4include_once 
'./Services/AccessControl/classes/class.ilPermission2GUI.php';
 
   33        parent::__construct($a_gui_obj);
 
   44        $rbacsystem = 
$DIC[
'rbacsystem'];
 
   48        if (!$rbacsystem->checkAccess(
"edit_permission", $this->gui_obj->object->getRefId())) {
 
   49            $ilErr->raiseError($this->lng->txt(
"permission_denied"), 
$ilErr->MESSAGE);
 
   52        $next_class = $this->ctrl->getNextClass($this);
 
   54        switch ($next_class) {
 
   56                $this->ctrl->setReturn($this, 
'perm');
 
   57                include_once(
"Services/AccessControl/classes/class.ilObjRoleGUI.php");
 
   59                $ret = $this->ctrl->forwardCommand($this->gui_obj);
 
   62            case 'ildidactictemplategui':
 
   63                $this->ctrl->setReturn($this, 
'perm');
 
   64                include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
   66                $this->ctrl->forwardCommand($did);
 
   69            case 'ilrepositorysearchgui':
 
   71                include_once(
'./Services/Search/classes/class.ilRepositorySearchGUI.php');
 
   73                $this->ctrl->forwardCommand($rep_search);
 
   76            case 'ilobjectpermissionstatusgui':
 
   78                include_once(
'./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
 
   80                $this->ctrl->forwardCommand($perm_stat);
 
   84                $cmd = $this->ctrl->getCmd();
 
   99        return $this->gui_obj->object;
 
  107        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
  108        $this->ctrl->setReturn($this, 
'perm');
 
  109        $this->ctrl->setCmdClass(
'ildidactictemplategui');
 
  111        $this->ctrl->forwardCommand($dtpl_gui, 
'confirmTemplateSwitch');
 
  123        $objDefinition = 
$DIC[
'objDefinition'];
 
  124        $ilToolbar = 
$DIC[
'ilToolbar'];
 
  126        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
  128        if ($dtpl->appendToolbarSwitch(
 
  130            $this->getCurrentObject()->getType(),
 
  131            $this->getCurrentObject()->getRefId()
 
  133            $ilToolbar->addSeparator();
 
  136        if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
 
  137            !$this->isAdministrationObject()
 
  139            $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
 
  142                $ilToolbar->addButton($this->lng->txt(
'rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 
'displayAddRoleForm'));
 
  144            $ilToolbar->addButton($this->lng->txt(
'rbac_import_role'), $this->ctrl->getLinkTarget($this, 
'displayImportRoleForm'));
 
  150            include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  154        $this->tpl->setContent(
$table->getHTML());
 
  189        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  192        $table->writeFilterToSession();
 
  202        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  219        $rbacreview = 
$DIC[
'rbacreview'];
 
  222        if (isset($a_roles[SYSTEM_ROLE_ID])) {
 
  223            unset($a_roles[SYSTEM_ROLE_ID]);
 
  226        switch ($a_filter_id) {
 
  235                $arr_global_roles = $rbacreview->getGlobalRoles();
 
  236                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
 
  238                foreach ($arr_remove_roles as $role_id) {
 
  239                    unset($a_roles[$role_id]);
 
  245                $arr_global_roles = $rbacreview->getGlobalRoles();
 
  247                foreach ($arr_global_roles as $role_id) {
 
  248                    unset($a_roles[$role_id]);
 
  258                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
 
  260                foreach ($arr_remove_roles as $role_id) {
 
  261                    unset($a_roles[$role_id]);
 
  270                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
 
  272                foreach ($arr_remove_roles as $role_id) {
 
  273                    unset($a_roles[$role_id]);
 
  291        $rbacreview = 
$DIC[
'rbacreview'];
 
  292        $objDefinition = 
$DIC[
'objDefinition'];
 
  293        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  295        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  299            $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
 
  300            $table->getFilterItemByPostVar(
'role')->getValue()
 
  304        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  308        # all possible create permissions 
  309        $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
 
  314        # createable (activated) create permissions 
  315        $create_types = $objDefinition->getCreatableSubObjects(
 
  320        foreach ((array) $roles as $role => $role_data) {
 
  321            if ($role_data[
'protected']) {
 
  325            $new_ops = array_keys((array) 
$_POST[
'perm'][$role]);
 
  326            $old_ops = $rbacreview->getRoleOperationsOnObject(
 
  332            foreach ($possible_ops_ids as $create_ops_id) {
 
  333                if (in_array($create_ops_id, $createable_ops_ids)) {
 
  336                if (in_array($create_ops_id, $old_ops)) {
 
  337                    $new_ops[] = $create_ops_id;
 
  341            $rbacadmin->revokePermission(
 
  346            $rbacadmin->grantPermission(
 
  348                array_unique($new_ops),
 
  354            foreach ($roles as $role) {
 
  356                if ($role[
'parent'] == $this->
getCurrentObject()->getRefId() and $role[
'assign'] == 
'y') {
 
  360                if ($role[
'protected']) {
 
  366                    !isset(
$_POST[
'inherit'][$role[
'obj_id']]) and
 
  367                    !$rbacreview->isBlockedAtPosition($role[
'obj_id'], $this->getCurrentObject()->getRefId())
 
  376                if ($role[
'parent'] != $this->
getCurrentObject()->getRefId() and isset(
$_POST[
'inherit'][$role[
'obj_id']])) {
 
  378                    $rbacadmin->copyRoleTemplatePermissions(
 
  385                    $rbacadmin->assignRoleToFolder($role[
'obj_id'], $this->
getCurrentObject()->getRefId(), 
'n');
 
  392            foreach ($roles as $role) {
 
  393                if ($rbacreview->isAssignable($role[
'obj_id'], $this->getCurrentObject()->getRefId())) {
 
  394                    if (isset(
$_POST[
'protect'][$role[
'obj_id']]) and
 
  395                        !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role[
'obj_id'])) {
 
  396                        $rbacadmin->setProtected($this->
getCurrentObject()->getRefId(), $role[
'obj_id'], 
'y');
 
  397                    } elseif (!isset(
$_POST[
'protect'][$role[
'obj_id']]) and
 
  398                        $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role[
'obj_id'])) {
 
  399                        $rbacadmin->setProtected($this->
getCurrentObject()->getRefId(), $role[
'obj_id'], 
'n');
 
  411        if ($blocked_info[
'num'] > 0) {
 
  416        ilUtil::sendSuccess($this->lng->txt(
'settings_saved'), 
true);
 
  417        $this->ctrl->redirect($this, 
'perm');
 
  429        if ($a_blocked_info[
'new_blocked']) {
 
  430            $info .= $this->lng->txt(
'role_confirm_block_role_info');
 
  431            if ($a_blocked_info[
'new_unblocked']) {
 
  432                $info .= 
'<br /><br />';
 
  435        if ($a_blocked_info[
'new_unblocked']) {
 
  436            $info .= (
'<br />' . $this->lng->txt(
'role_confirm_unblock_role_info'));
 
  441        include_once 
'./Services/Utilities/classes/class.ilConfirmationGUI.php';
 
  443        $confirm->setFormAction($this->ctrl->getFormAction($this));
 
  444        $confirm->setHeaderText($this->lng->txt(
'role_confirm_block_role_header'));
 
  445        $confirm->setConfirm($this->lng->txt(
'role_confirm_block_role'), 
'modifyBlockRoles');
 
  446        $confirm->setCancel($this->lng->txt(
'cancel'), 
'perm');
 
  448        foreach ($a_blocked_info[
'new_blocked'] as $role_id) {
 
  449            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  456        foreach ($a_blocked_info[
'new_unblocked'] as $role_id) {
 
  457            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  464        $this->tpl->setContent($confirm->getHTML());
 
  473        $this->ctrl->redirect($this, 
'perm');
 
  483        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  485        foreach ($roles as $role) {
 
  492            $role_obj->changeExistingObjects(
 
  499            $rbacadmin->setBlockedStatus(
 
  515        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  516        $rbacreview = 
$DIC[
'rbacreview'];
 
  518        foreach ($roles as $role) {
 
  520            $assign = $rbacreview->isAssignable($role, $this->
getCurrentObject()->getRefId()) ? 
'y' : 
'n';
 
  523            $rbacadmin->revokeSubtreePermissions($this->
getCurrentObject()->getRefId(), $role);
 
  526            $rbacadmin->deleteSubtreeTemplates($this->
getCurrentObject()->getRefId(), $role);
 
  529            $rbacadmin->assignRoleToFolder(
 
  536            $rbacadmin->setBlockedStatus(
 
  554        $objDefinition = 
$DIC[
'objDefinition'];
 
  565        $GLOBALS[
'DIC'][
'ilTabs']->clearTargets();
 
  580        $rbacreview = 
$DIC[
'rbacreview'];
 
  583        if (
$form->checkInput()) {
 
  585                include_once 
'./Services/Export/classes/class.ilImport.php';
 
  589                $imp->getMapping()->addMapping(
 
  590                    'Services/AccessControl',
 
  598                    $_FILES[
"importfile"][
"tmp_name"],
 
  599                    $_FILES[
"importfile"][
"name"],
 
  602                ilUtil::sendSuccess($this->lng->txt(
'rbac_role_imported'), 
true);
 
  603                $this->ctrl->redirect($this, 
'perm');
 
  605            } 
catch (Exception $e) {
 
  607                $form->setValuesByPost();
 
  612        $form->setValuesByPost();
 
  622        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  624        $form->setFormAction($this->ctrl->getFormAction($this));
 
  625        $form->setTitle($this->lng->txt(
'rbac_import_role'));
 
  626        $form->addCommandButton(
'doImportRole', $this->lng->txt(
'import'));
 
  627        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
  629        $zip = 
new ilFileInputGUI($this->lng->txt(
'import_file'), 
'importfile');
 
  630        $zip->setSuffixes(array(
'zip'));
 
  631        $form->addItem($zip);
 
  646        $rbacreview = 
$DIC[
'rbacreview'];
 
  647        $objDefinition = 
$DIC[
'objDefinition'];
 
  649        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  651        $form->setFormAction($this->ctrl->getFormAction($this));
 
  652        $form->setTitle($this->lng->txt(
'role_new'));
 
  653        $form->addCommandButton(
'addrole', $this->lng->txt(
'role_new'));
 
  654        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
  657        $title->setValidationRegexp(
'/^(?!il_).*$/');
 
  658        $title->setValidationFailureMessage($this->lng->txt(
'msg_role_reserved_prefix'));
 
  661        $title->setRequired(
true);
 
  667        $form->addItem($desc);
 
  670        $pro->setInfo($this->lng->txt(
'role_protect_permissions_desc'));
 
  672        $form->addItem($pro);
 
  675        $pd->setInfo($this->lng->txt(
'rbac_role_add_to_desktop_info'));
 
  682            $option = 
new ilRadioOption($this->lng->txt(
"rbac_role_rights_copy_empty"), 0);
 
  683            $rights->addOption($option);
 
  685            $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), 
true);
 
  687            foreach ($parent_role_ids as 
$id => $tmp) {
 
  692            $sorted_ids = 
ilUtil::_sortIds($ids, 
'object_data', 
'type DESC,title', 
'obj_id');
 
  695            foreach ($sorted_ids as 
$id) {
 
  696                $par = $parent_role_ids[
$id];
 
  697                if ($par[
"obj_id"] != SYSTEM_ROLE_ID) {
 
  698                    include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  700                    $option->setInfo($par[
"desc"]);
 
  701                    $rights->addOption($option);
 
  705            $form->addItem($rights);
 
  709        if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
 
  710            $check = 
new ilCheckboxInputGui($this->lng->txt(
"rbac_role_rights_copy_change_existing"), 
'existing');
 
  711            $check->setInfo($this->lng->txt(
'rbac_change_existing_objects_desc_new_role'));
 
  712            $form->addItem($check);
 
  723        $GLOBALS[
'DIC'][
'ilTabs']->clearTargets();
 
  726        $this->tpl->setContent(
$form->getHTML());
 
  741        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  742        $rbacreview = 
$DIC[
'rbacreview'];
 
  743        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  748        if (
$form->checkInput()) {
 
  749            $new_title = 
$form->getInput(
"title");
 
  751            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  753            $role->setTitle($new_title);
 
  754            $role->setDescription(
$form->getInput(
'desc'));
 
  757            $GLOBALS[
'DIC'][
'rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
 
  760            $rbacadmin->setProtected(
 
  763                $form->getInput(
'pro') ? 
'y' : 
'n' 
  767            $right_id_to_copy = 
$form->getInput(
"rights");
 
  768            if ($right_id_to_copy) {
 
  769                $parentRoles = $rbacreview->getParentRoleIds($this->
getCurrentObject()->getRefId(), 
true);
 
  770                $rbacadmin->copyRoleTemplatePermissions(
 
  772                    $parentRoles[$right_id_to_copy][
"parent"],
 
  778                if (
$form->getInput(
'existing')) {
 
  779                    if (
$form->getInput(
'pro')) {
 
  780                        $role->changeExistingObjects(
 
  786                        $role->changeExistingObjects(
 
  796            if (
$form->getInput(
"desktop")) {
 
  797                include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  799                $role_desk_item_obj->add(
 
  805            ilUtil::sendSuccess($this->lng->txt(
"role_added"), 
true);
 
  806            $this->ctrl->redirect($this, 
'perm');
 
  808            $form->setValuesByPost();
 
  809            $this->tpl->setContent(
$form->getHTML());
 
  821        $rbacreview = 
$DIC[
'rbacreview'];
 
  823        $blocked_info[
'new_blocked'] = array();
 
  824        $blocked_info[
'new_unblocked'] = array();
 
  825        $blocked_info[
'num'] = 0;
 
  826        foreach ((array) 
$_POST[
'visible_block'] as $role => $one) {
 
  827            $blocked = $rbacreview->isBlockedAtPosition($role, $this->
getCurrentObject()->getRefId());
 
  828            if (isset(
$_POST[
'block'][$role]) && !$blocked) {
 
  829                $blocked_info[
'new_blocked'][] = $role;
 
  830                $blocked_info[
'num']++;
 
  832            if (!isset(
$_POST[
'block'][$role]) && $blocked) {
 
  833                $blocked_info[
'new_unblocked'][] = $role;
 
  834                $blocked_info[
'num']++;
 
  837        return $blocked_info;
 
  853        $this->tpl->setContent(
$table->getHTML());
 
  865        foreach ($positions as $position_id) {
 
  866            if (isset(
$_POST[
'local'][$position_id])) {
 
  867                ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
 
  869                ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
 
  873        if (
$_POST[
'position_perm']) {
 
  874            foreach (
$_POST[
'position_perm'] as $position_id => $ops) {
 
  875                if (!isset(
$_POST[
'local'][$position_id])) {
 
  878                $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
 
  880                foreach ($ops as $op_id => $op) {
 
  883                $ilOrgUnitPermission->setOperations($new_ops);
 
  884                $ilOrgUnitPermission->save();
 
  887        ilUtil::sendSuccess($this->lng->txt(
'settings_saved'), 
true);
 
  888        $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
 
static getArray($key=null, $values=null)
An exception for terminatinating execution or to throw for unit testing.
Confirmation screen class.
GUI class for didactic template settings inside repository objects.
static getLogger($a_component_id)
Get component logger.
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
This class displays the permission status of a user concerning a specific object.
Table for object role permissions.
const ROLE_FILTER_LOCAL_OBJECT
const ROLE_FILTER_LOCAL_POLICY
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
static findById($operation_id)
Class ilOrgUnitPermissionTableGUI.
Class ilPermissionGUI RBAC related output.
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
blockRoles($roles)
Block role.
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
resetFilter()
Reset filter.
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
const CMD_SAVE_POSITIONS_PERMISSIONS
isAdminRoleFolder()
Check of current location is administration (main) role folder.
__construct($a_gui_obj)
Constructor.
savePositionsPermissions()
getModifiedBlockedSettings()
executeCommand()
Execute command.
displayAddRoleForm()
Show add role form.
savePermissions()
Save permissions.
getCurrentObject()
Get current object.
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
initImportForm()
init import form
perm(ilTable2GUI $table=null)
show permission table
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
doImportRole()
Perform import.
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
isInAdministration()
Check if node is subobject of administration folder.
applyFilter()
Apply filter.
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
This class represents an option in a radio group.
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
if(!array_key_exists('StateId', $_REQUEST)) $id
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
if(empty($password)) $table
if(isset($_POST['submit'])) $form