ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilPermissionGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/AccessControl/classes/class.ilPermission2GUI.php';
5
19class ilPermissionGUI extends ilPermission2GUI
20{
21 const CMD_PERM_POSITIONS = 'permPositions';
22 const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
23
24 protected $current_obj = null;
25
29 protected $recommended_content_manager;
30
36 public function __construct($a_gui_obj)
37 {
38 parent::__construct($a_gui_obj);
39
40 $this->recommended_content_manager = new ilRecommendedContentManager();
41 }
42
47 public function executeCommand()
48 {
49 global $DIC;
50
51 $rbacsystem = $DIC['rbacsystem'];
52 $ilErr = $DIC['ilErr'];
53
54 // access to all functions in this class are only allowed if edit_permission is granted
55 if (!$rbacsystem->checkAccess("edit_permission", $this->gui_obj->object->getRefId())) {
56 $ilErr->raiseError($this->lng->txt("permission_denied"), $ilErr->MESSAGE);
57 }
58
59 $next_class = $this->ctrl->getNextClass($this);
60
61 switch ($next_class) {
62 case "ilobjrolegui":
63 $this->ctrl->setReturn($this, 'perm');
64 include_once("Services/AccessControl/classes/class.ilObjRoleGUI.php");
65 $this->gui_obj = new ilObjRoleGUI("", (int) $_GET["obj_id"], false, false);
66 $ret = $this->ctrl->forwardCommand($this->gui_obj);
67 break;
68
69 case 'ildidactictemplategui':
70 $this->ctrl->setReturn($this, 'perm');
71 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
72 $did = new ilDidacticTemplateGUI($this->gui_obj);
73 $this->ctrl->forwardCommand($did);
74 break;
75
76 case 'ilrepositorysearchgui':
77 // used for owner autocomplete
78 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
79 $rep_search = new ilRepositorySearchGUI();
80 $this->ctrl->forwardCommand($rep_search);
81 break;
82
83 case 'ilobjectpermissionstatusgui':
84 $this->__initSubTabs("perminfo");
85 include_once('./Services/AccessControl/classes/class.ilObjectPermissionStatusGUI.php');
86 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->object);
87 $this->ctrl->forwardCommand($perm_stat);
88 break;
89
90 default:
91 $cmd = $this->ctrl->getCmd();
92 $this->$cmd();
93 break;
94 }
95
96 return true;
97 }
98
99
104 public function getCurrentObject()
105 {
106 return $this->gui_obj->object;
107 }
108
112 protected function confirmTemplateSwitch()
113 {
114 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
115 $this->ctrl->setReturn($this, 'perm');
116 $this->ctrl->setCmdClass('ildidactictemplategui');
117 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
118 $this->ctrl->forwardCommand($dtpl_gui, 'confirmTemplateSwitch');
119 }
120
121
126 public function perm(ilTable2GUI $table = null)
127 {
128 global $DIC;
129
130 $objDefinition = $DIC['objDefinition'];
131 $ilToolbar = $DIC['ilToolbar'];
132
133 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateGUI.php';
134 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
135 if ($dtpl->appendToolbarSwitch(
136 $ilToolbar,
137 $this->getCurrentObject()->getType(),
138 $this->getCurrentObject()->getRefId()
139 )) {
140 $ilToolbar->addSeparator();
141 }
142
143 if ($objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) and
144 !$this->isAdministrationObject()
145 ) {
146 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
147
148 if (!$this->isAdminRoleFolder()) {
149 $ilToolbar->addButton($this->lng->txt('rbac_add_new_local_role'), $this->ctrl->getLinkTarget($this, 'displayAddRoleForm'));
150 }
151 $ilToolbar->addButton($this->lng->txt('rbac_import_role'), $this->ctrl->getLinkTarget($this, 'displayImportRoleForm'));
152 }
153
154 $this->__initSubTabs("perm");
155
156 if (!$table instanceof ilTable2GUI) {
157 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
158 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
159 }
160 $table->parse();
161 $this->tpl->setContent($table->getHTML());
162 }
163
164
165
170 protected function isAdminRoleFolder()
171 {
172 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
173 }
174
175 protected function isAdministrationObject()
176 {
177 return $this->getCurrentObject()->getType() == 'adm';
178 }
179
184 protected function isInAdministration()
185 {
186 return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
187 }
188
189
194 protected function applyFilter()
195 {
196 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
197 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
198 $table->resetOffset();
199 $table->writeFilterToSession();
200 return $this->perm($table);
201 }
202
207 protected function resetFilter()
208 {
209 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
210 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
211 $table->resetOffset();
212 $table->resetFilter();
213
214 return $this->perm($table);
215 }
216
222 public function applyRoleFilter($a_roles, $a_filter_id)
223 {
224 global $DIC;
225
226 $rbacreview = $DIC['rbacreview'];
227
228 // Always delete administrator role from view
229 if (isset($a_roles[SYSTEM_ROLE_ID])) {
230 unset($a_roles[SYSTEM_ROLE_ID]);
231 }
232
233 switch ($a_filter_id) {
234 // all roles in context
235 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
236
237 return $a_roles;
238
239 // only global roles
240 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
241
242 $arr_global_roles = $rbacreview->getGlobalRoles();
243 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
244
245 foreach ($arr_remove_roles as $role_id) {
246 unset($a_roles[$role_id]);
247 }
248 return $a_roles;
249
250 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
251 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
252 $arr_global_roles = $rbacreview->getGlobalRoles();
253
254 foreach ($arr_global_roles as $role_id) {
255 unset($a_roles[$role_id]);
256 }
257
258 return $a_roles;
259 break;
260
261 // only roles which use a local policy
262 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
263
264 $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId());
265 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
266
267 foreach ($arr_remove_roles as $role_id) {
268 unset($a_roles[$role_id]);
269 }
270
271 return $a_roles;
272
273 // only true local role defined at current position
274 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
275
276 $arr_local_roles = $GLOBALS['DIC']['rbacreview']->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
277 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
278
279 foreach ($arr_remove_roles as $role_id) {
280 unset($a_roles[$role_id]);
281 }
282
283 return $a_roles;
284
285 default:
286 return $a_roles;
287 }
288 }
289
294 protected function savePermissions()
295 {
296 global $DIC;
297
298 $rbacreview = $DIC['rbacreview'];
299 $objDefinition = $DIC['objDefinition'];
300 $rbacadmin = $DIC['rbacadmin'];
301
302 include_once './Services/AccessControl/classes/class.ilObjectRolePermissionTableGUI.php';
303 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
304
305 $roles = $this->applyRoleFilter(
306 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
307 $table->getFilterItemByPostVar('role')->getValue()
308 );
309
310 // Log history
311 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
312 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
313
314
315 # all possible create permissions
316 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
317 $this->getCurrentObject()->getType(),
318 'create'
319 );
320
321 # createable (activated) create permissions
322 $create_types = $objDefinition->getCreatableSubObjects(
323 $this->getCurrentObject()->getType()
324 );
325 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
326
327 foreach ((array) $roles as $role => $role_data) {
328 if ($role_data['protected']) {
329 continue;
330 }
331
332 $new_ops = array_keys((array) $_POST['perm'][$role]);
333 $old_ops = $rbacreview->getRoleOperationsOnObject(
334 $role,
335 $this->getCurrentObject()->getRefId()
336 );
337
338 // Add operations which were enabled and are not activated.
339 foreach ($possible_ops_ids as $create_ops_id) {
340 if (in_array($create_ops_id, $createable_ops_ids)) {
341 continue;
342 }
343 if (in_array($create_ops_id, $old_ops)) {
344 $new_ops[] = $create_ops_id;
345 }
346 }
347
348 $rbacadmin->revokePermission(
349 $this->getCurrentObject()->getRefId(),
350 $role
351 );
352
353 $rbacadmin->grantPermission(
354 $role,
355 array_unique($new_ops),
356 $this->getCurrentObject()->getRefId()
357 );
358 }
359
360 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
361 foreach ($roles as $role) {
362 // No action for local roles
363 if ($role['parent'] == $this->getCurrentObject()->getRefId() and $role['assign'] == 'y') {
364 continue;
365 }
366 // Nothing for protected roles
367 if ($role['protected']) {
368 continue;
369 }
370 // Stop local policy
371 if (
372 $role['parent'] == $this->getCurrentObject()->getRefId() and
373 !isset($_POST['inherit'][$role['obj_id']]) and
374 !$rbacreview->isBlockedAtPosition($role['obj_id'], $this->getCurrentObject()->getRefId())
375 ) {
376 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
377 $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
378 $role_obj->setParent($this->getCurrentObject()->getRefId());
379 $role_obj->delete();
380 continue;
381 }
382 // Add local policy
383 if ($role['parent'] != $this->getCurrentObject()->getRefId() and isset($_POST['inherit'][$role['obj_id']])) {
384 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
385 $rbacadmin->copyRoleTemplatePermissions(
386 $role['obj_id'],
387 $role['parent'],
388 $this->getCurrentObject()->getRefId(),
389 $role['obj_id']
390 );
391 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
392 $rbacadmin->assignRoleToFolder($role['obj_id'], $this->getCurrentObject()->getRefId(), 'n');
393 }
394 }
395 }
396
397 // Protect permissions
398 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
399 foreach ($roles as $role) {
400 if ($rbacreview->isAssignable($role['obj_id'], $this->getCurrentObject()->getRefId())) {
401 if (isset($_POST['protect'][$role['obj_id']]) and
402 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
403 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'y');
404 } elseif (!isset($_POST['protect'][$role['obj_id']]) and
405 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $role['obj_id'])) {
406 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $role['obj_id'], 'n');
407 }
408 }
409 }
410 }
411
412 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
413 $log = ilRbacLog::diffFaPa($log_old, $log_new);
414 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
415
416 $blocked_info = $this->getModifiedBlockedSettings();
417 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
418 if ($blocked_info['num'] > 0) {
419 return $this->showConfirmBlockRole($blocked_info);
420 }
421
422
423 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
424 $this->ctrl->redirect($this, 'perm');
425 #$this->perm();
426 }
427
433 protected function showConfirmBlockRole($a_blocked_info)
434 {
435 $info = '';
436 if ($a_blocked_info['new_blocked']) {
437 $info .= $this->lng->txt('role_confirm_block_role_info');
438 if ($a_blocked_info['new_unblocked']) {
439 $info .= '<br /><br />';
440 }
441 }
442 if ($a_blocked_info['new_unblocked']) {
443 $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
444 }
445
446 ilUtil::sendInfo($info);
447
448 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
449 $confirm = new ilConfirmationGUI();
450 $confirm->setFormAction($this->ctrl->getFormAction($this));
451 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
452 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
453 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
454
455 foreach ($a_blocked_info['new_blocked'] as $role_id) {
456 include_once './Services/AccessControl/classes/class.ilObjRole.php';
457 $confirm->addItem(
458 'new_block[]',
459 $role_id,
460 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
461 );
462 }
463 foreach ($a_blocked_info['new_unblocked'] as $role_id) {
464 include_once './Services/AccessControl/classes/class.ilObjRole.php';
465 $confirm->addItem(
466 'new_unblock[]',
467 $role_id,
468 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
469 );
470 }
471 $this->tpl->setContent($confirm->getHTML());
472 }
473
474 protected function modifyBlockRoles()
475 {
476 $this->blockRoles((array) $_POST['new_block']);
477 $this->unblockRoles((array) $_POST['new_unblock']);
478
479 ilUtil::sendInfo($this->lng->txt('settings_saved'));
480 $this->ctrl->redirect($this, 'perm');
481 }
482
486 protected function unblockRoles($roles)
487 {
488 global $DIC;
489
490 $rbacadmin = $DIC['rbacadmin'];
491
492 foreach ($roles as $role) {
493 // delete local policy
494 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
495 $role_obj = ilObjectFactory::getInstanceByObjId($role);
496 $role_obj->setParent($this->getCurrentObject()->getRefId());
497 $role_obj->delete();
498
499 $role_obj->changeExistingObjects(
500 $this->getCurrentObject()->getRefId(),
501 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
502 array('all')
503 );
504
505 // finally set blocked status
506 $rbacadmin->setBlockedStatus(
507 $role,
508 $this->getCurrentObject()->getRefId(),
509 false
510 );
511 }
512 }
513
518 protected function blockRoles($roles)
519 {
520 global $DIC;
521
522 $rbacadmin = $DIC['rbacadmin'];
523 $rbacreview = $DIC['rbacreview'];
524
525 foreach ($roles as $role) {
526 // Set assign to 'y' only if it is a local role
527 $assign = $rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
528
529 // Delete permissions
530 $rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
531
532 // Delete template permissions
533 $rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
534
535
536 $rbacadmin->assignRoleToFolder(
537 $role,
538 $this->getCurrentObject()->getRefId(),
539 $assign
540 );
541
542 // finally set blocked status
543 $rbacadmin->setBlockedStatus(
544 $role,
545 $this->getCurrentObject()->getRefId(),
546 true
547 );
548 }
549 }
550
551
557 public static function hasContainerCommands($a_type)
558 {
559 global $DIC;
560
561 $objDefinition = $DIC['objDefinition'];
562
563 return $objDefinition->isContainer($a_type) and $a_type != 'root' and $a_type != 'adm' and $a_type != 'rolf';
564 }
565
570 protected function displayImportRoleForm(ilPropertyFormGUI $form = null)
571 {
572 $GLOBALS['DIC']['ilTabs']->clearTargets();
573
574 if (!$form) {
575 $form = $this->initImportForm();
576 }
577 $GLOBALS['DIC']['tpl']->setContent($form->getHTML());
578 }
579
583 protected function doImportRole()
584 {
585 global $DIC;
586
587 $rbacreview = $DIC['rbacreview'];
588
589 $form = $this->initImportForm();
590 if ($form->checkInput()) {
591 try {
592 include_once './Services/Export/classes/class.ilImport.php';
593
594 // For global roles set import id to parent of current ref_id (adm)
595 $imp = new ilImport($this->getCurrentObject()->getRefId());
596 $imp->getMapping()->addMapping(
597 'Services/AccessControl',
598 'rolf',
599 0,
600 $this->getCurrentObject()->getRefId()
601 );
602
603 $imp->importObject(
604 null,
605 $_FILES["importfile"]["tmp_name"],
606 $_FILES["importfile"]["name"],
607 'role'
608 );
609 ilUtil::sendSuccess($this->lng->txt('rbac_role_imported'), true);
610 $this->ctrl->redirect($this, 'perm');
611 return;
612 } catch (Exception $e) {
613 ilUtil::sendFailure($e->getMessage());
614 $form->setValuesByPost();
615 $this->displayImportRoleForm($form);
616 return;
617 }
618 }
619 $form->setValuesByPost();
620 ilUtil::sendFailure($this->lng->txt('err_check_input'));
621 $this->displayImportRoleForm($form);
622 }
623
627 protected function initImportForm()
628 {
629 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
630 $form = new ilPropertyFormGUI();
631 $form->setFormAction($this->ctrl->getFormAction($this));
632 $form->setTitle($this->lng->txt('rbac_import_role'));
633 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
634 $form->addCommandButton('perm', $this->lng->txt('cancel'));
635
636 $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
637 $zip->setSuffixes(array('zip'));
638 $form->addItem($zip);
639
640 return $form;
641 }
642
649 protected function initRoleForm()
650 {
651 global $DIC;
652
653 $rbacreview = $DIC['rbacreview'];
654 $objDefinition = $DIC['objDefinition'];
655
656 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
657 $form = new ilPropertyFormGUI();
658 $form->setFormAction($this->ctrl->getFormAction($this));
659 $form->setTitle($this->lng->txt('role_new'));
660 $form->addCommandButton('addrole', $this->lng->txt('role_new'));
661 $form->addCommandButton('perm', $this->lng->txt('cancel'));
662
663 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
664 $title->setValidationRegexp('/^(?!il_).*$/');
665 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
666 $title->setSize(40);
667 $title->setMaxLength(70);
668 $title->setRequired(true);
669 $form->addItem($title);
670
671 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
672 $desc->setCols(40);
673 $desc->setRows(3);
674 $form->addItem($desc);
675
676 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
677 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
678 $pro->setValue(1);
679 $form->addItem($pro);
680
681 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_add_recommended_content'), 'desktop');
682 $pd->setInfo(
683 str_replace(
684 "%1",
685 $this->getCurrentObject()->getTitle(),
686 $this->lng->txt('rbac_add_recommended_content_info')
687 )
688 );
689 $pd->setValue(1);
690 $form->addItem($pd);
691
692
693 if (!$this->isInAdministration()) {
694 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
695 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), 0);
696 $rights->addOption($option);
697
698 $parent_role_ids = $rbacreview->getParentRoleIds($this->gui_obj->object->getRefId(), true);
699 $ids = array();
700 foreach ($parent_role_ids as $id => $tmp) {
701 $ids[] = $id;
702 }
703
704 // Sort ids
705 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
706
707 $key = 0;
708 foreach ($sorted_ids as $id) {
709 $par = $parent_role_ids[$id];
710 if ($par["obj_id"] != SYSTEM_ROLE_ID) {
711 include_once './Services/AccessControl/classes/class.ilObjRole.php';
712 $option = new ilRadioOption(($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt')) . ": " . ilObjRole::_getTranslation($par["title"]), $par["obj_id"]);
713 $option->setInfo($par["desc"]);
714 $rights->addOption($option);
715 }
716 $key++;
717 }
718 $form->addItem($rights);
719 }
720
721 // Local policy only for containers
722 if ($objDefinition->isContainer($this->getCurrentObject()->getType())) {
723 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
724 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
725 $form->addItem($check);
726 }
727
728 return $form;
729 }
730
734 protected function displayAddRoleForm()
735 {
736 $GLOBALS['DIC']['ilTabs']->clearTargets();
737
738 $form = $this->initRoleForm();
739 $this->tpl->setContent($form->getHTML());
740 }
741
750 protected function addRole()
751 {
752 global $DIC;
753
754 $rbacadmin = $DIC['rbacadmin'];
755 $rbacreview = $DIC['rbacreview'];
756 $rbacsystem = $DIC['rbacsystem'];
757 $ilErr = $DIC['ilErr'];
758 $ilCtrl = $DIC['ilCtrl'];
759
760 $form = $this->initRoleForm();
761 if ($form->checkInput()) {
762 $new_title = $form->getInput("title");
763
764 include_once './Services/AccessControl/classes/class.ilObjRole.php';
765 $role = new ilObjRole();
766 $role->setTitle($new_title);
767 $role->setDescription($form->getInput('desc'));
768 $role->create();
769
770 $GLOBALS['DIC']['rbacadmin']->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
771
772 // protect
773 $rbacadmin->setProtected(
774 $this->getCurrentObject()->getRefId(),
775 $role->getId(),
776 $form->getInput('pro') ? 'y' : 'n'
777 );
778
779 // copy rights
780 $right_id_to_copy = $form->getInput("rights");
781 if ($right_id_to_copy) {
782 $parentRoles = $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
783 $rbacadmin->copyRoleTemplatePermissions(
784 $right_id_to_copy,
785 $parentRoles[$right_id_to_copy]["parent"],
786 $this->getCurrentObject()->getRefId(),
787 $role->getId(),
788 false
789 );
790
791 if ($form->getInput('existing')) {
792 if ($form->getInput('pro')) {
793 $role->changeExistingObjects(
794 $this->getCurrentObject()->getRefId(),
795 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
796 array('all')
797 );
798 } else {
799 $role->changeExistingObjects(
800 $this->getCurrentObject()->getRefId(),
801 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
802 array('all')
803 );
804 }
805 }
806 }
807
808 // add to desktop items
809 if ($form->getInput("desktop")) {
810 $this->recommended_content_manager->addRoleRecommendation($role->getId(), $this->getCurrentObject()->getRefId());
811 }
812
813 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
814 $this->ctrl->redirect($this, 'perm');
815 } else {
816 $form->setValuesByPost();
817 $this->tpl->setContent($form->getHTML());
818 }
819 }
820
825 protected function getModifiedBlockedSettings()
826 {
827 global $DIC;
828
829 $rbacreview = $DIC['rbacreview'];
830
831 $blocked_info['new_blocked'] = array();
832 $blocked_info['new_unblocked'] = array();
833 $blocked_info['num'] = 0;
834 foreach ((array) $_POST['visible_block'] as $role => $one) {
835 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
836 if (isset($_POST['block'][$role]) && !$blocked) {
837 $blocked_info['new_blocked'][] = $role;
838 $blocked_info['num']++;
839 }
840 if (!isset($_POST['block'][$role]) && $blocked) {
841 $blocked_info['new_unblocked'][] = $role;
842 $blocked_info['num']++;
843 }
844 }
845 return $blocked_info;
846 }
847
848 //
849 // OrgUnit Position Permissions
850 //
851
852
853 protected function permPositions()
854 {
855 $perm = self::CMD_PERM_POSITIONS;
856 $this->__initSubTabs($perm);
857
858 $ref_id = $this->getCurrentObject()->getRefId();
859 $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
860 $table->collectData();
861 $this->tpl->setContent($table->getHTML());
862 }
863
864
865 protected function savePositionsPermissions()
866 {
867 $this->__initSubTabs(self::CMD_PERM_POSITIONS);
868
869 $positions = ilOrgUnitPosition::getArray(null, 'id');
870 $ref_id = $this->getCurrentObject()->getRefId();
871
872 // handle local sets
873 foreach ($positions as $position_id) {
874 if (isset($_POST['local'][$position_id])) {
875 ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, $position_id);
876 } else {
877 ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, $position_id);
878 }
879 }
880
881 if ($_POST['position_perm']) {
882 foreach ($_POST['position_perm'] as $position_id => $ops) {
883 if (!isset($_POST['local'][$position_id])) {
884 continue;
885 }
886 $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, $position_id);
887 $new_ops = [];
888 foreach ($ops as $op_id => $op) {
889 $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
890 }
891 $ilOrgUnitPermission->setOperations($new_ops);
892 $ilOrgUnitPermission->save();
893 }
894 }
895 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
896 $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
897 }
898}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ActiveRecord\getArray
static getArray($key=null, $values=null)
Definition: class.ActiveRecord.php:908
php
An exception for terminatinating execution or to throw for unit testing.
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilDidacticTemplateGUI
GUI class for didactic template settings inside repository objects.
Definition: class.ilDidacticTemplateGUI.php:14
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:15
ilImport
Import class.
Definition: class.ilImport.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:514
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:17
ilObject\_lookupTitle
static _lookupTitle($a_id)
lookup object title
Definition: class.ilObject.php:988
ilOrgUnitPermissionTableGUI
Class ilOrgUnitPermissionTableGUI.
Definition: class.ilOrgUnitPermissionTableGUI.php:9
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:17
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:20
ilPermissionGUI\blockRoles
blockRoles($roles)
Block role.
Definition: class.ilPermissionGUI.php:518
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Show import form.
Definition: class.ilPermissionGUI.php:570
ilPermissionGUI\resetFilter
resetFilter()
Reset filter.
Definition: class.ilPermissionGUI.php:207
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:112
ilPermissionGUI\isAdminRoleFolder
isAdminRoleFolder()
Check of current location is administration (main) role folder.
Definition: class.ilPermissionGUI.php:170
ilPermissionGUI\__construct
__construct($a_gui_obj)
Constructor.
Definition: class.ilPermissionGUI.php:36
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:47
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:734
ilPermissionGUI\savePermissions
savePermissions()
Save permissions.
Definition: class.ilPermissionGUI.php:294
ilPermissionGUI\getCurrentObject
getCurrentObject()
Get current object.
Definition: class.ilPermissionGUI.php:104
ilPermissionGUI\initRoleForm
initRoleForm()
Shoew add role @global type $rbacreview @global type $objDefinition.
Definition: class.ilPermissionGUI.php:649
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:627
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
show permission table
Definition: class.ilPermissionGUI.php:126
ilPermissionGUI\hasContainerCommands
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
Definition: class.ilPermissionGUI.php:557
ilPermissionGUI\doImportRole
doImportRole()
Perform import.
Definition: class.ilPermissionGUI.php:583
ilPermissionGUI\applyRoleFilter
applyRoleFilter($a_roles, $a_filter_id)
Apply filter to roles.
Definition: class.ilPermissionGUI.php:222
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole($a_blocked_info)
Show block role confirmation screen.
Definition: class.ilPermissionGUI.php:433
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:184
ilPermissionGUI\applyFilter
applyFilter()
Apply filter.
Definition: class.ilPermissionGUI.php:194
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
Definition: class.ilPermissionGUI.php:750
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:16
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:69
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacLog\gatherFaPa
static gatherFaPa($a_ref_id, array $a_role_ids, $a_add_action=false)
Definition: class.ilRbacLog.php:35
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:1351
ilRecommendedContentManager
Recommended content manager (business logic)
Definition: class.ilRecommendedContentManager.php:12
ilTable2GUI
Class ilTable2GUI.
Definition: class.ilTable2GUI.php:16
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4407
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4519
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4503
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:30
$ret
$ret
Definition: parser.php:6
$log
$log
Definition: result.php:15
$a_type
$a_type
Definition: workflow.php:92
$DIC
$DIC
Definition: xapitoken.php:46