ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilPermissionGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5
19class ilPermissionGUI extends ilPermission2GUI
20{
21 const CMD_PERM_POSITIONS = 'permPositions';
22 const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
23
24 protected $current_obj = null;
25
31 public function __construct($a_gui_obj)
32 {
33 parent::__construct($a_gui_obj);
34 }
35
40 public function executeCommand()
41 {
42 global $DIC;
43
44 $rbacsystem = $DIC['rbacsystem'];
45 $ilErr = $DIC['ilErr'];
46
47 // access to all functions in this class are only allowed if edit_permission is granted
48 if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
49 $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
50 }
51
52 $next_class = $this->ctrl->getNextClass($this);
53
54 switch ($next_class) {
55 case "ilobjrolegui":
56 $this->ctrl->setReturn($this, 'perm');
57 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
58 $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
59 $ret = $this->ctrl->forwardCommand($this->gui_obj);
60 break;
61
62 case 'ildidactictemplategui':
63 $this->ctrl->setReturn($this, 'perm');
64 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
65 $did = new ilDidacticTemplateGUI($this->gui_obj);
66 $this->ctrl->forwardCommand($did);
67 break;
68
69 case 'ilrepositorysearchgui':
70 // used for owner autocomplete
71 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
72 $rep_search = new ilRepositorySearchGUI();
73 $this->ctrl->forwardCommand($rep_search);
74 break;
75
76 case 'ilobjectpermissionstatusgui':
77 $this->__initSubTabs("perminfo");
78 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
79 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
80 $this->ctrl->forwardCommand($perm_stat);
81 break;
82
83 default:
84 $cmd = $this->ctrl->getCmd();
85 $this->$cmd();
86 break;
87 }
88
89 return true;
90 }
91
92
97 public function getCurrentObject()
98 {
99 return $this->gui_obj->object;
100 }
101
105 protected function confirmTemplateSwitch()
106 {
107 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
108 $this->ctrl->setReturn($this, 'perm');
109 $this->ctrl->setCmdClass('ildidactictemplategui');
110 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
111 $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
112 }
113
114
119 public function perm(ilTable2GUI $table = null)
120 {
121 global $DIC;
122
123 $objDefinition = $DIC['objDefinition'];
124 $ilToolbar = $DIC['ilToolbar'];
125
126 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
127 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
128 if ($dtpl->appendToolbarSwitch(
129 $ilToolbar,
130 $this->getCurrentObject()->getType(),
131 $this->getCurrentObject()->getRefId()
132 )) {
133 $ilToolbar->addSeparator();
134 }
135
136 if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
137 !$this->isAdministrationObject()
138 ) {
139 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
140
141 if (!$this->isAdminRoleFolder()) {
142 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
143 }
144 $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
145 }
146
147 $this->__initSubTabs("perm");
148
149 if (!$table instanceof ilTable2GUI) {
150 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
151 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
152 }
153 $table->parse();
154 $this->tpl->setContent($table->getHTML());
155 }
156
157
158
163 protected function isAdminRoleFolder()
164 {
165 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
166 }
167
168 protected function isAdministrationObject()
169 {
170 return $this->getCurrentObject()->getType() == 'adm';
171 }
172
177 protected function isInAdministration()
178 {
179 return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
180 }
181
182
187 protected function applyFilter()
188 {
189 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
190 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
191 $table->resetOffset();
192 $table->writeFilterToSession();
193 return $this->perm($table);
194 }
195
200 protected function resetFilter()
201 {
202 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
203 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
204 $table->resetOffset();
205 $table->resetFilter();
206
207 return $this->perm($table);
208 }
209
215 public function applyRoleFilter($a_roles, $a_filter_id)
216 {
217 global $DIC;
218
219 $rbacreview = $DIC['rbacreview'];
220
221 // Always delete administrator role from view
222 if (isset($a_roles[SYSTEM_ROLE_ID])) {
223 unset($a_roles[SYSTEM_ROLE_ID]);
224 }
225
226 switch ($a_filter_id) {
227 // all roles in context
228 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
229
230 return $a_roles;
231
232 // only global roles
233 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
234
235 $arr_global_roles = $rbacreview->getGlobalRoles();
236 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
237
238 foreach ($arr_remove_roles as $role_id) {
239 unset($a_roles[$role_id]);
240 }
241 return $a_roles;
242
243 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
244 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
245 $arr_global_roles = $rbacreview->getGlobalRoles();
246
247 foreach ($arr_global_roles as $role_id) {
248 unset($a_roles[$role_id]);
249 }
250
251 return $a_roles;
252 break;
253
254 // only roles which use a local policy
255 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256
257 $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
259
260 foreach ($arr_remove_roles as $role_id) {
261 unset($a_roles[$role_id]);
262 }
263
264 return $a_roles;
265
266 // only true local role defined at current position
267 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
268
269 $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
270 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
271
272 foreach ($arr_remove_roles as $role_id) {
273 unset($a_roles[$role_id]);
274 }
275
276 return $a_roles;
277
278 default:
279 return $a_roles;
280 }
281 }
282
287 protected function savePermissions()
288 {
289 global $DIC;
290
291 $rbacreview = $DIC['rbacreview'];
292 $objDefinition = $DIC['objDefinition'];
293 $rbacadmin = $DIC['rbacadmin'];
294
295 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
296 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
297
298 $roles = $this->applyRoleFilter(
299 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
300 $table->getFilterItemByPostVar('role')->getValue()
301 );
302
303 // Log history
304 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
305 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
306
307
308 # all possible create permissions
309 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
310 $this->getCurrentObject()->getType(),
311 'create'
312 );
313
314 # createable (activated) create permissions
315 $create_types = $objDefinition->getCreatableSubObjects(
316 $this->getCurrentObject()->getType()
317 );
318 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
319
320 foreach ((array) $roles as $role => $role_data) {
321 if ($role_data['protected']) {
322 continue;
323 }
324
325 $new_ops = array_keys((array) $_POST['perm'][$role]);
326 $old_ops = $rbacreview->getRoleOperationsOnObject(
327 $role,
328 $this->getCurrentObject()->getRefId()
329 );
330
331 // Add operations which were enabled and are not activated.
332 foreach ($possible_ops_ids as $create_ops_id) {
333 if (in_array($create_ops_id, $createable_ops_ids)) {
334 continue;
335 }
336 if (in_array($create_ops_id, $old_ops)) {
337 $new_ops[] = $create_ops_id;
338 }
339 }
340
341 $rbacadmin->revokePermission(
342 $this->getCurrentObject()->getRefId(),
343 $role
344 );
345
346 $rbacadmin->grantPermission(
347 $role,
348 array_unique($new_ops),
349 $this->getCurrentObject()->getRefId()
350 );
351 }
352
353 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
354 foreach ($roles as $role) {
355 // No action for local roles
356 if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
357 continue;
358 }
359 // Nothing for protected roles
360 if ($role['protected']) {
361 continue;
362 }
363 // Stop local policy
364 if (
365 $role['parent'] == $this->getCurrentObject()->getRefId() and
366 !isset($_POST['inherit'][$role['obj_id']]) and
367 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
368 ) {
369 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
370 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
371 $role_obj->setParent($this->getCurrentObject()->getRefId());
372 $role_obj->delete();
373 continue;
374 }
375 // Add local policy
376 if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
377 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
378 $rbacadmin->copyRoleTemplatePermissions(
379 $role['obj_id'],
380 $role['parent'],
381 $this->getCurrentObject()->getRefId(),
382 $role['obj_id']
383 );
384 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
385 $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
386 }
387 }
388 }
389
390 // Protect permissions
391 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
392 foreach ($roles as $role) {
393 if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
394 if (isset($_POST['protect'][$role['obj_id']]) and
395 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
396 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
397 } elseif (!isset($_POST['protect'][$role['obj_id']]) and
398 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
399 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
400 }
401 }
402 }
403 }
404
405 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
406 $log = ilRbacLog::diffFaPa($log_old, $log_new);
407 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
408
409 $blocked_info = $this->getModifiedBlockedSettings();
410 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
411 if ($blocked_info['num'] > 0) {
412 return $this->showConfirmBlockRole($blocked_info);
413 }
414
415
416 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
417 $this->ctrl->redirect($this, 'perm');
418 #$this->perm();
419 }
420
426 protected function showConfirmBlockRole($a_blocked_info)
427 {
428 $info = '';
429 if ($a_blocked_info['new_blocked']) {
430 $info .= $this->lng->txt('role_confirm_block_role_info');
431 if ($a_blocked_info['new_unblocked']) {
432 $info .= '<br /><br />';
433 }
434 }
435 if ($a_blocked_info['new_unblocked']) {
436 $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
437 }
438
439 ilUtil::sendInfo($info);
440
441 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
442 $confirm = new ilConfirmationGUI();
443 $confirm->setFormAction($this->ctrl->getFormAction($this));
444 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
445 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
446 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
447
448 foreach ($a_blocked_info['new_blocked'] as $role_id) {
449 include_once './Services/AccessControl/classes/class.ilObjRole.php';
450 $confirm->addItem(
451 'new_block[]',
452 $role_id,
453 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
454 );
455 }
456 foreach ($a_blocked_info['new_unblocked'] as $role_id) {
457 include_once './Services/AccessControl/classes/class.ilObjRole.php';
458 $confirm->addItem(
459 'new_unblock[]',
460 $role_id,
461 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
462 );
463 }
464 $this->tpl->setContent($confirm->getHTML());
465 }
466
467 protected function modifyBlockRoles()
468 {
469 $this->blockRoles((array) $_POST['new_block']);
470 $this->unblockRoles((array) $_POST['new_unblock']);
471
472 ilUtil::sendInfo($this->lng->txt('settings_saved'));
473 $this->ctrl->redirect($this, 'perm');
474 }
475
479 protected function unblockRoles($roles)
480 {
481 global $DIC;
482
483 $rbacadmin = $DIC['rbacadmin'];
484
485 foreach ($roles as $role) {
486 // delete local policy
487 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
488 $role_obj = ilObjectFactory::getInstanceByObjId($role);
489 $role_obj->setParent($this->getCurrentObject()->getRefId());
490 $role_obj->delete();
491
492 $role_obj->changeExistingObjects(
493 $this->getCurrentObject()->getRefId(),
494 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
495 array('all')
496 );
497
498 // finally set blocked status
499 $rbacadmin->setBlockedStatus(
500 $role,
501 $this->getCurrentObject()->getRefId(),
502 false
503 );
504 }
505 }
506
511 protected function blockRoles($roles)
512 {
513 global $DIC;
514
515 $rbacadmin = $DIC['rbacadmin'];
516 $rbacreview = $DIC['rbacreview'];
517
518 foreach ($roles as $role) {
519 // Set assign to 'y' only if it is a local role
520 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
521
522 // Delete permissions
523 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
524
525 // Delete template permissions
526 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
527
528
529 $rbacadmin->assignRoleToFolder(
530 $role,
531 $this->getCurrentObject()->getRefId(),
532 $assign
533 );
534
535 // finally set blocked status
536 $rbacadmin->setBlockedStatus(
537 $role,
538 $this->getCurrentObject()->getRefId(),
539 true
540 );
541 }
542 }
543
544
550 public static function hasContainerCommands($a_type)
551 {
552 global $DIC;
553
554 $objDefinition = $DIC['objDefinition'];
555
556 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
557 }
558
563 protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
564 {
565 $GLOBALS['DIC']['ilTabs']->clearTargets();
566
567 if (!$form) {
568 $form = $this->initImportForm();
569 }
570 $GLOBALS['DIC']['tpl']->setContent($form->getHTML());
571 }
572
576 protected function doImportRole()
577 {
578 global $DIC;
579
580 $rbacreview = $DIC['rbacreview'];
581
582 $form = $this->initImportForm();
583 if ($form->checkInput()) {
584 try {
585 include_once './Services/Export/classes/class.ilImport.php';
586
587 // For global roles set import id to parent of current ref_id (adm)
588 $imp = new ilImport($this->getCurrentObject()->getRefId());
589 $imp->getMapping()->addMapping(
590 'Services/AccessControl',
591 'rolf',
592 0,
593 $this->getCurrentObject()->getRefId()
594 );
595
596 $imp->importObject(
597 null,
598 $_FILES["importfile"]["tmp_name"],
599 $_FILES["importfile"]["name"],
600 'role'
601 );
602 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
603 $this->ctrl->redirect($this, 'perm');
604 return;
605 } catch (Exception $e) {
606 ilUtil::sendFailure($e->getMessage());
607 $form->setValuesByPost();
608 $this->displayImportRoleForm($form);
609 return;
610 }
611 }
612 $form->setValuesByPost();
613 ilUtil::sendFailure($this->lng->txt('err_check_input'));
614 $this->displayImportRoleForm($form);
615 }
616
620 protected function initImportForm()
621 {
622 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
623 $form = new ilPropertyFormGUI();
624 $form->setFormAction($this->ctrl->getFormAction($this));
625 $form->setTitle($this->lng->txt('rbac_import_role'));
626 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
627 $form->addCommandButton('perm', $this->lng->txt('cancel'));
628
629 $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
630 $zip->setSuffixes(array('zip'));
631 $form->addItem($zip);
632
633 return $form;
634 }
635
642 protected function initRoleForm()
643 {
644 global $DIC;
645
646 $rbacreview = $DIC['rbacreview'];
647 $objDefinition = $DIC['objDefinition'];
648
649 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
650 $form = new ilPropertyFormGUI();
651 $form->setFormAction($this->ctrl->getFormAction($this));
652 $form->setTitle($this->lng->txt('role_new'));
653 $form->addCommandButton('addrole', $this->lng->txt('role_new'));
654 $form->addCommandButton('perm', $this->lng->txt('cancel'));
655
656 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
657 $title->setValidationRegexp('/^(?!il_).*$/');
658 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
659 $title->setSize(40);
660 $title->setMaxLength(70);
661 $title->setRequired(true);
662 $form->addItem($title);
663
664 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
665 $desc->setCols(40);
666 $desc->setRows(3);
667 $form->addItem($desc);
668
669 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
670 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
671 $pro->setValue(1);
672 $form->addItem($pro);
673
674 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'), 'desktop');
675 $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
676 $pd->setValue(1);
677 $form->addItem($pd);
678
679
680 if (!$this->isInAdministration()) {
681 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
682 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
683 $rights->addOption($option);
684
685 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
686 $ids = array();
687 foreach ($parent_role_ids as $id => $tmp) {
688 $ids[] = $id;
689 }
690
691 // Sort ids
692 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
693
694 $key = 0;
695 foreach ($sorted_ids as $id) {
696 $par = $parent_role_ids[$id];
697 if ($par["obj_id"] != SYSTEM_ROLE_ID) {
698 include_once './Services/AccessControl/classes/class.ilObjRole.php';
699 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
700 $option->setInfo($par["desc"]);
701 $rights->addOption($option);
702 }
703 $key++;
704 }
705 $form->addItem($rights);
706 }
707
708 // Local policy only for containers
709 if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
710 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
711 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
712 $form->addItem($check);
713 }
714
715 return $form;
716 }
717
721 protected function displayAddRoleForm()
722 {
723 $GLOBALS['DIC']['ilTabs']->clearTargets();
724
725 $form = $this->initRoleForm();
726 $this->tpl->setContent($form->getHTML());
727 }
728
737 protected function addRole()
738 {
739 global $DIC;
740
741 $rbacadmin = $DIC['rbacadmin'];
742 $rbacreview = $DIC['rbacreview'];
743 $rbacsystem = $DIC['rbacsystem'];
744 $ilErr = $DIC['ilErr'];
745 $ilCtrl = $DIC['ilCtrl'];
746
747 $form = $this->initRoleForm();
748 if ($form->checkInput()) {
749 $new_title = $form->getInput("title");
750
751 include_once './Services/AccessControl/classes/class.ilObjRole.php';
752 $role = new ilObjRole();
753 $role->setTitle($new_title);
754 $role->setDescription($form->getInput('desc'));
755 $role->create();
756
757 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
758
759 // protect
760 $rbacadmin->setProtected(
761 $this->getCurrentObject()->getRefId(),
762 $role->getId(),
763 $form->getInput('pro') ? 'y' : 'n'
764 );
765
766 // copy rights
767 $right_id_to_copy = $form->getInput("rights");
768 if ($right_id_to_copy) {
769 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
770 $rbacadmin->copyRoleTemplatePermissions(
771 $right_id_to_copy,
772 $parentRoles[$right_id_to_copy]["parent"],
773 $this->getCurrentObject()->getRefId(),
774 $role->getId(),
775 false
776 );
777
778 if ($form->getInput('existing')) {
779 if ($form->getInput('pro')) {
780 $role->changeExistingObjects(
781 $this->getCurrentObject()->getRefId(),
782 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
783 array('all')
784 );
785 } else {
786 $role->changeExistingObjects(
787 $this->getCurrentObject()->getRefId(),
788 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
789 array('all')
790 );
791 }
792 }
793 }
794
795 // add to desktop items
796 if ($form->getInput("desktop")) {
797 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
798 $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
799 $role_desk_item_obj->add(
800 $this->getCurrentObject()->getRefId(),
801 ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)
802 );
803 }
804
805 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
806 $this->ctrl->redirect($this, 'perm');
807 } else {
808 $form->setValuesByPost();
809 $this->tpl->setContent($form->getHTML());
810 }
811 }
812
817 protected function getModifiedBlockedSettings()
818 {
819 global $DIC;
820
821 $rbacreview = $DIC['rbacreview'];
822
823 $blocked_info['new_blocked'] = array();
824 $blocked_info['new_unblocked'] = array();
825 $blocked_info['num'] = 0;
826 foreach ((array) $_POST['visible_block'] as $role => $one) {
827 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
828 if (isset($_POST['block'][$role]) && !$blocked) {
829 $blocked_info['new_blocked'][] = $role;
830 $blocked_info['num']++;
831 }
832 if (!isset($_POST['block'][$role]) && $blocked) {
833 $blocked_info['new_unblocked'][] = $role;
834 $blocked_info['num']++;
835 }
836 }
837 return $blocked_info;
838 }
839
840 //
841 // OrgUnit Position Permissions
842 //
843
844
845 protected function permPositions()
846 {
847 $perm = self::CMD_PERM_POSITIONS;
848 $this->__initSubTabs($perm);
849
850 $ref_id = $this->getCurrentObject()->getRefId();
851 $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
852 $table->collectData();
853 $this->tpl->setContent($table->getHTML());
854 }
855
856
857 protected function savePositionsPermissions()
858 {
859 $this->__initSubTabs(self::CMD_PERM_POSITIONS);
860
861 $positions = ilOrgUnitPosition::getArray(null, 'id');
862 $ref_id = $this->getCurrentObject()->getRefId();
863
864 // handle local sets
865 foreach ($positions as $position_id) {
866 if (isset($_POST['local'][$position_id])) {
867 ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
868 } else {
869 ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
870 }
871 }
872
873 if ($_POST['position_perm']) {
874 foreach ($_POST['position_perm'] as $position_id => $ops) {
875 if (!isset($_POST['local'][$position_id])) {
876 continue;
877 }
878 $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
879 $new_ops = [];
880 foreach ($ops as $op_id => $op) {
881 $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
882 }
883 $ilOrgUnitPermission->setOperations($new_ops);
884 $ilOrgUnitPermission->save();
885 }
886 }
887 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
888 $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
889 }
890}
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:908
php
An exception for terminatinating execution or to throw for unit testing.
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilImport
Import class.
Definition: class.ilImport.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:518
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:17
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:9
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:17
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:20
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:511
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:563
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:200
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:105
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:163
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:31
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:40
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:721
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:287
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:97
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:642
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:620
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:119
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:550
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:576
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:215
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:426
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:177
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:187
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
Definition: class.ilPermissionGUI.php:737
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4405
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4497
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4481
$key
$key
Definition: croninfo.php:18
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$info
$info
Definition: index.php:5
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
$ret
$ret
Definition: parser.php:6
$table
if(empty($password)) $table
Definition: pwgen.php:24
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
$log
$log
Definition: sabredav.php:21
$DIC
global $DIC
Definition: saml.php:7
$a_type
$a_type
Definition: workflow.php:92