ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilSettingsPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
13 class ilSettingsPermissionGUI
14 {
15  protected $permissions = array(); // permissions selected by context
16  protected $base_permissions = array(); // base permissions of the object type (ops_id -> permission)
17  protected $base_permissions_by_op = array();// base permissions of the object type (permission -> ops_id)
18  protected $role_required_permissions = array();
19  protected $role_prohibited_permissions = array();
20 
26  public function __construct($a_gui_obj)
27  {
28  global $objDefinition, $tpl, $ilCtrl, $lng, $rbacreview;
29 
30  $this->objDefinition = $objDefinition;
31  $this->tpl = $tpl;
32  $this->lng = $lng;
33  $this->lng->loadLanguageModule("rbac");
34 
35  $this->ctrl = $ilCtrl;
36 
37  $this->gui_obj = $a_gui_obj;
38  $this->obj = $a_gui_obj->object;
39  $this->red_id = $this->obj->getRefId();
40 
41 
42  foreach (ilRbacReview::_getOperationList($this->obj->getType()) as $p) {
43  $this->base_permissions[$p["ops_id"]] = $p["operation"];
44  $this->base_permissions_by_op[$p["operation"]] = $p["ops_id"];
45  }
46 
47  $this->base_roles = $rbacreview->getParentRoleIds($this->obj->getRefId());
48  }
49 
53  public function determineRoles()
54  {
55  global $rbacreview;
56 
57  $roles = array();
58  foreach ($this->base_roles as $k => $r) {
59  $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
60  $use = true;
61  foreach ($this->getRoleRequiredPermissions() as $o) {
62  if (!in_array($o, $ops)) {
63  $use = false;
64  }
65  }
66  foreach ($this->getRoleProhibitedPermissions() as $o) {
67  if (in_array($o, $ops)) {
68  $use = false;
69  }
70  }
71  if ($use) {
72  $roles[$k] = $r;
73  }
74  }
75  return $roles;
76  }
77 
78 
84  public function setRoleRequiredPermissions($a_val)
85  {
86  if (is_array($a_val)) {
87  foreach ($a_val as $p) {
88  if (in_array($p, $this->base_permissions)) {
89  $this->role_required_permissions[] = $this->base_permissions_by_op[$p];
90  }
91  }
92  }
93  }
94 
100  public function getRoleRequiredPermissions()
101  {
102  return $this->role_required_permissions;
103  }
104 
110  public function setRoleProhibitedPermissions($a_val)
111  {
112  if (is_array($a_val)) {
113  foreach ($a_val as $p) {
114  if (in_array($p, $this->base_permissions)) {
115  $this->role_prohibited_permissions[] = $this->base_permissions_by_op[$p];
116  }
117  }
118  }
119  }
120 
126  public function getRoleProhibitedPermissions()
127  {
128  return $this->role_prohibited_permissions;
129  }
130 
136  public function setPermissions($a_val)
137  {
138  if (is_array($a_val)) {
139  foreach ($a_val as $p) {
140  if (in_array($p, $this->base_permissions)) {
141  $this->permissions[$this->base_permissions_by_op[$p]] = $p;
142  }
143  }
144  }
145  }
146 
152  public function getPermissions()
153  {
154  return $this->permissions;
155  }
156 
160  public function executeCommand()
161  {
162  $cmd = $this->ctrl->getCmd("showForm");
163  if (in_array($cmd, array("showForm", "save"))) {
164  $this->$cmd();
165  }
166  }
167 
171  public function showForm()
172  {
173  $form = $this->initPermissionForm();
174  $this->tpl->setContent($form->getHTML());
175  }
176 
177 
181  public function initPermissionForm()
182  {
183  global $rbacreview;
184 
185  include_once("Services/Form/classes/class.ilPropertyFormGUI.php");
186  $form = new ilPropertyFormGUI();
187 
188  $roles = $this->determineRoles();
189  $ops = array();
190  foreach ($roles as $r) {
191  $ops[$r["rol_id"]] = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
192  }
193 
194  // for each permission, collect all roles that have the permission activated
195  $perm_roles = array();
196  foreach ($ops as $r => $o2) {
197  foreach ($o2 as $o) {
198  $perm_roles[$o][] = $r;
199  }
200  }
201 
202  // for each permission
203  include_once './Services/AccessControl/classes/class.ilObjRole.php';
204  foreach ($this->getPermissions() as $p) {
205  // roles
206  $cb = new ilCheckboxGroupInputGUI($this->lng->txt($p), $p);
207  reset($roles);
208  foreach ($roles as $k => $r) {
209  $option = new ilCheckboxOption(ilObjRole::_getTranslation($r["title"]), $k);
210  $cb->addOption($option);
211  }
212  if (is_array($perm_roles[$this->base_permissions_by_op[$p]])) {
213  $cb->setValue($perm_roles[$this->base_permissions_by_op[$p]]);
214  }
215  $form->addItem($cb);
216  }
217 
218  $form->addCommandButton("save", $this->lng->txt("save"));
219 
220  $form->setTitle($this->lng->txt("rbac_permissions"));
221  $form->setFormAction($this->ctrl->getFormAction($this));
222 
223  return $form;
224  }
225 
229  public function save()
230  {
231  global $rbacreview, $rbacadmin;
232 
233  $form = $this->initPermissionForm();
234  if ($form->checkInput()) {
235  foreach ($this->determineRoles() as $r) {
236  // get active operations for role
237  $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
238 
239  // revode all permissions for the role
240  $rbacadmin->revokePermission($this->obj->getRefId(), $r["rol_id"]);
241 
242  // for all permissions of the form...
243  foreach ($this->getPermissions() as $p) {
244  $roles = $form->getInput($p);
245  if (!is_array($roles)) {
246  $roles = array();
247  }
248  $o = $this->base_permissions_by_op[$p];
249 
250  // ... if in original operations, but not checked, remove it from operations
251  if (in_array($o, $ops) && !in_array($r["rol_id"], $roles)) {
252  if (($key = array_search($o, $ops)) !== false) {
253  unset($ops[$key]);
254  }
255  }
256 
257  // ...if not in original operations, but checked, add to operations
258  if (!in_array($o, $ops) && in_array($r["rol_id"], $roles)) {
259  $ops[] = $o;
260  }
261  }
262 
263  // now grant resulting permissions
264  $rbacadmin->grantPermission(
265  $r["rol_id"],
266  array_unique($ops),
267  $this->obj->getRefId()
268  );
269  }
270 
271  ilUtil::sendSuccess($this->lng->txt("msg_obj_modified"), true);
272  $this->ctrl->redirect($this, "");
273  } else {
274  $form->setValuesByPost();
275  $this->tpl->setContent($form->getHtml());
276  }
277  }
278 }
ilUtil\sendSuccess
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
Definition: class.ilUtil.php:4562
ilSettingsPermissionGUI
UI class for handling permissions that can be configured having the write permission for an object...
Definition: class.ilSettingsPermissionGUI.php:13
ilCheckboxOption
This class represents an option in a checkbox group.
Definition: class.ilCheckboxOption.php:31
ilSettingsPermissionGUI\initPermissionForm
initPermissionForm()
Init permission form.
Definition: class.ilSettingsPermissionGUI.php:181
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$tpl
$tpl
Definition: ilias.php:10
ilSettingsPermissionGUI\setPermissions
setPermissions($a_val)
Set permissions.
Definition: class.ilSettingsPermissionGUI.php:136
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1442
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$r
$r
Definition: example_031.php:79
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilSettingsPermissionGUI\setRoleRequiredPermissions
setRoleRequiredPermissions($a_val)
Set role required permissions (this permissions are required for a role to be listed) ...
Definition: class.ilSettingsPermissionGUI.php:84
ilCheckboxGroupInputGUI
This class represents a property in a property form.
Definition: class.ilCheckboxGroupInputGUI.php:33
ilSettingsPermissionGUI\setRoleProhibitedPermissions
setRoleProhibitedPermissions($a_val)
Set role prohibited permissions (this permissions are prohibited for a role to be listed) ...
Definition: class.ilSettingsPermissionGUI.php:110
ilSettingsPermissionGUI\getRoleProhibitedPermissions
getRoleProhibitedPermissions()
Get role prohibited permissions.
Definition: class.ilSettingsPermissionGUI.php:126
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:484
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilSettingsPermissionGUI\getRoleRequiredPermissions
getRoleRequiredPermissions()
Get role required permissions.
Definition: class.ilSettingsPermissionGUI.php:100
$lng
global $lng
Definition: privfeed.php:17
$key
$key
Definition: croninfo.php:18
ilSettingsPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilSettingsPermissionGUI.php:26