ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSettingsPermissionGUI.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE */
4
13class ilSettingsPermissionGUI
14{
15 protected $permissions = array(); // permissions selected by context
16 protected $base_permissions = array(); // base permissions of the object type (ops_id -> permission)
17 protected $base_permissions_by_op = array();// base permissions of the object type (permission -> ops_id)
18 protected $role_required_permissions = array();
19 protected $role_prohibited_permissions = array();
20
26 public function __construct($a_gui_obj)
27 {
28 global $DIC;
29
30 $objDefinition = $DIC['objDefinition'];
31 $tpl = $DIC['tpl'];
32 $ilCtrl = $DIC['ilCtrl'];
33 $lng = $DIC['lng'];
34 $rbacreview = $DIC['rbacreview'];
35
36 $this->objDefinition = $objDefinition;
37 $this->tpl = $tpl;
38 $this->lng = $lng;
39 $this->lng->loadLanguageModule("rbac");
40
41 $this->ctrl = $ilCtrl;
42
43 $this->gui_obj = $a_gui_obj;
44 $this->obj = $a_gui_obj->object;
45 $this->red_id = $this->obj->getRefId();
46
47
48 foreach (ilRbacReview::_getOperationList($this->obj->getType()) as $p) {
49 $this->base_permissions[$p["ops_id"]] = $p["operation"];
50 $this->base_permissions_by_op[$p["operation"]] = $p["ops_id"];
51 }
52
53 $this->base_roles = $rbacreview->getParentRoleIds($this->obj->getRefId());
54 }
55
59 public function determineRoles()
60 {
61 global $DIC;
62
63 $rbacreview = $DIC['rbacreview'];
64
65 $roles = array();
66 foreach ($this->base_roles as $k => $r) {
67 $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
68 $use = true;
69 foreach ($this->getRoleRequiredPermissions() as $o) {
70 if (!in_array($o, $ops)) {
71 $use = false;
72 }
73 }
74 foreach ($this->getRoleProhibitedPermissions() as $o) {
75 if (in_array($o, $ops)) {
76 $use = false;
77 }
78 }
79 if ($use) {
80 $roles[$k] = $r;
81 }
82 }
83 return $roles;
84 }
85
86
92 public function setRoleRequiredPermissions($a_val)
93 {
94 if (is_array($a_val)) {
95 foreach ($a_val as $p) {
96 if (in_array($p, $this->base_permissions)) {
97 $this->role_required_permissions[] = $this->base_permissions_by_op[$p];
98 }
99 }
100 }
101 }
102
108 public function getRoleRequiredPermissions()
109 {
110 return $this->role_required_permissions;
111 }
112
118 public function setRoleProhibitedPermissions($a_val)
119 {
120 if (is_array($a_val)) {
121 foreach ($a_val as $p) {
122 if (in_array($p, $this->base_permissions)) {
123 $this->role_prohibited_permissions[] = $this->base_permissions_by_op[$p];
124 }
125 }
126 }
127 }
128
134 public function getRoleProhibitedPermissions()
135 {
136 return $this->role_prohibited_permissions;
137 }
138
144 public function setPermissions($a_val)
145 {
146 if (is_array($a_val)) {
147 foreach ($a_val as $p) {
148 if (in_array($p, $this->base_permissions)) {
149 $this->permissions[$this->base_permissions_by_op[$p]] = $p;
150 }
151 }
152 }
153 }
154
160 public function getPermissions()
161 {
162 return $this->permissions;
163 }
164
168 public function executeCommand()
169 {
170 $cmd = $this->ctrl->getCmd("showForm");
171 if (in_array($cmd, array("showForm", "save"))) {
172 $this->$cmd();
173 }
174 }
175
179 public function showForm()
180 {
181 $form = $this->initPermissionForm();
182 $this->tpl->setContent($form->getHTML());
183 }
184
185
189 public function initPermissionForm()
190 {
191 global $DIC;
192
193 $rbacreview = $DIC['rbacreview'];
194
195 include_once("Services/Form/classes/class.ilPropertyFormGUI.php");
196 $form = new ilPropertyFormGUI();
197
198 $roles = $this->determineRoles();
199 $ops = array();
200 foreach ($roles as $r) {
201 $ops[$r["rol_id"]] = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
202 }
203
204 // for each permission, collect all roles that have the permission activated
205 $perm_roles = array();
206 foreach ($ops as $r => $o2) {
207 foreach ($o2 as $o) {
208 $perm_roles[$o][] = $r;
209 }
210 }
211
212 // for each permission
213 include_once './Services/AccessControl/classes/class.ilObjRole.php';
214 foreach ($this->getPermissions() as $p) {
215 // roles
216 $cb = new ilCheckboxGroupInputGUI($this->lng->txt($p), $p);
217 reset($roles);
218 foreach ($roles as $k => $r) {
219 $option = new ilCheckboxOption(ilObjRole::_getTranslation($r["title"]), $k);
220 $cb->addOption($option);
221 }
222 if (is_array($perm_roles[$this->base_permissions_by_op[$p]])) {
223 $cb->setValue($perm_roles[$this->base_permissions_by_op[$p]]);
224 }
225 $form->addItem($cb);
226 }
227
228 $form->addCommandButton("save", $this->lng->txt("save"));
229
230 $form->setTitle($this->lng->txt("rbac_permissions"));
231 $form->setFormAction($this->ctrl->getFormAction($this));
232
233 return $form;
234 }
235
239 public function save()
240 {
241 global $DIC;
242
243 $rbacreview = $DIC['rbacreview'];
244 $rbacadmin = $DIC['rbacadmin'];
245
246 $form = $this->initPermissionForm();
247 if ($form->checkInput()) {
248 foreach ($this->determineRoles() as $r) {
249 // get active operations for role
250 $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
251
252 // revode all permissions for the role
253 $rbacadmin->revokePermission($this->obj->getRefId(), $r["rol_id"]);
254
255 // for all permissions of the form...
256 foreach ($this->getPermissions() as $p) {
257 $roles = $form->getInput($p);
258 if (!is_array($roles)) {
259 $roles = array();
260 }
261 $o = $this->base_permissions_by_op[$p];
262
263 // ... if in original operations, but not checked, remove it from operations
264 if (in_array($o, $ops) && !in_array($r["rol_id"], $roles)) {
265 if (($key = array_search($o, $ops)) !== false) {
266 unset($ops[$key]);
267 }
268 }
269
270 // ...if not in original operations, but checked, add to operations
271 if (!in_array($o, $ops) && in_array($r["rol_id"], $roles)) {
272 $ops[] = $o;
273 }
274 }
275
276 // now grant resulting permissions
277 $rbacadmin->grantPermission(
278 $r["rol_id"],
279 array_unique($ops),
280 $this->obj->getRefId()
281 );
282 }
283
284 ilUtil::sendSuccess($this->lng->txt("msg_obj_modified"), true);
285 $this->ctrl->redirect($this, "");
286 } else {
287 $form->setValuesByPost();
288 $this->tpl->setContent($form->getHtml());
289 }
290 }
291}
$tpl
$tpl
Definition: ilias.php:10
php
An exception for terminatinating execution or to throw for unit testing.
ilCheckboxGroupInputGUI
This class represents a property in a property form.
Definition: class.ilCheckboxGroupInputGUI.php:34
ilCheckboxOption
This class represents an option in a checkbox group.
Definition: class.ilCheckboxOption.php:32
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:518
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type @access public @access static
Definition: class.ilRbacReview.php:1540
ilSettingsPermissionGUI
UI class for handling permissions that can be configured having the write permission for an object.
Definition: class.ilSettingsPermissionGUI.php:14
ilSettingsPermissionGUI\setPermissions
setPermissions($a_val)
Set permissions.
Definition: class.ilSettingsPermissionGUI.php:144
ilSettingsPermissionGUI\getRoleProhibitedPermissions
getRoleProhibitedPermissions()
Get role prohibited permissions.
Definition: class.ilSettingsPermissionGUI.php:134
ilSettingsPermissionGUI\getRoleRequiredPermissions
getRoleRequiredPermissions()
Get role required permissions.
Definition: class.ilSettingsPermissionGUI.php:108
ilSettingsPermissionGUI\setRoleRequiredPermissions
setRoleRequiredPermissions($a_val)
Set role required permissions (this permissions are required for a role to be listed)
Definition: class.ilSettingsPermissionGUI.php:92
ilSettingsPermissionGUI\setRoleProhibitedPermissions
setRoleProhibitedPermissions($a_val)
Set role prohibited permissions (this permissions are prohibited for a role to be listed)
Definition: class.ilSettingsPermissionGUI.php:118
ilSettingsPermissionGUI\initPermissionForm
initPermissionForm()
Init permission form.
Definition: class.ilSettingsPermissionGUI.php:189
$key
$key
Definition: croninfo.php:18
$r
$r
Definition: example_031.php:79
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
$DIC
global $DIC
Definition: saml.php:7
$lng
$lng
Definition: save_question_post_data.php:23