4include_once 
'./Services/AccessControl/classes/class.ilPermission2GUI.php';
 
   51        $rbacsystem = 
$DIC[
'rbacsystem'];
 
   55        if (!$rbacsystem->checkAccess(
"edit_permission", $this->gui_obj->object->getRefId())) {
 
   56            $ilErr->raiseError($this->lng->txt(
"permission_denied"), 
$ilErr->MESSAGE);
 
   59        $next_class = $this->ctrl->getNextClass($this);
 
   61        switch ($next_class) {
 
   63                $this->ctrl->setReturn($this, 
'perm');
 
   64                include_once(
"Services/AccessControl/classes/class.ilObjRoleGUI.php");
 
   66                $ret = $this->ctrl->forwardCommand($this->gui_obj);
 
   69            case 'ildidactictemplategui':
 
   70                $this->ctrl->setReturn($this, 
'perm');
 
   71                include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
   73                $this->ctrl->forwardCommand($did);
 
   76            case 'ilrepositorysearchgui':
 
   78                include_once(
'./Services/Search/classes/class.ilRepositorySearchGUI.php');
 
   80                $this->ctrl->forwardCommand($rep_search);
 
   83            case 'ilobjectpermissionstatusgui':
 
   85                include_once(
'./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
 
   87                $this->ctrl->forwardCommand($perm_stat);
 
   91                $cmd = $this->ctrl->getCmd();
 
  106        return $this->gui_obj->object;
 
  114        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
  115        $this->ctrl->setReturn($this, 
'perm');
 
  116        $this->ctrl->setCmdClass(
'ildidactictemplategui');
 
  118        $this->ctrl->forwardCommand($dtpl_gui, 
'confirmTemplateSwitch');
 
  130        $objDefinition = 
$DIC[
'objDefinition'];
 
  131        $ilToolbar = 
$DIC[
'ilToolbar'];
 
  133        include_once 
'./Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
 
  135        if ($dtpl->appendToolbarSwitch(
 
  137            $this->getCurrentObject()->getType(),
 
  138            $this->getCurrentObject()->getRefId()
 
  140            $ilToolbar->addSeparator();
 
  143        if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
 
  144            !$this->isAdministrationObject()
 
  146            $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
 
  149                $ilToolbar->addButton($this->lng->txt(
'rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 
'displayAddRoleForm'));
 
  151            $ilToolbar->addButton($this->lng->txt(
'rbac_import_role'), $this->ctrl->getLinkTarget($this, 
'displayImportRoleForm'));
 
  157            include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  161        $this->tpl->setContent($table->getHTML());
 
  196        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  198        $table->resetOffset();
 
  199        $table->writeFilterToSession();
 
  200        return $this->
perm($table);
 
  209        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  211        $table->resetOffset();
 
  212        $table->resetFilter();
 
  214        return $this->
perm($table);
 
  226        $rbacreview = 
$DIC[
'rbacreview'];
 
  229        if (isset($a_roles[SYSTEM_ROLE_ID])) {
 
  230            unset($a_roles[SYSTEM_ROLE_ID]);
 
  233        switch ($a_filter_id) {
 
  242                $arr_global_roles = $rbacreview->getGlobalRoles();
 
  243                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
 
  245                foreach ($arr_remove_roles as $role_id) {
 
  246                    unset($a_roles[$role_id]);
 
  252                $arr_global_roles = $rbacreview->getGlobalRoles();
 
  254                foreach ($arr_global_roles as $role_id) {
 
  255                    unset($a_roles[$role_id]);
 
  265                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
 
  267                foreach ($arr_remove_roles as $role_id) {
 
  268                    unset($a_roles[$role_id]);
 
  277                $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
 
  279                foreach ($arr_remove_roles as $role_id) {
 
  280                    unset($a_roles[$role_id]);
 
  298        $rbacreview = 
$DIC[
'rbacreview'];
 
  299        $objDefinition = 
$DIC[
'objDefinition'];
 
  300        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  302        include_once 
'./Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
 
  306            $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
 
  307            $table->getFilterItemByPostVar(
'role')->getValue()
 
  311        include_once 
"Services/AccessControl/classes/class.ilRbacLog.php";
 
  315        # all possible create permissions 
  316        $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
 
  321        # createable (activated) create permissions 
  322        $create_types = $objDefinition->getCreatableSubObjects(
 
  327        foreach ((array) $roles as $role => $role_data) {
 
  328            if ($role_data[
'protected']) {
 
  332            $new_ops = array_keys((array) 
$_POST[
'perm'][$role]);
 
  333            $old_ops = $rbacreview->getRoleOperationsOnObject(
 
  339            foreach ($possible_ops_ids as $create_ops_id) {
 
  340                if (in_array($create_ops_id, $createable_ops_ids)) {
 
  343                if (in_array($create_ops_id, $old_ops)) {
 
  344                    $new_ops[] = $create_ops_id;
 
  348            $rbacadmin->revokePermission(
 
  353            $rbacadmin->grantPermission(
 
  355                array_unique($new_ops),
 
  361            foreach ($roles as $role) {
 
  363                if ($role[
'parent'] == $this->
getCurrentObject()->getRefId() and $role[
'assign'] == 
'y') {
 
  367                if ($role[
'protected']) {
 
  373                    !isset(
$_POST[
'inherit'][$role[
'obj_id']]) and
 
  374                    !$rbacreview->isBlockedAtPosition($role[
'obj_id'], $this->getCurrentObject()->getRefId())
 
  383                if ($role[
'parent'] != $this->
getCurrentObject()->getRefId() and isset(
$_POST[
'inherit'][$role[
'obj_id']])) {
 
  385                    $rbacadmin->copyRoleTemplatePermissions(
 
  392                    $rbacadmin->assignRoleToFolder($role[
'obj_id'], $this->
getCurrentObject()->getRefId(), 
'n');
 
  399            foreach ($roles as $role) {
 
  400                if ($rbacreview->isAssignable($role[
'obj_id'], $this->getCurrentObject()->getRefId())) {
 
  401                    if (isset(
$_POST[
'protect'][$role[
'obj_id']]) and
 
  402                        !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role[
'obj_id'])) {
 
  403                        $rbacadmin->setProtected($this->
getCurrentObject()->getRefId(), $role[
'obj_id'], 
'y');
 
  404                    } elseif (!isset(
$_POST[
'protect'][$role[
'obj_id']]) and
 
  405                        $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role[
'obj_id'])) {
 
  406                        $rbacadmin->setProtected($this->
getCurrentObject()->getRefId(), $role[
'obj_id'], 
'n');
 
  418        if ($blocked_info[
'num'] > 0) {
 
  423        ilUtil::sendSuccess($this->lng->txt(
'settings_saved'), 
true);
 
  424        $this->ctrl->redirect($this, 
'perm');
 
  436        if ($a_blocked_info[
'new_blocked']) {
 
  437            $info .= $this->lng->txt(
'role_confirm_block_role_info');
 
  438            if ($a_blocked_info[
'new_unblocked']) {
 
  439                $info .= 
'<br /><br />';
 
  442        if ($a_blocked_info[
'new_unblocked']) {
 
  443            $info .= (
'<br />' . $this->lng->txt(
'role_confirm_unblock_role_info'));
 
  448        include_once 
'./Services/Utilities/classes/class.ilConfirmationGUI.php';
 
  450        $confirm->setFormAction($this->ctrl->getFormAction($this));
 
  451        $confirm->setHeaderText($this->lng->txt(
'role_confirm_block_role_header'));
 
  452        $confirm->setConfirm($this->lng->txt(
'role_confirm_block_role'), 
'modifyBlockRoles');
 
  453        $confirm->setCancel($this->lng->txt(
'cancel'), 
'perm');
 
  455        foreach ($a_blocked_info[
'new_blocked'] as $role_id) {
 
  456            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  463        foreach ($a_blocked_info[
'new_unblocked'] as $role_id) {
 
  464            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  471        $this->tpl->setContent($confirm->getHTML());
 
  480        $this->ctrl->redirect($this, 
'perm');
 
  490        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  492        foreach ($roles as $role) {
 
  499            $role_obj->changeExistingObjects(
 
  506            $rbacadmin->setBlockedStatus(
 
  522        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  523        $rbacreview = 
$DIC[
'rbacreview'];
 
  525        foreach ($roles as $role) {
 
  527            $assign = $rbacreview->isAssignable($role, $this->
getCurrentObject()->getRefId()) ? 
'y' : 
'n';
 
  530            $rbacadmin->revokeSubtreePermissions($this->
getCurrentObject()->getRefId(), $role);
 
  533            $rbacadmin->deleteSubtreeTemplates($this->
getCurrentObject()->getRefId(), $role);
 
  536            $rbacadmin->assignRoleToFolder(
 
  543            $rbacadmin->setBlockedStatus(
 
  561        $objDefinition = 
$DIC[
'objDefinition'];
 
  572        $GLOBALS[
'DIC'][
'ilTabs']->clearTargets();
 
  577        $GLOBALS[
'DIC'][
'tpl']->setContent($form->getHTML());
 
  587        $rbacreview = 
$DIC[
'rbacreview'];
 
  590        if ($form->checkInput()) {
 
  592                include_once 
'./Services/Export/classes/class.ilImport.php';
 
  596                $imp->getMapping()->addMapping(
 
  597                    'Services/AccessControl',
 
  605                    $_FILES[
"importfile"][
"tmp_name"],
 
  606                    $_FILES[
"importfile"][
"name"],
 
  609                ilUtil::sendSuccess($this->lng->txt(
'rbac_role_imported'), 
true);
 
  610                $this->ctrl->redirect($this, 
'perm');
 
  612            } 
catch (Exception 
$e) {
 
  614                $form->setValuesByPost();
 
  619        $form->setValuesByPost();
 
  629        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  631        $form->setFormAction($this->ctrl->getFormAction($this));
 
  632        $form->setTitle($this->lng->txt(
'rbac_import_role'));
 
  633        $form->addCommandButton(
'doImportRole', $this->lng->txt(
'import'));
 
  634        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
  636        $zip = 
new ilFileInputGUI($this->lng->txt(
'import_file'), 
'importfile');
 
  637        $zip->setSuffixes(array(
'zip'));
 
  638        $form->addItem($zip);
 
  653        $rbacreview = 
$DIC[
'rbacreview'];
 
  654        $objDefinition = 
$DIC[
'objDefinition'];
 
  656        include_once 
'./Services/Form/classes/class.ilPropertyFormGUI.php';
 
  658        $form->setFormAction($this->ctrl->getFormAction($this));
 
  659        $form->setTitle($this->lng->txt(
'role_new'));
 
  660        $form->addCommandButton(
'addrole', $this->lng->txt(
'role_new'));
 
  661        $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
 
  664        $title->setValidationRegexp(
'/^(?!il_).*$/');
 
  665        $title->setValidationFailureMessage($this->lng->txt(
'msg_role_reserved_prefix'));
 
  667        $title->setMaxLength(70);
 
  668        $title->setRequired(
true);
 
  669        $form->addItem($title);
 
  674        $form->addItem($desc);
 
  677        $pro->setInfo($this->lng->txt(
'role_protect_permissions_desc'));
 
  679        $form->addItem($pro);
 
  681        $pd = 
new ilCheckboxInputGUI($this->lng->txt(
'rbac_add_recommended_content'), 
'desktop');
 
  686                $this->lng->txt(
'rbac_add_recommended_content_info')
 
  695            $option = 
new ilRadioOption($this->lng->txt(
"rbac_role_rights_copy_empty"), 0);
 
  696            $rights->addOption($option);
 
  698            $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), 
true);
 
  700            foreach ($parent_role_ids as $id => $tmp) {
 
  705            $sorted_ids = 
ilUtil::_sortIds($ids, 
'object_data', 
'type DESC,title', 
'obj_id');
 
  708            foreach ($sorted_ids as $id) {
 
  709                $par = $parent_role_ids[$id];
 
  710                if ($par[
"obj_id"] != SYSTEM_ROLE_ID) {
 
  711                    include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  713                    $option->setInfo($par[
"desc"]);
 
  714                    $rights->addOption($option);
 
  718            $form->addItem($rights);
 
  722        if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
 
  723            $check = 
new ilCheckboxInputGui($this->lng->txt(
"rbac_role_rights_copy_change_existing"), 
'existing');
 
  724            $check->setInfo($this->lng->txt(
'rbac_change_existing_objects_desc_new_role'));
 
  725            $form->addItem($check);
 
  736        $GLOBALS[
'DIC'][
'ilTabs']->clearTargets();
 
  739        $this->tpl->setContent($form->getHTML());
 
  754        $rbacadmin = 
$DIC[
'rbacadmin'];
 
  755        $rbacreview = 
$DIC[
'rbacreview'];
 
  756        $rbacsystem = 
$DIC[
'rbacsystem'];
 
  761        if ($form->checkInput()) {
 
  762            $new_title = $form->getInput(
"title");
 
  764            include_once 
'./Services/AccessControl/classes/class.ilObjRole.php';
 
  766            $role->setTitle($new_title);
 
  767            $role->setDescription($form->getInput(
'desc'));
 
  770            $GLOBALS[
'DIC'][
'rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
 
  773            $rbacadmin->setProtected(
 
  776                $form->getInput(
'pro') ? 
'y' : 
'n' 
  780            $right_id_to_copy = $form->getInput(
"rights");
 
  781            if ($right_id_to_copy) {
 
  782                $parentRoles = $rbacreview->getParentRoleIds($this->
getCurrentObject()->getRefId(), 
true);
 
  783                $rbacadmin->copyRoleTemplatePermissions(
 
  785                    $parentRoles[$right_id_to_copy][
"parent"],
 
  791                if ($form->getInput(
'existing')) {
 
  792                    if ($form->getInput(
'pro')) {
 
  793                        $role->changeExistingObjects(
 
  799                        $role->changeExistingObjects(
 
  809            if ($form->getInput(
"desktop")) {
 
  810                $this->recommended_content_manager->addRoleRecommendation($role->getId(), $this->getCurrentObject()->getRefId());
 
  813            ilUtil::sendSuccess($this->lng->txt(
"role_added"), 
true);
 
  814            $this->ctrl->redirect($this, 
'perm');
 
  816            $form->setValuesByPost();
 
  817            $this->tpl->setContent($form->getHTML());
 
  829        $rbacreview = 
$DIC[
'rbacreview'];
 
  831        $blocked_info[
'new_blocked'] = array();
 
  832        $blocked_info[
'new_unblocked'] = array();
 
  833        $blocked_info[
'num'] = 0;
 
  834        foreach ((array) 
$_POST[
'visible_block'] as $role => $one) {
 
  835            $blocked = $rbacreview->isBlockedAtPosition($role, $this->
getCurrentObject()->getRefId());
 
  836            if (isset(
$_POST[
'block'][$role]) && !$blocked) {
 
  837                $blocked_info[
'new_blocked'][] = $role;
 
  838                $blocked_info[
'num']++;
 
  840            if (!isset(
$_POST[
'block'][$role]) && $blocked) {
 
  841                $blocked_info[
'new_unblocked'][] = $role;
 
  842                $blocked_info[
'num']++;
 
  845        return $blocked_info;
 
  860        $table->collectData();
 
  861        $this->tpl->setContent($table->getHTML());
 
  873        foreach ($positions as $position_id) {
 
  874            if (isset(
$_POST[
'local'][$position_id])) {
 
  875                ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
 
  877                ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
 
  881        if (
$_POST[
'position_perm']) {
 
  882            foreach (
$_POST[
'position_perm'] as $position_id => $ops) {
 
  883                if (!isset(
$_POST[
'local'][$position_id])) {
 
  886                $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
 
  888                foreach ($ops as $op_id => $op) {
 
  891                $ilOrgUnitPermission->setOperations($new_ops);
 
  892                $ilOrgUnitPermission->save();
 
  895        ilUtil::sendSuccess($this->lng->txt(
'settings_saved'), 
true);
 
  896        $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
 
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
static getArray($key=null, $values=null)
An exception for terminatinating execution or to throw for unit testing.
Confirmation screen class.
GUI class for didactic template settings inside repository objects.
static getLogger($a_component_id)
Get component logger.
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
This class displays the permission status of a user concerning a specific object.
Table for object role permissions.
const ROLE_FILTER_LOCAL_OBJECT
const ROLE_FILTER_LOCAL_POLICY
static _lookupTitle($a_id)
lookup object title
static findById($operation_id)
Class ilOrgUnitPermissionTableGUI.
Class ilPermissionGUI RBAC related output.
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
blockRoles($roles)
Block role.
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
resetFilter()
Reset filter.
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
const CMD_SAVE_POSITIONS_PERMISSIONS
isAdminRoleFolder()
Check of current location is administration (main) role folder.
__construct($a_gui_obj)
Constructor.
savePositionsPermissions()
getModifiedBlockedSettings()
executeCommand()
Execute command.
displayAddRoleForm()
Show add role form.
savePermissions()
Save permissions.
getCurrentObject()
Get current object.
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
initImportForm()
init import form
perm(ilTable2GUI $table=null)
show permission table
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
doImportRole()
Perform import.
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
isInAdministration()
Check if node is subobject of administration folder.
applyFilter()
Apply filter.
$recommended_content_manager
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
This class represents an option in a radio group.
static diffFaPa(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Recommended content manager (business logic)
This class represents a text area property in a property form.
This class represents a text property in a property form.
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc