4include_once
"./Services/Object/classes/class.ilObjectGUI.php";
5include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
6require_once(
'./Services/Repository/classes/class.ilObjectPlugin.php');
47 public function __construct($a_data, $a_id, $a_call_by_reference =
false, $a_prepare_output =
true)
54 $lng->loadLanguageModule(
'rbac');
57 define(
"USER_FOLDER_ID", 7);
63 (int) $_REQUEST[
'rolf_ref_id'] ?
64 (
int) $_REQUEST[
'rolf_ref_id'] :
65 (int) $_REQUEST[
'ref_id']
74 parent::__construct($a_data, $a_id, $a_call_by_reference,
false);
75 $this->ctrl->saveParameter($this, array(
'obj_id',
'rolf_ref_id'));
83 $rbacsystem =
$DIC[
'rbacsystem'];
87 $next_class = $this->ctrl->getNextClass($this);
88 $cmd = $this->ctrl->getCmd();
92 switch ($next_class) {
93 case 'ilrepositorysearchgui':
96 $GLOBALS[
'DIC'][
'ilErr']->raiseError(
$GLOBALS[
'DIC'][
'lng']->txt(
'permission_denied'),
$GLOBALS[
'DIC'][
'ilErr']->WARNING);
98 include_once(
'./Services/Search/classes/class.ilRepositorySearchGUI.php');
100 $rep_search->setTitle($this->lng->txt(
'role_add_user'));
101 $rep_search->setCallback($this,
'addUserObject');
104 $this->tabs_gui->setTabActive(
'user_assignment');
105 $this->ctrl->setReturn($this,
'userassignment');
106 $ret = &$this->ctrl->forwardCommand($rep_search);
111 $this->tabs_gui->setTabActive(
'export');
113 include_once
'./Services/Export/classes/class.ilExportOptions.php';
117 include_once
'./Services/Export/classes/class.ilExportGUI.php';
119 $exp->addFormat(
'xml');
120 $this->ctrl->forwardCommand($exp);
128 $cmd =
'userassignment';
172 $this->back_target = array(
"text" => $a_text,
178 return $this->back_target ? $this->back_target : array();
216 $rbacsystem =
$DIC[
'rbacsystem'];
219 if (!
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
220 $this->obj_ref_id != ROLE_FOLDER_ID) {
225 if ($rbacsystem->checkAccess(
'push_desktop_items',
USER_FOLDER_ID)) {
226 $this->
__showButton(
'selectDesktopItem', $this->lng->txt(
'role_desk_add'));
229 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItemsTableGUI.php';
231 $this->tpl->setContent(
$tbl->getHTML());
240 $rbacsystem =
$DIC[
'rbacsystem'];
244 $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
246 if (!$rbacsystem->checkAccess(
'push_desktop_items',
USER_FOLDER_ID)) {
247 $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
249 if (!count(
$_POST[
'del_desk_item'])) {
257 include_once(
"./Services/Utilities/classes/class.ilConfirmationGUI.php");
259 $confirmation_gui->setFormAction($this->ctrl->getFormAction($this));
260 $confirmation_gui->setHeaderText($this->lng->txt(
'role_assigned_desk_items') .
261 ' "' . $this->object->getTitle() .
'": ' .
262 $this->lng->txt(
'role_sure_delete_desk_items'));
263 $confirmation_gui->setCancel($this->lng->txt(
"cancel"),
"listDesktopItems");
264 $confirmation_gui->setConfirm($this->lng->txt(
"delete"),
"deleteDesktopItems");
266 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
269 foreach (
$_POST[
'del_desk_item'] as $role_item_id) {
270 $item_data = $role_desk_item_obj->getItem($role_item_id);
273 if (strlen($desc = $tmp_obj->getDescription())) {
274 $desc =
'<div class="il_Description_no_margin">' . $desc .
'</div>';
277 $confirmation_gui->addItem(
"del_desk_item[]", $role_item_id, $tmp_obj->getTitle() . $desc);
280 $this->tpl->setContent($confirmation_gui->getHTML());
289 $rbacsystem =
$DIC[
'rbacsystem'];
292 $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
295 if (!$rbacsystem->checkAccess(
'push_desktop_items',
USER_FOLDER_ID)) {
296 $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
299 if (!count(
$_POST[
'del_desk_item'])) {
307 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
311 foreach (
$_POST[
'del_desk_item'] as $role_item_id) {
312 $role_desk_item_obj->delete($role_item_id);
315 ilUtil::sendSuccess($this->lng->txt(
'role_deleted_desktop_items'));
326 $rbacsystem =
$DIC[
'rbacsystem'];
329 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItemSelector.php';
330 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
332 if (!$rbacsystem->checkAccess(
'push_desktop_items',
USER_FOLDER_ID)) {
333 #$this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
339 $this->tpl->addBlockFile(
"ADM_CONTENT",
"adm_content",
"tpl.role_desktop_item_selector.html",
"Services/AccessControl");
340 $this->
__showButton(
'listDesktopItems', $this->lng->txt(
'back'));
345 $this->ctrl->getLinkTarget($this,
'selectDesktopItem'),
348 $exp->setExpand(
$_GET[
"role_desk_item_link_expand"] ?
$_GET[
"role_desk_item_link_expand"] :
$tree->readRootId());
349 $exp->setExpandTarget($this->ctrl->getLinkTarget($this,
'selectDesktopItem'));
354 $this->tpl->setVariable(
"EXPLORER",
$output);
364 $rbacsystem =
$DIC[
'rbacsystem'];
366 if (!$rbacsystem->checkAccess(
'push_desktop_items',
USER_FOLDER_ID)) {
367 $this->
ilias->raiseError($this->lng->txt(
"permission_denied"), $this->ilias->error_obj->MESSAGE);
372 if (!isset(
$_GET[
'item_id'])) {
379 include_once
'Services/AccessControl/classes/class.ilRoleDesktopItem.php';
384 ilUtil::sendSuccess($this->lng->txt(
'role_assigned_desktop_item'));
386 $this->ctrl->redirect($this,
'listDesktopItems');
397 include_once
'./Services/Form/classes/class.ilPropertyFormGUI.php';
400 if ($this->creation_mode) {
401 $this->ctrl->setParameter($this,
"new_type",
'role');
403 $this->form->setFormAction($this->ctrl->getFormAction($this));
407 $this->form->setTitle($this->lng->txt(
'role_new'));
408 $this->form->addCommandButton(
'save', $this->lng->txt(
'role_new'));
412 $this->form->setTitle($this->lng->txt(
'role_edit'));
413 $this->form->addCommandButton(
'update', $this->lng->txt(
'save'));
420 $this->form->addCommandButton(
'cancel', $this->lng->txt(
'cancel'));
424 $title->setDisabled(
true);
427 $title->setValidationRegexp(
'/^(?!il_).*$/');
428 $title->setValidationFailureMessage($this->lng->txt(
'msg_role_reserved_prefix'));
433 $title->setRequired(
true);
434 $this->form->addItem(
$title);
438 $desc->setDisabled(
true);
442 $this->form->addItem($desc);
444 if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
446 $this->form->addItem($ilias_id);
449 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
452 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
453 $this->form->addItem($reg);
457 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
458 $this->form->addItem($la);
463 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
464 $this->form->addItem($pro);
466 include_once
'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
469 $quo->setMinValue(0);
471 $quo->setInfo($this->lng->txt(
'enter_in_mb_desc') .
'<br />' . $this->lng->txt(
'disk_quota_on_role_desc'));
472 $this->form->addItem($quo);
475 $this->lng->loadLanguageModule(
"file");
476 $wquo =
new ilNumberInputGUI($this->lng->txt(
'personal_workspace_disk_quota'),
'wsp_disk_quota');
477 $wquo->setMinValue(0);
479 $wquo->setInfo($this->lng->txt(
'enter_in_mb_desc') .
'<br />' . $this->lng->txt(
'disk_quota_on_role_desc'));
480 $this->form->addItem($wquo);
494 if (!$this->form->getItemByPostVar(
'title')->getDisabled()) {
495 $role->
setTitle($this->form->getInput(
'title'));
497 if (!$this->form->getItemByPostVar(
'desc')->getDisabled()) {
518 include_once
'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php';
533 $this->form->setValuesByArray(
$data);
548 $rbacsystem =
$DIC[
'rbacsystem'];
550 if (!$rbacsystem->checkAccess(
'create_role', $this->obj_ref_id)) {
551 $ilErr->raiseError($this->lng->txt(
'permission_denied'),
$ilErr->MESSAGE);
555 $this->tpl->setContent($this->form->getHTML());
566 $rbacsystem =
$DIC[
'rbacsystem'];
570 $ilToolbar =
$DIC[
'ilToolbar'];
572 if (!$this->
checkAccess(
'write',
'edit_permission')) {
573 $ilErr->raiseError($this->lng->txt(
"msg_no_perm_write"),
$ilErr->MESSAGE);
577 if ($this->object->getId() != SYSTEM_ROLE_ID) {
578 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
579 if (
$rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
580 $ilToolbar->addButton(
581 $this->lng->txt(
'rbac_delete_role'),
582 $this->ctrl->getLinkTarget($this,
'confirmDeleteRole')
589 $this->tpl->setContent($this->form->getHTML());
601 $rbacadmin =
$DIC[
'rbacadmin'];
605 if ($this->form->checkInput() and !$this->checkDuplicate()) {
606 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
608 $this->role->create();
609 $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id,
'y');
610 $rbacadmin->setProtected(
612 $this->role->getId(),
613 $this->form->getInput(
'pro') ?
'y' :
'n'
615 ilUtil::sendSuccess($this->lng->txt(
"role_added"),
true);
616 $this->ctrl->setParameter($this,
'obj_id', $this->role->getId());
617 $this->ctrl->redirect($this,
'perm');
621 $this->form->setValuesByPost();
622 $this->tpl->setContent($this->form->getHTML());
644 $rbacadmin =
$DIC[
'rbacadmin'];
647 if ($this->form->checkInput() and !$this->checkDuplicate($this->object->getId())) {
648 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
650 $this->
object->update();
651 $rbacadmin->setProtected(
653 $this->object->getId(),
654 $this->form->getInput(
'pro') ?
'y' :
'n'
656 ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"),
true);
657 $this->ctrl->redirect($this,
'edit');
661 $this->form->setValuesByPost();
662 $this->tpl->setContent($this->form->getHTML());
670 protected function permObject($a_show_admin_permissions =
false)
674 $ilTabs =
$DIC[
'ilTabs'];
676 $ilToolbar =
$DIC[
'ilToolbar'];
680 $ilTabs->setTabActive(
'default_perm_settings');
684 if ($a_show_admin_permissions) {
685 $ilTabs->setSubTabActive(
'rbac_admin_permissions');
687 $ilTabs->setSubTabActive(
'rbac_repository_permissions');
690 if (!$this->
checkAccess(
'write',
'edit_permission')) {
691 $ilErr->raiseError($this->lng->txt(
'msg_no_perm_perm'),
$ilErr->MESSAGE);
696 if ($this->object->getId() != SYSTEM_ROLE_ID) {
697 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
698 $ilToolbar->addButton(
699 $this->lng->txt(
"adopt_perm_from_template"),
700 $this->ctrl->getLinkTarget($this,
'adoptPerm')
702 if (
$rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
703 $ilToolbar->addButton(
704 $this->lng->txt(
'rbac_delete_role'),
705 $this->ctrl->getLinkTarget($this,
'confirmDeleteRole')
710 $this->tpl->addBlockFile(
713 'tpl.rbac_template_permissions.html',
714 'Services/AccessControl'
717 $this->tpl->setVariable(
'PERM_ACTION', $this->ctrl->getFormAction($this));
719 include_once
'./Services/Accordion/classes/class.ilAccordionGUI.php';
724 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
725 if ($a_show_admin_permissions) {
726 $subs = ilObjRole::getSubObjects(
'adm',
true);
728 $subs = ilObjRole::getSubObjects(
'root',
false);
731 $subs = ilObjRole::getSubObjects($this->
getParentType(), $a_show_admin_permissions);
734 foreach ($subs as $subtype =>
$def) {
735 include_once
'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
740 $this->object->getId(),
742 $a_show_admin_permissions
746 $acc->addItem(
$def[
'translation'],
$tbl->getHTML());
749 $this->tpl->setVariable(
'ACCORDION', $acc->getHTML());
752 include_once
'./Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
757 $this->object->getId(),
758 $a_show_admin_permissions
760 if ($this->object->getId() != SYSTEM_ROLE_ID) {
762 $a_show_admin_permissions ?
'adminPermSave' :
'permSave',
763 $this->lng->txt(
'save')
768 $this->tpl->setVariable(
'OPTIONS_TABLE',
$options->getHTML());
797 $parent_role_ids =
$rbacreview->getParentRoleIds($this->obj_ref_id,
true);
799 foreach ($parent_role_ids as
$id => $tmp) {
803 $sorted_ids =
ilUtil::_sortIds($ids,
'object_data',
'type,title',
'obj_id');
805 foreach ($sorted_ids as
$id) {
806 $par = $parent_role_ids[
$id];
807 if ($par[
"obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par[
"obj_id"]) {
809 $output[
$key][
"type"] = ($par[
"type"] ==
'role' ? $this->lng->txt(
'obj_role') : $this->lng->txt(
'obj_rolt'));
817 include_once(
'./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
820 $tbl->setTitle($this->lng->txt(
"adopt_perm_from_template"));
823 $this->tpl->setContent(
$tbl->getHTML());
840 $ilErr->raiseError($this->lng->txt(
'msg_no_perm_perm'),
$ilErr->WARNING);
843 $question = $this->lng->txt(
'rbac_role_delete_qst');
845 $question .= (
'<br />' . $this->lng->txt(
'rbac_role_delete_self'));
849 include_once
'./Services/Utilities/classes/class.ilConfirmationGUI.php';
852 $confirm->setFormAction($this->ctrl->getFormAction($this));
853 $confirm->setHeaderText($question);
854 $confirm->setCancel($this->lng->txt(
'cancel'),
'perm');
855 $confirm->setConfirm($this->lng->txt(
'rbac_delete_role'),
'performDeleteRole');
859 $this->object->getId(),
860 $this->object->getTitle(),
864 $this->tpl->setContent($confirm->getHTML());
881 $ilErr->raiseError($this->lng->txt(
'msg_no_perm_perm'),
$ilErr->WARNING);
884 $this->
object->setParent((
int) $this->obj_ref_id);
885 $this->
object->delete();
886 ilUtil::sendSuccess($this->lng->txt(
'msg_deleted_role'),
true);
888 $this->ctrl->returnToParent($this);
900 $rbacsystem =
$DIC[
'rbacsystem'];
901 $rbacadmin =
$DIC[
'rbacadmin'];
910 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
914 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
916 if ($rbac_log_active) {
921 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
922 if ($a_show_admin_permissions) {
923 $subs = ilObjRole::getSubObjects(
'adm',
true);
925 $subs = ilObjRole::getSubObjects(
'root',
false);
928 $subs = ilObjRole::getSubObjects($this->
getParentType(), $a_show_admin_permissions);
931 foreach ($subs as $subtype =>
$def) {
933 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
936 if (empty(
$_POST[
"template_perm"])) {
937 $_POST[
"template_perm"] = array();
940 foreach (
$_POST[
"template_perm"] as
$key => $ops_array) {
942 $rbacadmin->setRolePermission($this->object->getId(),
$key, $ops_array, $this->obj_ref_id);
945 if ($rbac_log_active) {
952 $this->
object->update();
955 if ($this->obj_ref_id == ROLE_FOLDER_ID or
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id)) {
956 $rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(),
ilUtil::tf2yn(
$_POST[
'protected']));
959 if ($a_show_admin_permissions) {
960 $_POST[
'recursive'] =
true;
964 if (!
$_POST[
'recursive'] and !is_array(
$_POST[
'recursive_list'])) {
965 ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"),
true);
966 if ($a_show_admin_permissions) {
967 $this->ctrl->redirect($this,
'adminPerm');
969 $this->ctrl->redirect($this,
'perm');
979 if ($a_show_admin_permissions) {
983 if (
$_POST[
'protected']) {
984 $this->
object->changeExistingObjects(
989 #$a_show_admin_permissions ? array('adm') : array()
992 $this->
object->changeExistingObjects(
997 #$a_show_admin_permissions ? array('adm') : array()
1000 ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"),
true);
1002 if ($a_show_admin_permissions) {
1003 $this->ctrl->redirect($this,
'adminPerm');
1005 $this->ctrl->redirect($this,
'perm');
1020 $rbacadmin =
$DIC[
'rbacadmin'];
1021 $rbacsystem =
$DIC[
'rbacsystem'];
1033 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
1036 if ($this->object->getId() ==
$_POST[
"adopt"]) {
1039 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
1040 $parentRoles =
$rbacreview->getParentRoleIds($this->obj_ref_id,
true);
1041 $rbacadmin->copyRoleTemplatePermissions(
1043 $parentRoles[
$_POST[
"adopt"]][
"parent"],
1045 $this->object->getId(),
1050 $this->
object->update();
1053 $obj_data = &$this->
ilias->obj_factory->getInstanceByObjId($_POST[
"adopt"]);
1054 ilUtil::sendSuccess($this->lng->txt(
"msg_perm_adopted_from1") .
" '" . $obj_data->getTitle() .
"'.<br/>" .
1055 $this->lng->txt(
"msg_perm_adopted_from2"),
true);
1058 $this->ctrl->redirect($this,
"perm");
1068 $this->assignUserObject();
1083 $rbacadmin =
$DIC[
'rbacadmin'];
1085 if (!$this->
checkAccess(
'edit_userassignment',
'edit_permission')) {
1089 if (!
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
1090 $this->obj_ref_id != ROLE_FOLDER_ID) {
1095 $GLOBALS[
'DIC'][
'lng']->loadLanguageModule(
'search');
1100 $assigned_users_all =
$rbacreview->assignedUsers($this->object->getId());
1103 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
1106 if (count($assigned_users_new) == 0) {
1108 $this->ctrl->redirect($this,
'userassignment');
1112 foreach ($assigned_users_new as
$user) {
1113 $rbacadmin->assignUser($this->object->getId(),
$user,
false);
1117 $this->
object->update();
1119 ilUtil::sendSuccess($this->lng->txt(
"msg_userassignment_changed"),
true);
1120 $this->ctrl->redirect($this,
'userassignment');
1132 $rbacsystem =
$DIC[
'rbacsystem'];
1133 $rbacadmin =
$DIC[
'rbacadmin'];
1136 if (!$this->
checkAccess(
'edit_userassignment',
'edit_permission')) {
1137 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1140 $selected_users = (
$_POST[
"user_id"]) ?
$_POST[
"user_id"] : array(
$_GET[
"user_id"]);
1142 if ($selected_users[0] ===
null) {
1143 $this->
ilias->raiseError($this->lng->txt(
"no_checkbox"), $this->
ilias->error_obj->MESSAGE);
1147 if ($this->object->getId() == SYSTEM_ROLE_ID) {
1148 if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !==
false) {
1149 unset($selected_users[$admin]);
1154 $last_role = array();
1157 foreach ($selected_users as
$user) {
1159 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
1161 if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(), $assigned_global_roles))) {
1162 $userObj = $this->
ilias->obj_factory->getInstanceByObjId($user);
1163 $last_role[
$user] = $userObj->getFullName();
1170 foreach ($selected_users as
$user) {
1171 if (!isset($last_role[
$user])) {
1172 $rbacadmin->deassignUser($this->object->getId(),
$user);
1177 $this->
object->update();
1180 if (count($last_role)) {
1181 $user_list = implode(
", ", $last_role);
1182 ilUtil::sendFailure($this->lng->txt(
'msg_is_last_role') .
': ' . $user_list .
'<br />' . $this->lng->txt(
'msg_min_one_role'),
true);
1184 ilUtil::sendSuccess($this->lng->txt(
"msg_userassignment_changed"),
true);
1186 $this->ctrl->redirect($this,
'userassignment');
1198 $rbacsystem =
$DIC[
'rbacsystem'];
1202 if (!$this->
checkAccess(
'edit_userassignment',
'edit_permission')) {
1203 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1206 $this->tabs_gui->setTabActive(
'user_assignment');
1208 $this->tpl->addBlockFile(
'ADM_CONTENT',
'adm_content',
'tpl.rbac_ua.html',
'Services/AccessControl');
1210 include_once
'./Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1214 include_once
'./Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1216 $this->object->getId() != SYSTEM_ROLE_ID ||
1225 include_once
'./Services/Search/classes/class.ilRepositorySearchGUI.php';
1230 'auto_complete_name' =>
$lng->txt(
'user'),
1231 'submit_name' =>
$lng->txt(
'add')
1242 $this->lng->txt(
'search_user'),
1243 $this->ctrl->getLinkTargetByClass(
'ilRepositorySearchGUI',
'start')
1249 $this->lng->txt(
'role_mailto'),
1250 $this->ctrl->getLinkTarget($this,
'mailToRole')
1252 $this->tpl->setVariable(
'BUTTONS_UA', $tb->getHTML());
1255 include_once
'./Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1256 $role_assignment_editable =
true;
1258 $this->object->getId() == SYSTEM_ROLE_ID &&
1260 $role_assignment_editable =
false;
1263 include_once
'./Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1264 $ut =
new ilAssignedUsersTableGUI($this,
'userassignment', $this->object->getId(), $role_assignment_editable);
1266 $this->tpl->setVariable(
'TABLE_UA', $ut->getHTML());
1278 if (
$_GET[
"new_type"] !=
"role") {
1279 $this->ctrl->redirect($this,
"userassignment");
1281 $this->ctrl->redirectByClass(
"ilobjrolefoldergui",
"view");
1290 $rbacsystem =
$DIC[
'rbacsystem'];
1295 if (!is_array(
$_POST[
"role"])) {
1297 $this->searchObject();
1302 $this->tpl->addBlockFile(
"ADM_CONTENT",
"adm_content",
"tpl.role_usr_selection.html",
"Services/AccessControl");
1303 $this->
__showButton(
"searchUserForm", $this->lng->txt(
"role_new_search"));
1308 foreach (
$_POST[
"role"] as $role_id) {
1309 $members = array_merge(
$rbacreview->assignedUsers($role_id), $members);
1312 $members = array_unique($members);
1316 $f_result = array();
1318 foreach ($members as
$user) {
1323 $user_ids[$counter] =
$user;
1327 $f_result[$counter][] = $tmp_obj->getLogin();
1328 $f_result[$counter][] = $tmp_obj->getFirstname();
1329 $f_result[$counter][] = $tmp_obj->getLastname();
1335 $this->__showSearchUserTable($f_result, $user_ids,
"listUsersRole");
1343 $this->tpl->addBlockFile(
"CONTENT",
"content",
"tpl.adm_content.html");
1344 $this->tpl->addBlockFile(
"STATUSLINE",
"statusline",
"tpl.statusline.html");
1347 if ($this->message) {
1360 $this->tpl->setTitle($this->lng->txt(
'role'));
1361 $this->tpl->setDescription($this->object->getTitle());
1364 $this->
getTabs($this->tabs_gui);
1375 $ilLocator =
$DIC[
'ilLocator'];
1378 $_GET[
"admin_mode"] ==
"settings"
1379 &&
$_GET[
"ref_id"] == ROLE_FOLDER_ID) {
1380 parent::addAdminLocatorItems(
true);
1382 $ilLocator->addItem(
1384 $this->ctrl->getLinkTargetByClass(
"ilobjrolefoldergui",
'view')
1387 if (
$_GET[
"obj_id"] > 0) {
1388 $ilLocator->addItem(
1389 $this->object->getTitle(),
1390 $this->ctrl->getLinkTarget($this,
'perm')
1394 parent::addAdminLocatorItems($a_do_not_add_object);
1406 $ilHelp =
$DIC[
'ilHelp'];
1408 $base_role_container =
$rbacreview->getFoldersAssignedToRole($this->object->getId(),
true);
1411 $activate_role_edit =
false;
1415 if (in_array($this->obj_ref_id, $base_role_container) ||
1416 (strtolower(
$_GET[
"baseClass"]) ==
"iladministrationgui" &&
1417 $_GET[
"admin_mode"] ==
"settings")) {
1418 $activate_role_edit =
true;
1422 $this->tabs_gui->clearTargets();
1424 $ilHelp->setScreenIdComponent(
"role");
1426 if ($this->back_target !=
"") {
1427 $this->tabs_gui->setBackTarget(
1428 $this->back_target[
"text"],
1429 $this->back_target[
"link"]
1432 $this->tabs_gui->setBackTarget($this->lng->txt(
'btn_back'), $this->ctrl->getParentReturn($this));
1435 if ($this->
checkAccess(
'write',
'edit_permission') && $activate_role_edit) {
1436 $this->tabs_gui->addTarget(
1438 $this->ctrl->getLinkTarget($this,
"edit"),
1439 array(
"edit",
"update"),
1456 $this->tabs_gui->addTarget(
1457 "default_perm_settings",
1458 $this->ctrl->getLinkTarget($this,
"perm"),
1464 if ($this->
checkAccess(
'write',
'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1465 $this->tabs_gui->addTarget(
1467 $this->ctrl->getLinkTarget($this,
"userassignment"),
1468 array(
"deassignUser",
"userassignment",
"assignUser",
"searchUserForm",
"search"),
1473 if ($this->
checkAccess(
'write',
'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1474 $this->tabs_gui->addTarget(
1476 $this->ctrl->getLinkTarget($this,
"listDesktopItems"),
1477 array(
"listDesktopItems",
"deleteDesktopItems",
"selectDesktopItem",
"askDeleteDesktopItem"),
1481 if ($this->
checkAccess(
'write',
'edit_permission')) {
1482 $this->tabs_gui->addTarget(
1484 $this->ctrl->getLinkTargetByClass(
'ilExportGUI'),
1493 if (count($obj_ids) > 1) {
1494 $_SESSION[
'mail_roles'][] =
'#il_role_' . $this->
object->getId();
1496 $_SESSION[
'mail_roles'][] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1499 require_once
'Services/Mail/classes/class.ilMailFormCall.php';
1508 $rbacsystem =
$DIC[
'rbacsystem'];
1509 $ilAccess =
$DIC[
'ilAccess'];
1511 $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1513 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1514 return $rbacsystem->checkAccess($a_perm_global, $this->obj_ref_id);
1516 return $ilAccess->checkAccess($a_perm_obj,
'', $this->obj_ref_id);
1530 if (!(
int)
$_POST[
'recursive'] and !is_array(
$_POST[
'recursive_list'])) {
1535 if (
$rbacreview->isProtected($this->obj_ref_id, $this->object->getId())) {
1538 return count(
$rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1542 return count(
$rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1552 $protected =
$_POST[
'protected'];
1554 include_once
'./Services/Form/classes/class.ilPropertyFormGUI.php';
1556 $form->setFormAction($this->ctrl->getFormAction($this,
'changeExistingObjects'));
1557 $form->setTitle($this->lng->txt(
'rbac_change_existing_confirm_tbl'));
1559 $form->addCommandButton(
'changeExistingObjects', $this->lng->txt(
'change_existing_objects'));
1560 $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
1565 serialize(array(
'all')) :
1566 serialize(
$_POST[
'recursive_list'])
1568 $form->addItem($hidden);
1575 $this->lng->txt(
'rbac_keep_local_policies'),
1577 $this->lng->txt(
'rbac_keep_local_policies_info')
1582 $this->lng->txt(
'rbac_keep_local_policies'),
1584 $this->lng->txt(
'rbac_unprotected_keep_local_policies_info')
1587 $rad->addOption($keep);
1591 $this->lng->txt(
'rbac_delete_local_policies'),
1593 $this->lng->txt(
'rbac_delete_local_policies_info')
1597 $this->lng->txt(
'rbac_delete_local_policies'),
1599 $this->lng->txt(
'rbac_unprotected_delete_local_policies_info')
1602 $rad->addOption($del);
1604 $form->addItem($rad);
1605 $this->tpl->setContent(
$form->getHTML());
1618 $rbacadmin =
$DIC[
'rbacadmin'];
1620 $mode = (int)
$_POST[
'mode'];
1625 ilUtil::sendSuccess($this->lng->txt(
'settings_saved'),
true);
1626 $this->ctrl->redirect($this,
'perm');
1638 $ilTabs =
$DIC[
'ilTabs'];
1641 case 'default_perm_settings':
1642 if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1645 $ilTabs->addSubTabTarget(
1646 'rbac_repository_permissions',
1647 $this->ctrl->getLinkTarget($this,
'perm')
1649 $ilTabs->addSubTabTarget(
1650 'rbac_admin_permissions',
1651 $this->ctrl->getLinkTarget($this,
'adminPerm')
1670 $ilCtrl->redirect($this,
'userassignment');
1672 include_once
'./Services/User/classes/class.ilUserClipboard.php';
1677 $lng->loadLanguageModule(
'user');
1678 ilUtil::sendSuccess($this->lng->txt(
'clipboard_user_added'),
true);
1679 $ilCtrl->redirect($this,
'userassignment');
1689 $ilLocator =
$DIC[
'ilLocator'];
1691 if (
$_GET[
"admin_mode"] ==
"") {
1692 $this->ctrl->setParameterByClass(
1695 (
int)
$_GET[
"obj_id"]
1697 $ilLocator->addItem(
1699 $this->ctrl->getLinkTargetByClass(
1717 $review =
$DIC->rbac()->review();
1718 $logger =
$DIC->logger()->ac();
1722 !$this->object->getId() ||
1723 $this->object->getId() == ROLE_FOLDER_ID
1729 $possible_roles = [];
1731 $possible_roles = $review->getRolesOfObject(
1735 }
catch (\InvalidArgumentException $e) {
1736 $logger->warning(
'Role access check failed: ' . $e);
1738 include_once
"Services/Object/exceptions/class.ilObjectException.php";
1739 throw new \ilObjectException($this->lng->txt(
'permission_denied'));
1742 if (!in_array($this->object->getId(), $possible_roles)) {
1743 $logger->warning(
'Object id: ' . $this->object->getId() .
' is not accessible for ref_id: ' . $this->obj_ref_id);
1744 include_once
"Services/Object/exceptions/class.ilObjectException.php";
1745 throw new \ilObjectException($this->lng->txt(
'permission_denied'));
An exception for terminatinating execution or to throw for unit testing.
const USER_FOLDER_ID
Class ilObjUserFolder.
Accordion user interface class.
TableGUI class for role administration.
Confirmation screen class.
static _isActive()
Static getter.
static _isPersonalWorkspaceActive()
Static getter.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
static allocateExportId()
Allocate a new export id.
This class represents a non editable value in a property form.
getAdminTabs()
admin and normal tabs are equal for roles
editObject()
Edit role properties.
getTabs()
get tabs abstract method.
performDeleteRoleObject()
Delete role.
saveObject()
Save new role.
updateObject()
Save role settings.
initFormRoleProperties($a_mode)
Create role prperty form.
userassignmentObject()
display user assignment panel
showChangeExistingObjectsConfirmation()
Show confirmation screen.
ensureRoleAccessForContext()
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
setBackTarget($a_text, $a_link)
set back tab target
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
deassignUserObject()
de-assign users from role
permObject($a_show_admin_permissions=false)
Show template permissions.
loadRoleProperties(ilObjRole $role)
Store form input in role object.
assignSaveObject()
wrapper for renamed function
permSaveObject($a_show_admin_permissions=false)
save permissions
getParentType()
get type of current object (not role folder)
getContainerType()
Get type of role container.
addAdminLocatorItems($a_do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
deleteDesktopItemsObject()
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
checkAccess($a_perm_global, $a_perm_obj='')
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
showDefaultPermissionSettings()
check if default permissions are shown or not
adminPermObject()
Show administration permissions.
assignDesktopItemObject()
executeCommand()
execute command
adminPermSaveObject()
Save admin permissions.
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
confirmDeleteRoleObject()
Show delete confirmation screen.
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
getParentRefId()
Get ref id of current object (not role folder id)
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
adoptPermSaveObject()
copy permissions from role
selectDesktopItemObject()
getParentObjId()
Get obj_id of current object.
setSubTabs($a_tab)
Set sub tabs.
addToClipboardObject()
Add selected users to user clipboard.
changeExistingObjectsObject()
Change existing objects.
askDeleteDesktopItemObject()
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
getAllowRegister()
get allow_register
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static isAutoGenerated($a_role_id)
getDiskQuota()
Gets the minimal disk quota imposed by this role.
toggleAssignUsersStatus($a_assign_users)
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static getInstanceByRefId($a_ref_id, $stop_on_error=true)
get an instance of an Ilias object by reference id
Class ilObjectGUI Basic methods of all Output classes.
__showButton($a_cmd, $a_text, $a_target='')
prepareOutput($a_show_subobjects=true)
prepare output
Table for object role permissions.
Table for object role permissions.
static _lookupObjId($a_id)
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getDescription()
get object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
getTitle()
get object title @access public
This class represents an option in a radio group.
static diffTemplate(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherTemplate($a_role_ref_id, $a_role_id)
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
Table for role desktop items.
static _getInstance()
Get instance of ilSecuritySettings.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static getInstance($a_usr_id)
Get singelton instance.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
static tf2yn($a_tf)
convert true/false to "y"/"n"
static redirect($a_script)
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static MB2Bytes($a_value)
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static infoPanel($a_keep=true)
static Bytes2MB($a_value)
if(!array_key_exists('StateId', $_REQUEST)) $id
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
redirection script todo: (a better solution should control the processing via a xml file)
if(isset($_POST['submit'])) $form