ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  const CMD_PERM_POSITIONS = 'permPositions';
22  const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
23 
24  protected $current_obj = null;
25 
31  public function __construct($a_gui_obj)
32  {
33  parent::__construct($a_gui_obj);
34  }
35 
40  public function executeCommand()
41  {
42  global $DIC;
43 
44  $rbacsystem = $DIC['rbacsystem'];
45  $ilErr = $DIC['ilErr'];
46 
47  // access to all functions in this class are only allowed if edit_permission is granted
48  if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
49  $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
50  }
51 
52  $next_class = $this->ctrl->getNextClass($this);
53 
54  switch ($next_class) {
55  case "ilobjrolegui":
56  $this->ctrl->setReturn($this, 'perm');
57  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
58  $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
59  $ret = $this->ctrl->forwardCommand($this->gui_obj);
60  break;
61 
62  case 'ildidactictemplategui':
63  $this->ctrl->setReturn($this, 'perm');
64  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
65  $did = new ilDidacticTemplateGUI($this->gui_obj);
66  $this->ctrl->forwardCommand($did);
67  break;
68 
69  case 'ilrepositorysearchgui':
70  // used for owner autocomplete
71  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
72  $rep_search = new ilRepositorySearchGUI();
73  $this->ctrl->forwardCommand($rep_search);
74  break;
75 
76  case 'ilobjectpermissionstatusgui':
77  $this->__initSubTabs("perminfo");
78  include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
79  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
80  $this->ctrl->forwardCommand($perm_stat);
81  break;
82 
83  default:
84  $cmd = $this->ctrl->getCmd();
85  $this->$cmd();
86  break;
87  }
88 
89  return true;
90  }
91 
92 
97  public function getCurrentObject()
98  {
99  return $this->gui_obj->object;
100  }
101 
105  protected function confirmTemplateSwitch()
106  {
107  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
108  $this->ctrl->setReturn($this, 'perm');
109  $this->ctrl->setCmdClass('ildidactictemplategui');
110  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
111  $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
112  }
113 
114 
119  public function perm(ilTable2GUI $table = null)
120  {
121  global $DIC;
122 
123  $objDefinition = $DIC['objDefinition'];
124  $ilToolbar = $DIC['ilToolbar'];
125 
126  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
127  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
128  if ($dtpl->appendToolbarSwitch(
129  $ilToolbar,
130  $this->getCurrentObject()->getType(),
131  $this->getCurrentObject()->getRefId()
132  )) {
133  $ilToolbar->addSeparator();
134  }
135 
136  if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
137  !$this->isAdministrationObject()
138  ) {
139  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
140 
141  if (!$this->isAdminRoleFolder()) {
142  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
143  }
144  $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
145  }
146 
147  $this->__initSubTabs("perm");
148 
149  if (!$table instanceof ilTable2GUI) {
150  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
151  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
152  }
153  $table->parse();
154  $this->tpl->setContent($table->getHTML());
155  }
156 
157 
158 
163  protected function isAdminRoleFolder()
164  {
165  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
166  }
167 
168  protected function isAdministrationObject()
169  {
170  return $this->getCurrentObject()->getType() == 'adm';
171  }
172 
177  protected function isInAdministration()
178  {
179  return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
180  }
181 
182 
187  protected function applyFilter()
188  {
189  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
190  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
191  $table->resetOffset();
192  $table->writeFilterToSession();
193  return $this->perm($table);
194  }
195 
200  protected function resetFilter()
201  {
202  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
203  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
204  $table->resetOffset();
205  $table->resetFilter();
206 
207  return $this->perm($table);
208  }
209 
215  public function applyRoleFilter($a_roles, $a_filter_id)
216  {
217  global $DIC;
218 
219  $rbacreview = $DIC['rbacreview'];
220 
221  // Always delete administrator role from view
222  if (isset($a_roles[SYSTEM_ROLE_ID])) {
223  unset($a_roles[SYSTEM_ROLE_ID]);
224  }
225 
226  switch ($a_filter_id) {
227  // all roles in context
228  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
229 
230  return $a_roles;
231 
232  // only global roles
233  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
234 
235  $arr_global_roles = $rbacreview->getGlobalRoles();
236  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
237 
238  foreach ($arr_remove_roles as $role_id) {
239  unset($a_roles[$role_id]);
240  }
241  return $a_roles;
242 
243  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
244  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
245  $arr_global_roles = $rbacreview->getGlobalRoles();
246 
247  foreach ($arr_global_roles as $role_id) {
248  unset($a_roles[$role_id]);
249  }
250 
251  return $a_roles;
252  break;
253 
254  // only roles which use a local policy
255  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
256 
257  $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
258  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
259 
260  foreach ($arr_remove_roles as $role_id) {
261  unset($a_roles[$role_id]);
262  }
263 
264  return $a_roles;
265 
266  // only true local role defined at current position
267  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
268 
269  $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
270  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
271 
272  foreach ($arr_remove_roles as $role_id) {
273  unset($a_roles[$role_id]);
274  }
275 
276  return $a_roles;
277 
278  default:
279  return $a_roles;
280  }
281  }
282 
287  protected function savePermissions()
288  {
289  global $DIC;
290 
291  $rbacreview = $DIC['rbacreview'];
292  $objDefinition = $DIC['objDefinition'];
293  $rbacadmin = $DIC['rbacadmin'];
294 
295  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
296  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
297 
298  $roles = $this->applyRoleFilter(
299  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
300  $table->getFilterItemByPostVar('role')->getValue()
301  );
302 
303  // Log history
304  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
305  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
306 
307 
308  # all possible create permissions
309  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
310  $this->getCurrentObject()->getType(),
311  'create'
312  );
313 
314  # createable (activated) create permissions
315  $create_types = $objDefinition->getCreatableSubObjects(
316  $this->getCurrentObject()->getType()
317  );
318  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
319 
320  foreach ((array) $roles as $role => $role_data) {
321  if ($role_data['protected']) {
322  continue;
323  }
324 
325  $new_ops = array_keys((array) $_POST['perm'][$role]);
326  $old_ops = $rbacreview->getRoleOperationsOnObject(
327  $role,
328  $this->getCurrentObject()->getRefId()
329  );
330 
331  // Add operations which were enabled and are not activated.
332  foreach ($possible_ops_ids as $create_ops_id) {
333  if (in_array($create_ops_id, $createable_ops_ids)) {
334  continue;
335  }
336  if (in_array($create_ops_id, $old_ops)) {
337  $new_ops[] = $create_ops_id;
338  }
339  }
340 
341  $rbacadmin->revokePermission(
342  $this->getCurrentObject()->getRefId(),
343  $role
344  );
345 
346  $rbacadmin->grantPermission(
347  $role,
348  array_unique($new_ops),
349  $this->getCurrentObject()->getRefId()
350  );
351  }
352 
353  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
354  foreach ($roles as $role) {
355  // No action for local roles
356  if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
357  continue;
358  }
359  // Nothing for protected roles
360  if ($role['protected']) {
361  continue;
362  }
363  // Stop local policy
364  if (
365  $role['parent'] == $this->getCurrentObject()->getRefId() and
366  !isset($_POST['inherit'][$role['obj_id']]) and
367  !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
368  ) {
369  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
370  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
371  $role_obj->setParent($this->getCurrentObject()->getRefId());
372  $role_obj->delete();
373  continue;
374  }
375  // Add local policy
376  if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
377  ilLoggerFactory::getLogger('ac')->debug('Create local policy');
378  $rbacadmin->copyRoleTemplatePermissions(
379  $role['obj_id'],
380  $role['parent'],
381  $this->getCurrentObject()->getRefId(),
382  $role['obj_id']
383  );
384  ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
385  $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
386  }
387  }
388  }
389 
390  // Protect permissions
391  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
392  foreach ($roles as $role) {
393  if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
394  if (isset($_POST['protect'][$role['obj_id']]) and
395  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
396  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
397  } elseif (!isset($_POST['protect'][$role['obj_id']]) and
398  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
399  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
400  }
401  }
402  }
403  }
404 
405  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
406  $log = ilRbacLog::diffFaPa($log_old, $log_new);
407  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
408 
409  $blocked_info = $this->getModifiedBlockedSettings();
410  ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
411  if ($blocked_info['num'] > 0) {
412  return $this->showConfirmBlockRole($blocked_info);
413  }
414 
415 
416  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
417  $this->ctrl->redirect($this, 'perm');
418  #$this->perm();
419  }
420 
426  protected function showConfirmBlockRole($a_blocked_info)
427  {
428  $info = '';
429  if ($a_blocked_info['new_blocked']) {
430  $info .= $this->lng->txt('role_confirm_block_role_info');
431  if ($a_blocked_info['new_unblocked']) {
432  $info .= '<br /><br />';
433  }
434  }
435  if ($a_blocked_info['new_unblocked']) {
436  $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
437  }
438 
439  ilUtil::sendInfo($info);
440 
441  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
442  $confirm = new ilConfirmationGUI();
443  $confirm->setFormAction($this->ctrl->getFormAction($this));
444  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
445  $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
446  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
447 
448  foreach ($a_blocked_info['new_blocked'] as $role_id) {
449  include_once './Services/AccessControl/classes/class.ilObjRole.php';
450  $confirm->addItem(
451  'new_block[]',
452  $role_id,
453  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
454  );
455  }
456  foreach ($a_blocked_info['new_unblocked'] as $role_id) {
457  include_once './Services/AccessControl/classes/class.ilObjRole.php';
458  $confirm->addItem(
459  'new_unblock[]',
460  $role_id,
461  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
462  );
463  }
464  $this->tpl->setContent($confirm->getHTML());
465  }
466 
467  protected function modifyBlockRoles()
468  {
469  $this->blockRoles((array) $_POST['new_block']);
470  $this->unblockRoles((array) $_POST['new_unblock']);
471 
472  ilUtil::sendInfo($this->lng->txt('settings_saved'));
473  $this->ctrl->redirect($this, 'perm');
474  }
475 
479  protected function unblockRoles($roles)
480  {
481  global $DIC;
482 
483  $rbacadmin = $DIC['rbacadmin'];
484 
485  foreach ($roles as $role) {
486  // delete local policy
487  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
488  $role_obj = ilObjectFactory::getInstanceByObjId($role);
489  $role_obj->setParent($this->getCurrentObject()->getRefId());
490  $role_obj->delete();
491 
492  $role_obj->changeExistingObjects(
493  $this->getCurrentObject()->getRefId(),
494  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
495  array('all')
496  );
497 
498  // finally set blocked status
499  $rbacadmin->setBlockedStatus(
500  $role,
501  $this->getCurrentObject()->getRefId(),
502  false
503  );
504  }
505  }
506 
511  protected function blockRoles($roles)
512  {
513  global $DIC;
514 
515  $rbacadmin = $DIC['rbacadmin'];
516  $rbacreview = $DIC['rbacreview'];
517 
518  foreach ($roles as $role) {
519  // Set assign to 'y' only if it is a local role
520  $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
521 
522  // Delete permissions
523  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
524 
525  // Delete template permissions
526  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
527 
528 
529  $rbacadmin->assignRoleToFolder(
530  $role,
531  $this->getCurrentObject()->getRefId(),
532  $assign
533  );
534 
535  // finally set blocked status
536  $rbacadmin->setBlockedStatus(
537  $role,
538  $this->getCurrentObject()->getRefId(),
539  true
540  );
541  }
542  }
543 
544 
550  public static function hasContainerCommands($a_type)
551  {
552  global $DIC;
553 
554  $objDefinition = $DIC['objDefinition'];
555 
556  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
557  }
558 
563  protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
564  {
565  $GLOBALS['DIC']['ilTabs']->clearTargets();
566 
567  if (!$form) {
568  $form = $this->initImportForm();
569  }
570  $GLOBALS['DIC']['tpl']->setContent($form->getHTML());
571  }
572 
576  protected function doImportRole()
577  {
578  global $DIC;
579 
580  $rbacreview = $DIC['rbacreview'];
581 
582  $form = $this->initImportForm();
583  if ($form->checkInput()) {
584  try {
585  include_once './Services/Export/classes/class.ilImport.php';
586 
587  // For global roles set import id to parent of current ref_id (adm)
588  $imp = new ilImport($this->getCurrentObject()->getRefId());
589  $imp->getMapping()->addMapping(
590  'Services/AccessControl',
591  'rolf',
592  0,
593  $this->getCurrentObject()->getRefId()
594  );
595 
596  $imp->importObject(
597  null,
598  $_FILES["importfile"]["tmp_name"],
599  $_FILES["importfile"]["name"],
600  'role'
601  );
602  ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
603  $this->ctrl->redirect($this, 'perm');
604  return;
605  } catch (Exception $e) {
606  ilUtil::sendFailure($e->getMessage());
607  $form->setValuesByPost();
608  $this->displayImportRoleForm($form);
609  return;
610  }
611  }
612  $form->setValuesByPost();
613  ilUtil::sendFailure($this->lng->txt('err_check_input'));
614  $this->displayImportRoleForm($form);
615  }
616 
620  protected function initImportForm()
621  {
622  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
623  $form = new ilPropertyFormGUI();
624  $form->setFormAction($this->ctrl->getFormAction($this));
625  $form->setTitle($this->lng->txt('rbac_import_role'));
626  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
627  $form->addCommandButton('perm', $this->lng->txt('cancel'));
628 
629  $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
630  $zip->setSuffixes(array('zip'));
631  $form->addItem($zip);
632 
633  return $form;
634  }
635 
642  protected function initRoleForm()
643  {
644  global $DIC;
645 
646  $rbacreview = $DIC['rbacreview'];
647  $objDefinition = $DIC['objDefinition'];
648 
649  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
650  $form = new ilPropertyFormGUI();
651  $form->setFormAction($this->ctrl->getFormAction($this));
652  $form->setTitle($this->lng->txt('role_new'));
653  $form->addCommandButton('addrole', $this->lng->txt('role_new'));
654  $form->addCommandButton('perm', $this->lng->txt('cancel'));
655 
656  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
657  $title->setValidationRegexp('/^(?!il_).*$/');
658  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
659  $title->setSize(40);
660  $title->setMaxLength(70);
661  $title->setRequired(true);
662  $form->addItem($title);
663 
664  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
665  $desc->setCols(40);
666  $desc->setRows(3);
667  $form->addItem($desc);
668 
669  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
670  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
671  $pro->setValue(1);
672  $form->addItem($pro);
673 
674  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_role_add_to_desktop'), 'desktop');
675  $pd->setInfo($this->lng->txt('rbac_role_add_to_desktop_info'));
676  $pd->setValue(1);
677  $form->addItem($pd);
678 
679 
680  if (!$this->isInAdministration()) {
681  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
682  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
683  $rights->addOption($option);
684 
685  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
686  $ids = array();
687  foreach ($parent_role_ids as $id => $tmp) {
688  $ids[] = $id;
689  }
690 
691  // Sort ids
692  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
693 
694  $key = 0;
695  foreach ($sorted_ids as $id) {
696  $par = $parent_role_ids[$id];
697  if ($par["obj_id"] != SYSTEM_ROLE_ID) {
698  include_once './Services/AccessControl/classes/class.ilObjRole.php';
699  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
700  $option->setInfo($par["desc"]);
701  $rights->addOption($option);
702  }
703  $key++;
704  }
705  $form->addItem($rights);
706  }
707 
708  // Local policy only for containers
709  if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
710  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
711  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
712  $form->addItem($check);
713  }
714 
715  return $form;
716  }
717 
721  protected function displayAddRoleForm()
722  {
723  $GLOBALS['DIC']['ilTabs']->clearTargets();
724 
725  $form = $this->initRoleForm();
726  $this->tpl->setContent($form->getHTML());
727  }
728 
737  protected function addRole()
738  {
739  global $DIC;
740 
741  $rbacadmin = $DIC['rbacadmin'];
742  $rbacreview = $DIC['rbacreview'];
743  $rbacsystem = $DIC['rbacsystem'];
744  $ilErr = $DIC['ilErr'];
745  $ilCtrl = $DIC['ilCtrl'];
746 
747  $form = $this->initRoleForm();
748  if ($form->checkInput()) {
749  $new_title = $form->getInput("title");
750 
751  include_once './Services/AccessControl/classes/class.ilObjRole.php';
752  $role = new ilObjRole();
753  $role->setTitle($new_title);
754  $role->setDescription($form->getInput('desc'));
755  $role->create();
756 
757  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
758 
759  // protect
760  $rbacadmin->setProtected(
761  $this->getCurrentObject()->getRefId(),
762  $role->getId(),
763  $form->getInput('pro') ? 'y' : 'n'
764  );
765 
766  // copy rights
767  $right_id_to_copy = $form->getInput("rights");
768  if ($right_id_to_copy) {
769  $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
770  $rbacadmin->copyRoleTemplatePermissions(
771  $right_id_to_copy,
772  $parentRoles[$right_id_to_copy]["parent"],
773  $this->getCurrentObject()->getRefId(),
774  $role->getId(),
775  false
776  );
777 
778  if ($form->getInput('existing')) {
779  if ($form->getInput('pro')) {
780  $role->changeExistingObjects(
781  $this->getCurrentObject()->getRefId(),
782  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
783  array('all')
784  );
785  } else {
786  $role->changeExistingObjects(
787  $this->getCurrentObject()->getRefId(),
788  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
789  array('all')
790  );
791  }
792  }
793  }
794 
795  // add to desktop items
796  if ($form->getInput("desktop")) {
797  include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
798  $role_desk_item_obj = new ilRoleDesktopItem($role->getId());
799  $role_desk_item_obj->add(
800  $this->getCurrentObject()->getRefId(),
801  ilObject::_lookupType($this->getCurrentObject()->getRefId(), true)
802  );
803  }
804 
805  ilUtil::sendSuccess($this->lng->txt("role_added"), true);
806  $this->ctrl->redirect($this, 'perm');
807  } else {
808  $form->setValuesByPost();
809  $this->tpl->setContent($form->getHTML());
810  }
811  }
812 
817  protected function getModifiedBlockedSettings()
818  {
819  global $DIC;
820 
821  $rbacreview = $DIC['rbacreview'];
822 
823  $blocked_info['new_blocked'] = array();
824  $blocked_info['new_unblocked'] = array();
825  $blocked_info['num'] = 0;
826  foreach ((array) $_POST['visible_block'] as $role => $one) {
827  $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
828  if (isset($_POST['block'][$role]) && !$blocked) {
829  $blocked_info['new_blocked'][] = $role;
830  $blocked_info['num']++;
831  }
832  if (!isset($_POST['block'][$role]) && $blocked) {
833  $blocked_info['new_unblocked'][] = $role;
834  $blocked_info['num']++;
835  }
836  }
837  return $blocked_info;
838  }
839 
840  //
841  // OrgUnit Position Permissions
842  //
843 
844 
845  protected function permPositions()
846  {
847  $perm = self::CMD_PERM_POSITIONS;
848  $this->__initSubTabs($perm);
849 
850  $ref_id = $this->getCurrentObject()->getRefId();
851  $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
852  $table->collectData();
853  $this->tpl->setContent($table->getHTML());
854  }
855 
856 
857  protected function savePositionsPermissions()
858  {
859  $this->__initSubTabs(self::CMD_PERM_POSITIONS);
860 
861  $positions = ilOrgUnitPosition::getArray(null, 'id');
862  $ref_id = $this->getCurrentObject()->getRefId();
863 
864  // handle local sets
865  foreach ($positions as $position_id) {
866  if (isset($_POST['local'][$position_id])) {
867  ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
868  } else {
869  ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
870  }
871  }
872 
873  if ($_POST['position_perm']) {
874  foreach ($_POST['position_perm'] as $position_id => $ops) {
875  if (!isset($_POST['local'][$position_id])) {
876  continue;
877  }
878  $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
879  $new_ops = [];
880  foreach ($ops as $op_id => $op) {
881  $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
882  }
883  $ilOrgUnitPermission->setOperations($new_ops);
884  $ilOrgUnitPermission->save();
885  }
886  }
887  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
888  $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
889  }
890 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:31
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:8
ilRoleDesktopItem\add
add($a_item_id, $a_item_type)
Definition: class.ilRoleDesktopItem.php:45
ilRoleDesktopItem
Class ilObjRoleGUI.
Definition: class.ilRoleDesktopItem.php:17
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role type $rbacreview type $objDefinition.
Definition: class.ilPermissionGUI.php:642
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:576
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:215
$DIC
global $DIC
Definition: saml.php:7
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:14
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option &#39;you may add local roles&#39;...
Definition: class.ilPermissionGUI.php:737
$id
if(!array_key_exists('StateId', $_REQUEST)) $id
Definition: expirywarning.php:14
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:177
ilImport
Import class.
Definition: class.ilImport.php:11
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
$log
$log
Definition: sabredav.php:21
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:550
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:163
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ilFormPropertyGUI\setInfo
setInfo($a_info)
Set Information Text.
Definition: class.ilFormPropertyGUI.php:145
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4481
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:426
$a_type
$a_type
Definition: workflow.php:92
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:563
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:200
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:15
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:13
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4405
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:105
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:16
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:97
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:518
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:721
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4497
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:620
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:511
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:34
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
$ret
$ret
Definition: parser.php:6
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:40
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:19
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:908
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
$table
if(empty($password)) $table
Definition: pwgen.php:24
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:16
$info
$info
Definition: index.php:5
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:287
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object. ...
Definition: class.ilObjectPermissionStatusGUI.php:16
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:119
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:20
$key
$key
Definition: croninfo.php:18
ilFileInputGUI\setSuffixes
setSuffixes($a_suffixes)
Set Accepted Suffixes.
Definition: class.ilFileInputGUI.php:132
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:15
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:187