ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilObjectPermissionStatusGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
4 
16 class ilObjectPermissionStatusGUI
17 {
19  public $user;
21  public $lng;
23  public $ilCtrl;
25  public $tpl;
27  public $object;
29  public $rbacreview;
30  public $user_roles;
31  public $global_roles;
32  public $valid_roles;
33  public $assigned_valid_roles;
34 
35  const IMG_OK = 0;
36  const IMG_NOT_OK = 1;
37 
38 
43  public function __construct(&$a_obj)
44  {
45  global $DIC;
46 
47  $ilCtrl = $DIC['ilCtrl'];
48  $lng = $DIC['lng'];
49  $rbacreview = $DIC['rbacreview'];
50  $tpl = $DIC['tpl'];
51 
52  $this->lng = $lng;
53  $this->ilCtrl = $ilCtrl;
54  $this->tpl = $tpl;
55  $this->object = $a_obj;
56  $this->rbacreview = $rbacreview;
57 
58  $this->user = $this->getUser();
59  $this->user_roles = $rbacreview->assignedRoles($this->user->getId());
60  $this->global_roles = $rbacreview->getGlobalRoles();
61  $this->valid_roles = $rbacreview->getParentRoleIds($this->object->getRefId());
62  $this->assigned_valid_roles = $this->getAssignedValidRoles();
63  }
64 
68  public function executeCommand()
69  {
70  global $DIC;
71 
72  $ilCtrl = $DIC['ilCtrl'];
73 
74  // determine next class in the call structure
75  $next_class = $this->ilCtrl->getNextClass($this);
76 
77  switch ($next_class) {
78  case 'ilrepositorysearchgui':
79  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
80  $rep_search = new ilRepositorySearchGUI();
81  $this->ilCtrl->setReturn($this, 'perminfo');
82  $this->ilCtrl->forwardCommand($rep_search);
83  break;
84 
85  default:
86  $cmd = $this->ilCtrl->getCmd();
87  $this->$cmd();
88  break;
89  }
90  }
91 
95  public function perminfo()
96  {
97  $tpl = new ilTemplate("tpl.info_layout.html", false, false, "Services/AccessControl");
98 
99  $tpl->setVariable("INFO_SUMMARY", $this->accessStatusInfo());
100  $tpl->setVariable("INFO_PERMISSIONS", $this->accessPermissionsTable());
101  $tpl->setVariable("INFO_ROLES", $this->availableRolesTable());
102  $tpl->setVariable("INFO_REMARK_INTERRUPTED", $this->lng->txt('info_remark_interrupted'));
103 
104  $this->tpl->setVariable("ADM_CONTENT", $tpl->get());
105 
106  $this->addToolbar();
107  }
108 
112  public function addToolbar()
113  {
114  global $DIC;
115 
116  $ilToolbar = $DIC['ilToolbar'];
117 
118  $ilToolbar->setFormAction($this->ilCtrl->getFormAction($this, "perminfo"));
119 
120  $ilToolbar->addText($this->lng->txt('user'));
121 
122  include_once("./Services/Form/classes/class.ilTextInputGUI.php");
123 
124  $login = new ilTextInputGUI($this->lng->txt("username"), "user_login");
125  $login->setDataSource($this->ilCtrl->getLinkTargetByClass(array(get_class($this),
126  'ilRepositorySearchGUI'), 'doUserAutoComplete', '', true));
127  $login->setSize(15);
128  $login->setValue($this->user->getLogin());
129 
130  $ilToolbar->addInputItem($login);
131 
132  $ilToolbar->addFormButton($this->lng->txt("info_change_user_view"), "perminfo");
133 
134  //$ilToolbar->addText($lng->txt("info_enter_login_or_id"));
135  }
136 
141  public function accessStatusInfo()
142  {
143  include_once("./Services/InfoScreen/classes/class.ilInfoScreenGUI.php");
144 
145  $info = new ilInfoScreenGUI(new stdClass());
146  $info->setFormAction($this->ilCtrl->getFormAction($this));
147 
148  $info->addSection($this->lng->txt("info_access_and_status_info"));
149 
150  foreach ($this->getAccessStatusInfoData() as $data) {
151  $info->addProperty($data[0], $data[1]);
152  }
153 
154  return $info->getHTML();
155  }
156 
161  public function accessPermissionsTable()
162  {
163  include_once("./Services/AccessControl/classes/class.ilAccessPermissionsStatusTableGUI.php");
164 
165  $table = new ilAccessPermissionsStatusTableGUI($this, "perminfo");
166 
167  $table->setData($this->getAccessPermissionTableData());
168  $table->setTitle($this->lng->txt("info_access_permissions"));
169 
170  return $table->getHTML();
171  }
172 
177  public function availableRolesTable()
178  {
179  include_once("./Services/AccessControl/classes/class.ilAvailableRolesStatusTableGUI.php");
180 
181  $table = new ilAvailableRolesStatusTableGUI($this, "perminfo");
182 
183  $table->setData($this->getAvailableRolesTableData());
184  $table->setTitle($this->lng->txt("info_available_roles"));
185 
186  return $table->getHTML();
187  }
188 
193  public function getAssignedValidRoles()
194  {
195  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
196  $assigned_valid_roles = array();
197 
198  foreach ($this->valid_roles as $role) {
199  if (in_array($role['obj_id'], $this->user_roles)) {
200  if ($role["obj_id"] == SYSTEM_ROLE_ID) {
201  // get all possible operation of current object
202  $ops_list = ilRbacReview::_getOperationList($this->object->getType());
203 
204  foreach ($ops_list as $ops_data) {
205  $ops[] = (int) $ops_data['ops_id'];
206  }
207 
208  $role['ops'] = $ops;
209  } else {
210  $role['ops'] = $this->rbacreview->getRoleOperationsOnObject($role["obj_id"], $this->object->getRefId());
211  }
212 
213  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
214  $role['translation'] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
215  $assigned_valid_roles[] = $role;
216  }
217  }
218 
219  $this->assigned_valid_roles = $assigned_valid_roles;
220 
221  return $assigned_valid_roles;
222  }
223 
229  public function getCommands($a_type)
230  {
231  global $DIC;
232 
233  $objDefinition = $DIC['objDefinition'];
234 
235  $class = $objDefinition->getClassName($a_type);
236  $location = $objDefinition->getLocation($a_type);
237  $full_class = "ilObj" . $class . "Access";
238 
239  $cmds = call_user_func(array($full_class, "_getCommands"));
240 
241  array_push($cmds, array('permission' => 'visible','cmd' => 'info'));
242 
243  return $cmds;
244  }
245 
250  public function getUser()
251  {
252  global $DIC;
253 
254  $ilUser = $DIC['ilUser'];
255 
256  if (!isset($_POST['user_login'])) {
257  $user = &$ilUser;
258  } else {
259  include_once('Services/User/classes/class.ilObjUser.php');
260  $user_id = ilObjUser::_lookupId($_POST['user_login']);
261 
262  $factory = new ilObjectFactory();
263  $user = $factory->getInstanceByObjId($user_id, false);
264 
265 
266  if ($user === false or $user->getType() != 'usr') {
267  $user = &$ilUser;
268  ilUtil::sendFailure($this->lng->txt('info_err_user_not_exist'));
269  } else {
270  ilUtil::sendInfo($this->lng->txt('info_user_view_changed'));
271  }
272  }
273 
274  return $user;
275  }
276 
281  public function getAccessStatusInfoData()
282  {
283  global $DIC;
284 
285  $ilAccess = $DIC['ilAccess'];
286  $infos = array();
287 
288  $result_set[0][] = $this->lng->txt("info_view_of_user");
289  $result_set[0][] = $this->user->getFullname() . " (#" . $this->user->getId() . ")";
290 
291  $assigned_valid_roles = array();
292 
293  foreach ($this->getAssignedValidRoles() as $role) {
294  $assigned_valid_roles[] = $role["translation"];
295  }
296 
297  $roles_str = implode(", ", $assigned_valid_roles);
298 
299  $result_set[1][] = $this->lng->txt("roles");
300  $result_set[1][] = $roles_str;
301 
302  $result_set[2][] = $this->lng->txt("status");
303 
304  $ilAccess->clear();
305  $ilAccess->checkAccessOfUser(
306  $this->user->getId(),
307  'read',
308  '',
309  $this->object->getRefId(),
310  $this->object->getType(),
311  $this->object->getId()
312  );
313 
314  $infos = array_merge($infos, $ilAccess->getInfo());
315 
316  $cmds = $this->getCommands($this->object->getType());
317 
318  foreach ($cmds as $cmd) {
319  $ilAccess->clear();
320  $ilAccess->doStatusCheck($cmd['permission'], $cmd['cmd'], $this->object->getRefId(), $this->user->getId(), $this->object->getId(), $this->object->getType());
321  $infos = array_merge($infos, $ilAccess->getInfo());
322  }
323 
324  $alert = "il_ItemAlertProperty";
325  $okay = "il_ItemOkayProperty";
326  $text = "";
327 
328  if (!$infos) {
329  $text = "<span class=\"" . $okay . "\">" . $this->lng->txt("access") . "</span><br/> ";
330  } else {
331  foreach ($infos as $info) {
332  switch ($info['type']) {
333  case IL_STATUS_MESSAGE:
334  $text .= "<span class=\"" . $okay . "\">" . $info['text'] . "</span><br/> ";
335  break;
336 
337  case IL_NO_PARENT_ACCESS:
338  $factory = new ilObjectFactory();
339  $obj = $factory->getInstanceByRefId($info['data']);
340  $text .= "<span class=\"" . $alert . "\">" . $info['text'] . " (" . $this->lng->txt("obj_" . $obj->getType()) . " #" . $obj->getId() . ": " . $obj->getTitle() . ")</span><br/> ";
341  break;
342 
343  default:
344  $text .= "<span class=\"" . $alert . "\">" . $info['text'] . "</span><br/> ";
345  break;
346 
347  }
348  }
349  }
350 
351  $result_set[2][] = $text;
352 
353  return $result_set;
354  }
355 
360  public function getAccessPermissionTableData()
361  {
362  global $DIC;
363 
364  $ilAccess = $DIC['ilAccess'];
365  $ilObjDataCache = $DIC['ilObjDataCache'];
366  $objDefinition = $DIC['objDefinition'];
367 
368  // get all possible operation of current object
369  $ops_list = ilRbacReview::_getOperationList($this->object->getType());
370 
371  $counter = 0;
372  $result_set = array();
373 
374  // check permissions of user
375  foreach ($ops_list as $ops) {
376  $access = $ilAccess->doRBACCheck($ops['operation'], "info", $this->object->getRefId(), $this->user->getId(), $this->object->getType());
377 
378  $result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK;
379 
380  if (substr($ops['operation'], 0, 7) == "create_" &&
381  $objDefinition->isPlugin(substr($ops['operation'], 7))) {
382  $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
383  substr($ops['operation'], 7),
384  'rbac_' . $ops['operation']
385  );
386  } elseif ($objDefinition->isPlugin($this->object->getType())) {
387  $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
388  $this->object->getType(),
389  $this->object->getType() . "_" . $ops['operation']
390  );
391  } elseif (substr($ops['operation'], 0, 7) == 'create_') {
392  $result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']);
393  } else {
394  $result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']);
395  }
396 
397  $list_role = [];
398 
399  // Check ownership
400  if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
401  if (
402  (substr($ops['operation'], 0, 7) != 'create_') and
403  ($ops['operation'] != 'edit_permission') and
404  ($ops['operation'] != 'edit_leanring_progress')
405  ) {
406  $list_role[] = $this->lng->txt('info_owner_of_object');
407  }
408  }
409  // get operations on object for each assigned role to user
410  foreach ($this->getAssignedValidRoles() as $role) {
411  if (in_array($ops['ops_id'], $role['ops'])) {
412  $list_role[] = $role['translation'];
413  }
414  }
415 
416  if (empty($list_role)) {
417  $list_role[] = $this->lng->txt('none');
418  }
419 
420 
421  $result_set[$counter]["role_ownership"] = $list_role;
422 
423  ++$counter;
424  }
425 
426  return $result_set;
427  }
428 
433  public function getAvailableRolesTableData()
434  {
435  global $DIC;
436 
437  $tree = $DIC['tree'];
438 
439  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
440 
441  $path = array_reverse($tree->getPathId($this->object->getRefId()));
442 
443  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
444  $counter = 0;
445 
446  foreach ($this->valid_roles as $role) {
447  $result_set[$counter]["img"] = in_array($role['obj_id'], $this->user_roles) ? self::IMG_OK : self::IMG_NOT_OK;
448 
449  if (is_subclass_of($this->object, ilObjectPlugin::class) && $role["parent"] == $this->object->getRefId()) {
450  $result_set[$counter][] = ilObjectPlugin::lookupTxtById($this->object->getType(), ilObjRole::_removeObjectId($role["title"]));
451  } else {
452  $result_set[$counter][] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
453  }
454 
455  $result_set[$counter]["role"] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
456 
457  if ($role['role_type'] != "linked") {
458  $result_set[$counter]["effective_from"] = "";
459  } else {
460  $rolfs = $this->rbacreview->getFoldersAssignedToRole($role["obj_id"]);
461 
462  // ok, try to match the next rolf in path
463  foreach ($path as $node) {
464  if ($node == 1) {
465  break;
466  }
467 
468 
469  if (in_array($node, $rolfs)) {
470  $nodedata = $tree->getNodeData($node);
471  $result_set[$counter]["effective_from"] = $nodedata["title"];
472  $result_set[$counter]["effective_from_ref_id"] = $node;
473  break;
474  }
475  }
476  }
477 
478  if (in_array($role['obj_id'], $this->global_roles)) {
479  $result_set[$counter]["original_position"] = $this->lng->txt("global");
480  $result_set[$counter]["original_position_ref_id"] = false;
481  } else {
482  $rolf = $this->rbacreview->getFoldersAssignedToRole($role["obj_id"], true);
483  $parent_node = $tree->getNodeData($rolf[0]);
484  $result_set[$counter]["original_position"] = $parent_node["title"];
485  $result_set[$counter]["original_position_ref_id"] = $parent_node["ref_id"];
486  }
487 
488  ++$counter;
489  }
490 
491  return $result_set;
492  }
493 }
ilObjectPermissionStatusGUI\getAvailableRolesTableData
getAvailableRolesTableData()
Available Roles Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:433
ilObjectPermissionStatusGUI\getAccessStatusInfoData
getAccessStatusInfoData()
Access Status Info Data.
Definition: class.ilObjectPermissionStatusGUI.php:281
ilCtrl\getLinkTargetByClass
getLinkTargetByClass( $a_class, $a_cmd="", $a_anchor="", $a_asynch=false, $xml_style=false)
Get link target for command using gui class name.
Definition: class.ilCtrl.php:1358
$login
$login
Definition: cron.php:13
ilCtrl
This class provides processing control methods.
Definition: class.ilCtrl.php:15
ilCtrl\setReturn
setReturn($a_gui_obj, $a_cmd)
Set return command.
Definition: class.ilCtrl.php:1387
ilInfoScreenGUI
Class ilInfoScreenGUI.
Definition: class.ilInfoScreenGUI.php:18
ilObjectFactory
Class ilObjectFactory.
Definition: class.ilObjectFactory.php:20
$data
$data
Definition: storeScorm.php:23
ilObjectPlugin\lookupTxtById
static lookupTxtById($plugin_id, $lang_var)
Definition: class.ilObjectPlugin.php:99
$location
$location
Definition: buildRTE.php:44
ilAccessPermissionsStatusTableGUI
Table for Acces Permissons in Permission > Permission of User.
Definition: class.ilAccessPermissionsStatusTableGUI.php:13
ilRbacReview\_getOperationList
static _getOperationList($a_type=null)
get operation list by object type public static
Definition: class.ilRbacReview.php:1540
IL_NO_PARENT_ACCESS
const IL_NO_PARENT_ACCESS
Definition: class.ilAccessInfo.php:27
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:831
ilObjectPermissionStatusGUI\getAccessPermissionTableData
getAccessPermissionTableData()
Access Permissions Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:360
user
user()
Definition: user.php:4
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4503
$a_type
$a_type
Definition: workflow.php:92
ilCtrl\getNextClass
getNextClass($a_gui_class=null)
Get next class in the control path from the current class to the target command class.
Definition: class.ilCtrl.php:745
ilCtrl\getFormAction
getFormAction( $a_gui_obj, $a_fallback_cmd="", $a_anchor="", $a_asynch=false, $xml_style=false)
Get form action url for gui class object.
Definition: class.ilCtrl.php:1002
ilObjectPermissionStatusGUI\accessStatusInfo
accessStatusInfo()
Access- and Statusinformation Info.
Definition: class.ilObjectPermissionStatusGUI.php:141
IL_STATUS_MESSAGE
const IL_STATUS_MESSAGE
Definition: class.ilAccessInfo.php:30
ilCtrl\getCmd
getCmd($a_default_cmd="", $a_safe_commands="")
Determines current get/post command.
Definition: class.ilCtrl.php:891
ilObjectPermissionStatusGUI\accessPermissionsTable
accessPermissionsTable()
Access Permissions Table.
Definition: class.ilObjectPermissionStatusGUI.php:161
$ilUser
$ilUser
Definition: imgupload.php:18
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:514
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4519
ilObjRole\_removeObjectId
static _removeObjectId($a_role_title)
Definition: class.ilObjRole.php:535
$DIC
$DIC
Definition: xapitoken.php:46
ilAvailableRolesStatusTableGUI
Table for Available Roles in Permission > Permission of User.
Definition: class.ilAvailableRolesStatusTableGUI.php:13
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object. ...
Definition: class.ilObjectPermissionStatusGUI.php:16
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ilCtrl\forwardCommand
forwardCommand($a_gui_object)
Forward flow of control to next gui class this invokes the executeCommand() method of the gui object ...
Definition: class.ilCtrl.php:188
$factory
$factory
Definition: metadata.php:58
ilObjectPermissionStatusGUI\getAssignedValidRoles
getAssignedValidRoles()
get Assigned Valid Roles
Definition: class.ilObjectPermissionStatusGUI.php:193