ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once "./Services/Object/classes/class.ilObjectGUI.php";
5include_once './Services/AccessControl/classes/class.ilObjRole.php';
6require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7
21{
26
32 public $type;
33
34
35 protected $obj_ref_id = 0;
36 protected $obj_obj_id = 0;
37 protected $obj_obj_type = '';
38 protected $container_type = '';
39
40
41 public $ctrl;
42
47 public function __construct($a_data, $a_id, $a_call_by_reference = false, $a_prepare_output = true)
48 {
49 global $DIC;
50
51 $tree = $DIC['tree'];
52 $lng = $DIC['lng'];
53
54 $lng->loadLanguageModule('rbac');
55
56 //TODO: move this to class.ilias.php
57 define("USER_FOLDER_ID", 7);
58
59 // Add ref_id of object that contains this role folder
60
61 $this->obj_ref_id =
62 (
63 (int) $_REQUEST['rolf_ref_id'] ?
64 (int) $_REQUEST['rolf_ref_id'] :
65 (int) $_REQUEST['ref_id']
66 );
67
68 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
69 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
70
71 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
72
73 $this->type = "role";
74 parent::__construct($a_data, $a_id, $a_call_by_reference, false);
75 $this->ctrl->saveParameter($this, array('obj_id', 'rolf_ref_id'));
76 }
77
78
79 public function executeCommand()
80 {
81 global $DIC;
82
83 $rbacsystem = $DIC['rbacsystem'];
84
85 $this->prepareOutput();
86
87 $next_class = $this->ctrl->getNextClass($this);
88 $cmd = $this->ctrl->getCmd();
89
91
92 switch ($next_class) {
93 case 'ilrepositorysearchgui':
94
95 if (!$GLOBALS['DIC']['ilAccess']->checkAccess('edit_permission', '', $this->obj_ref_id)) {
96 $GLOBALS['DIC']['ilErr']->raiseError($GLOBALS['DIC']['lng']->txt('permission_denied'), $GLOBALS['DIC']['ilErr']->WARNING);
97 }
98 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
99 $rep_search = new ilRepositorySearchGUI();
100 $rep_search->setTitle($this->lng->txt('role_add_user'));
101 $rep_search->setCallback($this, 'addUserObject');
102
103 // Set tabs
104 $this->tabs_gui->setTabActive('user_assignment');
105 $this->ctrl->setReturn($this, 'userassignment');
106 $ret = &$this->ctrl->forwardCommand($rep_search);
107 break;
108
109 case 'ilexportgui':
110
111 $this->tabs_gui->setTabActive('export');
112
113 include_once './Services/Export/classes/class.ilExportOptions.php';
115 $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
116
117 include_once './Services/Export/classes/class.ilExportGUI.php';
118 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
119 $exp->addFormat('xml');
120 $this->ctrl->forwardCommand($exp);
121 break;
122
123 default:
124 if (!$cmd) {
125 if ($this->showDefaultPermissionSettings()) {
126 $cmd = "perm";
127 } else {
128 $cmd = 'userassignment';
129 }
130 }
131 $cmd .= "Object";
132 $this->$cmd();
133
134 break;
135 }
136
137 return true;
138 }
139
144 public function getParentRefId()
145 {
146 return $this->obj_ref_id;
147 }
148
153 public function getParentObjId()
154 {
155 return $this->obj_obj_id;
156 }
157
162 public function getParentType()
163 {
164 return $this->obj_obj_type;
165 }
166
170 public function setBackTarget($a_text, $a_link)
171 {
172 $this->back_target = array("text" => $a_text,
173 "link" => $a_link);
174 }
175
176 public function getBackTarget()
177 {
178 return $this->back_target ? $this->back_target : array();
179 }
180
184 public function getAdminTabs()
185 {
186 $this->getTabs();
187 }
188
193 protected function getContainerType()
194 {
196 }
197
202 protected function showDefaultPermissionSettings()
203 {
204 global $DIC;
205
206 $objDefinition = $DIC['objDefinition'];
207
208 return $objDefinition->isContainer($this->getContainerType());
209 }
210
211
212 public function listDesktopItemsObject()
213 {
214 global $DIC;
215
216 $rbacsystem = $DIC['rbacsystem'];
217 $rbacreview = $DIC['rbacreview'];
218
219 if (!$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
220 $this->obj_ref_id != ROLE_FOLDER_ID) {
221 ilUtil::sendInfo($this->lng->txt('role_no_users_no_desk_items'));
222 return true;
223 }
224
225 if ($rbacsystem->checkAccess('push_desktop_items', USER_FOLDER_ID)) {
226 $this->__showButton('selectDesktopItem', $this->lng->txt('role_desk_add'));
227 }
228
229 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemsTableGUI.php';
230 $tbl = new ilRoleDesktopItemsTableGUI($this, 'listDesktopItems', $this->object);
231 $this->tpl->setContent($tbl->getHTML());
232
233 return true;
234 }
235
237 {
238 global $DIC;
239
240 $rbacsystem = $DIC['rbacsystem'];
241
242
243 if (!$this->checkAccess('edit_permission')) {
244 $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
245 }
246 if (!$rbacsystem->checkAccess('push_desktop_items', USER_FOLDER_ID)) {
247 $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
248 }
249 if (!count($_POST['del_desk_item'])) {
250 ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
251
252 $this->listDesktopItemsObject();
253
254 return true;
255 }
256
257 include_once("./Services/Utilities/classes/class.ilConfirmationGUI.php");
258 $confirmation_gui = new ilConfirmationGUI();
259 $confirmation_gui->setFormAction($this->ctrl->getFormAction($this));
260 $confirmation_gui->setHeaderText($this->lng->txt('role_assigned_desk_items') .
261 ' "' . $this->object->getTitle() . '": ' .
262 $this->lng->txt('role_sure_delete_desk_items'));
263 $confirmation_gui->setCancel($this->lng->txt("cancel"), "listDesktopItems");
264 $confirmation_gui->setConfirm($this->lng->txt("delete"), "deleteDesktopItems");
265
266 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
267 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
268 $counter = 0;
269 foreach ($_POST['del_desk_item'] as $role_item_id) {
270 $item_data = $role_desk_item_obj->getItem($role_item_id);
271 $tmp_obj = &ilObjectFactory::getInstanceByRefId($item_data['item_id']);
272
273 if (strlen($desc = $tmp_obj->getDescription())) {
274 $desc = '<div class="il_Description_no_margin">' . $desc . '</div>';
275 }
276
277 $confirmation_gui->addItem("del_desk_item[]", $role_item_id, $tmp_obj->getTitle() . $desc);
278 }
279
280 $this->tpl->setContent($confirmation_gui->getHTML());
281
282 return true;
283 }
284
285 public function deleteDesktopItemsObject()
286 {
287 global $DIC;
288
289 $rbacsystem = $DIC['rbacsystem'];
290
291 if (!$this->checkAccess('edit_permission')) {
292 $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
293 }
294
295 if (!$rbacsystem->checkAccess('push_desktop_items', USER_FOLDER_ID)) {
296 $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
297 }
298
299 if (!count($_POST['del_desk_item'])) {
300 ilUtil::sendFailure($this->lng->txt('role_select_one_item'));
301
302 $this->listDesktopItemsObject();
303
304 return true;
305 }
306
307 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
308
309 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
310
311 foreach ($_POST['del_desk_item'] as $role_item_id) {
312 $role_desk_item_obj->delete($role_item_id);
313 }
314
315 ilUtil::sendSuccess($this->lng->txt('role_deleted_desktop_items'));
316 $this->listDesktopItemsObject();
317
318 return true;
319 }
320
321
322 public function selectDesktopItemObject()
323 {
324 global $DIC;
325
326 $rbacsystem = $DIC['rbacsystem'];
327 $tree = $DIC['tree'];
328
329 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
330 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
331
332 if (!$rbacsystem->checkAccess('push_desktop_items', USER_FOLDER_ID)) {
333 #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
334 ilUtil::sendFailure($this->lng->txt('permission_denied'));
335 $this->listDesktopItemsObject();
336 return false;
337 }
338
339 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_desktop_item_selector.html", "Services/AccessControl");
340 $this->__showButton('listDesktopItems', $this->lng->txt('back'));
341
342 ilUtil::sendInfo($this->lng->txt("role_select_desktop_item"));
343
344 $exp = new ilRoleDesktopItemSelector(
345 $this->ctrl->getLinkTarget($this, 'selectDesktopItem'),
346 new ilRoleDesktopItem($this->object->getId())
347 );
348 $exp->setExpand($_GET["role_desk_item_link_expand"] ? $_GET["role_desk_item_link_expand"] : $tree->readRootId());
349 $exp->setExpandTarget($this->ctrl->getLinkTarget($this, 'selectDesktopItem'));
350
351 $exp->setOutput(0);
352
353 $output = $exp->getOutput();
354 $this->tpl->setVariable("EXPLORER", $output);
355 //$this->tpl->setVariable("EXPLORER", $exp->getOutput());
356
357 return true;
358 }
359
360 public function assignDesktopItemObject()
361 {
362 global $DIC;
363
364 $rbacsystem = $DIC['rbacsystem'];
365
366 if (!$rbacsystem->checkAccess('push_desktop_items', USER_FOLDER_ID)) {
367 $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
368 return false;
369 }
370
371
372 if (!isset($_GET['item_id'])) {
373 ilUtil::sendFailure($this->lng->txt('role_no_item_selected'));
375
376 return false;
377 }
378
379 include_once 'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
380
381 $role_desk_item_obj = new ilRoleDesktopItem($this->object->getId());
382 $role_desk_item_obj->add((int) $_GET['item_id'], ilObject::_lookupType((int) $_GET['item_id'], true));
383
384 ilUtil::sendSuccess($this->lng->txt('role_assigned_desktop_item'));
385
386 $this->ctrl->redirect($this, 'listDesktopItems');
387 return true;
388 }
389
395 protected function initFormRoleProperties($a_mode)
396 {
397 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
398 $this->form = new ilPropertyFormGUI();
399
400 if ($this->creation_mode) {
401 $this->ctrl->setParameter($this, "new_type", 'role');
402 }
403 $this->form->setFormAction($this->ctrl->getFormAction($this));
404
405 switch ($a_mode) {
407 $this->form->setTitle($this->lng->txt('role_new'));
408 $this->form->addCommandButton('save', $this->lng->txt('role_new'));
409 break;
410
412 $this->form->setTitle($this->lng->txt('role_edit'));
413 $this->form->addCommandButton('update', $this->lng->txt('save'));
414 break;
415
418 }
419 // Fix cancel
420 $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
421
422 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
423 if (ilObjRole::isAutoGenerated($this->object->getId())) {
424 $title->setDisabled(true);
425 } else {
426 //#17111 No validation for disabled fields
427 $title->setValidationRegexp('/^(?!il_).*$/');
428 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
429 }
430
431 $title->setSize(40);
432 $title->setMaxLength(70);
433 $title->setRequired(true);
434 $this->form->addItem($title);
435
436 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
437 if (ilObjRole::isAutoGenerated($this->object->getId())) {
438 $desc->setDisabled(true);
439 }
440 $desc->setCols(40);
441 $desc->setRows(3);
442 $this->form->addItem($desc);
443
444 if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
445 $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
446 $this->form->addItem($ilias_id);
447 }
448
449 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
450 $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'), 'reg');
451 $reg->setValue(1);
452 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
453 $this->form->addItem($reg);
454
455 $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'), 'la');
456 $la->setValue(1);
457 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
458 $this->form->addItem($la);
459 }
460
461 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
462 $pro->setValue(1);
463 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
464 $this->form->addItem($pro);
465
466 include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
468 $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'), 'disk_quota');
469 $quo->setMinValue(0);
470 $quo->setSize(4);
471 $quo->setInfo($this->lng->txt('enter_in_mb_desc') . '<br />' . $this->lng->txt('disk_quota_on_role_desc'));
472 $this->form->addItem($quo);
473 }
475 $this->lng->loadLanguageModule("file");
476 $wquo = new ilNumberInputGUI($this->lng->txt('personal_workspace_disk_quota'), 'wsp_disk_quota');
477 $wquo->setMinValue(0);
478 $wquo->setSize(4);
479 $wquo->setInfo($this->lng->txt('enter_in_mb_desc') . '<br />' . $this->lng->txt('disk_quota_on_role_desc'));
480 $this->form->addItem($wquo);
481 }
482
483 return true;
484 }
485
491 protected function loadRoleProperties(ilObjRole $role)
492 {
493 //Don't set if fields are disabled to prevent html manipulation.
494 if (!$this->form->getItemByPostVar('title')->getDisabled()) {
495 $role->setTitle($this->form->getInput('title'));
496 }
497 if (!$this->form->getItemByPostVar('desc')->getDisabled()) {
498 $role->setDescription($this->form->getInput('desc'));
499 }
500 $role->setAllowRegister($this->form->getInput('reg'));
501 $role->toggleAssignUsersStatus($this->form->getInput('la'));
502 $role->setDiskQuota(ilUtil::MB2Bytes($this->form->getInput('disk_quota')));
503 $role->setPersonalWorkspaceDiskQuota(ilUtil::MB2Bytes($this->form->getInput('wsp_disk_quota')));
504 return true;
505 }
506
512 protected function readRoleProperties(ilObjRole $role)
513 {
514 global $DIC;
515
516 $rbacreview = $DIC['rbacreview'];
517
518 include_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
519
520 $data['title'] = $role->getTitle();
521 $data['desc'] = $role->getDescription();
522 $data['ilias_id'] = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($role->getId()) . '_' . $role->getId();
523 $data['reg'] = $role->getAllowRegister();
524 $data['la'] = $role->getAssignUsersStatus();
526 $data['disk_quota'] = ilUtil::Bytes2MB($role->getDiskQuota());
527 }
529 $data['wsp_disk_quota'] = ilUtil::Bytes2MB($role->getPersonalWorkspaceDiskQuota());
530 }
531 $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
532
533 $this->form->setValuesByArray($data);
534 }
535
536
537
538
544 public function createObject()
545 {
546 global $DIC;
547
548 $rbacsystem = $DIC['rbacsystem'];
549
550 if (!$rbacsystem->checkAccess('create_role', $this->obj_ref_id)) {
551 $ilErr->raiseError($this->lng->txt('permission_denied'), $ilErr->MESSAGE);
552 }
553
554 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
555 $this->tpl->setContent($this->form->getHTML());
556 }
557
562 public function editObject()
563 {
564 global $DIC;
565
566 $rbacsystem = $DIC['rbacsystem'];
567 $rbacreview = $DIC['rbacreview'];
568 $ilSetting = $DIC['ilSetting'];
569 $ilErr = $DIC['ilErr'];
570 $ilToolbar = $DIC['ilToolbar'];
571
572 if (!$this->checkAccess('write', 'edit_permission')) {
573 $ilErr->raiseError($this->lng->txt("msg_no_perm_write"), $ilErr->MESSAGE);
574 }
575
576 // Show copy role button
577 if ($this->object->getId() != SYSTEM_ROLE_ID) {
578 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
579 if ($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
580 $ilToolbar->addButton(
581 $this->lng->txt('rbac_delete_role'),
582 $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
583 );
584 }
585 }
586
587 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
588 $this->readRoleProperties($this->object);
589 $this->tpl->setContent($this->form->getHTML());
590 }
591
592
597 public function saveObject()
598 {
599 global $DIC;
600
601 $rbacadmin = $DIC['rbacadmin'];
602 $rbacreview = $DIC['rbacreview'];
603
604 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
605 if ($this->form->checkInput() and !$this->checkDuplicate()) {
606 include_once './Services/AccessControl/classes/class.ilObjRole.php';
607 $this->loadRoleProperties($this->role = new ilObjRole());
608 $this->role->create();
609 $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id, 'y');
610 $rbacadmin->setProtected(
611 $this->obj_ref_id,
612 $this->role->getId(),
613 $this->form->getInput('pro') ? 'y' : 'n'
614 );
615 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
616 $this->ctrl->setParameter($this, 'obj_id', $this->role->getId());
617 $this->ctrl->redirect($this, 'perm');
618 }
619
620 ilUtil::sendFailure($this->lng->txt('err_check_input'));
621 $this->form->setValuesByPost();
622 $this->tpl->setContent($this->form->getHTML());
623 return false;
624 }
625
630 protected function checkDuplicate($a_role_id = 0)
631 {
632 // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
633 return false;
634 }
635
640 public function updateObject()
641 {
642 global $DIC;
643
644 $rbacadmin = $DIC['rbacadmin'];
645
646 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
647 if ($this->form->checkInput() and !$this->checkDuplicate($this->object->getId())) {
648 include_once './Services/AccessControl/classes/class.ilObjRole.php';
649 $this->loadRoleProperties($this->object);
650 $this->object->update();
651 $rbacadmin->setProtected(
652 $this->obj_ref_id,
653 $this->object->getId(),
654 $this->form->getInput('pro') ? 'y' : 'n'
655 );
656 ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
657 $this->ctrl->redirect($this, 'edit');
658 }
659
660 ilUtil::sendFailure($this->lng->txt('err_check_input'));
661 $this->form->setValuesByPost();
662 $this->tpl->setContent($this->form->getHTML());
663 return false;
664 }
665
670 protected function permObject($a_show_admin_permissions = false)
671 {
672 global $DIC;
673
674 $ilTabs = $DIC['ilTabs'];
675 $ilErr = $DIC['ilErr'];
676 $ilToolbar = $DIC['ilToolbar'];
677 $objDefinition = $DIC['objDefinition'];
678 $rbacreview = $DIC['rbacreview'];
679
680 $ilTabs->setTabActive('default_perm_settings');
681
682 $this->setSubTabs('default_perm_settings');
683
684 if ($a_show_admin_permissions) {
685 $ilTabs->setSubTabActive('rbac_admin_permissions');
686 } else {
687 $ilTabs->setSubTabActive('rbac_repository_permissions');
688 }
689
690 if (!$this->checkAccess('write', 'edit_permission')) {
691 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'), $ilErr->MESSAGE);
692 return true;
693 }
694
695 // Show copy role button
696 if ($this->object->getId() != SYSTEM_ROLE_ID) {
697 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
698 $ilToolbar->addButton(
699 $this->lng->txt("adopt_perm_from_template"),
700 $this->ctrl->getLinkTarget($this, 'adoptPerm')
701 );
702 if ($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
703 $ilToolbar->addButton(
704 $this->lng->txt('rbac_delete_role'),
705 $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
706 );
707 }
708 }
709
710 $this->tpl->addBlockFile(
711 'ADM_CONTENT',
712 'adm_content',
713 'tpl.rbac_template_permissions.html',
714 'Services/AccessControl'
715 );
716
717 $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
718
719 include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
720 $acc = new ilAccordionGUI();
721 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
722 $acc->setId('template_perm_' . $this->getParentRefId());
723
724 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
725 if ($a_show_admin_permissions) {
726 $subs = ilObjRole::getSubObjects('adm', true);
727 } else {
728 $subs = ilObjRole::getSubObjects('root', false);
729 }
730 } else {
731 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
732 }
733
734 foreach ($subs as $subtype => $def) {
735 include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
737 $this,
738 'perm',
739 $this->getParentRefId(),
740 $this->object->getId(),
741 $subtype,
742 $a_show_admin_permissions
743 );
744 $tbl->parse();
745
746 $acc->addItem($def['translation'], $tbl->getHTML());
747 }
748
749 $this->tpl->setVariable('ACCORDION', $acc->getHTML());
750
751 // Add options table
752 include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
754 $this,
755 'perm',
756 $this->obj_ref_id,
757 $this->object->getId(),
758 $a_show_admin_permissions
759 );
760 if ($this->object->getId() != SYSTEM_ROLE_ID) {
761 $options->addMultiCommand(
762 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
763 $this->lng->txt('save')
764 );
765 }
766
767 $options->parse();
768 $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
769 }
770
775 protected function adminPermObject()
776 {
777 return $this->permObject(true);
778 }
779
784 protected function adminPermSaveObject()
785 {
786 return $this->permSaveObject(true);
787 }
788
789 protected function adoptPermObject()
790 {
791 global $DIC;
792
793 $rbacreview = $DIC['rbacreview'];
794
795 $output = array();
796
797 $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id, true);
798 $ids = array();
799 foreach ($parent_role_ids as $id => $tmp) {
800 $ids[] = $id;
801 }
802 // Sort ids
803 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
804 $key = 0;
805 foreach ($sorted_ids as $id) {
806 $par = $parent_role_ids[$id];
807 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
808 $output[$key]["role_id"] = $par["obj_id"];
809 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
810 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
811 $output[$key]["role_desc"] = $par["desc"];
812 $key++;
813 }
814 }
815
816
817 include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
818
819 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
820 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
821 $tbl->setData($output);
822
823 $this->tpl->setContent($tbl->getHTML());
824 }
825
830 protected function confirmDeleteRoleObject()
831 {
832 global $DIC;
833
834 $ilErr = $DIC['ilErr'];
835 $rbacreview = $DIC['rbacreview'];
836 $ilUser = $DIC['ilUser'];
837
838 $access = $this->checkAccess('visible,write', 'edit_permission');
839 if (!$access) {
840 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'), $ilErr->WARNING);
841 }
842
843 $question = $this->lng->txt('rbac_role_delete_qst');
844 if ($rbacreview->isAssigned($ilUser->getId(), $this->object->getId())) {
845 $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
846 }
847 ilUtil::sendQuestion($question);
848
849 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
850
851 $confirm = new ilConfirmationGUI();
852 $confirm->setFormAction($this->ctrl->getFormAction($this));
853 $confirm->setHeaderText($question);
854 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
855 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
856
857 $confirm->addItem(
858 'role',
859 $this->object->getId(),
860 $this->object->getTitle(),
861 ilUtil::getImagePath('icon_role.svg')
862 );
863
864 $this->tpl->setContent($confirm->getHTML());
865 return true;
866 }
867
868
873 protected function performDeleteRoleObject()
874 {
875 global $DIC;
876
877 $ilErr = $DIC['ilErr'];
878
879 $access = $this->checkAccess('visible,write', 'edit_permission');
880 if (!$access) {
881 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'), $ilErr->WARNING);
882 }
883
884 $this->object->setParent((int) $this->obj_ref_id);
885 $this->object->delete();
886 ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'), true);
887
888 $this->ctrl->returnToParent($this);
889 }
890
896 public function permSaveObject($a_show_admin_permissions = false)
897 {
898 global $DIC;
899
900 $rbacsystem = $DIC['rbacsystem'];
901 $rbacadmin = $DIC['rbacadmin'];
902 $rbacreview = $DIC['rbacreview'];
903 $objDefinition = $DIC['objDefinition'];
904 $tree = $DIC['tree'];
905
906 // for role administration check write of global role folder
907 $access = $this->checkAccess('visible,write', 'edit_permission');
908
909 if (!$access) {
910 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
911 }
912
913 // rbac log
914 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
915 $rbac_log_active = ilRbacLog::isActive();
916 if ($rbac_log_active) {
917 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
918 }
919
920 // delete all template entries of enabled types
921 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
922 if ($a_show_admin_permissions) {
923 $subs = ilObjRole::getSubObjects('adm', true);
924 } else {
925 $subs = ilObjRole::getSubObjects('root', false);
926 }
927 } else {
928 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
929 }
930
931 foreach ($subs as $subtype => $def) {
932 // Delete per object type
933 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
934 }
935
936 if (empty($_POST["template_perm"])) {
937 $_POST["template_perm"] = array();
938 }
939
940 foreach ($_POST["template_perm"] as $key => $ops_array) {
941 // sets new template permissions
942 $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
943 }
944
945 if ($rbac_log_active) {
946 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
947 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
948 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
949 }
950
951 // update object data entry (to update last modification date)
952 $this->object->update();
953
954 // set protected flag
955 if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id)) {
956 $rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
957 }
958
959 if ($a_show_admin_permissions) {
960 $_POST['recursive'] = true;
961 }
962
963 // Redirect if Change existing objects is not chosen
964 if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
965 ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
966 if ($a_show_admin_permissions) {
967 $this->ctrl->redirect($this, 'adminPerm');
968 } else {
969 $this->ctrl->redirect($this, 'perm');
970 }
971 }
972 // New implementation
973 if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
975 return true;
976 }
977
978 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
979 if ($a_show_admin_permissions) {
980 $start = $tree->getParentId($this->obj_ref_id);
981 }
982
983 if ($_POST['protected']) {
984 $this->object->changeExistingObjects(
985 $start,
987 array('all'),
988 array()
989 #$a_show_admin_permissions ? array('adm') : array()
990 );
991 } else {
992 $this->object->changeExistingObjects(
993 $start,
995 array('all'),
996 array()
997 #$a_show_admin_permissions ? array('adm') : array()
998 );
999 }
1000 ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
1001
1002 if ($a_show_admin_permissions) {
1003 $this->ctrl->redirect($this, 'adminPerm');
1004 } else {
1005 $this->ctrl->redirect($this, 'perm');
1006 }
1007 return true;
1008 }
1009
1010
1016 public function adoptPermSaveObject()
1017 {
1018 global $DIC;
1019
1020 $rbacadmin = $DIC['rbacadmin'];
1021 $rbacsystem = $DIC['rbacsystem'];
1022 $rbacreview = $DIC['rbacreview'];
1023 $tree = $DIC['tree'];
1024
1025 if (!$_POST['adopt']) {
1026 ilUtil::sendFailure($this->lng->txt('select_one'));
1027 $this->adoptPermObject();
1028 return false;
1029 }
1030
1031 $access = $this->checkAccess('visible,write', 'edit_permission');
1032 if (!$access) {
1033 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
1034 }
1035
1036 if ($this->object->getId() == $_POST["adopt"]) {
1037 ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"), true);
1038 } else {
1039 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
1040 $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id, true);
1041 $rbacadmin->copyRoleTemplatePermissions(
1042 $_POST["adopt"],
1043 $parentRoles[$_POST["adopt"]]["parent"],
1044 $this->obj_ref_id,
1045 $this->object->getId(),
1046 false
1047 );
1048
1049 // update object data entry (to update last modification date)
1050 $this->object->update();
1051
1052 // send info
1053 $obj_data = &$this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
1054 ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1") . " '" . $obj_data->getTitle() . "'.<br/>" .
1055 $this->lng->txt("msg_perm_adopted_from2"), true);
1056 }
1057
1058 $this->ctrl->redirect($this, "perm");
1059 }
1060
1066 public function assignSaveObject()
1067 {
1068 $this->assignUserObject();
1069 }
1070
1071
1072
1078 public function addUserObject($a_user_ids)
1079 {
1080 global $DIC;
1081
1082 $rbacreview = $DIC['rbacreview'];
1083 $rbacadmin = $DIC['rbacadmin'];
1084
1085 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
1086 ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'), true);
1087 return false;
1088 }
1089 if (!$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
1090 $this->obj_ref_id != ROLE_FOLDER_ID) {
1091 ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'), true);
1092 return false;
1093 }
1094 if (!$a_user_ids) {
1095 $GLOBALS['DIC']['lng']->loadLanguageModule('search');
1096 ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'), true);
1097 return false;
1098 }
1099
1100 $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
1101
1102 // users to assign
1103 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
1104
1105 // selected users all already assigned. stop
1106 if (count($assigned_users_new) == 0) {
1107 ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"), true);
1108 $this->ctrl->redirect($this, 'userassignment');
1109 }
1110
1111 // assign new users
1112 foreach ($assigned_users_new as $user) {
1113 $rbacadmin->assignUser($this->object->getId(), $user, false);
1114 }
1115
1116 // update object data entry (to update last modification date)
1117 $this->object->update();
1118
1119 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1120 $this->ctrl->redirect($this, 'userassignment');
1121 }
1122
1128 public function deassignUserObject()
1129 {
1130 global $DIC;
1131
1132 $rbacsystem = $DIC['rbacsystem'];
1133 $rbacadmin = $DIC['rbacadmin'];
1134 $rbacreview = $DIC['rbacreview'];
1135
1136 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
1137 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1138 }
1139
1140 $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
1141
1142 if ($selected_users[0] === null) {
1143 $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
1144 }
1145
1146 // prevent unassignment of system user from system role
1147 if ($this->object->getId() == SYSTEM_ROLE_ID) {
1148 if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
1149 unset($selected_users[$admin]);
1150 }
1151 }
1152
1153 // check for each user if the current role is his last global role before deassigning him
1154 $last_role = array();
1155 $global_roles = $rbacreview->getGlobalRoles();
1156
1157 foreach ($selected_users as $user) {
1158 $assigned_roles = $rbacreview->assignedRoles($user);
1159 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
1160
1161 if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(), $assigned_global_roles))) {
1162 $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
1163 $last_role[$user] = $userObj->getFullName();
1164 unset($userObj);
1165 }
1166 }
1167
1168
1169 // ... else perform deassignment
1170 foreach ($selected_users as $user) {
1171 if (!isset($last_role[$user])) {
1172 $rbacadmin->deassignUser($this->object->getId(), $user);
1173 }
1174 }
1175
1176 // update object data entry (to update last modification date)
1177 $this->object->update();
1178
1179 // raise error if last role was taken from a user...
1180 if (count($last_role)) {
1181 $user_list = implode(", ", $last_role);
1182 ilUtil::sendFailure($this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
1183 } else {
1184 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1185 }
1186 $this->ctrl->redirect($this, 'userassignment');
1187 }
1188
1189
1193 public function userassignmentObject()
1194 {
1195 global $DIC;
1196
1197 $rbacreview = $DIC['rbacreview'];
1198 $rbacsystem = $DIC['rbacsystem'];
1199 $lng = $DIC['lng'];
1200 $ilUser = $DIC['ilUser'];
1201
1202 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
1203 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1204 }
1205
1206 $this->tabs_gui->setTabActive('user_assignment');
1207
1208 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
1209
1210 include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1211 $tb = new ilToolbarGUI();
1212
1213 // protected admin role
1214 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1215 if (
1216 $this->object->getId() != SYSTEM_ROLE_ID ||
1217 (
1218 !$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) or
1219 !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1220 )
1221 ) {
1222
1223
1224 // add member
1225 include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1227 $this,
1228 $tb,
1229 array(
1230 'auto_complete_name' => $lng->txt('user'),
1231 'submit_name' => $lng->txt('add')
1232 )
1233 );
1234
1235 /*
1236 // add button
1237 $tb->addFormButton($lng->txt("add"), "assignUser");
1238 */
1239 $tb->addSpacer();
1240
1241 $tb->addButton(
1242 $this->lng->txt('search_user'),
1243 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
1244 );
1245 $tb->addSpacer();
1246 }
1247
1248 $tb->addButton(
1249 $this->lng->txt('role_mailto'),
1250 $this->ctrl->getLinkTarget($this, 'mailToRole')
1251 );
1252 $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
1253
1254
1255 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1256 $role_assignment_editable = true;
1257 if (
1258 $this->object->getId() == SYSTEM_ROLE_ID &&
1259 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
1260 $role_assignment_editable = false;
1261 }
1262
1263 include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1264 $ut = new ilAssignedUsersTableGUI($this, 'userassignment', $this->object->getId(), $role_assignment_editable);
1265
1266 $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
1267
1268 return true;
1269 }
1270
1271
1276 public function cancelObject()
1277 {
1278 if ($_GET["new_type"] != "role") {
1279 $this->ctrl->redirect($this, "userassignment");
1280 } else {
1281 $this->ctrl->redirectByClass("ilobjrolefoldergui", "view");
1282 }
1283 }
1284
1285
1286 public function listUsersRoleObject()
1287 {
1288 global $DIC;
1289
1290 $rbacsystem = $DIC['rbacsystem'];
1291 $rbacreview = $DIC['rbacreview'];
1292
1293 $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1294
1295 if (!is_array($_POST["role"])) {
1296 ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1297 $this->searchObject();
1298
1299 return false;
1300 }
1301
1302 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1303 $this->__showButton("searchUserForm", $this->lng->txt("role_new_search"));
1304
1305 // GET ALL MEMBERS
1306 $members = array();
1307
1308 foreach ($_POST["role"] as $role_id) {
1309 $members = array_merge($rbacreview->assignedUsers($role_id), $members);
1310 }
1311
1312 $members = array_unique($members);
1313
1314 // FORMAT USER DATA
1315 $counter = 0;
1316 $f_result = array();
1317
1318 foreach ($members as $user) {
1319 if (!$tmp_obj = ilObjectFactory::getInstanceByObjId($user, false)) {
1320 continue;
1321 }
1322
1323 $user_ids[$counter] = $user;
1324
1325 // TODO: exclude anonymous user
1326 $f_result[$counter][] = ilUtil::formCheckbox(0, "user[]", $user);
1327 $f_result[$counter][] = $tmp_obj->getLogin();
1328 $f_result[$counter][] = $tmp_obj->getFirstname();
1329 $f_result[$counter][] = $tmp_obj->getLastname();
1330
1331 unset($tmp_obj);
1332 ++$counter;
1333 }
1334
1335 $this->__showSearchUserTable($f_result, $user_ids, "listUsersRole");
1336
1337 return true;
1338 }
1339
1340 public function __prepareOutput()
1341 {
1342 // output objects
1343 $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1344 $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1345
1346 // output message
1347 if ($this->message) {
1348 ilUtil::sendInfo($this->message);
1349 }
1350
1351 // display infopanel if something happened
1353
1354 // set header
1355 $this->__setHeader();
1356 }
1357
1358 public function __setHeader()
1359 {
1360 $this->tpl->setTitle($this->lng->txt('role'));
1361 $this->tpl->setDescription($this->object->getTitle());
1362 $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1363
1364 $this->getTabs($this->tabs_gui);
1365 }
1366
1367
1371 protected function addAdminLocatorItems($a_do_not_add_object = false)
1372 {
1373 global $DIC;
1374
1375 $ilLocator = $DIC['ilLocator'];
1376
1377 if (
1378 $_GET["admin_mode"] == "settings"
1379 && $_GET["ref_id"] == ROLE_FOLDER_ID) { // system settings
1380 parent::addAdminLocatorItems(true);
1381
1382 $ilLocator->addItem(
1383 $this->lng->txt("obj_" . ilObject::_lookupType(ilObject::_lookupObjId($_GET["ref_id"]))),
1384 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1385 );
1386
1387 if ($_GET["obj_id"] > 0) {
1388 $ilLocator->addItem(
1389 $this->object->getTitle(),
1390 $this->ctrl->getLinkTarget($this, 'perm')
1391 );
1392 }
1393 } else {
1394 parent::addAdminLocatorItems($a_do_not_add_object);
1395 }
1396 }
1397
1398
1399
1400
1401 public function getTabs()
1402 {
1403 global $DIC;
1404
1405 $rbacreview = $DIC['rbacreview'];
1406 $ilHelp = $DIC['ilHelp'];
1407
1408 $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(), true);
1409
1410
1411 $activate_role_edit = false;
1412
1413 // todo: activate the following (allow editing of local roles in
1414 // roles administration)
1415 if (in_array($this->obj_ref_id, $base_role_container) ||
1416 (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1417 $_GET["admin_mode"] == "settings")) {
1418 $activate_role_edit = true;
1419 }
1420
1421 // not so nice (workaround for using tabs in repository)
1422 $this->tabs_gui->clearTargets();
1423
1424 $ilHelp->setScreenIdComponent("role");
1425
1426 if ($this->back_target != "") {
1427 $this->tabs_gui->setBackTarget(
1428 $this->back_target["text"],
1429 $this->back_target["link"]
1430 );
1431 } else {
1432 $this->tabs_gui->setBackTarget($this->lng->txt('btn_back'), $this->ctrl->getParentReturn($this));
1433 }
1434
1435 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1436 $this->tabs_gui->addTarget(
1437 "edit_properties",
1438 $this->ctrl->getLinkTarget($this, "edit"),
1439 array("edit","update"),
1440 get_class($this)
1441 );
1442 }
1443 /*
1444 if($this->checkAccess('write','edit_permission') and $this->showDefaultPermissionSettings())
1445 {
1446 $force_active = ($_GET["cmd"] == "perm" || $_GET["cmd"] == "")
1447 ? true
1448 : false;
1449 $this->tabs_gui->addTarget("default_perm_settings",
1450 $this->ctrl->getLinkTarget($this, "perm"), array("perm", "adoptPermSave", "permSave"),
1451 get_class($this),
1452 "", $force_active);
1453 }
1454 */
1455 if ($this->checkAccess('write', 'edit_permission') and $this->showDefaultPermissionSettings()) {
1456 $this->tabs_gui->addTarget(
1457 "default_perm_settings",
1458 $this->ctrl->getLinkTarget($this, "perm"),
1459 array(),
1460 get_class($this)
1461 );
1462 }
1463
1464 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1465 $this->tabs_gui->addTarget(
1466 "user_assignment",
1467 $this->ctrl->getLinkTarget($this, "userassignment"),
1468 array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1469 get_class($this)
1470 );
1471 }
1472
1473 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1474 $this->tabs_gui->addTarget(
1475 "desktop_items",
1476 $this->ctrl->getLinkTarget($this, "listDesktopItems"),
1477 array("listDesktopItems", "deleteDesktopItems", "selectDesktopItem", "askDeleteDesktopItem"),
1478 get_class($this)
1479 );
1480 }
1481 if ($this->checkAccess('write', 'edit_permission')) {
1482 $this->tabs_gui->addTarget(
1483 'export',
1484 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1485 array()
1486 );
1487 }
1488 }
1489
1490 public function mailToRoleObject()
1491 {
1492 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1493 if (count($obj_ids) > 1) {
1494 $_SESSION['mail_roles'][] = '#il_role_' . $this->object->getId();
1495 } else {
1496 $_SESSION['mail_roles'][] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1497 }
1498
1499 require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1500 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1501 ilUtil::redirect($script);
1502 }
1503
1504 public function checkAccess($a_perm_global, $a_perm_obj = '')
1505 {
1506 global $DIC;
1507
1508 $rbacsystem = $DIC['rbacsystem'];
1509 $ilAccess = $DIC['ilAccess'];
1510
1511 $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1512
1513 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1514 return $rbacsystem->checkAccess($a_perm_global, $this->obj_ref_id);
1515 } else {
1516 return $ilAccess->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1517 }
1518 }
1519
1525 {
1526 global $DIC;
1527
1528 $rbacreview = $DIC['rbacreview'];
1529
1530 if (!(int) $_POST['recursive'] and !is_array($_POST['recursive_list'])) {
1531 return false;
1532 }
1533
1534 // Role is protected
1535 if ($rbacreview->isProtected($this->obj_ref_id, $this->object->getId())) {
1536 // TODO: check if recursive_list is enabled
1537 // and if yes: check if inheritance is broken for the relevant object types
1538 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1539 } else {
1540 // TODO: check if recursive_list is enabled
1541 // and if yes: check if inheritance is broken for the relevant object types
1542 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1543 }
1544 }
1545
1551 {
1552 $protected = $_POST['protected'];
1553
1554 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1555 $form = new ilPropertyFormGUI();
1556 $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1557 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1558
1559 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1560 $form->addCommandButton('perm', $this->lng->txt('cancel'));
1561
1562 $hidden = new ilHiddenInputGUI('type_filter');
1563 $hidden->setValue(
1564 $_POST['recursive'] ?
1565 serialize(array('all')) :
1566 serialize($_POST['recursive_list'])
1567 );
1568 $form->addItem($hidden);
1569
1570 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1571
1572 if ($protected) {
1574 $keep = new ilRadioOption(
1575 $this->lng->txt('rbac_keep_local_policies'),
1577 $this->lng->txt('rbac_keep_local_policies_info')
1578 );
1579 } else {
1581 $keep = new ilRadioOption(
1582 $this->lng->txt('rbac_keep_local_policies'),
1584 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1585 );
1586 }
1587 $rad->addOption($keep);
1588
1589 if ($protected) {
1590 $del = new ilRadioOption(
1591 $this->lng->txt('rbac_delete_local_policies'),
1593 $this->lng->txt('rbac_delete_local_policies_info')
1594 );
1595 } else {
1596 $del = new ilRadioOption(
1597 $this->lng->txt('rbac_delete_local_policies'),
1599 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1600 );
1601 }
1602 $rad->addOption($del);
1603
1604 $form->addItem($rad);
1605 $this->tpl->setContent($form->getHTML());
1606 }
1607
1612 protected function changeExistingObjectsObject()
1613 {
1614 global $DIC;
1615
1616 $tree = $DIC['tree'];
1617 $rbacreview = $DIC['rbacreview'];
1618 $rbacadmin = $DIC['rbacadmin'];
1619
1620 $mode = (int) $_POST['mode'];
1621 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1622
1623 $this->object->changeExistingObjects($start, $mode, unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1624
1625 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
1626 $this->ctrl->redirect($this, 'perm');
1627 }
1628
1634 protected function setSubTabs($a_tab)
1635 {
1636 global $DIC;
1637
1638 $ilTabs = $DIC['ilTabs'];
1639
1640 switch ($a_tab) {
1641 case 'default_perm_settings':
1642 if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1643 return true;
1644 }
1645 $ilTabs->addSubTabTarget(
1646 'rbac_repository_permissions',
1647 $this->ctrl->getLinkTarget($this, 'perm')
1648 );
1649 $ilTabs->addSubTabTarget(
1650 'rbac_admin_permissions',
1651 $this->ctrl->getLinkTarget($this, 'adminPerm')
1652 );
1653 }
1654 return true;
1655 }
1656
1660 protected function addToClipboardObject()
1661 {
1662 global $DIC;
1663
1664 $lng = $DIC['lng'];
1665 $ilCtrl = $DIC['ilCtrl'];
1666
1667 $users = (array) $_POST['user_id'];
1668 if (!count($users)) {
1669 ilUtil::sendFailure($this->lng->txt('select_one'), true);
1670 $ilCtrl->redirect($this, 'userassignment');
1671 }
1672 include_once './Services/User/classes/class.ilUserClipboard.php';
1673 $clip = ilUserClipboard::getInstance($GLOBALS['DIC']['ilUser']->getId());
1674 $clip->add($users);
1675 $clip->save();
1676
1677 $lng->loadLanguageModule('user');
1678 ilUtil::sendSuccess($this->lng->txt('clipboard_user_added'), true);
1679 $ilCtrl->redirect($this, 'userassignment');
1680 }
1681
1685 protected function addLocatorItems()
1686 {
1687 global $DIC;
1688
1689 $ilLocator = $DIC['ilLocator'];
1690
1691 if ($_GET["admin_mode"] == "") {
1692 $this->ctrl->setParameterByClass(
1693 "ilobjrolegui",
1694 "obj_id",
1695 (int) $_GET["obj_id"]
1696 );
1697 $ilLocator->addItem(
1698 ilObjRole::_getTranslation($this->object->getTitle()),
1699 $this->ctrl->getLinkTargetByClass(
1700 array(
1701 "ilpermissiongui",
1702 "ilobjrolegui"),
1703 "perm"
1704 )
1705 );
1706 }
1707 }
1708
1709 /*
1710 * Ensure access to role for ref_id
1711 * @throws ilObjectException
1712 */
1713 protected function ensureRoleAccessForContext()
1714 {
1715 global $DIC;
1716
1717 $review = $DIC->rbac()->review();
1718 $logger = $DIC->logger()->ac();
1719
1720 // creation of roles
1721 if (
1722 !$this->object->getId() ||
1723 $this->object->getId() == ROLE_FOLDER_ID
1724 ) {
1725 return true;
1726 }
1727
1728
1729 $possible_roles = [];
1730 try {
1731 $possible_roles = $review->getRolesOfObject(
1732 $this->obj_ref_id,
1733 false
1734 );
1735 } catch (\InvalidArgumentException $e) {
1736 $logger->warning('Role access check failed: ' . $e);
1737
1738 include_once "Services/Object/exceptions/class.ilObjectException.php";
1739 throw new \ilObjectException($this->lng->txt('permission_denied'));
1740 }
1741
1742 if (!in_array($this->object->getId(), $possible_roles)) {
1743 $logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1744 include_once "Services/Object/exceptions/class.ilObjectException.php";
1745 throw new \ilObjectException($this->lng->txt('permission_denied'));
1746 }
1747 return true;
1748 }
1749} // END class.ilObjRoleGUI
$users
Definition: authpage.php:44
$_GET["client_id"]
$_POST["username"]
$_SESSION["AccountId"]
An exception for terminatinating execution or to throw for unit testing.
const USER_FOLDER_ID
Class ilObjUserFolder.
Accordion user interface class.
TableGUI class for role administration.
This class represents a checkbox property in a property form.
Confirmation screen class.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
static allocateExportId()
Allocate a new export id.
This class represents a hidden form property in a property form.
static getRedirectTarget($gui, $cmd, array $gui_params=array(), array $mail_params=array(), array $context_params=array())
This class represents a non editable value in a property form.
This class represents a number property in a property form.
Class ilObjRoleGUI.
getAdminTabs()
admin and normal tabs are equal for roles
editObject()
Edit role properties.
getTabs()
get tabs abstract method.
performDeleteRoleObject()
Delete role.
saveObject()
Save new role.
updateObject()
Save role settings.
initFormRoleProperties($a_mode)
Create role prperty form.
userassignmentObject()
display user assignment panel
showChangeExistingObjectsConfirmation()
Show confirmation screen.
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
setBackTarget($a_text, $a_link)
set back tab target
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
deassignUserObject()
de-assign users from role
permObject($a_show_admin_permissions=false)
Show template permissions.
loadRoleProperties(ilObjRole $role)
Store form input in role object.
assignSaveObject()
wrapper for renamed function
permSaveObject($a_show_admin_permissions=false)
save permissions
getParentType()
get type of current object (not role folder)
getContainerType()
Get type of role container.
addAdminLocatorItems($a_do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
checkAccess($a_perm_global, $a_perm_obj='')
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
showDefaultPermissionSettings()
check if default permissions are shown or not
adminPermObject()
Show administration permissions.
executeCommand()
execute command
adminPermSaveObject()
Save admin permissions.
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
confirmDeleteRoleObject()
Show delete confirmation screen.
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
getParentRefId()
Get ref id of current object (not role folder id)
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
adoptPermSaveObject()
copy permissions from role
getParentObjId()
Get obj_id of current object.
setSubTabs($a_tab)
Set sub tabs.
addToClipboardObject()
Add selected users to user clipboard.
changeExistingObjectsObject()
Change existing objects.
Class ilObjRole.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
getAllowRegister()
get allow_register
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static isAutoGenerated($a_role_id)
getDiskQuota()
Gets the minimal disk quota imposed by this role.
toggleAssignUsersStatus($a_assign_users)
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Class ilObjectGUI Basic methods of all Output classes.
__showButton($a_cmd, $a_text, $a_target='')
prepareOutput($a_show_subobjects=true)
prepare output
static _lookupObjId($a_id)
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getDescription()
get object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
getTitle()
get object title @access public
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
static diffTemplate(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherTemplate($a_role_ref_id, $a_role_id)
const EDIT_TEMPLATE
static isActive()
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
static _getInstance()
Get instance of ilSecuritySettings.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static getInstance($a_usr_id)
Get singelton instance.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
static tf2yn($a_tf)
convert true/false to "y"/"n"
static redirect($a_script)
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static MB2Bytes($a_value)
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static infoPanel($a_keep=true)
static Bytes2MB($a_value)
$def
Definition: croninfo.php:21
$key
Definition: croninfo.php:18
$tbl
Definition: example_048.php:81
if(!array_key_exists('StateId', $_REQUEST)) $id
global $ilCtrl
Definition: ilias.php:18
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
redirection script todo: (a better solution should control the processing via a xml file)
$ret
Definition: parser.php:6
global $ilSetting
Definition: privfeed.php:17
if(isset($_POST['submit'])) $form
global $DIC
Definition: saml.php:7
$ilUser
Definition: imgupload.php:18
$start
Definition: bench.php:8