ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Static Public Member Functions | Data Fields | Protected Member Functions | Protected Attributes
ilPermissionGUI Class Reference
Services/AccessControl

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output. More...

+ Inheritance diagram for ilPermissionGUI:
+ Collaboration diagram for ilPermissionGUI:

Public Member Functions

 __construct ($a_gui_obj)
 Constructor. More...
 
 executeCommand ()
 Execute command. More...
 
 getCurrentObject ()
 Get current object. More...
 
 perm (ilTable2GUI $table=null)
 show permission table More...
 
 applyRoleFilter ($a_roles, $a_filter_id)
 Apply filter to roles. More...
 
- Public Member Functions inherited from ilPermission2GUI
 __construct ($a_gui_obj)
 
 owner ()
 
 changeOwner ()
 
 __initSubTabs ($a_cmd)
 
 log ()
 
 applyLogFilter ()
 
 resetLogFilter ()
 

Static Public Member Functions

static hasContainerCommands ($a_type)
 Check if container commands are possible for the current object type. More...
 

Data Fields

const CMD_PERM_POSITIONS = 'permPositions'
 
const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions'
 
- Data Fields inherited from ilPermission2GUI
const TAB_POSITION_PERMISSION_SETTINGS = "position_permission_settings"
 

Protected Member Functions

 confirmTemplateSwitch ()
 Called after toolbar action applyTemplateSwitch. More...
 
 isAdminRoleFolder ()
 Check of current location is administration (main) role folder. More...
 
 isAdministrationObject ()
 
 isInAdministration ()
 Check if node is subobject of administration folder. More...
 
 applyFilter ()
 Apply filter. More...
 
 resetFilter ()
 Reset filter. More...
 
 savePermissions ()
 Save permissions. More...
 
 showConfirmBlockRole ($a_blocked_info)
 Show block role confirmation screen. More...
 
 modifyBlockRoles ()
 
 unblockRoles ($roles)
 
 blockRoles ($roles)
 Block role. More...
 
 displayImportRoleForm (ilPropertyFormGUI $form=null)
 Show import form. More...
 
 doImportRole ()
 Perform import. More...
 
 initImportForm ()
 init import form More...
 
 initRoleForm ()
 Shoew add role @global type $rbacreview @global type $objDefinition. More...
 
 displayAddRoleForm ()
 Show add role form. More...
 
 addRole ()
 adds a local role This method is only called when choose the option 'you may add local roles'. More...
 
 getModifiedBlockedSettings ()
 
 permPositions ()
 
 savePositionsPermissions ()
 

Protected Attributes

 $current_obj = null
 
- Protected Attributes inherited from ilPermission2GUI
 $gui_obj = null
 
 $ilErr = null
 
 $ctrl = null
 
 $lng = null
 

Detailed Description

New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Sascha Hofmann sasch.nosp@m.ahof.nosp@m.mann@.nosp@m.gmx..nosp@m.de
Version
$Id$

@ilCtrl_Calls ilPermissionGUI: ilObjRoleGUI, ilRepositorySearchGUI, ilObjectPermissionStatusGUI

Definition at line 19 of file class.ilPermissionGUI.php.

Constructor & Destructor Documentation

◆ __construct()

ilPermissionGUI::__construct (   $a_gui_obj)

Constructor.

Parameters
object$a_gui_obj
Returns

Reimplemented from ilPermission2GUI.

Definition at line 31 of file class.ilPermissionGUI.php.

32 {
33 parent::__construct($a_gui_obj);
34 }

Member Function Documentation

◆ addRole()

ilPermissionGUI::addRole ( )
protected

adds a local role This method is only called when choose the option 'you may add local roles'.

This option is displayed in the permission settings dialogue for an object TODO: this will be changed @access public

Definition at line 737 of file class.ilPermissionGUI.php.

738 {
739 global $DIC;
740
741 $rbacadmin = $DIC['rbacadmin'];
742 $rbacreview = $DIC['rbacreview'];
743 $rbacsystem = $DIC['rbacsystem'];
744 $ilErr = $DIC['ilErr'];
745 $ilCtrl = $DIC['ilCtrl'];
746
747 $form = $this->initRoleForm();
748 if ($form->checkInput()) {
749 $new_title = $form->getInput("title");
750
751 include_once './Services/AccessControl/classes/class.ilObjRole.php';
752 $role = new ilObjRole();
753 $role->setTitle($new_title);
754 $role->setDescription($form->getInput('desc'));
755 $role->create();
756
757 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
758
759 // protect
760 $rbacadmin->setProtected(
761 $this->getCurrentObject()->getRefId(),
762 $role->getId(),
763 $form->getInput('pro') ? 'y' : 'n'
764 );
765
766 // copy rights
767 $right_id_to_copy = $form->getInput("rights");
768 if ($right_id_to_copy) {
769 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
770 $rbacadmin->copyRoleTemplatePermissions(
771 $right_id_to_copy,
772 $parentRoles[$right_id_to_copy]["parent"],
773 $this->getCurrentObject()->getRefId(),
774 $role->getId(),
775 false
776 );
777
778 if ($form->getInput('existing')) {
779 if ($form->getInput('pro')) {
780 $role->changeExistingObjects(
781 $this->getCurrentObject()->getRefId(),
782 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
783 array('all')
784 );
785 } else {
786 $role->changeExistingObjects(
787 $this->getCurrentObject()->getRefId(),
788 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
789 array('all')
790 );
791 }
792 }
793 }
794
795 // add to desktop items
796 if ($form->getInput("desktop")) {
797 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
798 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
799 $role_desk_item_obj->add(
800 $this->getCurrentObject()->getRefId(),
801 ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)
802 );
803 }
804
805 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
806 $this->ctrl->redirect($this, 'perm');
807 } else {
808 $form->setValuesByPost();
809 $this->tpl->setContent($form->getHTML());
810 }
811 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:97
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:642
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
$DIC
global $DIC
Definition: saml.php:7

References $DIC, $form, $GLOBALS, $ilCtrl, ilPermission2GUI\$ilErr, ilObject\_lookupType(), getCurrentObject(), initRoleForm(), ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES, and ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES.

+ Here is the call graph for this function:

◆ applyFilter()

ilPermissionGUI::applyFilter ( )
protected

Apply filter.

Returns

Definition at line 187 of file class.ilPermissionGUI.php.

188 {
189 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
190 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
191 $table->resetOffset();
192 $table->writeFilterToSession();
193 return $this->perm($table);
194 }
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:119
$table
if(empty($password)) $table
Definition: pwgen.php:24

References $table, getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ applyRoleFilter()

ilPermissionGUI::applyRoleFilter (   $a_roles,
  $a_filter_id 
)

Apply filter to roles.

Parameters
int$a_filter_id
Returns

Definition at line 215 of file class.ilPermissionGUI.php.

216 {
217 global $DIC;
218
219 $rbacreview = $DIC['rbacreview'];
220
221 // Always delete administrator role from view
222 if (isset($a_roles[SYSTEM_ROLE_ID])) {
223 unset($a_roles[SYSTEM_ROLE_ID]);
224 }
225
226 switch ($a_filter_id) {
227 // all roles in context
228 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
229
230 return $a_roles;
231
232 // only global roles
233 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
234
235 $arr_global_roles = $rbacreview->getGlobalRoles();
236 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
237
238 foreach ($arr_remove_roles as $role_id) {
239 unset($a_roles[$role_id]);
240 }
241 return $a_roles;
242
243 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
244 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
245 $arr_global_roles = $rbacreview->getGlobalRoles();
246
247 foreach ($arr_global_roles as $role_id) {
248 unset($a_roles[$role_id]);
249 }
250
251 return $a_roles;
252 break;
253
254 // only roles which use a local policy
255 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256
257 $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
259
260 foreach ($arr_remove_roles as $role_id) {
261 unset($a_roles[$role_id]);
262 }
263
264 return $a_roles;
265
266 // only true local role defined at current position
267 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
268
269 $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
270 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
271
272 foreach ($arr_remove_roles as $role_id) {
273 unset($a_roles[$role_id]);
274 }
275
276 return $a_roles;
277
278 default:
279 return $a_roles;
280 }
281 }

References $DIC, $GLOBALS, getCurrentObject(), ilObjectRolePermissionTableGUI\ROLE_FILTER_ALL, ilObjectRolePermissionTableGUI\ROLE_FILTER_GLOBAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL, ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_OBJECT, and ilObjectRolePermissionTableGUI\ROLE_FILTER_LOCAL_POLICY.

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ blockRoles()

ilPermissionGUI::blockRoles (   $roles)
protected

Block role.

Returns
void

Definition at line 511 of file class.ilPermissionGUI.php.

512 {
513 global $DIC;
514
515 $rbacadmin = $DIC['rbacadmin'];
516 $rbacreview = $DIC['rbacreview'];
517
518 foreach ($roles as $role) {
519 // Set assign to 'y' only if it is a local role
520 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
521
522 // Delete permissions
523 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
524
525 // Delete template permissions
526 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
527
528
529 $rbacadmin->assignRoleToFolder(
530 $role,
531 $this->getCurrentObject()->getRefId(),
532 $assign
533 );
534
535 // finally set blocked status
536 $rbacadmin->setBlockedStatus(
537 $role,
538 $this->getCurrentObject()->getRefId(),
539 true
540 );
541 }
542 }

References $DIC, and getCurrentObject().

Referenced by modifyBlockRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ confirmTemplateSwitch()

ilPermissionGUI::confirmTemplateSwitch ( )
protected

Called after toolbar action applyTemplateSwitch.

Definition at line 105 of file class.ilPermissionGUI.php.

106 {
107 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
108 $this->ctrl->setReturn($this, 'perm');
109 $this->ctrl->setCmdClass('ildidactictemplategui');
110 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
111 $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
112 }
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14

◆ displayAddRoleForm()

ilPermissionGUI::displayAddRoleForm ( )
protected

Show add role form.

Definition at line 721 of file class.ilPermissionGUI.php.

722 {
723 $GLOBALS['DIC']['ilTabs']->clearTargets();
724
725 $form = $this->initRoleForm();
726 $this->tpl->setContent($form->getHTML());
727 }

References $form, $GLOBALS, and initRoleForm().

+ Here is the call graph for this function:

◆ displayImportRoleForm()

ilPermissionGUI::displayImportRoleForm ( ilPropertyFormGUI  $form = null)
protected

Show import form.

Parameters
ilPropertyFormGUI$form

Definition at line 563 of file class.ilPermissionGUI.php.

564 {
565 $GLOBALS['DIC']['ilTabs']->clearTargets();
566
567 if (!$form) {
568 $form = $this->initImportForm();
569 }
570 $GLOBALS['DIC']['tpl']->setContent($form->getHTML());
571 }
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:620

References $form, $GLOBALS, and initImportForm().

Referenced by doImportRole().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ doImportRole()

ilPermissionGUI::doImportRole ( )
protected

Perform import.

Definition at line 576 of file class.ilPermissionGUI.php.

577 {
578 global $DIC;
579
580 $rbacreview = $DIC['rbacreview'];
581
582 $form = $this->initImportForm();
583 if ($form->checkInput()) {
584 try {
585 include_once './Services/Export/classes/class.ilImport.php';
586
587 // For global roles set import id to parent of current ref_id (adm)
588 $imp = new ilImport($this->getCurrentObject()->getRefId());
589 $imp->getMapping()->addMapping(
590 'Services/AccessControl',
591 'rolf',
592 0,
593 $this->getCurrentObject()->getRefId()
594 );
595
596 $imp->importObject(
597 null,
598 $_FILES["importfile"]["tmp_name"],
599 $_FILES["importfile"]["name"],
600 'role'
601 );
602 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
603 $this->ctrl->redirect($this, 'perm');
604 return;
605 } catch (Exception $e) {
606 ilUtil::sendFailure($e->getMessage());
607 $form->setValuesByPost();
608 $this->displayImportRoleForm($form);
609 return;
610 }
611 }
612 $form->setValuesByPost();
613 ilUtil::sendFailure($this->lng->txt('err_check_input'));
614 $this->displayImportRoleForm($form);
615 }
ilImport
Import class.
Definition: class.ilImport.php:12
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:563
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4497

References $DIC, $form, displayImportRoleForm(), getCurrentObject(), initImportForm(), and ilUtil\sendFailure().

+ Here is the call graph for this function:

◆ executeCommand()

ilPermissionGUI::executeCommand ( )

Execute command.

Returns

Definition at line 40 of file class.ilPermissionGUI.php.

41 {
42 global $DIC;
43
44 $rbacsystem = $DIC['rbacsystem'];
45 $ilErr = $DIC['ilErr'];
46
47 // access to all functions in this class are only allowed if edit_permission is granted
48 if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
49 $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
50 }
51
52 $next_class = $this->ctrl->getNextClass($this);
53
54 switch ($next_class) {
55 case "ilobjrolegui":
56 $this->ctrl->setReturn($this, 'perm');
57 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
58 $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
59 $ret = $this->ctrl->forwardCommand($this->gui_obj);
60 break;
61
62 case 'ildidactictemplategui':
63 $this->ctrl->setReturn($this, 'perm');
64 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
65 $did = new ilDidacticTemplateGUI($this->gui_obj);
66 $this->ctrl->forwardCommand($did);
67 break;
68
69 case 'ilrepositorysearchgui':
70 // used for owner autocomplete
71 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
72 $rep_search = new ilRepositorySearchGUI();
73 $this->ctrl->forwardCommand($rep_search);
74 break;
75
76 case 'ilobjectpermissionstatusgui':
77 $this->__initSubTabs("perminfo");
78 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
79 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
80 $this->ctrl->forwardCommand($perm_stat);
81 break;
82
83 default:
84 $cmd = $this->ctrl->getCmd();
85 $this->$cmd();
86 break;
87 }
88
89 return true;
90 }
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:17
$ret
$ret
Definition: parser.php:6

References $_GET, $DIC, ilPermission2GUI\$ilErr, $ret, and ilPermission2GUI\__initSubTabs().

+ Here is the call graph for this function:

◆ getCurrentObject()

ilPermissionGUI::getCurrentObject ( )

Get current object.

Returns
ilObject

Definition at line 97 of file class.ilPermissionGUI.php.

98 {
99 return $this->gui_obj->object;
100 }

Referenced by addRole(), applyFilter(), applyRoleFilter(), blockRoles(), doImportRole(), getModifiedBlockedSettings(), isAdministrationObject(), isAdminRoleFolder(), isInAdministration(), perm(), permPositions(), resetFilter(), savePermissions(), savePositionsPermissions(), and unblockRoles().

+ Here is the caller graph for this function:

◆ getModifiedBlockedSettings()

ilPermissionGUI::getModifiedBlockedSettings ( )
protected
Parameters
type$a_blocked_info

Definition at line 817 of file class.ilPermissionGUI.php.

818 {
819 global $DIC;
820
821 $rbacreview = $DIC['rbacreview'];
822
823 $blocked_info['new_blocked'] = array();
824 $blocked_info['new_unblocked'] = array();
825 $blocked_info['num'] = 0;
826 foreach ((array) $_POST['visible_block'] as $role => $one) {
827 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
828 if (isset($_POST['block'][$role]) && !$blocked) {
829 $blocked_info['new_blocked'][] = $role;
830 $blocked_info['num']++;
831 }
832 if (!isset($_POST['block'][$role]) && $blocked) {
833 $blocked_info['new_unblocked'][] = $role;
834 $blocked_info['num']++;
835 }
836 }
837 return $blocked_info;
838 }
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11

References $_POST, $DIC, and getCurrentObject().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ hasContainerCommands()

static ilPermissionGUI::hasContainerCommands (   $a_type)
static

Check if container commands are possible for the current object type.

Parameters
object$a_type
Returns

Definition at line 550 of file class.ilPermissionGUI.php.

551 {
552 global $DIC;
553
554 $objDefinition = $DIC['objDefinition'];
555
556 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
557 }
$a_type
$a_type
Definition: workflow.php:92

References $a_type, and $DIC.

Referenced by ilObjectRolePermissionTableGUI\parse(), and savePermissions().

+ Here is the caller graph for this function:

◆ initImportForm()

ilPermissionGUI::initImportForm ( )
protected

init import form

Definition at line 620 of file class.ilPermissionGUI.php.

621 {
622 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
623 $form = new ilPropertyFormGUI();
624 $form->setFormAction($this->ctrl->getFormAction($this));
625 $form->setTitle($this->lng->txt('rbac_import_role'));
626 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
627 $form->addCommandButton('perm', $this->lng->txt('cancel'));
628
629 $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
630 $zip->setSuffixes(array('zip'));
631 $form->addItem($zip);
632
633 return $form;
634 }
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48

References $form.

Referenced by displayImportRoleForm(), and doImportRole().

+ Here is the caller graph for this function:

◆ initRoleForm()

ilPermissionGUI::initRoleForm ( )
protected

Shoew add role @global type $rbacreview @global type $objDefinition.

Returns
ilPropertyFormGUI

Definition at line 642 of file class.ilPermissionGUI.php.

643 {
644 global $DIC;
645
646 $rbacreview = $DIC['rbacreview'];
647 $objDefinition = $DIC['objDefinition'];
648
649 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
650 $form = new ilPropertyFormGUI();
651 $form->setFormAction($this->ctrl->getFormAction($this));
652 $form->setTitle($this->lng->txt('role_new'));
653 $form->addCommandButton('addrole', $this->lng->txt('role_new'));
654 $form->addCommandButton('perm', $this->lng->txt('cancel'));
655
656 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
657 $title->setValidationRegexp('/^(?!il_).*$/');
658 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
659 $title->setSize(40);
660 $title->setMaxLength(70);
661 $title->setRequired(true);
662 $form->addItem($title);
663
664 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
665 $desc->setCols(40);
666 $desc->setRows(3);
667 $form->addItem($desc);
668
669 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
670 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
671 $pro->setValue(1);
672 $form->addItem($pro);
673
674 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'), 'desktop');
675 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
676 $pd->setValue(1);
677 $form->addItem($pd);
678
679
680 if (!$this->isInAdministration()) {
681 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
682 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
683 $rights->addOption($option);
684
685 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
686 $ids = array();
687 foreach ($parent_role_ids as $id => $tmp) {
688 $ids[] = $id;
689 }
690
691 // Sort ids
692 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
693
694 $key = 0;
695 foreach ($sorted_ids as $id) {
696 $par = $parent_role_ids[$id];
697 if ($par["obj_id"] != SYSTEM_ROLE_ID) {
698 include_once './Services/AccessControl/classes/class.ilObjRole.php';
699 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
700 $option->setInfo($par["desc"]);
701 $rights->addOption($option);
702 }
703 $key++;
704 }
705 $form->addItem($rights);
706 }
707
708 // Local policy only for containers
709 if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
710 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
711 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
712 $form->addItem($check);
713 }
714
715 return $form;
716 }
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:518
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:177
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4405
$key
$key
Definition: croninfo.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14

References $DIC, $form, $id, $key, $title, ilObjRole\_getTranslation(), ilUtil\_sortIds(), and isInAdministration().

Referenced by addRole(), and displayAddRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isAdministrationObject()

ilPermissionGUI::isAdministrationObject ( )
protected

Definition at line 168 of file class.ilPermissionGUI.php.

169 {
170 return $this->getCurrentObject()->getType() == 'adm';
171 }

References getCurrentObject().

+ Here is the call graph for this function:

◆ isAdminRoleFolder()

ilPermissionGUI::isAdminRoleFolder ( )
protected

Check of current location is administration (main) role folder.

Returns

Definition at line 163 of file class.ilPermissionGUI.php.

164 {
165 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
166 }

References getCurrentObject().

Referenced by perm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isInAdministration()

ilPermissionGUI::isInAdministration ( )
protected

Check if node is subobject of administration folder.

Returns
type

Definition at line 177 of file class.ilPermissionGUI.php.

178 {
179 return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
180 }

References $GLOBALS, and getCurrentObject().

Referenced by initRoleForm().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ modifyBlockRoles()

ilPermissionGUI::modifyBlockRoles ( )
protected

Definition at line 467 of file class.ilPermissionGUI.php.

468 {
469 $this->blockRoles((array) $_POST['new_block']);
470 $this->unblockRoles((array) $_POST['new_unblock']);
471
472 ilUtil::sendInfo($this->lng->txt('settings_saved'));
473 $this->ctrl->redirect($this, 'perm');
474 }
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:511
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4481

References $_POST, blockRoles(), ilUtil\sendInfo(), and unblockRoles().

+ Here is the call graph for this function:

◆ perm()

ilPermissionGUI::perm ( ilTable2GUI  $table = null)

show permission table

Returns

Definition at line 119 of file class.ilPermissionGUI.php.

120 {
121 global $DIC;
122
123 $objDefinition = $DIC['objDefinition'];
124 $ilToolbar = $DIC['ilToolbar'];
125
126 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
127 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
128 if ($dtpl->appendToolbarSwitch(
129 $ilToolbar,
130 $this->getCurrentObject()->getType(),
131 $this->getCurrentObject()->getRefId()
132 )) {
133 $ilToolbar->addSeparator();
134 }
135
136 if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
137 !$this->isAdministrationObject()
138 ) {
139 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
140
141 if (!$this->isAdminRoleFolder()) {
142 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
143 }
144 $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
145 }
146
147 $this->__initSubTabs("perm");
148
149 if (!$table instanceof ilTable2GUI) {
150 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
151 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
152 }
153 $table->parse();
154 $this->tpl->setContent($table->getHTML());
155 }
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:163
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16

References $DIC, $table, ilPermission2GUI\__initSubTabs(), getCurrentObject(), and isAdminRoleFolder().

Referenced by applyFilter(), and resetFilter().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ permPositions()

ilPermissionGUI::permPositions ( )
protected

Definition at line 845 of file class.ilPermissionGUI.php.

846 {
847 $perm = self::CMD_PERM_POSITIONS;
848 $this->__initSubTabs($perm);
849
850 $ref_id = $this->getCurrentObject()->getRefId();
851 $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
852 $table->collectData();
853 $this->tpl->setContent($table->getHTML());
854 }
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:9

References $table, ilPermission2GUI\__initSubTabs(), CMD_PERM_POSITIONS, and getCurrentObject().

+ Here is the call graph for this function:

◆ resetFilter()

ilPermissionGUI::resetFilter ( )
protected

Reset filter.

Returns

Definition at line 200 of file class.ilPermissionGUI.php.

201 {
202 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
203 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
204 $table->resetOffset();
205 $table->resetFilter();
206
207 return $this->perm($table);
208 }

References $table, getCurrentObject(), and perm().

+ Here is the call graph for this function:

◆ savePermissions()

ilPermissionGUI::savePermissions ( )
protected

Save permissions.

Returns

Definition at line 287 of file class.ilPermissionGUI.php.

288 {
289 global $DIC;
290
291 $rbacreview = $DIC['rbacreview'];
292 $objDefinition = $DIC['objDefinition'];
293 $rbacadmin = $DIC['rbacadmin'];
294
295 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
296 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
297
298 $roles = $this->applyRoleFilter(
299 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
300 $table->getFilterItemByPostVar('role')->getValue()
301 );
302
303 // Log history
304 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
305 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
306
307
308 # all possible create permissions
309 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
310 $this->getCurrentObject()->getType(),
311 'create'
312 );
313
314 # createable (activated) create permissions
315 $create_types = $objDefinition->getCreatableSubObjects(
316 $this->getCurrentObject()->getType()
317 );
318 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
319
320 foreach ((array) $roles as $role => $role_data) {
321 if ($role_data['protected']) {
322 continue;
323 }
324
325 $new_ops = array_keys((array) $_POST['perm'][$role]);
326 $old_ops = $rbacreview->getRoleOperationsOnObject(
327 $role,
328 $this->getCurrentObject()->getRefId()
329 );
330
331 // Add operations which were enabled and are not activated.
332 foreach ($possible_ops_ids as $create_ops_id) {
333 if (in_array($create_ops_id, $createable_ops_ids)) {
334 continue;
335 }
336 if (in_array($create_ops_id, $old_ops)) {
337 $new_ops[] = $create_ops_id;
338 }
339 }
340
341 $rbacadmin->revokePermission(
342 $this->getCurrentObject()->getRefId(),
343 $role
344 );
345
346 $rbacadmin->grantPermission(
347 $role,
348 array_unique($new_ops),
349 $this->getCurrentObject()->getRefId()
350 );
351 }
352
353 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
354 foreach ($roles as $role) {
355 // No action for local roles
356 if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
357 continue;
358 }
359 // Nothing for protected roles
360 if ($role['protected']) {
361 continue;
362 }
363 // Stop local policy
364 if (
365 $role['parent'] == $this->getCurrentObject()->getRefId() and
366 !isset($_POST['inherit'][$role['obj_id']]) and
367 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
368 ) {
369 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
370 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
371 $role_obj->setParent($this->getCurrentObject()->getRefId());
372 $role_obj->delete();
373 continue;
374 }
375 // Add local policy
376 if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
377 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
378 $rbacadmin->copyRoleTemplatePermissions(
379 $role['obj_id'],
380 $role['parent'],
381 $this->getCurrentObject()->getRefId(),
382 $role['obj_id']
383 );
384 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
385 $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
386 }
387 }
388 }
389
390 // Protect permissions
391 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
392 foreach ($roles as $role) {
393 if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
394 if (isset($_POST['protect'][$role['obj_id']]) and
395 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
396 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
397 } elseif (!isset($_POST['protect'][$role['obj_id']]) and
398 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
399 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
400 }
401 }
402 }
403 }
404
405 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
406 $log = ilRbacLog::diffFaPa($log_old, $log_new);
407 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
408
409 $blocked_info = $this->getModifiedBlockedSettings();
410 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
411 if ($blocked_info['num'] > 0) {
412 return $this->showConfirmBlockRole($blocked_info);
413 }
414
415
416 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
417 $this->ctrl->redirect($this, 'perm');
418 #$this->perm();
419 }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:550
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:215
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:426
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
$log
$log
Definition: sabredav.php:21

References $_POST, $DIC, $log, $table, ilRbacLog\add(), applyRoleFilter(), ilRbacLog\diffFaPa(), ilRbacLog\EDIT_PERMISSIONS, ilRbacLog\gatherFaPa(), getCurrentObject(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), getModifiedBlockedSettings(), hasContainerCommands(), ilRbacReview\lookupCreateOperationIds(), and showConfirmBlockRole().

+ Here is the call graph for this function:

◆ savePositionsPermissions()

ilPermissionGUI::savePositionsPermissions ( )
protected

Definition at line 857 of file class.ilPermissionGUI.php.

858 {
859 $this->__initSubTabs(self::CMD_PERM_POSITIONS);
860
861 $positions = ilOrgUnitPosition::getArray(null, 'id');
862 $ref_id = $this->getCurrentObject()->getRefId();
863
864 // handle local sets
865 foreach ($positions as $position_id) {
866 if (isset($_POST['local'][$position_id])) {
867 ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
868 } else {
869 ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
870 }
871 }
872
873 if ($_POST['position_perm']) {
874 foreach ($_POST['position_perm'] as $position_id => $ops) {
875 if (!isset($_POST['local'][$position_id])) {
876 continue;
877 }
878 $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
879 $new_ops = [];
880 foreach ($ops as $op_id => $op) {
881 $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
882 }
883 $ilOrgUnitPermission->setOperations($new_ops);
884 $ilOrgUnitPermission->save();
885 }
886 }
887 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
888 $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
889 }
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:908

References $_POST, ilPermission2GUI\__initSubTabs(), ilOrgUnitOperationQueries\findById(), ActiveRecord\getArray(), and getCurrentObject().

+ Here is the call graph for this function:

◆ showConfirmBlockRole()

ilPermissionGUI::showConfirmBlockRole (   $a_blocked_info)
protected

Show block role confirmation screen.

Parameters
array$a_roles
Returns

Definition at line 426 of file class.ilPermissionGUI.php.

427 {
428 $info = '';
429 if ($a_blocked_info['new_blocked']) {
430 $info .= $this->lng->txt('role_confirm_block_role_info');
431 if ($a_blocked_info['new_unblocked']) {
432 $info .= '<br /><br />';
433 }
434 }
435 if ($a_blocked_info['new_unblocked']) {
436 $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
437 }
438
439 ilUtil::sendInfo($info);
440
441 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
442 $confirm = new ilConfirmationGUI();
443 $confirm->setFormAction($this->ctrl->getFormAction($this));
444 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
445 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
446 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
447
448 foreach ($a_blocked_info['new_blocked'] as $role_id) {
449 include_once './Services/AccessControl/classes/class.ilObjRole.php';
450 $confirm->addItem(
451 'new_block[]',
452 $role_id,
453 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
454 );
455 }
456 foreach ($a_blocked_info['new_unblocked'] as $role_id) {
457 include_once './Services/AccessControl/classes/class.ilObjRole.php';
458 $confirm->addItem(
459 'new_unblock[]',
460 $role_id,
461 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
462 );
463 }
464 $this->tpl->setContent($confirm->getHTML());
465 }
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
$info
$info
Definition: index.php:5

References $info, ilObjRole\_getTranslation(), ilObject\_lookupTitle(), and ilUtil\sendInfo().

Referenced by savePermissions().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ unblockRoles()

ilPermissionGUI::unblockRoles (   $roles)
protected

Definition at line 479 of file class.ilPermissionGUI.php.

480 {
481 global $DIC;
482
483 $rbacadmin = $DIC['rbacadmin'];
484
485 foreach ($roles as $role) {
486 // delete local policy
487 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
488 $role_obj = ilObjectFactory::getInstanceByObjId($role);
489 $role_obj->setParent($this->getCurrentObject()->getRefId());
490 $role_obj->delete();
491
492 $role_obj->changeExistingObjects(
493 $this->getCurrentObject()->getRefId(),
494 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
495 array('all')
496 );
497
498 // finally set blocked status
499 $rbacadmin->setBlockedStatus(
500 $role,
501 $this->getCurrentObject()->getRefId(),
502 false
503 );
504 }
505 }

References $DIC, getCurrentObject(), ilObjectFactory\getInstanceByObjId(), ilLoggerFactory\getLogger(), and ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES.

Referenced by modifyBlockRoles().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $current_obj

ilPermissionGUI::$current_obj = null
protected

Definition at line 24 of file class.ilPermissionGUI.php.

◆ CMD_PERM_POSITIONS

const ilPermissionGUI::CMD_PERM_POSITIONS = 'permPositions'

Definition at line 21 of file class.ilPermissionGUI.php.

Referenced by ilPermission2GUI\__initSubTabs(), and permPositions().

◆ CMD_SAVE_POSITIONS_PERMISSIONS

const ilPermissionGUI::CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions'

Definition at line 22 of file class.ilPermissionGUI.php.

Referenced by ilOrgUnitPermissionTableGUI\__construct().

The documentation for this class was generated from the following file: