ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilSettingsPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
13 class ilSettingsPermissionGUI
14 {
15  protected $permissions = array(); // permissions selected by context
16  protected $base_permissions = array(); // base permissions of the object type (ops_id -> permission)
17  protected $base_permissions_by_op = array();// base permissions of the object type (permission -> ops_id)
18  protected $role_required_permissions = array();
19  protected $role_prohibited_permissions = array();
20 
26  public function __construct($a_gui_obj)
27  {
28  global $DIC;
29 
30  $objDefinition = $DIC['objDefinition'];
31  $tpl = $DIC['tpl'];
32  $ilCtrl = $DIC['ilCtrl'];
33  $lng = $DIC['lng'];
34  $rbacreview = $DIC['rbacreview'];
35 
36  $this->objDefinition = $objDefinition;
37  $this->tpl = $tpl;
38  $this->lng = $lng;
39  $this->lng->loadLanguageModule("rbac");
40 
41  $this->ctrl = $ilCtrl;
42 
43  $this->gui_obj = $a_gui_obj;
44  $this->obj = $a_gui_obj->object;
45  $this->red_id = $this->obj->getRefId();
46 
47 
48  foreach (ilRbacReview::_getOperationList($this->obj->getType()) as $p) {
49  $this->base_permissions[$p["ops_id"]] = $p["operation"];
50  $this->base_permissions_by_op[$p["operation"]] = $p["ops_id"];
51  }
52 
53  $this->base_roles = $rbacreview->getParentRoleIds($this->obj->getRefId());
54  }
55 
59  public function determineRoles()
60  {
61  global $DIC;
62 
63  $rbacreview = $DIC['rbacreview'];
64 
65  $roles = array();
66  foreach ($this->base_roles as $k => $r) {
67  $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
68  $use = true;
69  foreach ($this->getRoleRequiredPermissions() as $o) {
70  if (!in_array($o, $ops)) {
71  $use = false;
72  }
73  }
74  foreach ($this->getRoleProhibitedPermissions() as $o) {
75  if (in_array($o, $ops)) {
76  $use = false;
77  }
78  }
79  if ($use) {
80  $roles[$k] = $r;
81  }
82  }
83  return $roles;
84  }
85 
86 
92  public function setRoleRequiredPermissions($a_val)
93  {
94  if (is_array($a_val)) {
95  foreach ($a_val as $p) {
96  if (in_array($p, $this->base_permissions)) {
97  $this->role_required_permissions[] = $this->base_permissions_by_op[$p];
98  }
99  }
100  }
101  }
102 
108  public function getRoleRequiredPermissions()
109  {
110  return $this->role_required_permissions;
111  }
112 
118  public function setRoleProhibitedPermissions($a_val)
119  {
120  if (is_array($a_val)) {
121  foreach ($a_val as $p) {
122  if (in_array($p, $this->base_permissions)) {
123  $this->role_prohibited_permissions[] = $this->base_permissions_by_op[$p];
124  }
125  }
126  }
127  }
128 
134  public function getRoleProhibitedPermissions()
135  {
136  return $this->role_prohibited_permissions;
137  }
138 
144  public function setPermissions($a_val)
145  {
146  if (is_array($a_val)) {
147  foreach ($a_val as $p) {
148  if (in_array($p, $this->base_permissions)) {
149  $this->permissions[$this->base_permissions_by_op[$p]] = $p;
150  }
151  }
152  }
153  }
154 
160  public function getPermissions()
161  {
162  return $this->permissions;
163  }
164 
168  public function executeCommand()
169  {
170  $cmd = $this->ctrl->getCmd("showForm");
171  if (in_array($cmd, array("showForm", "save"))) {
172  $this->$cmd();
173  }
174  }
175 
179  public function showForm()
180  {
181  $form = $this->initPermissionForm();
182  $this->tpl->setContent($form->getHTML());
183  }
184 
185 
189  public function initPermissionForm()
190  {
191  global $DIC;
192 
193  $rbacreview = $DIC['rbacreview'];
194 
195  include_once("Services/Form/classes/class.ilPropertyFormGUI.php");
196  $form = new ilPropertyFormGUI();
197 
198  $roles = $this->determineRoles();
199  $ops = array();
200  foreach ($roles as $r) {
201  $ops[$r["rol_id"]] = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
202  }
203 
204  // for each permission, collect all roles that have the permission activated
205  $perm_roles = array();
206  foreach ($ops as $r => $o2) {
207  foreach ($o2 as $o) {
208  $perm_roles[$o][] = $r;
209  }
210  }
211 
212  // for each permission
213  include_once './Services/AccessControl/classes/class.ilObjRole.php';
214  foreach ($this->getPermissions() as $p) {
215  // roles
216  $cb = new ilCheckboxGroupInputGUI($this->lng->txt($p), $p);
217  reset($roles);
218  foreach ($roles as $k => $r) {
219  $option = new ilCheckboxOption(ilObjRole::_getTranslation($r["title"]), $k);
220  $cb->addOption($option);
221  }
222  if (is_array($perm_roles[$this->base_permissions_by_op[$p]])) {
223  $cb->setValue($perm_roles[$this->base_permissions_by_op[$p]]);
224  }
225  $form->addItem($cb);
226  }
227 
228  $form->addCommandButton("save", $this->lng->txt("save"));
229 
230  $form->setTitle($this->lng->txt("rbac_permissions"));
231  $form->setFormAction($this->ctrl->getFormAction($this));
232 
233  return $form;
234  }
235 
239  public function save()
240  {
241  global $DIC;
242 
243  $rbacreview = $DIC['rbacreview'];
244  $rbacadmin = $DIC['rbacadmin'];
245 
246  $form = $this->initPermissionForm();
247  if ($form->checkInput()) {
248  foreach ($this->determineRoles() as $r) {
249  // get active operations for role
250  $ops = $rbacreview->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
251 
252  // revode all permissions for the role
253  $rbacadmin->revokePermission($this->obj->getRefId(), $r["rol_id"]);
254 
255  // for all permissions of the form...
256  foreach ($this->getPermissions() as $p) {
257  $roles = $form->getInput($p);
258  if (!is_array($roles)) {
259  $roles = array();
260  }
261  $o = $this->base_permissions_by_op[$p];
262 
263  // ... if in original operations, but not checked, remove it from operations
264  if (in_array($o, $ops) && !in_array($r["rol_id"], $roles)) {
265  if (($key = array_search($o, $ops)) !== false) {
266  unset($ops[$key]);
267  }
268  }
269 
270  // ...if not in original operations, but checked, add to operations
271  if (!in_array($o, $ops) && in_array($r["rol_id"], $roles)) {
272  $ops[] = $o;
273  }
274  }
275 
276  // now grant resulting permissions
277  $rbacadmin->grantPermission(
278  $r["rol_id"],
279  array_unique($ops),
280  $this->obj->getRefId()
281  );
282  }
283 
284  ilUtil::sendSuccess($this->lng->txt("msg_obj_modified"), true);
285  $this->ctrl->redirect($this, "");
286  } else {
287  $form->setValuesByPost();
288  $this->tpl->setContent($form->getHtml());
289  }
290  }
291 }
ilSettingsPermissionGUI
UI class for handling permissions that can be configured having the write permission for an object...
Definition: class.ilSettingsPermissionGUI.php:13
ilCheckboxOption
This class represents an option in a checkbox group.
Definition: class.ilCheckboxOption.php:31
ilSettingsPermissionGUI\initPermissionForm
initPermissionForm()
Init permission form.
Definition: class.ilSettingsPermissionGUI.php:189
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
$DIC
global $DIC
Definition: saml.php:7
$tpl
$tpl
Definition: ilias.php:10
ilSettingsPermissionGUI\setPermissions
setPermissions($a_val)
Set permissions.
Definition: class.ilSettingsPermissionGUI.php:144
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1540
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
$r
$r
Definition: example_031.php:79
$form
if(isset($_POST['submit'])) $form
Definition: registry.edit.php:63
ilSettingsPermissionGUI\setRoleRequiredPermissions
setRoleRequiredPermissions($a_val)
Set role required permissions (this permissions are required for a role to be listed) ...
Definition: class.ilSettingsPermissionGUI.php:92
$lng
$lng
Definition: save_question_post_data.php:23
ilCheckboxGroupInputGUI
This class represents a property in a property form.
Definition: class.ilCheckboxGroupInputGUI.php:33
ilSettingsPermissionGUI\setRoleProhibitedPermissions
setRoleProhibitedPermissions($a_val)
Set role prohibited permissions (this permissions are prohibited for a role to be listed) ...
Definition: class.ilSettingsPermissionGUI.php:118
ilSettingsPermissionGUI\getRoleProhibitedPermissions
getRoleProhibitedPermissions()
Get role prohibited permissions.
Definition: class.ilSettingsPermissionGUI.php:134
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:518
ilSettingsPermissionGUI\getRoleRequiredPermissions
getRoleRequiredPermissions()
Get role required permissions.
Definition: class.ilSettingsPermissionGUI.php:108
$key
$key
Definition: croninfo.php:18
ilSettingsPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilSettingsPermissionGUI.php:26