case 'ildidactictemplategui':
61 $this->ctrl->setReturn($this, 'perm');
62 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
63 $did = new ilDidacticTemplateGUI($this->gui_obj);
64 $this->ctrl->forwardCommand($did);
65 break;
66
67 case 'ilrepositorysearchgui':
68 // used for owner autocomplete
69 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
70 $rep_search = new ilRepositorySearchGUI();
71 $this->ctrl->forwardCommand($rep_search);
72 break;
73
74 case 'ilobjectpermissionstatusgui':
75 $this->__initSubTabs("perminfo");
76 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
77 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
78 $this->ctrl->forwardCommand($perm_stat);
79 break;
80
81 default:
82 $cmd = $this->ctrl->getCmd();
83 $this->$cmd();
84 break;
85 }
86
87 return true;
88 }
89
90
95 public function getCurrentObject()
96 {
97 return $this->gui_obj->object;
98 }
99
103 protected function confirmTemplateSwitch()
104 {
105 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
106 $this->ctrl->setReturn($this, 'perm');
107 $this->ctrl->setCmdClass('ildidactictemplategui');
108 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
109 $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
110 }
111
112
117 public function perm(ilTable2GUI $table = null)
118 {
119 global $objDefinition, $ilToolbar;
120
121 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
122 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
123 if ($dtpl->appendToolbarSwitch(
124 $ilToolbar,
125 $this->getCurrentObject()->getType(),
126 $this->getCurrentObject()->getRefId()
127 )) {
128 $ilToolbar->addSeparator();
129 }
130
131 if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
132 !$this->isAdministrationObject()
133 ) {
134 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
135
136 if (!$this->isAdminRoleFolder()) {
137 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
138 }
139 $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
140 }
141
142 $this->__initSubTabs("perm");
143
144 if (!$table instanceof ilTable2GUI) {
145 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
146 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
147 }
148 $table->parse();
149 $this->tpl->setContent($table->getHTML());
150 }
151
152
153
158 protected function isAdminRoleFolder()
159 {
160 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
161 }
162
163 protected function isAdministrationObject()
164 {
165 return $this->getCurrentObject()->getType() == 'adm';
166 }
167
172 protected function isInAdministration()
173 {
174 return (bool) $GLOBALS['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
175 }
176
177
182 protected function applyFilter()
183 {
184 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
185 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
186 $table->resetOffset();
187 $table->writeFilterToSession();
188 return $this->perm($table);
189 }
190
195 protected function resetFilter()
196 {
197 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
198 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
199 $table->resetOffset();
200 $table->resetFilter();
201
202 return $this->perm($table);
203 }
204
210 public function applyRoleFilter($a_roles, $a_filter_id)
211 {
212 global $rbacreview;
213
214 // Always delete administrator role from view
215 if (isset($a_roles[SYSTEM_ROLE_ID])) {
216 unset($a_roles[SYSTEM_ROLE_ID]);
217 }
218
219 switch ($a_filter_id) {
220 // all roles in context
221 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
222
223 return $a_roles;
224
225 // only global roles
226 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
227
228 $arr_global_roles = $rbacreview->getGlobalRoles();
229 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
230
231 foreach ($arr_remove_roles as $role_id) {
232 unset($a_roles[$role_id]);
233 }
234 return $a_roles;
235
236 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
237 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
238 $arr_global_roles = $rbacreview->getGlobalRoles();
239
240 foreach ($arr_global_roles as $role_id) {
241 unset($a_roles[$role_id]);
242 }
243
244 return $a_roles;
245 break;
246
247 // only roles which use a local policy
248 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
249
250 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
251 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
252
253 foreach ($arr_remove_roles as $role_id) {
254 unset($a_roles[$role_id]);
255 }
256
257 return $a_roles;
258
259 // only true local role defined at current position
260 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
261
262 $arr_local_roles = $GLOBALS['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
263 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
264
265 foreach ($arr_remove_roles as $role_id) {
266 unset($a_roles[$role_id]);
267 }
268
269 return $a_roles;
270
271 default:
272 return $a_roles;
273 }
274 }
275
280 protected function savePermissions()
281 {
282 global $rbacreview,$objDefinition,$rbacadmin;
283
284 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
285 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
286
287 $roles = $this->applyRoleFilter(
288 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
289 $table->getFilterItemByPostVar('role')->getValue()
290 );
291
292 // Log history
293 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
294 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
295
296
297 # all possible create permissions
298 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
299 $this->getCurrentObject()->getType(),
300 'create'
301 );
302
303 # createable (activated) create permissions
304 $create_types = $objDefinition->getCreatableSubObjects(
305 $this->getCurrentObject()->getType()
306 );
307 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
308
309 foreach ((array) $roles as $role => $role_data) {
310 if ($role_data['protected']) {
311 continue;
312 }
313
314 $new_ops = array_keys((array) $_POST['perm'][$role]);
315 $old_ops = $rbacreview->getRoleOperationsOnObject(
316 $role,
317 $this->getCurrentObject()->getRefId()
318 );
319
320 // Add operations which were enabled and are not activated.
321 foreach ($possible_ops_ids as $create_ops_id) {
322 if (in_array($create_ops_id, $createable_ops_ids)) {
323 continue;
324 }
325 if (in_array($create_ops_id, $old_ops)) {
326 $new_ops[] = $create_ops_id;
327 }
328 }
329
330 $rbacadmin->revokePermission(
331 $this->getCurrentObject()->getRefId(),
332 $role
333 );
334
335 $rbacadmin->grantPermission(
336 $role,
337 array_unique($new_ops),
338 $this->getCurrentObject()->getRefId()
339 );
340 }
341
342 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
343 foreach ($roles as $role) {
344 // No action for local roles
345 if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
346 continue;
347 }
348 // Nothing for protected roles
349 if ($role['protected']) {
350 continue;
351 }
352 // Stop local policy
353 if (
354 $role['parent'] == $this->getCurrentObject()->getRefId() and
355 !isset($_POST['inherit'][$role['obj_id']]) and
356 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
357 ) {
358 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
359 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
360 $role_obj->setParent($this->getCurrentObject()->getRefId());
361 $role_obj->delete();
362 continue;
363 }
364 // Add local policy
365 if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
366 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
367 $rbacadmin->copyRoleTemplatePermissions(
368 $role['obj_id'],
369 $role['parent'],
370 $this->getCurrentObject()->getRefId(),
371 $role['obj_id']
372 );
373 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
374 $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
375 }
376 }
377 }
378
379 // Protect permissions
380 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
381 foreach ($roles as $role) {
382 if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
383 if (isset($_POST['protect'][$role['obj_id']]) and
384 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
385 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
386 } elseif (!isset($_POST['protect'][$role['obj_id']]) and
387 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
388 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
389 }
390 }
391 }
392 }
393
394 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
395 $log = ilRbacLog::diffFaPa($log_old, $log_new);
396 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
397
398 $blocked_info = $this->getModifiedBlockedSettings();
399 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
400 if ($blocked_info['num'] > 0) {
401 return $this->showConfirmBlockRole($blocked_info);
402 }
403
404
405 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
406 $this->ctrl->redirect($this, 'perm');
407 #$this->perm();
408 }
409
415 protected function showConfirmBlockRole($a_blocked_info)
416 {
417 $info = '';
418 if ($a_blocked_info['new_blocked']) {
419 $info .= $this->lng->txt('role_confirm_block_role_info');
420 if ($a_blocked_info['new_unblocked']) {
421 $info .= '<br /><br />';
422 }
423 }
424 if ($a_blocked_info['new_unblocked']) {
425 $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
426 }
427
428 ilUtil::sendInfo($info);
429
430 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
431 $confirm = new ilConfirmationGUI();
432 $confirm->setFormAction($this->ctrl->getFormAction($this));
433 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
434 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
435 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
436
437 foreach ($a_blocked_info['new_blocked'] as $role_id) {
438 include_once './Services/AccessControl/classes/class.ilObjRole.php';
439 $confirm->addItem(
440 'new_block[]',
441 $role_id,
442 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
443 );
444 }
445 foreach ($a_blocked_info['new_unblocked'] as $role_id) {
446 include_once './Services/AccessControl/classes/class.ilObjRole.php';
447 $confirm->addItem(
448 'new_unblock[]',
449 $role_id,
450 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
451 );
452 }
453 $this->tpl->setContent($confirm->getHTML());
454 }
455
456 protected function modifyBlockRoles()
457 {
458 $this->blockRoles((array) $_POST['new_block']);
459 $this->unblockRoles((array) $_POST['new_unblock']);
460
461 ilUtil::sendInfo($this->lng->txt('settings_saved'));
462 $this->ctrl->redirect($this, 'perm');
463 }
464
468 protected function unblockRoles($roles)
469 {
470 global $rbacadmin;
471
472 foreach ($roles as $role) {
473 // delete local policy
474 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
475 $role_obj = ilObjectFactory::getInstanceByObjId($role);
476 $role_obj->setParent($this->getCurrentObject()->getRefId());
477 $role_obj->delete();
478
479 $role_obj->changeExistingObjects(
480 $this->getCurrentObject()->getRefId(),
481 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
482 array('all')
483 );
484
485 // finally set blocked status
486 $rbacadmin->setBlockedStatus(
487 $role,
488 $this->getCurrentObject()->getRefId(),
489 false
490 );
491 }
492 }
493
498 protected function blockRoles($roles)
499 {
500 global $rbacadmin,$rbacreview;
501
502 foreach ($roles as $role) {
503 // Set assign to 'y' only if it is a local role
504 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
505
506 // Delete permissions
507 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
508
509 // Delete template permissions
510 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
511
512
513 $rbacadmin->assignRoleToFolder(
514 $role,
515 $this->getCurrentObject()->getRefId(),
516 $assign
517 );
518
519 // finally set blocked status
520 $rbacadmin->setBlockedStatus(
521 $role,
522 $this->getCurrentObject()->getRefId(),
523 true
524 );
525 }
526 }
527
528
534 public static function hasContainerCommands($a_type)
535 {
536 global $objDefinition;
537
538 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
539 }
540
545 protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
546 {
547 $GLOBALS['ilTabs']->clearTargets();
548
549 if (!$form) {
550 $form = $this->initImportForm();
551 }
552 $GLOBALS['tpl']->setContent($form->getHTML());
553 }
554
558 protected function doImportRole()
559 {
560 global $rbacreview;
561
562 $form = $this->initImportForm();
563 if ($form->checkInput()) {
564 try {
565 include_once './Services/Export/classes/class.ilImport.php';
566
567 // For global roles set import id to parent of current ref_id (adm)
568 $imp = new ilImport($this->getCurrentObject()->getRefId());
569 $imp->getMapping()->addMapping(
570 'Services/AccessControl',
571 'rolf',
572 0,
573 $this->getCurrentObject()->getRefId()
574 );
575
576 $imp->importObject(
577 null,
578 $_FILES["importfile"]["tmp_name"],
579 $_FILES["importfile"]["name"],
580 'role'
581 );
582 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
583 $this->ctrl->redirect($this, 'perm');
584 return;
585 } catch (Exception $e) {
586 ilUtil::sendFailure($e->getMessage());
587 $form->setValuesByPost();
588 $this->displayImportRoleForm($form);
589 return;
590 }
591 }
592 $form->setValuesByPost();
593 ilUtil::sendFailure($this->lng->txt('err_check_input'));
594 $this->displayImportRoleForm($form);
595 }
596
600 protected function initImportForm()
601 {
602 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
603 $form = new ilPropertyFormGUI();
604 $form->setFormAction($this->ctrl->getFormAction($this));
605 $form->setTitle($this->lng->txt('rbac_import_role'));
606 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
607 $form->addCommandButton('perm', $this->lng->txt('cancel'));
608
609 $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
610 $zip->setSuffixes(array('zip'));
611 $form->addItem($zip);
612
613 return $form;
614 }
615
622 protected function initRoleForm()
623 {
624 global $rbacreview,$objDefinition;
625
626 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
627 $form = new ilPropertyFormGUI();
628 $form->setFormAction($this->ctrl->getFormAction($this));
629 $form->setTitle($this->lng->txt('role_new'));
630 $form->addCommandButton('addrole', $this->lng->txt('role_new'));
631 $form->addCommandButton('perm', $this->lng->txt('cancel'));
632
633 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
634 $title->setValidationRegexp('/^(?!il_).*$/');
635 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
636 $title->setSize(40);
637 $title->setMaxLength(70);
638 $title->setRequired(true);
639 $form->addItem($title);
640
641 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
642 $desc->setCols(40);
643 $desc->setRows(3);
644 $form->addItem($desc);
645
646 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
647 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
648 $pro->setValue(1);
649 $form->addItem($pro);
650
651 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'), 'desktop');
652 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
653 $pd->setValue(1);
654 $form->addItem($pd);
655
656
657 if (!$this->isInAdministration()) {
658 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
659 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
660 $rights->addOption($option);
661
662 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
663 $ids = array();
664 foreach ($parent_role_ids as $id => $tmp) {
665 $ids[] = $id;
666 }
667
668 // Sort ids
669 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
670
671 $key = 0;
672 foreach ($sorted_ids as $id) {
673 $par = $parent_role_ids[$id];
674 if ($par["obj_id"] != SYSTEM_ROLE_ID) {
675 include_once './Services/AccessControl/classes/class.ilObjRole.php';
676 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
677 $option->setInfo($par["desc"]);
678 $rights->addOption($option);
679 }
680 $key++;
681 }
682 $form->addItem($rights);
683 }
684
685 // Local policy only for containers
686 if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
687 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
688 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
689 $form->addItem($check);
690 }
691
692 return $form;
693 }
694
698 protected function displayAddRoleForm()
699 {
700 $GLOBALS['ilTabs']->clearTargets();
701
702 $form = $this->initRoleForm();
703 $this->tpl->setContent($form->getHTML());
704 }
705
714 protected function addRole()
715 {
716 global $rbacadmin, $rbacreview, $rbacsystem,$ilErr,$ilCtrl;
717
718 $form = $this->initRoleForm();
719 if ($form->checkInput()) {
720 $new_title = $form->getInput("title");
721
722 include_once './Services/AccessControl/classes/class.ilObjRole.php';
723 $role = new ilObjRole();
724 $role->setTitle($new_title);
725 $role->setDescription($form->getInput('desc'));
726 $role->create();
727
728 $GLOBALS['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
729
730 // protect
731 $rbacadmin->setProtected(
732 $this->getCurrentObject()->getRefId(),
733 $role->getId(),
734 $form->getInput('pro') ? 'y' : 'n'
735 );
736
737 // copy rights
738 $right_id_to_copy = $form->getInput("rights");
739 if ($right_id_to_copy) {
740 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
741 $rbacadmin->copyRoleTemplatePermissions(
742 $right_id_to_copy,
743 $parentRoles[$right_id_to_copy]["parent"],
744 $this->getCurrentObject()->getRefId(),
745 $role->getId(),
746 false
747 );
748
749 if ($form->getInput('existing')) {
750 if ($form->getInput('pro')) {
751 $role->changeExistingObjects(
752 $this->getCurrentObject()->getRefId(),
753 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
754 array('all')
755 );
756 } else {
757 $role->changeExistingObjects(
758 $this->getCurrentObject()->getRefId(),
759 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
760 array('all')
761 );
762 }
763 }
764 }
765
766 // add to desktop items
767 if ($form->getInput("desktop")) {
768 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
769 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
770 $role_desk_item_obj->add(
771 $this->getCurrentObject()->getRefId(),
772 ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)
773 );
774 }
775
776 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
777 $this->ctrl->redirect($this, 'perm');
778 } else {
779 $form->setValuesByPost();
780 $this->tpl->setContent($form->getHTML());
781 }
782 }
783
788 protected function getModifiedBlockedSettings()
789 {
790 global $rbacreview;
791
792 $blocked_info['new_blocked'] = array();
793 $blocked_info['new_unblocked'] = array();
794 $blocked_info['num'] = 0;
795 foreach ((array) $_POST['visible_block'] as $role => $one) {
796 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
797 if (isset($_POST['block'][$role]) && !$blocked) {
798 $blocked_info['new_blocked'][] = $role;
799 $blocked_info['num']++;
800 }
801 if (!isset($_POST['block'][$role]) && $blocked) {
802 $blocked_info['new_unblocked'][] = $role;
803 $blocked_info['num']++;
804 }
805 }
806 return $blocked_info;
807 }
808
809 //
810 // OrgUnit Position Permissions
811 //
812
813
814 protected function permPositions()
815 {
816 $perm = self::CMD_PERM_POSITIONS;
817 $this->__initSubTabs($perm);
818
819 $ref_id = $this->getCurrentObject()->getRefId();
820 $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
821 $table->collectData();
822 $this->tpl->setContent($table->getHTML());
823 }
824
825
826 protected function savePositionsPermissions()
827 {
828 $this->__initSubTabs(self::CMD_PERM_POSITIONS);
829
830 $positions = ilOrgUnitPosition::getArray(null, 'id');
831 $ref_id = $this->getCurrentObject()->getRefId();
832
833 // handle local sets
834 foreach ($positions as $position_id) {
835 // handle sets
836 if (isset($_POST['local'][$position_id])) {
837 ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
838 } else {
839 ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
840 continue;
841 }
842 // Handle operations
843 $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
844 if (isset($_POST['position_perm'][$position_id])) {
845 $ops = $_POST['position_perm'][$position_id];
846 $new_ops = [];
847 foreach ($ops as $op_id => $op) {
848 $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
849 }
850 $ilOrgUnitPermission->setOperations($new_ops);
851 } elseif (!$ilOrgUnitPermission->isNewlyCreated()) {
852 $ilOrgUnitPermission->setOperations([]);
853 }
854 $ilOrgUnitPermission->save();
855 }
856 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
857 $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
858 }
859}
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:914
php
An exception for terminatinating execution or to throw for unit testing.
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilImport
Import class.
Definition: class.ilImport.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:484
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:75
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:17
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:933
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1204
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:9
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:17
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:20
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:498
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:545
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:195
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:103
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:158
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:31
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:40
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:698
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:280
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:95
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:622
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:600
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:117
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:534
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:558
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:210
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:415
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:172
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:182
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
Definition: class.ilPermissionGUI.php:714
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:67
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:133
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1266
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4438
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:4562
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4530
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4514
$key
$key
Definition: croninfo.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$log
$log
Definition: inc.setup_header.php:128
$info
$info
Definition: index.php:5
$ret
$ret
Definition: parser.php:6
$table
if(empty($password)) $table
Definition: pwgen.php:24
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
$a_type
$a_type
Definition: workflow.php:92