4include_once 
"./Services/Object/classes/class.ilObjectGUI.php";
 
    5include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
    6require_once(
'./Services/Repository/classes/class.ilObjectPlugin.php');
 
   47    public function __construct($a_data, $a_id, $a_call_by_reference = 
false, $a_prepare_output = 
true)
 
   54        $lng->loadLanguageModule(
'rbac');
 
   57        define(
"USER_FOLDER_ID", 7);
 
   63                    (int) $_REQUEST[
'rolf_ref_id'] ?
 
   64                (
int) $_REQUEST[
'rolf_ref_id'] :
 
   65                (int) $_REQUEST[
'ref_id']
 
   74        parent::__construct($a_data, $a_id, $a_call_by_reference, 
false);
 
   75        $this->ctrl->saveParameter($this, array(
'obj_id', 
'rolf_ref_id'));
 
   83        $rbacsystem = 
$DIC[
'rbacsystem'];
 
   87        $next_class = $this->ctrl->getNextClass($this);
 
   88        $cmd = $this->ctrl->getCmd();
 
   92        switch ($next_class) {
 
   93            case 'ilrepositorysearchgui':
 
   96                    $GLOBALS[
'DIC'][
'ilErr']->raiseError(
$GLOBALS[
'DIC'][
'lng']->txt(
'permission_denied'), 
$GLOBALS[
'DIC'][
'ilErr']->WARNING);
 
   98                include_once(
'./Services/Search/classes/class.ilRepositorySearchGUI.php');
 
  100                $rep_search->setTitle($this->lng->txt(
'role_add_user'));
 
  101                $rep_search->setCallback($this, 
'addUserObject');
 
  104                $this->tabs_gui->setTabActive(
'user_assignment');
 
  105                $this->ctrl->setReturn($this, 
'userassignment');
 
  106                $ret = &$this->ctrl->forwardCommand($rep_search);
 
  111                $this->tabs_gui->setTabActive(
'export');
 
  113                include_once 
'./Services/Export/classes/class.ilExportOptions.php';
 
  117                include_once 
'./Services/Export/classes/class.ilExportGUI.php';
 
  119                $exp->addFormat(
'xml');
 
  120                $this->ctrl->forwardCommand($exp);
 
  128                        $cmd = 
'userassignment';
 
  172        $this->back_target = array(
"text" => $a_text,
 
  178        return $this->back_target ? $this->back_target : array();
 
  216        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  219        if (!
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
 
  220            $this->obj_ref_id != ROLE_FOLDER_ID) {
 
  225        if ($rbacsystem->checkAccess(
'push_desktop_items', 
USER_FOLDER_ID)) {
 
  226            $this->
__showButton(
'selectDesktopItem', $this->lng->txt(
'role_desk_add'));
 
  229        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItemsTableGUI.php';
 
  231        $this->tpl->setContent(
$tbl->getHTML());
 
  240        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  244            $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
 
  246        if (!$rbacsystem->checkAccess(
'push_desktop_items', 
USER_FOLDER_ID)) {
 
  247            $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
 
  249        if (!count(
$_POST[
'del_desk_item'])) {
 
  257        include_once(
"./Services/Utilities/classes/class.ilConfirmationGUI.php");
 
  259        $confirmation_gui->setFormAction($this->ctrl->getFormAction($this));
 
  260        $confirmation_gui->setHeaderText($this->lng->txt(
'role_assigned_desk_items') .
 
  261            ' "' . $this->object->getTitle() . 
'": ' .
 
  262            $this->lng->txt(
'role_sure_delete_desk_items'));
 
  263        $confirmation_gui->setCancel($this->lng->txt(
"cancel"), 
"listDesktopItems");
 
  264        $confirmation_gui->setConfirm($this->lng->txt(
"delete"), 
"deleteDesktopItems");
 
  266        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  269        foreach (
$_POST[
'del_desk_item'] as $role_item_id) {
 
  270            $item_data = $role_desk_item_obj->getItem($role_item_id);
 
  273            if (strlen($desc = $tmp_obj->getDescription())) {
 
  274                $desc = 
'<div class="il_Description_no_margin">' . $desc . 
'</div>';
 
  277            $confirmation_gui->addItem(
"del_desk_item[]", $role_item_id, $tmp_obj->getTitle() . $desc);
 
  280        $this->tpl->setContent($confirmation_gui->getHTML());
 
  289        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  292            $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
 
  295        if (!$rbacsystem->checkAccess(
'push_desktop_items', 
USER_FOLDER_ID)) {
 
  296            $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
 
  299        if (!count(
$_POST[
'del_desk_item'])) {
 
  307        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  311        foreach (
$_POST[
'del_desk_item'] as $role_item_id) {
 
  312            $role_desk_item_obj->delete($role_item_id);
 
  315        ilUtil::sendSuccess($this->lng->txt(
'role_deleted_desktop_items'));
 
  326        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  329        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
 
  330        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  332        if (!$rbacsystem->checkAccess(
'push_desktop_items', 
USER_FOLDER_ID)) {
 
  333            #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
 
  339        $this->tpl->addBlockFile(
"ADM_CONTENT", 
"adm_content", 
"tpl.role_desktop_item_selector.html", 
"Services/AccessControl");
 
  340        $this->
__showButton(
'listDesktopItems', $this->lng->txt(
'back'));
 
  345            $this->ctrl->getLinkTarget($this, 
'selectDesktopItem'),
 
  348        $exp->setExpand(
$_GET[
"role_desk_item_link_expand"] ? 
$_GET[
"role_desk_item_link_expand"] : 
$tree->readRootId());
 
  349        $exp->setExpandTarget($this->ctrl->getLinkTarget($this, 
'selectDesktopItem'));
 
  354        $this->tpl->setVariable(
"EXPLORER", 
$output);
 
  364        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  366        if (!$rbacsystem->checkAccess(
'push_desktop_items', 
USER_FOLDER_ID)) {
 
  367            $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
 
  372        if (!isset(
$_GET[
'item_id'])) {
 
  379        include_once 
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
 
  384        ilUtil::sendSuccess($this->lng->txt(
'role_assigned_desktop_item'));
 
  386        $this->ctrl->redirect($this, 
'listDesktopItems');
 
  397        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  400        if ($this->creation_mode) {
 
  401            $this->ctrl->setParameter($this, 
"new_type", 
'role');
 
  403        $this->form->setFormAction($this->ctrl->getFormAction($this));
 
  407                $this->form->setTitle($this->lng->txt(
'role_new'));
 
  408                $this->form->addCommandButton(
'save', $this->lng->txt(
'role_new'));
 
  412                $this->form->setTitle($this->lng->txt(
'role_edit'));
 
  413                $this->form->addCommandButton(
'update', $this->lng->txt(
'save'));
 
  420        $this->form->addCommandButton(
'cancel', $this->lng->txt(
'cancel'));
 
  424            $title->setDisabled(
true);
 
  427            $title->setValidationRegexp(
'/^(?!il_).*$/');
 
  428            $title->setValidationFailureMessage($this->lng->txt(
'msg_role_reserved_prefix'));
 
  433        $title->setRequired(
true);
 
  434        $this->form->addItem(
$title);
 
  438            $desc->setDisabled(
true);
 
  442        $this->form->addItem($desc);
 
  444        if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
 
  446            $this->form->addItem($ilias_id);
 
  449        if ($this->obj_ref_id == ROLE_FOLDER_ID) {
 
  452            #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info')); 
  453            $this->form->addItem($reg);
 
  457            #$la->setInfo($this->lng->txt('rbac_local_admin_info')); 
  458            $this->form->addItem($la);
 
  463        #$pro->setInfo($this->lng->txt('role_protext_permission_info')); 
  464        $this->form->addItem($pro);
 
  466        include_once 
'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
 
  469            $quo->setMinValue(0);
 
  471            $quo->setInfo($this->lng->txt(
'enter_in_mb_desc') . 
'<br />' . $this->lng->txt(
'disk_quota_on_role_desc'));
 
  472            $this->form->addItem($quo);
 
  475            $this->lng->loadLanguageModule(
"file");
 
  476            $wquo = 
new ilNumberInputGUI($this->lng->txt(
'personal_workspace_disk_quota'), 
'wsp_disk_quota');
 
  477            $wquo->setMinValue(0);
 
  479            $wquo->setInfo($this->lng->txt(
'enter_in_mb_desc') . 
'<br />' . $this->lng->txt(
'disk_quota_on_role_desc'));
 
  480            $this->form->addItem($wquo);
 
  494        if (!$this->form->getItemByPostVar(
'title')->getDisabled()) {
 
  495            $role->
setTitle($this->form->getInput(
'title'));
 
  497        if (!$this->form->getItemByPostVar(
'desc')->getDisabled()) {
 
  518        include_once 
'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
 
  533        $this->form->setValuesByArray(
$data);
 
  548        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  550        if (!$rbacsystem->checkAccess(
'create_role', $this->obj_ref_id)) {
 
  551            $ilErr->raiseError($this->lng->txt(
'permission_denied'), 
$ilErr->MESSAGE);
 
  555        $this->tpl->setContent($this->form->getHTML());
 
  566        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  570        $ilToolbar = 
$DIC[
'ilToolbar'];
 
  572        if (!$this->
checkAccess(
'write', 
'edit_permission')) {
 
  573            $ilErr->raiseError($this->lng->txt(
"msg_no_perm_write"), 
$ilErr->MESSAGE);
 
  577        if ($this->object->getId() != SYSTEM_ROLE_ID) {
 
  578            $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
 
  579            if (
$rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
 
  580                $ilToolbar->addButton(
 
  581                    $this->lng->txt(
'rbac_delete_role'),
 
  582                    $this->ctrl->getLinkTarget($this, 
'confirmDeleteRole')
 
  589        $this->tpl->setContent($this->form->getHTML());
 
  601        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  605        if ($this->form->checkInput() and !$this->checkDuplicate()) {
 
  606            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  608            $this->role->create();
 
  609            $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id, 
'y');
 
  610            $rbacadmin->setProtected(
 
  612                $this->role->getId(),
 
  613                $this->form->getInput(
'pro') ? 
'y' : 
'n' 
  615            ilUtil::sendSuccess($this->lng->txt(
"role_added"), 
true);
 
  616            $this->ctrl->setParameter($this, 
'obj_id', $this->role->getId());
 
  617            $this->ctrl->redirect($this, 
'perm');
 
  621        $this->form->setValuesByPost();
 
  622        $this->tpl->setContent($this->form->getHTML());
 
  644        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  647        if ($this->form->checkInput() and !$this->checkDuplicate($this->object->getId())) {
 
  648            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  650            $this->
object->update();
 
  651            $rbacadmin->setProtected(
 
  653                $this->object->getId(),
 
  654                $this->form->getInput(
'pro') ? 
'y' : 
'n' 
  656            ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"), 
true);
 
  657            $this->ctrl->redirect($this, 
'edit');
 
  661        $this->form->setValuesByPost();
 
  662        $this->tpl->setContent($this->form->getHTML());
 
  670    protected function permObject($a_show_admin_permissions = 
false)
 
  674        $ilTabs = 
$DIC[
'ilTabs'];
 
  676        $ilToolbar = 
$DIC[
'ilToolbar'];
 
  680        $ilTabs->setTabActive(
'default_perm_settings');
 
  684        if ($a_show_admin_permissions) {
 
  685            $ilTabs->setSubTabActive(
'rbac_admin_permissions');
 
  687            $ilTabs->setSubTabActive(
'rbac_repository_permissions');
 
  690        if (!$this->
checkAccess(
'write', 
'edit_permission')) {
 
  691            $ilErr->raiseError($this->lng->txt(
'msg_no_perm_perm'), 
$ilErr->MESSAGE);
 
  696        if ($this->object->getId() != SYSTEM_ROLE_ID) {
 
  697            $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
 
  698            $ilToolbar->addButton(
 
  699                $this->lng->txt(
"adopt_perm_from_template"),
 
  700                $this->ctrl->getLinkTarget($this, 
'adoptPerm')
 
  702            if (
$rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
 
  703                $ilToolbar->addButton(
 
  704                    $this->lng->txt(
'rbac_delete_role'),
 
  705                    $this->ctrl->getLinkTarget($this, 
'confirmDeleteRole')
 
  710        $this->tpl->addBlockFile(
 
  713            'tpl.rbac_template_permissions.html',
 
  714            'Services/AccessControl' 
  717        $this->tpl->setVariable(
'PERM_ACTION', $this->ctrl->getFormAction($this));
 
  719        include_once 
'./Services/Accordion/classes/class.ilAccordionGUI.php';
 
  724        if ($this->obj_ref_id == ROLE_FOLDER_ID) {
 
  725            if ($a_show_admin_permissions) {
 
  726                $subs = ilObjRole::getSubObjects(
'adm', 
true);
 
  728                $subs = ilObjRole::getSubObjects(
'root', 
false);
 
  731            $subs = ilObjRole::getSubObjects($this->
getParentType(), $a_show_admin_permissions);
 
  734        foreach ($subs as $subtype => 
$def) {
 
  735            include_once 
'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
 
  740                $this->object->getId(),
 
  742                $a_show_admin_permissions
 
  746            $acc->addItem(
$def[
'translation'], 
$tbl->getHTML());
 
  749        $this->tpl->setVariable(
'ACCORDION', $acc->getHTML());
 
  752        include_once 
'./Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
 
  757            $this->object->getId(),
 
  758            $a_show_admin_permissions
 
  760        if ($this->object->getId() != SYSTEM_ROLE_ID) {
 
  762                $a_show_admin_permissions ? 
'adminPermSave' : 
'permSave',
 
  763                $this->lng->txt(
'save')
 
  768        $this->tpl->setVariable(
'OPTIONS_TABLE', 
$options->getHTML());
 
  797        $parent_role_ids = 
$rbacreview->getParentRoleIds($this->obj_ref_id, 
true);
 
  799        foreach ($parent_role_ids as 
$id => $tmp) {
 
  803        $sorted_ids = 
ilUtil::_sortIds($ids, 
'object_data', 
'type,title', 
'obj_id');
 
  805        foreach ($sorted_ids as 
$id) {
 
  806            $par = $parent_role_ids[
$id];
 
  807            if ($par[
"obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par[
"obj_id"]) {
 
  809                $output[
$key][
"type"] = ($par[
"type"] == 
'role' ? $this->lng->txt(
'obj_role') : $this->lng->txt(
'obj_rolt'));
 
  817        include_once(
'./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
 
  820        $tbl->setTitle($this->lng->txt(
"adopt_perm_from_template"));
 
  823        $this->tpl->setContent(
$tbl->getHTML());
 
  840            $ilErr->raiseError($this->lng->txt(
'msg_no_perm_perm'), 
$ilErr->WARNING);
 
  843        $question = $this->lng->txt(
'rbac_role_delete_qst');
 
  845            $question .= (
'<br />' . $this->lng->txt(
'rbac_role_delete_self'));
 
  849        include_once 
'./Services/Utilities/classes/class.ilConfirmationGUI.php';
 
  852        $confirm->setFormAction($this->ctrl->getFormAction($this));
 
  853        $confirm->setHeaderText($question);
 
  854        $confirm->setCancel($this->lng->txt(
'cancel'), 
'perm');
 
  855        $confirm->setConfirm($this->lng->txt(
'rbac_delete_role'), 
'performDeleteRole');
 
  859            $this->object->getId(),
 
  860            $this->object->getTitle(),
 
  864        $this->tpl->setContent($confirm->getHTML());
 
  881            $ilErr->raiseError($this->lng->txt(
'msg_no_perm_perm'), 
$ilErr->WARNING);
 
  884        $this->
object->setParent((
int) $this->obj_ref_id);
 
  885        $this->
object->delete();
 
  886        ilUtil::sendSuccess($this->lng->txt(
'msg_deleted_role'), 
true);
 
  888        $this->ctrl->returnToParent($this);
 
  900        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  901        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  910            $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
 
  914        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  916        if ($rbac_log_active) {
 
  921        if ($this->obj_ref_id == ROLE_FOLDER_ID) {
 
  922            if ($a_show_admin_permissions) {
 
  923                $subs = ilObjRole::getSubObjects(
'adm', 
true);
 
  925                $subs = ilObjRole::getSubObjects(
'root', 
false);
 
  928            $subs = ilObjRole::getSubObjects($this->
getParentType(), $a_show_admin_permissions);
 
  931        foreach ($subs as $subtype => 
$def) {
 
  933            $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
 
  936        if (empty(
$_POST[
"template_perm"])) {
 
  937            $_POST[
"template_perm"] = array();
 
  940        foreach (
$_POST[
"template_perm"] as 
$key => $ops_array) {
 
  942            $rbacadmin->setRolePermission($this->object->getId(), 
$key, $ops_array, $this->obj_ref_id);
 
  945        if ($rbac_log_active) {
 
  952        $this->
object->update();
 
  955        if ($this->obj_ref_id == ROLE_FOLDER_ID or 
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id)) {
 
  956            $rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), 
ilUtil::tf2yn(
$_POST[
'protected']));
 
  959        if ($a_show_admin_permissions) {
 
  960            $_POST[
'recursive'] = 
true;
 
  964        if (!
$_POST[
'recursive'] and !is_array(
$_POST[
'recursive_list'])) {
 
  965            ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"), 
true);
 
  966            if ($a_show_admin_permissions) {
 
  967                $this->ctrl->redirect($this, 
'adminPerm');
 
  969                $this->ctrl->redirect($this, 
'perm');
 
  979        if ($a_show_admin_permissions) {
 
  983        if (
$_POST[
'protected']) {
 
  984            $this->
object->changeExistingObjects(
 
  989                #$a_show_admin_permissions ? array('adm') : array() 
  992            $this->
object->changeExistingObjects(
 
  997                #$a_show_admin_permissions ? array('adm') : array() 
 1000        ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"), 
true);
 
 1002        if ($a_show_admin_permissions) {
 
 1003            $this->ctrl->redirect($this, 
'adminPerm');
 
 1005            $this->ctrl->redirect($this, 
'perm');
 
 1020        $rbacadmin = 
$DIC[
'rbacadmin'];
 
 1021        $rbacsystem = 
$DIC[
'rbacsystem'];
 
 1033            $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
 
 1036        if ($this->object->getId() == 
$_POST[
"adopt"]) {
 
 1039            $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
 
 1040            $parentRoles = 
$rbacreview->getParentRoleIds($this->obj_ref_id, 
true);
 
 1041            $rbacadmin->copyRoleTemplatePermissions(
 
 1043                $parentRoles[
$_POST[
"adopt"]][
"parent"],
 
 1045                $this->object->getId(),
 
 1050            $this->
object->update();
 
 1053            $obj_data = &$this->
ilias->obj_factory->getInstanceByObjId($_POST[
"adopt"]);
 
 1054            ilUtil::sendSuccess($this->lng->txt(
"msg_perm_adopted_from1") . 
" '" . $obj_data->getTitle() . 
"'.<br/>" .
 
 1055                     $this->lng->txt(
"msg_perm_adopted_from2"), 
true);
 
 1058        $this->ctrl->redirect($this, 
"perm");
 
 1068        $this->assignUserObject();
 
 1083        $rbacadmin = 
$DIC[
'rbacadmin'];
 
 1085        if (!$this->
checkAccess(
'edit_userassignment', 
'edit_permission')) {
 
 1089        if (!
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
 
 1090            $this->obj_ref_id != ROLE_FOLDER_ID) {
 
 1095            $GLOBALS[
'DIC'][
'lng']->loadLanguageModule(
'search');
 
 1100        $assigned_users_all = 
$rbacreview->assignedUsers($this->object->getId());
 
 1103        $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
 
 1106        if (count($assigned_users_new) == 0) {
 
 1108            $this->ctrl->redirect($this, 
'userassignment');
 
 1112        foreach ($assigned_users_new as 
$user) {
 
 1113            $rbacadmin->assignUser($this->object->getId(), 
$user, 
false);
 
 1117        $this->
object->update();
 
 1119        ilUtil::sendSuccess($this->lng->txt(
"msg_userassignment_changed"), 
true);
 
 1120        $this->ctrl->redirect($this, 
'userassignment');
 
 1132        $rbacsystem = 
$DIC[
'rbacsystem'];
 
 1133        $rbacadmin = 
$DIC[
'rbacadmin'];
 
 1136        if (!$this->
checkAccess(
'edit_userassignment', 
'edit_permission')) {
 
 1137            $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
 
 1140        $selected_users = (
$_POST[
"user_id"]) ? 
$_POST[
"user_id"] : array(
$_GET[
"user_id"]);
 
 1142        if ($selected_users[0] === 
null) {
 
 1143            $this->
ilias->raiseError($this->lng->txt(
"no_checkbox"), $this->
ilias->error_obj->MESSAGE);
 
 1147        if ($this->object->getId() == SYSTEM_ROLE_ID) {
 
 1148            if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== 
false) {
 
 1149                unset($selected_users[$admin]);
 
 1154        $last_role = array();
 
 1157        foreach ($selected_users as 
$user) {
 
 1159            $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
 
 1161            if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(), $assigned_global_roles))) {
 
 1162                $userObj = $this->
ilias->obj_factory->getInstanceByObjId($user);
 
 1163                $last_role[
$user] = $userObj->getFullName();
 
 1170        foreach ($selected_users as 
$user) {
 
 1171            if (!isset($last_role[
$user])) {
 
 1172                $rbacadmin->deassignUser($this->object->getId(), 
$user);
 
 1177        $this->
object->update();
 
 1180        if (count($last_role)) {
 
 1181            $user_list = implode(
", ", $last_role);
 
 1182            ilUtil::sendFailure($this->lng->txt(
'msg_is_last_role') . 
': ' . $user_list . 
'<br />' . $this->lng->txt(
'msg_min_one_role'), 
true);
 
 1184            ilUtil::sendSuccess($this->lng->txt(
"msg_userassignment_changed"), 
true);
 
 1186        $this->ctrl->redirect($this, 
'userassignment');
 
 1198        $rbacsystem = 
$DIC[
'rbacsystem'];
 
 1202        if (!$this->
checkAccess(
'edit_userassignment', 
'edit_permission')) {
 
 1203            $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
 
 1206        $this->tabs_gui->setTabActive(
'user_assignment');
 
 1208        $this->tpl->addBlockFile(
'ADM_CONTENT', 
'adm_content', 
'tpl.rbac_ua.html', 
'Services/AccessControl');
 
 1210        include_once 
'./Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
 
 1214        include_once 
'./Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
 
 1216            $this->object->getId() != SYSTEM_ROLE_ID ||
 
 1225            include_once 
'./Services/Search/classes/class.ilRepositorySearchGUI.php';
 
 1230                    'auto_complete_name' => 
$lng->txt(
'user'),
 
 1231                    'submit_name' => 
$lng->txt(
'add')
 
 1242                $this->lng->txt(
'search_user'),
 
 1243                $this->ctrl->getLinkTargetByClass(
'ilRepositorySearchGUI', 
'start')
 
 1249            $this->lng->txt(
'role_mailto'),
 
 1250            $this->ctrl->getLinkTarget($this, 
'mailToRole')
 
 1252        $this->tpl->setVariable(
'BUTTONS_UA', $tb->getHTML());
 
 1255        include_once 
'./Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
 
 1256        $role_assignment_editable = 
true;
 
 1258                $this->object->getId() == SYSTEM_ROLE_ID &&
 
 1260            $role_assignment_editable = 
false;
 
 1263        include_once 
'./Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
 
 1264        $ut = 
new ilAssignedUsersTableGUI($this, 
'userassignment', $this->object->getId(), $role_assignment_editable);
 
 1266        $this->tpl->setVariable(
'TABLE_UA', $ut->getHTML());
 
 1278        if (
$_GET[
"new_type"] != 
"role") {
 
 1279            $this->ctrl->redirect($this, 
"userassignment");
 
 1281            $this->ctrl->redirectByClass(
"ilobjrolefoldergui", 
"view");
 
 1290        $rbacsystem = 
$DIC[
'rbacsystem'];
 
 1295        if (!is_array(
$_POST[
"role"])) {
 
 1297            $this->searchObject();
 
 1302        $this->tpl->addBlockFile(
"ADM_CONTENT", 
"adm_content", 
"tpl.role_usr_selection.html", 
"Services/AccessControl");
 
 1303        $this->
__showButton(
"searchUserForm", $this->lng->txt(
"role_new_search"));
 
 1308        foreach (
$_POST[
"role"] as $role_id) {
 
 1309            $members = array_merge(
$rbacreview->assignedUsers($role_id), $members);
 
 1312        $members = array_unique($members);
 
 1316        $f_result = array();
 
 1318        foreach ($members as 
$user) {
 
 1323            $user_ids[$counter] = 
$user;
 
 1327            $f_result[$counter][] = $tmp_obj->getLogin();
 
 1328            $f_result[$counter][] = $tmp_obj->getFirstname();
 
 1329            $f_result[$counter][] = $tmp_obj->getLastname();
 
 1335        $this->__showSearchUserTable($f_result, $user_ids, 
"listUsersRole");
 
 1343        $this->tpl->addBlockFile(
"CONTENT", 
"content", 
"tpl.adm_content.html");
 
 1344        $this->tpl->addBlockFile(
"STATUSLINE", 
"statusline", 
"tpl.statusline.html");
 
 1347        if ($this->message) {
 
 1360        $this->tpl->setTitle($this->lng->txt(
'role'));
 
 1361        $this->tpl->setDescription($this->object->getTitle());
 
 1364        $this->
getTabs($this->tabs_gui);
 
 1375        $ilLocator = 
$DIC[
'ilLocator'];
 
 1378            $_GET[
"admin_mode"] == 
"settings" 
 1379            && 
$_GET[
"ref_id"] == ROLE_FOLDER_ID) {     
 
 1380            parent::addAdminLocatorItems(
true);
 
 1382            $ilLocator->addItem(
 
 1384                $this->ctrl->getLinkTargetByClass(
"ilobjrolefoldergui", 
'view')
 
 1387            if (
$_GET[
"obj_id"] > 0) {
 
 1388                $ilLocator->addItem(
 
 1389                    $this->object->getTitle(),
 
 1390                    $this->ctrl->getLinkTarget($this, 
'perm')
 
 1394            parent::addAdminLocatorItems($a_do_not_add_object);
 
 1406        $ilHelp = 
$DIC[
'ilHelp'];
 
 1408        $base_role_container = 
$rbacreview->getFoldersAssignedToRole($this->object->getId(), 
true);
 
 1411        $activate_role_edit = 
false;
 
 1415        if (in_array($this->obj_ref_id, $base_role_container) ||
 
 1416            (strtolower(
$_GET[
"baseClass"]) == 
"iladministrationgui" &&
 
 1417            $_GET[
"admin_mode"] == 
"settings")) {
 
 1418            $activate_role_edit = 
true;
 
 1422        $this->tabs_gui->clearTargets();
 
 1424        $ilHelp->setScreenIdComponent(
"role");
 
 1426        if ($this->back_target != 
"") {
 
 1427            $this->tabs_gui->setBackTarget(
 
 1428                $this->back_target[
"text"],
 
 1429                $this->back_target[
"link"]
 
 1432            $this->tabs_gui->setBackTarget($this->lng->txt(
'btn_back'), $this->ctrl->getParentReturn($this));
 
 1435        if ($this->
checkAccess(
'write', 
'edit_permission') && $activate_role_edit) {
 
 1436            $this->tabs_gui->addTarget(
 
 1438                $this->ctrl->getLinkTarget($this, 
"edit"),
 
 1439                array(
"edit",
"update"),
 
 1456            $this->tabs_gui->addTarget(
 
 1457                "default_perm_settings",
 
 1458                $this->ctrl->getLinkTarget($this, 
"perm"),
 
 1464        if ($this->
checkAccess(
'write', 
'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
 
 1465            $this->tabs_gui->addTarget(
 
 1467                $this->ctrl->getLinkTarget($this, 
"userassignment"),
 
 1468                array(
"deassignUser", 
"userassignment", 
"assignUser", 
"searchUserForm", 
"search"),
 
 1473        if ($this->
checkAccess(
'write', 
'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
 
 1474            $this->tabs_gui->addTarget(
 
 1476                $this->ctrl->getLinkTarget($this, 
"listDesktopItems"),
 
 1477                array(
"listDesktopItems", 
"deleteDesktopItems", 
"selectDesktopItem", 
"askDeleteDesktopItem"),
 
 1481        if ($this->
checkAccess(
'write', 
'edit_permission')) {
 
 1482            $this->tabs_gui->addTarget(
 
 1484                $this->ctrl->getLinkTargetByClass(
'ilExportGUI'),
 
 1493        if (count($obj_ids) > 1) {
 
 1494            $_SESSION[
'mail_roles'][] = 
'#il_role_' . $this->
object->getId();
 
 1496            $_SESSION[
'mail_roles'][] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
 
 1499        require_once 
'Services/Mail/classes/class.ilMailFormCall.php';
 
 1508        $rbacsystem = 
$DIC[
'rbacsystem'];
 
 1509        $ilAccess = 
$DIC[
'ilAccess'];
 
 1511        $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
 
 1513        if ($this->obj_ref_id == ROLE_FOLDER_ID) {
 
 1514            return $rbacsystem->checkAccess($a_perm_global, $this->obj_ref_id);
 
 1516            return $ilAccess->checkAccess($a_perm_obj, 
'', $this->obj_ref_id);
 
 1530        if (!(
int) 
$_POST[
'recursive'] and !is_array(
$_POST[
'recursive_list'])) {
 
 1535        if (
$rbacreview->isProtected($this->obj_ref_id, $this->object->getId())) {
 
 1538            return count(
$rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
 
 1542            return count(
$rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
 
 1552        $protected = 
$_POST[
'protected'];
 
 1554        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
 1556        $form->setFormAction($this->ctrl->getFormAction($this, 
'changeExistingObjects'));
 
 1557        $form->setTitle($this->lng->txt(
'rbac_change_existing_confirm_tbl'));
 
 1559        $form->addCommandButton(
'changeExistingObjects', $this->lng->txt(
'change_existing_objects'));
 
 1560        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
 1565                serialize(array(
'all')) :
 
 1566                serialize(
$_POST[
'recursive_list'])
 
 1568        $form->addItem($hidden);
 
 1575                $this->lng->txt(
'rbac_keep_local_policies'),
 
 1577                $this->lng->txt(
'rbac_keep_local_policies_info')
 
 1582                $this->lng->txt(
'rbac_keep_local_policies'),
 
 1584                $this->lng->txt(
'rbac_unprotected_keep_local_policies_info')
 
 1587        $rad->addOption($keep);
 
 1591                $this->lng->txt(
'rbac_delete_local_policies'),
 
 1593                $this->lng->txt(
'rbac_delete_local_policies_info')
 
 1597                $this->lng->txt(
'rbac_delete_local_policies'),
 
 1599                $this->lng->txt(
'rbac_unprotected_delete_local_policies_info')
 
 1602        $rad->addOption($del);
 
 1604        $form->addItem($rad);
 
 1605        $this->tpl->setContent(
$form->getHTML());
 
 1618        $rbacadmin = 
$DIC[
'rbacadmin'];
 
 1620        $mode = (int) 
$_POST[
'mode'];
 
 1625        ilUtil::sendSuccess($this->lng->txt(
'settings_saved'), 
true);
 
 1626        $this->ctrl->redirect($this, 
'perm');
 
 1638        $ilTabs = 
$DIC[
'ilTabs'];
 
 1641            case 'default_perm_settings':
 
 1642                if ($this->obj_ref_id != ROLE_FOLDER_ID) {
 
 1645                $ilTabs->addSubTabTarget(
 
 1646                    'rbac_repository_permissions',
 
 1647                    $this->ctrl->getLinkTarget($this, 
'perm')
 
 1649                $ilTabs->addSubTabTarget(
 
 1650                    'rbac_admin_permissions',
 
 1651                    $this->ctrl->getLinkTarget($this, 
'adminPerm')
 
 1670            $ilCtrl->redirect($this, 
'userassignment');
 
 1672        include_once 
'./Services/User/classes/class.ilUserClipboard.php';
 
 1677        $lng->loadLanguageModule(
'user');
 
 1678        ilUtil::sendSuccess($this->lng->txt(
'clipboard_user_added'), 
true);
 
 1679        $ilCtrl->redirect($this, 
'userassignment');
 
 1689        $ilLocator = 
$DIC[
'ilLocator'];
 
 1691        if (
$_GET[
"admin_mode"] == 
"") {
 
 1692            $this->ctrl->setParameterByClass(
 
 1695                (
int) 
$_GET[
"obj_id"]
 
 1697            $ilLocator->addItem(
 
 1699                $this->ctrl->getLinkTargetByClass(
 
 1717        $review = 
$DIC->rbac()->review();
 
 1718        $logger = 
$DIC->logger()->ac();
 
 1722            !$this->object->getId() ||
 
 1723            $this->object->getId() == ROLE_FOLDER_ID
 
 1729        $possible_roles = [];
 
 1731            $possible_roles = $review->getRolesOfObject(
 
 1735        } 
catch (\InvalidArgumentException $e) {
 
 1736            $logger->warning(
'Role access check failed: ' . $e);
 
 1738            include_once 
"Services/Object/exceptions/class.ilObjectException.php";
 
 1739            throw new \ilObjectException($this->lng->txt(
'permission_denied'));
 
 1742        if (!in_array($this->object->getId(), $possible_roles)) {
 
 1743            $logger->warning(
'Object id: ' . $this->object->getId() . 
' is not accessible for ref_id: ' . $this->obj_ref_id);
 
 1744            include_once 
"Services/Object/exceptions/class.ilObjectException.php";
 
 1745            throw new \ilObjectException($this->lng->txt(
'permission_denied'));
 
An exception for terminatinating execution or to throw for unit testing.
const USER_FOLDER_ID
Class ilObjUserFolder.
Accordion user interface class.
TableGUI class for role administration.
Confirmation screen class.
static _isActive()
Static getter.
static _isPersonalWorkspaceActive()
Static getter.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
static allocateExportId()
Allocate a new export id.
This class represents a non editable value in a property form.
getAdminTabs()
admin and normal tabs are equal for roles
editObject()
Edit role properties.
getTabs()
get tabs abstract method.
performDeleteRoleObject()
Delete role.
saveObject()
Save new role.
updateObject()
Save role settings.
initFormRoleProperties($a_mode)
Create role prperty form.
userassignmentObject()
display user assignment panel
showChangeExistingObjectsConfirmation()
Show confirmation screen.
ensureRoleAccessForContext()
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
setBackTarget($a_text, $a_link)
set back tab target
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
deassignUserObject()
de-assign users from role
permObject($a_show_admin_permissions=false)
Show template permissions.
loadRoleProperties(ilObjRole $role)
Store form input in role object.
assignSaveObject()
wrapper for renamed function
permSaveObject($a_show_admin_permissions=false)
save permissions
getParentType()
get type of current object (not role folder)
getContainerType()
Get type of role container.
addAdminLocatorItems($a_do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
deleteDesktopItemsObject()
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
checkAccess($a_perm_global, $a_perm_obj='')
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
showDefaultPermissionSettings()
check if default permissions are shown or not
adminPermObject()
Show administration permissions.
assignDesktopItemObject()
executeCommand()
execute command
adminPermSaveObject()
Save admin permissions.
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
confirmDeleteRoleObject()
Show delete confirmation screen.
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
getParentRefId()
Get ref id of current object (not role folder id)
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
adoptPermSaveObject()
copy permissions from role
selectDesktopItemObject()
getParentObjId()
Get obj_id of current object.
setSubTabs($a_tab)
Set sub tabs.
addToClipboardObject()
Add selected users to user clipboard.
changeExistingObjectsObject()
Change existing objects.
askDeleteDesktopItemObject()
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
getAllowRegister()
get allow_register
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static isAutoGenerated($a_role_id)
getDiskQuota()
Gets the minimal disk quota imposed by this role.
toggleAssignUsersStatus($a_assign_users)
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Class ilObjectGUI Basic methods of all Output classes.
__showButton($a_cmd, $a_text, $a_target='')
prepareOutput($a_show_subobjects=true)
prepare output
Table for object role permissions.
Table for object role permissions.
static _lookupObjId($a_id)
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getDescription()
get object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
getTitle()
get object title @access public
This class represents an option in a radio group.
static diffTemplate(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherTemplate($a_role_ref_id, $a_role_id)
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
Table for role desktop items.
static _getInstance()
Get instance of ilSecuritySettings.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static getInstance($a_usr_id)
Get singelton instance.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
static tf2yn($a_tf)
convert true/false to "y"/"n"
static redirect($a_script)
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static MB2Bytes($a_value)
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static infoPanel($a_keep=true)
static Bytes2MB($a_value)
if(!array_key_exists('StateId', $_REQUEST)) $id
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
redirection script todo: (a better solution should control the processing via a xml file)
if(isset($_POST['submit'])) $form