ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5 
19 class ilPermissionGUI extends ilPermission2GUI
20 {
21  const CMD_PERM_POSITIONS = 'permPositions';
22  const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
23 
24  protected $current_obj = null;
25 
29  protected $recommended_content_manager;
30 
36  public function __construct($a_gui_obj)
37  {
38  parent::__construct($a_gui_obj);
39 
40  $this->recommended_content_manager = new ilRecommendedContentManager();
41  }
42 
47  public function executeCommand()
48  {
49  global $DIC;
50 
51  $rbacsystem = $DIC['rbacsystem'];
52  $ilErr = $DIC['ilErr'];
53 
54  // access to all functions in this class are only allowed if edit_permission is granted
55  if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
56  $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
57  }
58 
59  $next_class = $this->ctrl->getNextClass($this);
60 
61  switch ($next_class) {
62  case "ilobjrolegui":
63  $this->ctrl->setReturn($this, 'perm');
64  include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
65  $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
66  $ret = $this->ctrl->forwardCommand($this->gui_obj);
67  break;
68 
69  case 'ildidactictemplategui':
70  $this->ctrl->setReturn($this, 'perm');
71  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
72  $did = new ilDidacticTemplateGUI($this->gui_obj);
73  $this->ctrl->forwardCommand($did);
74  break;
75 
76  case 'ilrepositorysearchgui':
77  // used for owner autocomplete
78  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
79  $rep_search = new ilRepositorySearchGUI();
80  $this->ctrl->forwardCommand($rep_search);
81  break;
82 
83  case 'ilobjectpermissionstatusgui':
84  $this->__initSubTabs("perminfo");
85  include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
86  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
87  $this->ctrl->forwardCommand($perm_stat);
88  break;
89 
90  default:
91  $cmd = $this->ctrl->getCmd();
92  $this->$cmd();
93  break;
94  }
95 
96  return true;
97  }
98 
99 
104  public function getCurrentObject()
105  {
106  return $this->gui_obj->object;
107  }
108 
112  protected function confirmTemplateSwitch()
113  {
114  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
115  $this->ctrl->setReturn($this, 'perm');
116  $this->ctrl->setCmdClass('ildidactictemplategui');
117  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
118  $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
119  }
120 
121 
126  public function perm(ilTable2GUI $table = null)
127  {
128  global $DIC;
129 
130  $objDefinition = $DIC['objDefinition'];
131  $ilToolbar = $DIC['ilToolbar'];
132 
133  include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
134  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
135  if ($dtpl->appendToolbarSwitch(
136  $ilToolbar,
137  $this->getCurrentObject()->getType(),
138  $this->getCurrentObject()->getRefId()
139  )) {
140  $ilToolbar->addSeparator();
141  }
142 
143  if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
144  !$this->isAdministrationObject()
145  ) {
146  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
147 
148  if (!$this->isAdminRoleFolder()) {
149  $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
150  }
151  $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
152  }
153 
154  $this->__initSubTabs("perm");
155 
156  if (!$table instanceof ilTable2GUI) {
157  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
158  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
159  }
160  $table->parse();
161  $this->tpl->setContent($table->getHTML());
162  }
163 
164 
165 
170  protected function isAdminRoleFolder()
171  {
172  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
173  }
174 
175  protected function isAdministrationObject()
176  {
177  return $this->getCurrentObject()->getType() == 'adm';
178  }
179 
184  protected function isInAdministration()
185  {
186  return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
187  }
188 
189 
194  protected function applyFilter()
195  {
196  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
197  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
198  $table->resetOffset();
199  $table->writeFilterToSession();
200  return $this->perm($table);
201  }
202 
207  protected function resetFilter()
208  {
209  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
210  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
211  $table->resetOffset();
212  $table->resetFilter();
213 
214  return $this->perm($table);
215  }
216 
222  public function applyRoleFilter($a_roles, $a_filter_id)
223  {
224  global $DIC;
225 
226  $rbacreview = $DIC['rbacreview'];
227 
228  // Always delete administrator role from view
229  if (isset($a_roles[SYSTEM_ROLE_ID])) {
230  unset($a_roles[SYSTEM_ROLE_ID]);
231  }
232 
233  switch ($a_filter_id) {
234  // all roles in context
235  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
236 
237  return $a_roles;
238 
239  // only global roles
240  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
241 
242  $arr_global_roles = $rbacreview->getGlobalRoles();
243  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
244 
245  foreach ($arr_remove_roles as $role_id) {
246  unset($a_roles[$role_id]);
247  }
248  return $a_roles;
249 
250  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
251  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
252  $arr_global_roles = $rbacreview->getGlobalRoles();
253 
254  foreach ($arr_global_roles as $role_id) {
255  unset($a_roles[$role_id]);
256  }
257 
258  return $a_roles;
259  break;
260 
261  // only roles which use a local policy
262  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
263 
264  $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
265  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
266 
267  foreach ($arr_remove_roles as $role_id) {
268  unset($a_roles[$role_id]);
269  }
270 
271  return $a_roles;
272 
273  // only true local role defined at current position
274  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
275 
276  $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
277  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
278 
279  foreach ($arr_remove_roles as $role_id) {
280  unset($a_roles[$role_id]);
281  }
282 
283  return $a_roles;
284 
285  default:
286  return $a_roles;
287  }
288  }
289 
294  protected function savePermissions()
295  {
296  global $DIC;
297 
298  $rbacreview = $DIC['rbacreview'];
299  $objDefinition = $DIC['objDefinition'];
300  $rbacadmin = $DIC['rbacadmin'];
301 
302  include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
303  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
304 
305  $roles = $this->applyRoleFilter(
306  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
307  $table->getFilterItemByPostVar('role')->getValue()
308  );
309 
310  // Log history
311  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
312  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
313 
314 
315  # all possible create permissions
316  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
317  $this->getCurrentObject()->getType(),
318  'create'
319  );
320 
321  # createable (activated) create permissions
322  $create_types = $objDefinition->getCreatableSubObjects(
323  $this->getCurrentObject()->getType()
324  );
325  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
326 
327  foreach ((array) $roles as $role => $role_data) {
328  if ($role_data['protected']) {
329  continue;
330  }
331 
332  $new_ops = array_keys((array) $_POST['perm'][$role]);
333  $old_ops = $rbacreview->getRoleOperationsOnObject(
334  $role,
335  $this->getCurrentObject()->getRefId()
336  );
337 
338  // Add operations which were enabled and are not activated.
339  foreach ($possible_ops_ids as $create_ops_id) {
340  if (in_array($create_ops_id, $createable_ops_ids)) {
341  continue;
342  }
343  if (in_array($create_ops_id, $old_ops)) {
344  $new_ops[] = $create_ops_id;
345  }
346  }
347 
348  $rbacadmin->revokePermission(
349  $this->getCurrentObject()->getRefId(),
350  $role
351  );
352 
353  $rbacadmin->grantPermission(
354  $role,
355  array_unique($new_ops),
356  $this->getCurrentObject()->getRefId()
357  );
358  }
359 
360  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
361  foreach ($roles as $role) {
362  // No action for local roles
363  if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
364  continue;
365  }
366  // Nothing for protected roles
367  if ($role['protected']) {
368  continue;
369  }
370  // Stop local policy
371  if (
372  $role['parent'] == $this->getCurrentObject()->getRefId() and
373  !isset($_POST['inherit'][$role['obj_id']]) and
374  !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
375  ) {
376  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
377  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
378  $role_obj->setParent($this->getCurrentObject()->getRefId());
379  $role_obj->delete();
380  continue;
381  }
382  // Add local policy
383  if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
384  ilLoggerFactory::getLogger('ac')->debug('Create local policy');
385  $rbacadmin->copyRoleTemplatePermissions(
386  $role['obj_id'],
387  $role['parent'],
388  $this->getCurrentObject()->getRefId(),
389  $role['obj_id']
390  );
391  ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
392  $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
393  }
394  }
395  }
396 
397  // Protect permissions
398  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
399  foreach ($roles as $role) {
400  if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
401  if (isset($_POST['protect'][$role['obj_id']]) and
402  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
403  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
404  } elseif (!isset($_POST['protect'][$role['obj_id']]) and
405  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
406  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
407  }
408  }
409  }
410  }
411 
412  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
413  $log = ilRbacLog::diffFaPa($log_old, $log_new);
414  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
415 
416  $blocked_info = $this->getModifiedBlockedSettings();
417  ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
418  if ($blocked_info['num'] > 0) {
419  return $this->showConfirmBlockRole($blocked_info);
420  }
421 
422 
423  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
424  $this->ctrl->redirect($this, 'perm');
425  #$this->perm();
426  }
427 
433  protected function showConfirmBlockRole($a_blocked_info)
434  {
435  $info = '';
436  if ($a_blocked_info['new_blocked']) {
437  $info .= $this->lng->txt('role_confirm_block_role_info');
438  if ($a_blocked_info['new_unblocked']) {
439  $info .= '<br /><br />';
440  }
441  }
442  if ($a_blocked_info['new_unblocked']) {
443  $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
444  }
445 
446  ilUtil::sendInfo($info);
447 
448  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
449  $confirm = new ilConfirmationGUI();
450  $confirm->setFormAction($this->ctrl->getFormAction($this));
451  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
452  $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
453  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
454 
455  foreach ($a_blocked_info['new_blocked'] as $role_id) {
456  include_once './Services/AccessControl/classes/class.ilObjRole.php';
457  $confirm->addItem(
458  'new_block[]',
459  $role_id,
460  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
461  );
462  }
463  foreach ($a_blocked_info['new_unblocked'] as $role_id) {
464  include_once './Services/AccessControl/classes/class.ilObjRole.php';
465  $confirm->addItem(
466  'new_unblock[]',
467  $role_id,
468  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
469  );
470  }
471  $this->tpl->setContent($confirm->getHTML());
472  }
473 
474  protected function modifyBlockRoles()
475  {
476  $this->blockRoles((array) $_POST['new_block']);
477  $this->unblockRoles((array) $_POST['new_unblock']);
478 
479  ilUtil::sendInfo($this->lng->txt('settings_saved'));
480  $this->ctrl->redirect($this, 'perm');
481  }
482 
486  protected function unblockRoles($roles)
487  {
488  global $DIC;
489 
490  $rbacadmin = $DIC['rbacadmin'];
491 
492  foreach ($roles as $role) {
493  // delete local policy
494  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
495  $role_obj = ilObjectFactory::getInstanceByObjId($role);
496  $role_obj->setParent($this->getCurrentObject()->getRefId());
497  $role_obj->delete();
498 
499  $role_obj->changeExistingObjects(
500  $this->getCurrentObject()->getRefId(),
501  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
502  array('all')
503  );
504 
505  // finally set blocked status
506  $rbacadmin->setBlockedStatus(
507  $role,
508  $this->getCurrentObject()->getRefId(),
509  false
510  );
511  }
512  }
513 
518  protected function blockRoles($roles)
519  {
520  global $DIC;
521 
522  $rbacadmin = $DIC['rbacadmin'];
523  $rbacreview = $DIC['rbacreview'];
524 
525  foreach ($roles as $role) {
526  // Set assign to 'y' only if it is a local role
527  $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
528 
529  // Delete permissions
530  $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
531 
532  // Delete template permissions
533  $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
534 
535 
536  $rbacadmin->assignRoleToFolder(
537  $role,
538  $this->getCurrentObject()->getRefId(),
539  $assign
540  );
541 
542  // finally set blocked status
543  $rbacadmin->setBlockedStatus(
544  $role,
545  $this->getCurrentObject()->getRefId(),
546  true
547  );
548  }
549  }
550 
551 
557  public static function hasContainerCommands($a_type)
558  {
559  global $DIC;
560 
561  $objDefinition = $DIC['objDefinition'];
562 
563  return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
564  }
565 
570  protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
571  {
572  $GLOBALS['DIC']['ilTabs']->clearTargets();
573 
574  if (!$form) {
575  $form = $this->initImportForm();
576  }
577  $GLOBALS['DIC']['tpl']->setContent($form->getHTML());
578  }
579 
583  protected function doImportRole()
584  {
585  global $DIC;
586 
587  $rbacreview = $DIC['rbacreview'];
588 
589  $form = $this->initImportForm();
590  if ($form->checkInput()) {
591  try {
592  include_once './Services/Export/classes/class.ilImport.php';
593 
594  // For global roles set import id to parent of current ref_id (adm)
595  $imp = new ilImport($this->getCurrentObject()->getRefId());
596  $imp->getMapping()->addMapping(
597  'Services/AccessControl',
598  'rolf',
599  0,
600  $this->getCurrentObject()->getRefId()
601  );
602 
603  $imp->importObject(
604  null,
605  $_FILES["importfile"]["tmp_name"],
606  $_FILES["importfile"]["name"],
607  'role'
608  );
609  ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
610  $this->ctrl->redirect($this, 'perm');
611  return;
612  } catch (Exception $e) {
613  ilUtil::sendFailure($e->getMessage());
614  $form->setValuesByPost();
615  $this->displayImportRoleForm($form);
616  return;
617  }
618  }
619  $form->setValuesByPost();
620  ilUtil::sendFailure($this->lng->txt('err_check_input'));
621  $this->displayImportRoleForm($form);
622  }
623 
627  protected function initImportForm()
628  {
629  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
630  $form = new ilPropertyFormGUI();
631  $form->setFormAction($this->ctrl->getFormAction($this));
632  $form->setTitle($this->lng->txt('rbac_import_role'));
633  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
634  $form->addCommandButton('perm', $this->lng->txt('cancel'));
635 
636  $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
637  $zip->setSuffixes(array('zip'));
638  $form->addItem($zip);
639 
640  return $form;
641  }
642 
649  protected function initRoleForm()
650  {
651  global $DIC;
652 
653  $rbacreview = $DIC['rbacreview'];
654  $objDefinition = $DIC['objDefinition'];
655 
656  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
657  $form = new ilPropertyFormGUI();
658  $form->setFormAction($this->ctrl->getFormAction($this));
659  $form->setTitle($this->lng->txt('role_new'));
660  $form->addCommandButton('addrole', $this->lng->txt('role_new'));
661  $form->addCommandButton('perm', $this->lng->txt('cancel'));
662 
663  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
664  $title->setValidationRegexp('/^(?!il_).*$/');
665  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
666  $title->setSize(40);
667  $title->setMaxLength(70);
668  $title->setRequired(true);
669  $form->addItem($title);
670 
671  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
672  $desc->setCols(40);
673  $desc->setRows(3);
674  $form->addItem($desc);
675 
676  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
677  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
678  $pro->setValue(1);
679  $form->addItem($pro);
680 
681  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_add_recommended_content'), 'desktop');
682  $pd->setInfo(
683  str_replace(
684  "%1",
685  $this->getCurrentObject()->getTitle(),
686  $this->lng->txt('rbac_add_recommended_content_info')
687  )
688  );
689  $pd->setValue(1);
690  $form->addItem($pd);
691 
692 
693  if (!$this->isInAdministration()) {
694  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
695  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
696  $rights->addOption($option);
697 
698  $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
699  $ids = array();
700  foreach ($parent_role_ids as $id => $tmp) {
701  $ids[] = $id;
702  }
703 
704  // Sort ids
705  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
706 
707  $key = 0;
708  foreach ($sorted_ids as $id) {
709  $par = $parent_role_ids[$id];
710  if ($par["obj_id"] != SYSTEM_ROLE_ID) {
711  include_once './Services/AccessControl/classes/class.ilObjRole.php';
712  $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
713  $option->setInfo($par["desc"]);
714  $rights->addOption($option);
715  }
716  $key++;
717  }
718  $form->addItem($rights);
719  }
720 
721  // Local policy only for containers
722  if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
723  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
724  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
725  $form->addItem($check);
726  }
727 
728  return $form;
729  }
730 
734  protected function displayAddRoleForm()
735  {
736  $GLOBALS['DIC']['ilTabs']->clearTargets();
737 
738  $form = $this->initRoleForm();
739  $this->tpl->setContent($form->getHTML());
740  }
741 
750  protected function addRole()
751  {
752  global $DIC;
753 
754  $rbacadmin = $DIC['rbacadmin'];
755  $rbacreview = $DIC['rbacreview'];
756  $rbacsystem = $DIC['rbacsystem'];
757  $ilErr = $DIC['ilErr'];
758  $ilCtrl = $DIC['ilCtrl'];
759 
760  $form = $this->initRoleForm();
761  if ($form->checkInput()) {
762  $new_title = $form->getInput("title");
763 
764  include_once './Services/AccessControl/classes/class.ilObjRole.php';
765  $role = new ilObjRole();
766  $role->setTitle($new_title);
767  $role->setDescription($form->getInput('desc'));
768  $role->create();
769 
770  $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
771 
772  // protect
773  $rbacadmin->setProtected(
774  $this->getCurrentObject()->getRefId(),
775  $role->getId(),
776  $form->getInput('pro') ? 'y' : 'n'
777  );
778 
779  // copy rights
780  $right_id_to_copy = $form->getInput("rights");
781  if ($right_id_to_copy) {
782  $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
783  $rbacadmin->copyRoleTemplatePermissions(
784  $right_id_to_copy,
785  $parentRoles[$right_id_to_copy]["parent"],
786  $this->getCurrentObject()->getRefId(),
787  $role->getId(),
788  false
789  );
790 
791  if ($form->getInput('existing')) {
792  if ($form->getInput('pro')) {
793  $role->changeExistingObjects(
794  $this->getCurrentObject()->getRefId(),
795  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
796  array('all')
797  );
798  } else {
799  $role->changeExistingObjects(
800  $this->getCurrentObject()->getRefId(),
801  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
802  array('all')
803  );
804  }
805  }
806  }
807 
808  // add to desktop items
809  if ($form->getInput("desktop")) {
810  $this->recommended_content_manager->addRoleRecommendation($role->getId(), $this->getCurrentObject()->getRefId());
811  }
812 
813  ilUtil::sendSuccess($this->lng->txt("role_added"), true);
814  $this->ctrl->redirect($this, 'perm');
815  } else {
816  $form->setValuesByPost();
817  $this->tpl->setContent($form->getHTML());
818  }
819  }
820 
825  protected function getModifiedBlockedSettings()
826  {
827  global $DIC;
828 
829  $rbacreview = $DIC['rbacreview'];
830 
831  $blocked_info['new_blocked'] = array();
832  $blocked_info['new_unblocked'] = array();
833  $blocked_info['num'] = 0;
834  foreach ((array) $_POST['visible_block'] as $role => $one) {
835  $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
836  if (isset($_POST['block'][$role]) && !$blocked) {
837  $blocked_info['new_blocked'][] = $role;
838  $blocked_info['num']++;
839  }
840  if (!isset($_POST['block'][$role]) && $blocked) {
841  $blocked_info['new_unblocked'][] = $role;
842  $blocked_info['num']++;
843  }
844  }
845  return $blocked_info;
846  }
847 
848  //
849  // OrgUnit Position Permissions
850  //
851 
852 
853  protected function permPositions()
854  {
855  $perm = self::CMD_PERM_POSITIONS;
856  $this->__initSubTabs($perm);
857 
858  $ref_id = $this->getCurrentObject()->getRefId();
859  $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
860  $table->collectData();
861  $this->tpl->setContent($table->getHTML());
862  }
863 
864 
865  protected function savePositionsPermissions()
866  {
867  $this->__initSubTabs(self::CMD_PERM_POSITIONS);
868 
869  $positions = ilOrgUnitPosition::getArray(null, 'id');
870  $ref_id = $this->getCurrentObject()->getRefId();
871 
872  // handle local sets
873  foreach ($positions as $position_id) {
874  if (isset($_POST['local'][$position_id])) {
875  ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
876  } else {
877  ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
878  }
879  }
880 
881  if ($_POST['position_perm']) {
882  foreach ($_POST['position_perm'] as $position_id => $ops) {
883  if (!isset($_POST['local'][$position_id])) {
884  continue;
885  }
886  $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
887  $new_ops = [];
888  foreach ($ops as $op_id => $op) {
889  $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
890  }
891  $ilOrgUnitPermission->setOperations($new_ops);
892  $ilOrgUnitPermission->save();
893  }
894  }
895  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
896  $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
897  }
898 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:36
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:8
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role type $rbacreview type $objDefinition.
Definition: class.ilPermissionGUI.php:649
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:583
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:222
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:14
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option &#39;you may add local roles&#39;...
Definition: class.ilPermissionGUI.php:750
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:184
ilImport
Import class.
Definition: class.ilImport.php:11
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:557
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:170
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ilFormPropertyGUI\setInfo
setInfo($a_info)
Set Information Text.
Definition: class.ilFormPropertyGUI.php:145
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4503
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:433
$a_type
$a_type
Definition: workflow.php:92
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:570
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:207
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:13
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4407
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:112
$log
$log
Definition: result.php:15
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:104
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:514
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:734
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4519
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:627
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:518
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:30
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:34
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
$ret
$ret
Definition: parser.php:6
$DIC
$DIC
Definition: xapitoken.php:46
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:47
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:19
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:908
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:16
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:294
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object. ...
Definition: class.ilObjectPermissionStatusGUI.php:16
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:126
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:20
ilFileInputGUI\setSuffixes
setSuffixes($a_suffixes)
Set Accepted Suffixes.
Definition: class.ilFileInputGUI.php:132
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ilRecommendedContentManager
Recommended content manager (business logic)
Definition: class.ilRecommendedContentManager.php:11
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:15
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:194