ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilDidacticTemplateLocalPolicyAction.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateAction.php';
5 
12 class ilDidacticTemplateLocalPolicyAction extends ilDidacticTemplateAction
13 {
14  const TPL_ACTION_OVERWRITE = 1;
15  const TPL_ACTION_INTERSECT = 2;
16  const TPL_ACTION_ADD = 3;
17  const TPL_ACTION_SUBTRACT = 4;
18  const TPL_ACTION_UNION = 5;
19 
20 
21  private $pattern = array();
22  private $filter_type = self::FILTER_SOURCE_TITLE;
23  private $role_template_type = self::TPL_ACTION_OVERWRITE;
24  private $role_template_id = 0;
25 
26 
31  public function __construct($action_id = 0)
32  {
33  parent::__construct($action_id);
34  }
35 
40  public function addFilterPattern(ilDidacticTemplateFilterPattern $pattern)
41  {
42  $this->pattern[] = $pattern;
43  }
44 
49  public function setFilterPatterns(array $patterns)
50  {
51  $this->pattern = $patterns;
52  }
53 
58  public function getFilterPattern()
59  {
60  return $this->pattern;
61  }
62 
67  public function setFilterType($a_type)
68  {
69  $this->filter_type = $a_type;
70  }
71 
76  public function getFilterType()
77  {
78  return $this->filter_type;
79  }
80 
85  public function setRoleTemplateType($a_tpl_type)
86  {
87  $this->role_template_type = $a_tpl_type;
88  }
89 
93  public function getRoleTemplateType()
94  {
95  return $this->role_template_type;
96  }
97 
102  public function setRoleTemplateId($a_id)
103  {
104  $this->role_template_id = $a_id;
105  }
106 
111  public function getRoleTemplateId()
112  {
113  return $this->role_template_id;
114  }
115 
119  public function save()
120  {
121  global $DIC;
122 
123  $ilDB = $DIC['ilDB'];
124 
125  parent::save();
126 
127  $query = 'INSERT INTO didactic_tpl_alp (action_id,filter_type,template_type,template_id) ' .
128  'VALUES( ' .
129  $ilDB->quote($this->getActionId(), 'integer') . ', ' .
130  $ilDB->quote($this->getFilterType(), 'integer') . ', ' .
131  $ilDB->quote($this->getRoleTemplateType(), 'integer') . ', ' .
132  $ilDB->quote($this->getRoleTemplateId(), 'integer') . ' ' .
133  ')';
134  $ilDB->manipulate($query);
135 
136  foreach ($this->getFilterPattern() as $pattern) {
137  /* @var ilDidacticTemplateFilterPattern $pattern */
138  $pattern->setParentId($this->getActionId());
139  $pattern->setParentType(self::PATTERN_PARENT_TYPE);
140  $pattern->save();
141  }
142  }
143 
149  public function delete()
150  {
151  global $DIC;
152 
153  $ilDB = $DIC['ilDB'];
154 
155  parent::delete();
156 
157  $query = 'DELETE FROM didactic_tpl_alp ' .
158  'WHERE action_id = ' . $ilDB->quote($this->getActionId(), 'integer');
159  $ilDB->manipulate($query);
160 
161  foreach ($this->getFilterPattern() as $pattern) {
162  $pattern->delete();
163  }
164  return true;
165  }
166 
167 
168 
169 
173  public function apply()
174  {
175  $rbacreview = $GLOBALS['DIC']->rbac()->review();
176 
177  $source = $this->initSourceObject();
178  // Create a role folder for the new local policies
179 
180  $roles = $this->filterRoles($source);
181 
182  // Create local policy for filtered roles
183  foreach ($roles as $role_id => $role) {
184  $this->getLogger()->debug('Apply to role: ' . $role['title']);
185  $this->getLogger()->debug('Role parent: ' . $role['parent']);
186  $this->getLogger()->debug('Source ref_id: ' . $source->getRefId());
187 
188  // No local policies for protected roles of higher context
189  if (
190  $rbacreview->isProtected($role['parent'], $role_id) &&
191  $role['parent'] != $source->getRefId()
192  ) {
193  $this->getLogger()->debug('Ignoring protected role.');
194  continue;
195  }
196  $this->createLocalPolicy($source, $role);
197  }
198  return true;
199  }
200 
206  public function revert()
207  {
208  global $DIC;
209 
210  $rbacadmin = $DIC['rbacadmin'];
211  $tree = $DIC['tree'];
212  $rbacreview = $GLOBALS['DIC']->rbac()->review();
213 
214  $source = $this->initSourceObject();
215  $roles = $this->filterRoles($source);
216 
217  // Delete local policy for filtered roles
218  foreach ($roles as $role_id => $role) {
219  // Do not delete local policies of auto generated roles
220  if (!$rbacreview->isGlobalRole($role['obj_id']) and
221  $rbacreview->isAssignable($role['obj_id'], $source->getRefId()) and
222  $rbacreview->isSystemGeneratedRole($role['obj_id'])) {
223  $this->getLogger()->debug('Reverting local policy of auto generated role: ' . $role['title']);
224  $this->revertLocalPolicy($source, $role);
225  } else {
226  $this->getLogger()->debug('Reverting local policy and deleting local role: ' . $role['title']);
227 
228  // delete local role and change exiting objects
229  $rbacadmin->deleteLocalRole($role_id, $source->getRefId());
230  // Change existing object
231  include_once './Services/AccessControl/classes/class.ilObjRole.php';
232  $role_obj = new ilObjRole($role_id);
233 
234  $protected = $rbacreview->isProtected($role['parent'], $role['rol_id']);
235 
236  $role_obj->changeExistingObjects(
237  $source->getRefId(),
238  $protected ?
239  ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES :
240  ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
241  array('all')
242  );
243  }
244  }
245  return true;
246  }
247 
252  public function getType()
253  {
254  return self::TYPE_LOCAL_POLICY;
255  }
256 
262  public function toXml(ilXmlWriter $writer)
263  {
264  $writer->xmlStartTag('localPolicyAction');
265 
266  switch ($this->getFilterType()) {
267  case self::FILTER_SOURCE_TITLE:
268  $writer->xmlStartTag('roleFilter', ['source' => 'title']);
269  break;
270 
271  case self::FILTER_SOURCE_OBJ_ID:
272  $writer->xmlStartTag('roleFilter', ['source' => 'objId']);
273  break;
274 
275  case self::FILTER_PARENT_ROLES:
276  $writer->xmlStartTag('roleFilter', ['source' => 'parentRoles']);
277  break;
278 
279  case self::FILTER_LOCAL_ROLES:
280  $writer->xmlStartTag('roleFilter', ['source' => 'localRoles']);
281  break;
282 
283  default:
284  $writer->xmlStartTag('roleFilter', ['source' => 'title']);
285  break;
286  }
287 
288  foreach ($this->getFilterPattern() as $pattern) {
289  $pattern->toXml($writer);
290  }
291  $writer->xmlEndTag('roleFilter');
292 
293  $il_role_id = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($this->getRoleTemplateId()) . '_' . $this->getRoleTemplateId();
294 
295  switch ($this->getRoleTemplateType()) {
296  case self::TPL_ACTION_OVERWRITE:
297  $writer->xmlStartTag(
298  'localPolicyTemplate',
299  array(
300  'type' => 'overwrite',
301  'id' => $il_role_id
302  )
303  );
304  break;
305 
306  case self::TPL_ACTION_INTERSECT:
307  $writer->xmlStartTag(
308  'localPolicyTemplate',
309  array(
310  'type' => 'intersect',
311  'id' => $il_role_id
312  )
313  );
314  break;
315 
316  case self::TPL_ACTION_UNION:
317  $writer->xmlStartTag(
318  'localPolicyTemplate',
319  array(
320  'type' => 'union',
321  'id' => $il_role_id
322  )
323  );
324  break;
325  }
326 
327  include_once './Services/AccessControl/classes/class.ilRoleXmlExport.php';
328  $exp = new ilRoleXmlExport();
329  $exp->setMode(ilRoleXmlExport::MODE_DTPL);
330  $exp->addRole($this->getRoleTemplateId(), ROLE_FOLDER_ID);
331  $exp->write();
332  $writer->appendXML($exp->xmlDumpMem(false));
333  $writer->xmlEndTag('localPolicyTemplate');
334  $writer->xmlEndTag('localPolicyAction');
335  return;
336  }
337 
341  public function __clone()
342  {
343  parent::__clone();
344 
345  // Clone patterns
346  $cloned = array();
347  foreach ($this->getFilterPattern() as $pattern) {
348  $clones[] = clone $pattern;
349  }
350  $this->setFilterPatterns($clones);
351  }
352 
353  public function read()
354  {
355  global $DIC;
356 
357  $ilDB = $DIC['ilDB'];
358 
359  if (!parent::read()) {
360  return false;
361  }
362 
363  $query = 'SELECT * FROM didactic_tpl_alp ' .
364  'WHERE action_id = ' . $ilDB->quote($this->getActionId());
365  $res = $ilDB->query($query);
366  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
367  $this->setFilterType($row->filter_type);
368  $this->setRoleTemplateType($row->template_type);
369  $this->setRoleTemplateId($row->template_id);
370  }
371 
372  // Read filter
373  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateFilterPatternFactory.php';
374  foreach (ilDidacticTemplateFilterPatternFactory::lookupPatternsByParentId($this->getActionId(), self::PATTERN_PARENT_TYPE) as $pattern) {
375  $this->addFilterPattern($pattern);
376  }
377  }
378 
379 
386  protected function createLocalPolicy(ilObject $source, $role)
387  {
388  global $DIC;
389 
390  $rbacreview = $DIC->rbac()->review();
391  $rbacadmin = $DIC->rbac()->admin();
392 
393  // fetch role information
394  $role_data = array();
395  foreach ($rbacreview->getParentRoleIds($source->getRefId()) as $role_id => $tmp_role) {
396  if ($role_id == $role['obj_id']) {
397  $role_data = $tmp_role;
398  }
399  }
400 
401  // Add local policy
402  if (!$rbacreview->isRoleAssignedToObject($role['obj_id'], $source->getRefId())) {
403  $GLOBALS['DIC']->rbac()->admin()->assignRoleToFolder(
404  $role['obj_id'],
405  $source->getRefId(),
406  'n'
407  );
408  }
409 
410 
411  // do nothing if role is protected in higher context
412  if (
413  $rbacreview->isProtected($source->getRefId(),$role['obj_id']) &&
414  $role['parent'] != $source->getRefId()
415  ) {
416  $this->getLogger()->info('Ignoring protected role: ' . $role['title']);
417  return true;
418  }
419 
420  switch ($this->getRoleTemplateType()) {
421  case self::TPL_ACTION_UNION:
422 
423  ilLoggerFactory::getLogger('otpl')->info('Using ilRbacAdmin::copyRolePermissionUnion()');
424  $rbacadmin->copyRolePermissionUnion(
425  $role_data['obj_id'],
426  $role_data['parent'],
427  $this->getRoleTemplateId(),
428  ROLE_FOLDER_ID,
429  $role_data['obj_id'],
430  $source->getRefId()
431  );
432  break;
433 
434  case self::TPL_ACTION_OVERWRITE:
435 
436  ilLoggerFactory::getLogger('otpl')->info('Using ilRbacAdmin::copyRoleTemplatePermission()');
437  $rbacadmin->copyRoleTemplatePermissions(
438  $this->getRoleTemplateId(),
439  ROLE_FOLDER_ID,
440  $source->getRefId(),
441  $role_data['obj_id'],
442  true
443  );
444  break;
445 
446  case self::TPL_ACTION_INTERSECT:
447 
448  ilLoggerFactory::getLogger('otpl')->info('Using ilRbacAdmin::copyRolePermissionIntersection()' . $this->getRoleTemplateId());
449  $rbacadmin->copyRolePermissionIntersection(
450  $role_data['obj_id'],
451  $role_data['parent'],
452  $this->getRoleTemplateId(),
453  ROLE_FOLDER_ID,
454  $source->getRefId(),
455  $role_data['obj_id']
456  );
457  break;
458 
459  }
460 
461  // Change existing object
462  include_once './Services/AccessControl/classes/class.ilObjRole.php';
463  $role_obj = new ilObjRole($role_data['obj_id']);
464  $role_obj->changeExistingObjects(
465  $source->getRefId(),
466  $role_data['protected'] ? ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES : ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
467  array('all')
468  );
469 
470  return true;
471  }
472 
473  protected function revertLocalPolicy(ilObject $source, $role)
474  {
475  global $DIC;
476 
477  $rbacadmin = $DIC['rbacadmin'];
478  $rbacreview = $DIC['rbacreview'];
479  $ilDB = $DIC['ilDB'];
480 
481  ilLoggerFactory::getLogger('otpl')->info('Reverting policy for role ' . $role['title']);
482  // Local policies can only be reverted for auto generated roles. Otherwise the
483  // original role settings are unknown
484  if (substr($role['title'], 0, 3) != 'il_') {
485  ilLoggerFactory::getLogger('otpl')->warning('Cannot revert local policy for role ' . $role['title']);
486  return false;
487  }
488 
489 
490  // No local policies
491  if (!$rbacreview->getLocalPolicies($source->getRefId())) {
492  return false;
493  }
494 
495  $exploded_title = explode('_', $role['title']);
496  $rolt_title = $exploded_title[0] . '_' . $exploded_title[1] . '_' . $exploded_title[2];
497 
498  // Lookup role template
499  $query = 'SELECT obj_id FROM object_data ' .
500  'WHERE title = ' . $ilDB->quote($rolt_title, 'text') . ' ' .
501  'AND type = ' . $ilDB->quote('rolt', 'text');
502  $res = $ilDB->query($query);
503  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
504  $rolt_id = $row->obj_id;
505  }
506 
507  // No template found
508  if (!$rolt_id) {
509  return false;
510  }
511 
512  $rbacadmin->copyRoleTemplatePermissions(
513  $rolt_id,
514  ROLE_FOLDER_ID,
515  $source->getRefId(),
516  $role['obj_id'],
517  true
518  );
519 
520  // Change existing object
521  include_once './Services/AccessControl/classes/class.ilObjRole.php';
522  $role_obj = new ilObjRole($role['obj_id']);
523  $role_obj->changeExistingObjects(
524  $source->getRefId(),
525  $role['protected'] ? ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES : ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
526  array('all')
527  );
528  }
529 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilXmlWriter\xmlStartTag
xmlStartTag($tag, $attrs=null, $empty=false, $encode=true, $escape=true)
Writes a starttag.
Definition: class.ilXmlWriter.php:307
ilDidacticTemplateFilterPatternFactory\lookupPatternsByParentId
static lookupPatternsByParentId($a_parent_id, $a_parent_type)
Get patterns by template id.
Definition: class.ilDidacticTemplateFilterPatternFactory.php:18
$DIC
global $DIC
Definition: saml.php:7
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilXmlWriter
XML writer class.
Definition: class.ilXmlWriter.php:17
ilXmlWriter\xmlEndTag
xmlEndTag($tag)
Writes an endtag.
Definition: class.ilXmlWriter.php:343
ilDidacticTemplateLocalPolicyAction\addFilterPattern
addFilterPattern(ilDidacticTemplateFilterPattern $pattern)
Add filter.
Definition: class.ilDidacticTemplateLocalPolicyAction.php:40
ilDidacticTemplateAction\filterRoles
filterRoles(ilObject $source)
Filter roles.
Definition: class.ilDidacticTemplateAction.php:237
$a_type
$a_type
Definition: workflow.php:92
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
ilDidacticTemplateLocalPolicyAction\createLocalPolicy
createLocalPolicy(ilObject $source, $role)
Create local policy.
Definition: class.ilDidacticTemplateLocalPolicyAction.php:386
$query
$query
Definition: proxy_ylocal.php:13
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1275
ilDidacticTemplateAction\initSourceObject
initSourceObject()
Init the source object.
Definition: class.ilDidacticTemplateAction.php:226
$row
$row
Definition: migrateto20.php:360
ilDidacticTemplateAction
Abstract class for template actions.
Definition: class.ilDidacticTemplateAction.php:10
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilRoleXmlExport
Xml export of roles and role templates.
Definition: class.ilRoleXmlExport.php:12
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilObject\getRefId
getRefId()
get reference id public
Definition: class.ilObject.php:351
ilXmlWriter\appendXML
appendXML($a_str)
append xml string to document
Definition: class.ilXmlWriter.php:461
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
$source
$source
Definition: linkback.php:22
ilDidacticTemplateFilterPattern
Represents a filter pattern for didactic template actions.
Definition: class.ilDidacticTemplateFilterPattern.php:11
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702