ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once "./Services/Object/classes/class.ilObjectGUI.php";
5include_once './Services/AccessControl/classes/class.ilObjRole.php';
6require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7
20class ilObjRoleGUI extends ilObjectGUI
21{
22 const MODE_GLOBAL_UPDATE = 1;
23 const MODE_GLOBAL_CREATE = 2;
24 const MODE_LOCAL_UPDATE = 3;
25 const MODE_LOCAL_CREATE = 4;
26
32 public $type;
33
34
35 protected $obj_ref_id = 0;
36 protected $obj_obj_id = 0;
37 protected $obj_obj_type = '';
38 protected $container_type = '';
39
40
41 public $ctrl;
42
47 public function __construct($a_data, $a_id, $a_call_by_reference = false, $a_prepare_output = true)
48 {
49 global $DIC;
50
51 $tree = $DIC['tree'];
52 $lng = $DIC['lng'];
53
54 $lng->loadLanguageModule('rbac');
55
56 //TODO: move this to class.ilias.php
57 define("USER_FOLDER_ID", 7);
58
59 // Add ref_id of object that contains this role folder
60
61 $this->obj_ref_id =
62 (
63 (int) $_REQUEST['rolf_ref_id'] ?
64 (int) $_REQUEST['rolf_ref_id'] :
65 (int) $_REQUEST['ref_id']
66 );
67
68 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
69 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
70
71 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
72
73 $this->type = "role";
74 parent::__construct($a_data, $a_id, $a_call_by_reference, false);
75 $this->ctrl->saveParameter($this, array('obj_id', 'rolf_ref_id'));
76 }
77
78
79 public function executeCommand()
80 {
81 global $DIC;
82
83 $rbacsystem = $DIC['rbacsystem'];
84
85 $this->prepareOutput();
86
87 $next_class = $this->ctrl->getNextClass($this);
88 $cmd = $this->ctrl->getCmd();
89
90 $this->ensureRoleAccessForContext();
91
92 switch ($next_class) {
93 case 'ilrepositorysearchgui':
94
95 if (!$GLOBALS['DIC']['ilAccess']->checkAccess('edit_permission', '', $this->obj_ref_id)) {
96 $GLOBALS['DIC']['ilErr']->raiseError($GLOBALS['DIC']['lng']->txt('permission_denied'), $GLOBALS['DIC']['ilErr']->WARNING);
97 }
98 include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
99 $rep_search = new ilRepositorySearchGUI();
100 $rep_search->setTitle($this->lng->txt('role_add_user'));
101 $rep_search->setCallback($this, 'addUserObject');
102
103 // Set tabs
104 $this->tabs_gui->setTabActive('user_assignment');
105 $this->ctrl->setReturn($this, 'userassignment');
106 $ret = &$this->ctrl->forwardCommand($rep_search);
107 break;
108
109 case 'ilexportgui':
110
111 $this->tabs_gui->setTabActive('export');
112
113 include_once './Services/Export/classes/class.ilExportOptions.php';
114 $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
115 $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
116
117 include_once './Services/Export/classes/class.ilExportGUI.php';
118 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
119 $exp->addFormat('xml');
120 $this->ctrl->forwardCommand($exp);
121 break;
122
123 case 'ilrecommendedcontentroleconfiggui':
124 $this->tabs_gui->setTabActive('rep_recommended_content');
125 $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
126 $this->ctrl->forwardCommand($ui);
127 break;
128
129 default:
130 if (!$cmd) {
131 if ($this->showDefaultPermissionSettings()) {
132 $cmd = "perm";
133 } else {
134 $cmd = 'userassignment';
135 }
136 }
137 $cmd .= "Object";
138 $this->$cmd();
139
140 break;
141 }
142
143 return true;
144 }
145
150 public function getParentRefId()
151 {
152 return $this->obj_ref_id;
153 }
154
159 public function getParentObjId()
160 {
161 return $this->obj_obj_id;
162 }
163
168 public function getParentType()
169 {
170 return $this->obj_obj_type;
171 }
172
176 public function setBackTarget($a_text, $a_link)
177 {
178 $this->back_target = array("text" => $a_text,
179 "link" => $a_link);
180 }
181
182 public function getBackTarget()
183 {
184 return $this->back_target ? $this->back_target : array();
185 }
186
190 public function getAdminTabs()
191 {
192 $this->getTabs();
193 }
194
199 protected function getContainerType()
200 {
201 return $this->container_type;
202 }
203
208 protected function showDefaultPermissionSettings()
209 {
210 global $DIC;
211
212 $objDefinition = $DIC['objDefinition'];
213
214 return $objDefinition->isContainer($this->getContainerType());
215 }
216
217
218
224 protected function initFormRoleProperties($a_mode)
225 {
226 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
227 $this->form = new ilPropertyFormGUI();
228
229 if ($this->creation_mode) {
230 $this->ctrl->setParameter($this, "new_type", 'role');
231 }
232 $this->form->setFormAction($this->ctrl->getFormAction($this));
233
234 switch ($a_mode) {
235 case self::MODE_GLOBAL_CREATE:
236 $this->form->setTitle($this->lng->txt('role_new'));
237 $this->form->addCommandButton('save', $this->lng->txt('role_new'));
238 break;
239
240 case self::MODE_GLOBAL_UPDATE:
241 $this->form->setTitle($this->lng->txt('role_edit'));
242 $this->form->addCommandButton('update', $this->lng->txt('save'));
243 break;
244
245 case self::MODE_LOCAL_CREATE:
246 case self::MODE_LOCAL_UPDATE:
247 }
248 // Fix cancel
249 $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
250
251 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
252 if (ilObjRole::isAutoGenerated($this->object->getId())) {
253 $title->setDisabled(true);
254 } else {
255 //#17111 No validation for disabled fields
256 $title->setValidationRegexp('/^(?!il_).*$/');
257 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
258 }
259
260 $title->setSize(40);
261 $title->setMaxLength(70);
262 $title->setRequired(true);
263 $this->form->addItem($title);
264
265 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
266 if (ilObjRole::isAutoGenerated($this->object->getId())) {
267 $desc->setDisabled(true);
268 }
269 $desc->setCols(40);
270 $desc->setRows(3);
271 $this->form->addItem($desc);
272
273 if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
274 $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
275 $this->form->addItem($ilias_id);
276 }
277
278 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
279 $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'), 'reg');
280 $reg->setValue(1);
281 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
282 $this->form->addItem($reg);
283
284 $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'), 'la');
285 $la->setValue(1);
286 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
287 $this->form->addItem($la);
288 }
289
290 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
291 $pro->setValue(1);
292 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
293 $this->form->addItem($pro);
294
295 if (ilDiskQuotaActivationChecker::_isActive()) {
296 $quo = new ilNumberInputGUI($this->lng->txt('disk_quota'), 'disk_quota');
297 $quo->setMinValue(0);
298 $quo->setSize(4);
299 $quo->setInfo($this->lng->txt('enter_in_mb_desc') . '<br />' . $this->lng->txt('disk_quota_on_role_desc'));
300 $this->form->addItem($quo);
301 }
302 if (ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive()) {
303 $this->lng->loadLanguageModule("file");
304 $wquo = new ilNumberInputGUI($this->lng->txt('personal_resources_disk_quota'), 'wsp_disk_quota');
305 $wquo->setMinValue(0);
306 $wquo->setSize(4);
307 $wquo->setInfo($this->lng->txt('enter_in_mb_desc') . '<br />' . $this->lng->txt('disk_quota_on_role_desc'));
308 $this->form->addItem($wquo);
309 }
310
311 return true;
312 }
313
319 protected function loadRoleProperties(ilObjRole $role)
320 {
321 //Don't set if fields are disabled to prevent html manipulation.
322 if (!$this->form->getItemByPostVar('title')->getDisabled()) {
323 $role->setTitle($this->form->getInput('title'));
324 }
325 if (!$this->form->getItemByPostVar('desc')->getDisabled()) {
326 $role->setDescription($this->form->getInput('desc'));
327 }
328 $role->setAllowRegister($this->form->getInput('reg'));
329 $role->toggleAssignUsersStatus($this->form->getInput('la'));
330 $role->setDiskQuota(ilUtil::MB2Bytes($this->form->getInput('disk_quota')));
331 $role->setPersonalWorkspaceDiskQuota(ilUtil::MB2Bytes($this->form->getInput('wsp_disk_quota')));
332 return true;
333 }
334
340 protected function readRoleProperties(ilObjRole $role)
341 {
342 global $DIC;
343
344 $rbacreview = $DIC['rbacreview'];
345
346 $data['title'] = ilObjRole::_getTranslation($role->getTitle());
347 $data['desc'] = $role->getDescription();
348 $data['ilias_id'] = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($role->getId()) . '_' . $role->getId();
349 $data['reg'] = $role->getAllowRegister();
350 $data['la'] = $role->getAssignUsersStatus();
351 if (ilDiskQuotaActivationChecker::_isActive()) {
352 $data['disk_quota'] = ilUtil::Bytes2MB($role->getDiskQuota());
353 }
354 if (ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive()) {
355 $data['wsp_disk_quota'] = ilUtil::Bytes2MB($role->getPersonalWorkspaceDiskQuota());
356 }
357 $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
358
359 $this->form->setValuesByArray($data);
360 }
361
362
363
364
370 public function createObject()
371 {
372 global $DIC;
373
374 $rbacsystem = $DIC['rbacsystem'];
375
376 if (!$rbacsystem->checkAccess('create_role', $this->obj_ref_id)) {
377 $ilErr->raiseError($this->lng->txt('permission_denied'), $ilErr->MESSAGE);
378 }
379
380 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
381 $this->tpl->setContent($this->form->getHTML());
382 }
383
388 public function editObject()
389 {
390 global $DIC;
391
392 $rbacsystem = $DIC['rbacsystem'];
393 $rbacreview = $DIC['rbacreview'];
394 $ilSetting = $DIC['ilSetting'];
395 $ilErr = $DIC['ilErr'];
396 $ilToolbar = $DIC['ilToolbar'];
397
398 if (!$this->checkAccess('write', 'edit_permission')) {
399 $ilErr->raiseError($this->lng->txt("msg_no_perm_write"), $ilErr->MESSAGE);
400 }
401
402 $this->tabs_gui->activateTab('edit_properties');
403
404 // Show copy role button
405 if ($this->object->getId() != SYSTEM_ROLE_ID) {
406 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
407 if ($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
408 $ilToolbar->addButton(
409 $this->lng->txt('rbac_delete_role'),
410 $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
411 );
412 }
413 }
414
415 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
416 $this->readRoleProperties($this->object);
417 $this->tpl->setContent($this->form->getHTML());
418 }
419
420
425 public function saveObject()
426 {
427 global $DIC;
428
429 $rbacadmin = $DIC['rbacadmin'];
430 $rbacreview = $DIC['rbacreview'];
431
432 $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
433 if ($this->form->checkInput() and !$this->checkDuplicate()) {
434 include_once './Services/AccessControl/classes/class.ilObjRole.php';
435 $this->loadRoleProperties($this->role = new ilObjRole());
436 $this->role->create();
437 $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id, 'y');
438 $rbacadmin->setProtected(
439 $this->obj_ref_id,
440 $this->role->getId(),
441 $this->form->getInput('pro') ? 'y' : 'n'
442 );
443 ilUtil::sendSuccess($this->lng->txt("role_added"), true);
444 $this->ctrl->setParameter($this, 'obj_id', $this->role->getId());
445 $this->ctrl->redirect($this, 'perm');
446 }
447
448 ilUtil::sendFailure($this->lng->txt('err_check_input'));
449 $this->form->setValuesByPost();
450 $this->tpl->setContent($this->form->getHTML());
451 return false;
452 }
453
458 protected function checkDuplicate($a_role_id = 0)
459 {
460 // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
461 return false;
462 }
463
468 public function updateObject()
469 {
470 global $DIC;
471
472 $rbacadmin = $DIC['rbacadmin'];
473
474 $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
475 if ($this->form->checkInput() and !$this->checkDuplicate($this->object->getId())) {
476 include_once './Services/AccessControl/classes/class.ilObjRole.php';
477 $this->loadRoleProperties($this->object);
478 $this->object->update();
479 $rbacadmin->setProtected(
480 $this->obj_ref_id,
481 $this->object->getId(),
482 $this->form->getInput('pro') ? 'y' : 'n'
483 );
484 ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
485 $this->ctrl->redirect($this, 'edit');
486 }
487
488 ilUtil::sendFailure($this->lng->txt('err_check_input'));
489 $this->form->setValuesByPost();
490 $this->tpl->setContent($this->form->getHTML());
491 return false;
492 }
493
498 protected function permObject($a_show_admin_permissions = false)
499 {
500 global $DIC;
501
502 $ilTabs = $DIC['ilTabs'];
503 $ilErr = $DIC['ilErr'];
504 $ilToolbar = $DIC['ilToolbar'];
505 $objDefinition = $DIC['objDefinition'];
506 $rbacreview = $DIC['rbacreview'];
507
508 $ilTabs->setTabActive('default_perm_settings');
509
510 $this->setSubTabs('default_perm_settings');
511
512 if ($a_show_admin_permissions) {
513 $ilTabs->setSubTabActive('rbac_admin_permissions');
514 } else {
515 $ilTabs->setSubTabActive('rbac_repository_permissions');
516 }
517
518 if (!$this->checkAccess('write', 'edit_permission')) {
519 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'), $ilErr->MESSAGE);
520 return true;
521 }
522
523 // Show copy role button
524 if ($this->object->getId() != SYSTEM_ROLE_ID) {
525 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
526 $ilToolbar->addButton(
527 $this->lng->txt("adopt_perm_from_template"),
528 $this->ctrl->getLinkTarget($this, 'adoptPerm')
529 );
530 if ($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
531 $ilToolbar->addButton(
532 $this->lng->txt('rbac_delete_role'),
533 $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
534 );
535 }
536 }
537
538 $this->tpl->addBlockFile(
539 'ADM_CONTENT',
540 'adm_content',
541 'tpl.rbac_template_permissions.html',
542 'Services/AccessControl'
543 );
544
545 $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
546
547 include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
548 $acc = new ilAccordionGUI();
549 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
550 $acc->setId('template_perm_' . $this->getParentRefId());
551
552 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
553 if ($a_show_admin_permissions) {
554 $subs = ilObjRole::getSubObjects('adm', true);
555 } else {
556 $subs = ilObjRole::getSubObjects('root', false);
557 }
558 } else {
559 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
560 }
561
562 foreach ($subs as $subtype => $def) {
563 include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
564 $tbl = new ilObjectRoleTemplatePermissionTableGUI(
565 $this,
566 'perm',
567 $this->getParentRefId(),
568 $this->object->getId(),
569 $subtype,
570 $a_show_admin_permissions
571 );
572 $tbl->parse();
573
574 $acc->addItem($def['translation'], $tbl->getHTML());
575 }
576
577 $this->tpl->setVariable('ACCORDION', $acc->getHTML());
578
579 // Add options table
580 include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
581 $options = new ilObjectRoleTemplateOptionsTableGUI(
582 $this,
583 'perm',
584 $this->obj_ref_id,
585 $this->object->getId(),
586 $a_show_admin_permissions
587 );
588 if ($this->object->getId() != SYSTEM_ROLE_ID) {
589 $options->addMultiCommand(
590 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
591 $this->lng->txt('save')
592 );
593 }
594
595 $options->parse();
596 $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
597 }
598
603 protected function adminPermObject()
604 {
605 return $this->permObject(true);
606 }
607
612 protected function adminPermSaveObject()
613 {
614 return $this->permSaveObject(true);
615 }
616
617 protected function adoptPermObject()
618 {
619 global $DIC;
620
621 $rbacreview = $DIC['rbacreview'];
622
623 $output = array();
624
625 $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id, true);
626 $ids = array();
627 foreach ($parent_role_ids as $id => $tmp) {
628 $ids[] = $id;
629 }
630 // Sort ids
631 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
632 $key = 0;
633 foreach ($sorted_ids as $id) {
634 $par = $parent_role_ids[$id];
635 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
636 $output[$key]["role_id"] = $par["obj_id"];
637 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
638 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
639 $output[$key]["role_desc"] = $par["desc"];
640 $key++;
641 }
642 }
643
644
645 include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
646
647 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
648 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
649 $tbl->setData($output);
650
651 $this->tpl->setContent($tbl->getHTML());
652 }
653
658 protected function confirmDeleteRoleObject()
659 {
660 global $DIC;
661
662 $ilErr = $DIC['ilErr'];
663 $rbacreview = $DIC['rbacreview'];
664 $ilUser = $DIC['ilUser'];
665
666 $access = $this->checkAccess('visible,write', 'edit_permission');
667 if (!$access) {
668 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'), $ilErr->WARNING);
669 }
670
671 $question = $this->lng->txt('rbac_role_delete_qst');
672 if ($rbacreview->isAssigned($ilUser->getId(), $this->object->getId())) {
673 $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
674 }
675 ilUtil::sendQuestion($question);
676
677 include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
678
679 $confirm = new ilConfirmationGUI();
680 $confirm->setFormAction($this->ctrl->getFormAction($this));
681 $confirm->setHeaderText($question);
682 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
683 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
684
685 $confirm->addItem(
686 'role',
687 $this->object->getId(),
688 ilObjRole::_getTranslation($this->object->getTitle()),
689 ilUtil::getImagePath('icon_role.svg')
690 );
691
692 $this->tpl->setContent($confirm->getHTML());
693 return true;
694 }
695
696
701 protected function performDeleteRoleObject()
702 {
703 global $DIC;
704
705 $ilErr = $DIC['ilErr'];
706
707 $access = $this->checkAccess('visible,write', 'edit_permission');
708 if (!$access) {
709 $ilErr->raiseError($this->lng->txt('msg_no_perm_perm'), $ilErr->WARNING);
710 }
711
712 $this->object->setParent((int) $this->obj_ref_id);
713 $this->object->delete();
714 ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'), true);
715
716 $this->ctrl->returnToParent($this);
717 }
718
724 public function permSaveObject($a_show_admin_permissions = false)
725 {
726 global $DIC;
727
728 $rbacsystem = $DIC['rbacsystem'];
729 $rbacadmin = $DIC['rbacadmin'];
730 $rbacreview = $DIC['rbacreview'];
731 $objDefinition = $DIC['objDefinition'];
732 $tree = $DIC['tree'];
733
734 // for role administration check write of global role folder
735 $access = $this->checkAccess('visible,write', 'edit_permission');
736
737 if (!$access) {
738 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
739 }
740
741 // rbac log
742 include_once "Services/AccessControl/classes/class.ilRbacLog.php";
743 $rbac_log_active = ilRbacLog::isActive();
744 if ($rbac_log_active) {
745 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
746 }
747
748 // delete all template entries of enabled types
749 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
750 if ($a_show_admin_permissions) {
751 $subs = ilObjRole::getSubObjects('adm', true);
752 } else {
753 $subs = ilObjRole::getSubObjects('root', false);
754 }
755 } else {
756 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
757 }
758
759 foreach ($subs as $subtype => $def) {
760 // Delete per object type
761 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
762 }
763
764 if (empty($_POST["template_perm"])) {
765 $_POST["template_perm"] = array();
766 }
767
768 foreach ($_POST["template_perm"] as $key => $ops_array) {
769 // sets new template permissions
770 $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
771 }
772
773 if ($rbac_log_active) {
774 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
775 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
776 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
777 }
778
779 // update object data entry (to update last modification date)
780 $this->object->update();
781
782 // set protected flag
783 if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id)) {
784 $rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
785 }
786
787 if ($a_show_admin_permissions) {
788 $_POST['recursive'] = true;
789 }
790
791 // Redirect if Change existing objects is not chosen
792 if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
793 ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
794 if ($a_show_admin_permissions) {
795 $this->ctrl->redirect($this, 'adminPerm');
796 } else {
797 $this->ctrl->redirect($this, 'perm');
798 }
799 }
800 // New implementation
801 if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
802 $this->showChangeExistingObjectsConfirmation();
803 return true;
804 }
805
806 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
807 if ($a_show_admin_permissions) {
808 $start = $tree->getParentId($this->obj_ref_id);
809 }
810
811 if ($_POST['protected']) {
812 $this->object->changeExistingObjects(
813 $start,
814 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
815 array('all'),
816 array()
817 #$a_show_admin_permissions ? array('adm') : array()
818 );
819 } else {
820 $this->object->changeExistingObjects(
821 $start,
822 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
823 array('all'),
824 array()
825 #$a_show_admin_permissions ? array('adm') : array()
826 );
827 }
828 ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
829
830 if ($a_show_admin_permissions) {
831 $this->ctrl->redirect($this, 'adminPerm');
832 } else {
833 $this->ctrl->redirect($this, 'perm');
834 }
835 return true;
836 }
837
838
844 public function adoptPermSaveObject()
845 {
846 global $DIC;
847
848 $rbacadmin = $DIC['rbacadmin'];
849 $rbacsystem = $DIC['rbacsystem'];
850 $rbacreview = $DIC['rbacreview'];
851 $tree = $DIC['tree'];
852
853 if (!$_POST['adopt']) {
854 ilUtil::sendFailure($this->lng->txt('select_one'));
855 $this->adoptPermObject();
856 return false;
857 }
858
859 $access = $this->checkAccess('visible,write', 'edit_permission');
860 if (!$access) {
861 $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
862 }
863
864 if ($this->object->getId() == $_POST["adopt"]) {
865 ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"), true);
866 } else {
867 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
868 $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id, true);
869 $rbacadmin->copyRoleTemplatePermissions(
870 $_POST["adopt"],
871 $parentRoles[$_POST["adopt"]]["parent"],
872 $this->obj_ref_id,
873 $this->object->getId(),
874 false
875 );
876
877 // update object data entry (to update last modification date)
878 $this->object->update();
879
880 // send info
881 $obj_data = &$this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
882 ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1") . " '" .
883 ilObjRole::_getTranslation($obj_data->getTitle()) . "'.<br/>" .
884 $this->lng->txt("msg_perm_adopted_from2"), true);
885 }
886
887 $this->ctrl->redirect($this, "perm");
888 }
889
895 public function assignSaveObject()
896 {
897 $this->assignUserObject();
898 }
899
900
901
907 public function addUserObject($a_user_ids)
908 {
909 global $DIC;
910
911 $rbacreview = $DIC['rbacreview'];
912 $rbacadmin = $DIC['rbacadmin'];
913
914 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
915 ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'), true);
916 return false;
917 }
918 if (!$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
919 $this->obj_ref_id != ROLE_FOLDER_ID) {
920 ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'), true);
921 return false;
922 }
923 if (!$a_user_ids) {
924 $GLOBALS['DIC']['lng']->loadLanguageModule('search');
925 ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'), true);
926 return false;
927 }
928
929 $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
930
931 // users to assign
932 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
933
934 // selected users all already assigned. stop
935 if (count($assigned_users_new) == 0) {
936 ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"), true);
937 $this->ctrl->redirect($this, 'userassignment');
938 }
939
940 // assign new users
941 foreach ($assigned_users_new as $user) {
942 $rbacadmin->assignUser($this->object->getId(), $user, false);
943 }
944
945 // update object data entry (to update last modification date)
946 $this->object->update();
947
948 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
949 $this->ctrl->redirect($this, 'userassignment');
950 }
951
957 public function deassignUserObject()
958 {
959 global $DIC;
960
961 $rbacsystem = $DIC['rbacsystem'];
962 $rbacadmin = $DIC['rbacadmin'];
963 $rbacreview = $DIC['rbacreview'];
964
965 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
966 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
967 }
968
969 $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
970
971 if ($selected_users[0] === null) {
972 $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
973 }
974
975 // prevent unassignment of system user from system role
976 if ($this->object->getId() == SYSTEM_ROLE_ID) {
977 if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
978 unset($selected_users[$admin]);
979 }
980 }
981
982 // check for each user if the current role is his last global role before deassigning him
983 $last_role = array();
984 $global_roles = $rbacreview->getGlobalRoles();
985
986 foreach ($selected_users as $user) {
987 $assigned_roles = $rbacreview->assignedRoles($user);
988 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
989
990 if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(), $assigned_global_roles))) {
991 $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
992 $last_role[$user] = $userObj->getFullName();
993 unset($userObj);
994 }
995 }
996
997
998 // ... else perform deassignment
999 foreach ($selected_users as $user) {
1000 if (!isset($last_role[$user])) {
1001 $rbacadmin->deassignUser($this->object->getId(), $user);
1002 }
1003 }
1004
1005 // update object data entry (to update last modification date)
1006 $this->object->update();
1007
1008 // raise error if last role was taken from a user...
1009 if (count($last_role)) {
1010 $user_list = implode(", ", $last_role);
1011 ilUtil::sendFailure($this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
1012 } else {
1013 ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
1014 }
1015 $this->ctrl->redirect($this, 'userassignment');
1016 }
1017
1018
1022 public function userassignmentObject()
1023 {
1024 global $DIC;
1025
1026 $rbacreview = $DIC['rbacreview'];
1027 $rbacsystem = $DIC['rbacsystem'];
1028 $lng = $DIC['lng'];
1029 $ilUser = $DIC['ilUser'];
1030
1031 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
1032 $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1033 }
1034
1035 $this->tabs_gui->setTabActive('user_assignment');
1036
1037 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
1038
1039 include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1040 $tb = new ilToolbarGUI();
1041
1042 // protected admin role
1043 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1044 if (
1045 $this->object->getId() != SYSTEM_ROLE_ID ||
1046 (
1047 !$rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) or
1048 !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1049 )
1050 ) {
1051
1052
1053 // add member
1054 include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1055 ilRepositorySearchGUI::fillAutoCompleteToolbar(
1056 $this,
1057 $tb,
1058 array(
1059 'auto_complete_name' => $lng->txt('user'),
1060 'submit_name' => $lng->txt('add')
1061 )
1062 );
1063
1064 /*
1065 // add button
1066 $tb->addFormButton($lng->txt("add"), "assignUser");
1067 */
1068 $tb->addSpacer();
1069
1070 $tb->addButton(
1071 $this->lng->txt('search_user'),
1072 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
1073 );
1074 $tb->addSpacer();
1075 }
1076
1077 $tb->addButton(
1078 $this->lng->txt('role_mailto'),
1079 $this->ctrl->getLinkTarget($this, 'mailToRole')
1080 );
1081 $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
1082
1083
1084 include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1085 $role_assignment_editable = true;
1086 if (
1087 $this->object->getId() == SYSTEM_ROLE_ID &&
1088 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
1089 $role_assignment_editable = false;
1090 }
1091
1092 include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1093 $ut = new ilAssignedUsersTableGUI($this, 'userassignment', $this->object->getId(), $role_assignment_editable);
1094
1095 $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
1096
1097 return true;
1098 }
1099
1100
1105 public function cancelObject()
1106 {
1107 if ($_GET["new_type"] != "role") {
1108 $this->ctrl->redirect($this, "userassignment");
1109 } else {
1110 $this->ctrl->redirectByClass("ilobjrolefoldergui", "view");
1111 }
1112 }
1113
1114
1115 public function listUsersRoleObject()
1116 {
1117 global $DIC;
1118
1119 $rbacsystem = $DIC['rbacsystem'];
1120 $rbacreview = $DIC['rbacreview'];
1121
1122 $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1123
1124 if (!is_array($_POST["role"])) {
1125 ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1126 $this->searchObject();
1127
1128 return false;
1129 }
1130
1131 $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1132 $this->__showButton("searchUserForm", $this->lng->txt("role_new_search"));
1133
1134 // GET ALL MEMBERS
1135 $members = array();
1136
1137 foreach ($_POST["role"] as $role_id) {
1138 $members = array_merge($rbacreview->assignedUsers($role_id), $members);
1139 }
1140
1141 $members = array_unique($members);
1142
1143 // FORMAT USER DATA
1144 $counter = 0;
1145 $f_result = array();
1146
1147 foreach ($members as $user) {
1148 if (!$tmp_obj = ilObjectFactory::getInstanceByObjId($user, false)) {
1149 continue;
1150 }
1151
1152 $user_ids[$counter] = $user;
1153
1154 // TODO: exclude anonymous user
1155 $f_result[$counter][] = ilUtil::formCheckbox(0, "user[]", $user);
1156 $f_result[$counter][] = $tmp_obj->getLogin();
1157 $f_result[$counter][] = $tmp_obj->getFirstname();
1158 $f_result[$counter][] = $tmp_obj->getLastname();
1159
1160 unset($tmp_obj);
1161 ++$counter;
1162 }
1163
1164 $this->__showSearchUserTable($f_result, $user_ids, "listUsersRole");
1165
1166 return true;
1167 }
1168
1169 public function __prepareOutput()
1170 {
1171 // output objects
1172 $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1173 $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1174
1175 // output message
1176 if ($this->message) {
1177 ilUtil::sendInfo($this->message);
1178 }
1179
1180 // display infopanel if something happened
1181 ilUtil::infoPanel();
1182
1183 // set header
1184 $this->__setHeader();
1185 }
1186
1187 public function __setHeader()
1188 {
1189 $this->tpl->setTitle($this->lng->txt('role'));
1190 $this->tpl->setDescription($this->object->getTitle());
1191 $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1192
1193 $this->getTabs($this->tabs_gui);
1194 }
1195
1196
1200 protected function addAdminLocatorItems($a_do_not_add_object = false)
1201 {
1202 global $DIC;
1203
1204 $ilLocator = $DIC['ilLocator'];
1205
1206 if (
1207 $_GET["admin_mode"] == "settings"
1208 && $_GET["ref_id"] == ROLE_FOLDER_ID) { // system settings
1209 parent::addAdminLocatorItems(true);
1210
1211 $ilLocator->addItem(
1212 $this->lng->txt("obj_" . ilObject::_lookupType(ilObject::_lookupObjId($_GET["ref_id"]))),
1213 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1214 );
1215
1216 if ($_GET["obj_id"] > 0) {
1217 $ilLocator->addItem(
1218 ilObjRole::_getTranslation($this->object->getTitle()),
1219 $this->ctrl->getLinkTarget($this, 'perm')
1220 );
1221 }
1222 } else {
1223 parent::addAdminLocatorItems($a_do_not_add_object);
1224 }
1225 }
1226
1227
1228
1229
1230 public function getTabs()
1231 {
1232 global $DIC;
1233
1234 $rbacreview = $DIC['rbacreview'];
1235 $ilHelp = $DIC['ilHelp'];
1236
1237 $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(), true);
1238
1239
1240 $activate_role_edit = false;
1241
1242 // todo: activate the following (allow editing of local roles in
1243 // roles administration)
1244 if (in_array($this->obj_ref_id, $base_role_container) ||
1245 (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1246 $_GET["admin_mode"] == "settings")) {
1247 $activate_role_edit = true;
1248 }
1249
1250 // not so nice (workaround for using tabs in repository)
1251 $this->tabs_gui->clearTargets();
1252
1253 $ilHelp->setScreenIdComponent("role");
1254
1255 if ($this->back_target != "") {
1256 $this->tabs_gui->setBackTarget(
1257 $this->back_target["text"],
1258 $this->back_target["link"]
1259 );
1260 } else {
1261 $this->tabs_gui->setBackTarget($this->lng->txt('btn_back'), $this->ctrl->getParentReturn($this));
1262 }
1263
1264 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1265 $this->tabs_gui->addTarget(
1266 "edit_properties",
1267 $this->ctrl->getLinkTarget($this, "edit"),
1268 array("edit","update"),
1269 get_class($this)
1270 );
1271 }
1272 if ($this->checkAccess('write', 'edit_permission') and $this->showDefaultPermissionSettings()) {
1273 $this->tabs_gui->addTarget(
1274 "default_perm_settings",
1275 $this->ctrl->getLinkTarget($this, "perm"),
1276 array(),
1277 get_class($this)
1278 );
1279 }
1280
1281 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1282 $this->tabs_gui->addTarget(
1283 "user_assignment",
1284 $this->ctrl->getLinkTarget($this, "userassignment"),
1285 array("deassignUser", "userassignment", "assignUser", "searchUserForm", "search"),
1286 get_class($this)
1287 );
1288 }
1289
1290 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1291 $this->lng->loadLanguageModule("rep");
1292 $this->tabs_gui->addTarget(
1293 "rep_recommended_content",
1294 $this->ctrl->getLinkTargetByClass("ilrecommendedcontentroleconfiggui", "")
1295 );
1296 }
1297 if ($this->checkAccess('write', 'edit_permission')) {
1298 $this->tabs_gui->addTarget(
1299 'export',
1300 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1301 array()
1302 );
1303 }
1304 }
1305
1306 public function mailToRoleObject()
1307 {
1308 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1309 if (count($obj_ids) > 1) {
1310 $_SESSION['mail_roles'][] = '#il_role_' . $this->object->getId();
1311 } else {
1312 $_SESSION['mail_roles'][] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1313 }
1314
1315 require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1316 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', array(), array('type' => 'role'));
1317 ilUtil::redirect($script);
1318 }
1319
1320 public function checkAccess($a_perm_global, $a_perm_obj = '')
1321 {
1322 global $DIC;
1323
1324 $rbacsystem = $DIC['rbacsystem'];
1325 $ilAccess = $DIC['ilAccess'];
1326
1327 $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1328
1329 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1330 return $rbacsystem->checkAccess($a_perm_global, $this->obj_ref_id);
1331 } else {
1332 return $ilAccess->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1333 }
1334 }
1335
1340 protected function isChangeExistingObjectsConfirmationRequired()
1341 {
1342 global $DIC;
1343
1344 $rbacreview = $DIC['rbacreview'];
1345
1346 if (!(int) $_POST['recursive'] and !is_array($_POST['recursive_list'])) {
1347 return false;
1348 }
1349
1350 // Role is protected
1351 if ($rbacreview->isProtected($this->obj_ref_id, $this->object->getId())) {
1352 // TODO: check if recursive_list is enabled
1353 // and if yes: check if inheritance is broken for the relevant object types
1354 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1355 } else {
1356 // TODO: check if recursive_list is enabled
1357 // and if yes: check if inheritance is broken for the relevant object types
1358 return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1359 }
1360 }
1361
1366 protected function showChangeExistingObjectsConfirmation()
1367 {
1368 $protected = $_POST['protected'];
1369
1370 include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1371 $form = new ilPropertyFormGUI();
1372 $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1373 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1374
1375 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1376 $form->addCommandButton('perm', $this->lng->txt('cancel'));
1377
1378 $hidden = new ilHiddenInputGUI('type_filter');
1379 $hidden->setValue(
1380 $_POST['recursive'] ?
1381 serialize(array('all')) :
1382 serialize($_POST['recursive_list'])
1383 );
1384 $form->addItem($hidden);
1385
1386 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1387
1388 if ($protected) {
1389 $rad->setValue(ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1390 $keep = new ilRadioOption(
1391 $this->lng->txt('rbac_keep_local_policies'),
1392 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1393 $this->lng->txt('rbac_keep_local_policies_info')
1394 );
1395 } else {
1396 $rad->setValue(ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1397 $keep = new ilRadioOption(
1398 $this->lng->txt('rbac_keep_local_policies'),
1399 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1400 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1401 );
1402 }
1403 $rad->addOption($keep);
1404
1405 if ($protected) {
1406 $del = new ilRadioOption(
1407 $this->lng->txt('rbac_delete_local_policies'),
1408 ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1409 $this->lng->txt('rbac_delete_local_policies_info')
1410 );
1411 } else {
1412 $del = new ilRadioOption(
1413 $this->lng->txt('rbac_delete_local_policies'),
1414 ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1415 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1416 );
1417 }
1418 $rad->addOption($del);
1419
1420 $form->addItem($rad);
1421 $this->tpl->setContent($form->getHTML());
1422 }
1423
1428 protected function changeExistingObjectsObject()
1429 {
1430 global $DIC;
1431
1432 $tree = $DIC['tree'];
1433 $rbacreview = $DIC['rbacreview'];
1434 $rbacadmin = $DIC['rbacadmin'];
1435
1436 $mode = (int) $_POST['mode'];
1437 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1438
1439 $this->object->changeExistingObjects($start, $mode, unserialize(ilUtil::stripSlashes($_POST['type_filter'])));
1440
1441 ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
1442 $this->ctrl->redirect($this, 'perm');
1443 }
1444
1450 protected function setSubTabs($a_tab)
1451 {
1452 global $DIC;
1453
1454 $ilTabs = $DIC['ilTabs'];
1455
1456 switch ($a_tab) {
1457 case 'default_perm_settings':
1458 if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1459 return true;
1460 }
1461 $ilTabs->addSubTabTarget(
1462 'rbac_repository_permissions',
1463 $this->ctrl->getLinkTarget($this, 'perm')
1464 );
1465 $ilTabs->addSubTabTarget(
1466 'rbac_admin_permissions',
1467 $this->ctrl->getLinkTarget($this, 'adminPerm')
1468 );
1469 }
1470 return true;
1471 }
1472
1476 protected function addToClipboardObject()
1477 {
1478 global $DIC;
1479
1480 $lng = $DIC['lng'];
1481 $ilCtrl = $DIC['ilCtrl'];
1482
1483 $users = (array) $_POST['user_id'];
1484 if (!count($users)) {
1485 ilUtil::sendFailure($this->lng->txt('select_one'), true);
1486 $ilCtrl->redirect($this, 'userassignment');
1487 }
1488 include_once './Services/User/classes/class.ilUserClipboard.php';
1489 $clip = ilUserClipboard::getInstance($GLOBALS['DIC']['ilUser']->getId());
1490 $clip->add($users);
1491 $clip->save();
1492
1493 $lng->loadLanguageModule('user');
1494 ilUtil::sendSuccess($this->lng->txt('clipboard_user_added'), true);
1495 $ilCtrl->redirect($this, 'userassignment');
1496 }
1497
1501 protected function addLocatorItems()
1502 {
1503 global $DIC;
1504
1505 $ilLocator = $DIC['ilLocator'];
1506
1507 if ($_GET["admin_mode"] == "") {
1508 $this->ctrl->setParameterByClass(
1509 "ilobjrolegui",
1510 "obj_id",
1511 (int) $_GET["obj_id"]
1512 );
1513 $ilLocator->addItem(
1514 ilObjRole::_getTranslation($this->object->getTitle()),
1515 $this->ctrl->getLinkTargetByClass(
1516 array(
1517 "ilpermissiongui",
1518 "ilobjrolegui"),
1519 "perm"
1520 )
1521 );
1522 }
1523 }
1524
1525 /*
1526 * Ensure access to role for ref_id
1527 * @throws ilObjectException
1528 */
1529 protected function ensureRoleAccessForContext()
1530 {
1531 global $DIC;
1532
1533 $review = $DIC->rbac()->review();
1534 $logger = $DIC->logger()->ac();
1535
1536 // creation of roles
1537 if (
1538 !$this->object->getId() ||
1539 $this->object->getId() == ROLE_FOLDER_ID
1540 ) {
1541 return true;
1542 }
1543
1544
1545 $possible_roles = [];
1546 try {
1547 $possible_roles = $review->getRolesOfObject(
1548 $this->obj_ref_id,
1549 false
1550 );
1551 } catch (\InvalidArgumentException $e) {
1552 $logger->warning('Role access check failed: ' . $e);
1553
1554 include_once "Services/Object/exceptions/class.ilObjectException.php";
1555 throw new \ilObjectException($this->lng->txt('permission_denied'));
1556 }
1557
1558 if (!in_array($this->object->getId(), $possible_roles)) {
1559 $logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1560 include_once "Services/Object/exceptions/class.ilObjectException.php";
1561 throw new \ilObjectException($this->lng->txt('permission_denied'));
1562 }
1563 return true;
1564 }
1565} // END class.ilObjRoleGUI
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
php
An exception for terminatinating execution or to throw for unit testing.
ilAccordionGUI
Accordion user interface class.
Definition: class.ilAccordionGUI.php:12
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:16
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:34
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:16
ilExportGUI
Export User Interface Class.
Definition: class.ilExportGUI.php:15
ilExportOptions\newInstance
static newInstance($a_export_id)
Create new instance.
Definition: class.ilExportOptions.php:56
ilExportOptions\allocateExportId
static allocateExportId()
Allocate a new export id.
Definition: class.ilExportOptions.php:65
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:33
ilMailFormCall\getRedirectTarget
static getRedirectTarget($gui, $cmd, array $gui_params=array(), array $mail_params=array(), array $context_params=array())
Definition: class.ilMailFormCall.php:60
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:14
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:15
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:21
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:190
ilObjRoleGUI\editObject
editObject()
Edit role properties.
Definition: class.ilObjRoleGUI.php:388
ilObjRoleGUI\getTabs
getTabs()
get tabs abstract method.
Definition: class.ilObjRoleGUI.php:1230
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:701
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:425
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:468
ilObjRoleGUI\initFormRoleProperties
initFormRoleProperties($a_mode)
Create role prperty form.
Definition: class.ilObjRoleGUI.php:224
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:1022
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation()
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1366
ilObjRoleGUI\__construct
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
Definition: class.ilObjRoleGUI.php:47
ilObjRoleGUI\setBackTarget
setBackTarget($a_text, $a_link)
set back tab target
Definition: class.ilObjRoleGUI.php:176
ilObjRoleGUI\readRoleProperties
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
Definition: class.ilObjRoleGUI.php:340
ilObjRoleGUI\addLocatorItems
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:1501
ilObjRoleGUI\deassignUserObject
deassignUserObject()
de-assign users from role
Definition: class.ilObjRoleGUI.php:957
ilObjRoleGUI\permObject
permObject($a_show_admin_permissions=false)
Show template permissions.
Definition: class.ilObjRoleGUI.php:498
ilObjRoleGUI\loadRoleProperties
loadRoleProperties(ilObjRole $role)
Store form input in role object.
Definition: class.ilObjRoleGUI.php:319
ilObjRoleGUI\assignSaveObject
assignSaveObject()
wrapper for renamed function
Definition: class.ilObjRoleGUI.php:895
ilObjRoleGUI\permSaveObject
permSaveObject($a_show_admin_permissions=false)
save permissions
Definition: class.ilObjRoleGUI.php:724
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:168
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:199
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems($a_do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:1200
ilObjRoleGUI\addUserObject
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
Definition: class.ilObjRoleGUI.php:907
ilObjRoleGUI\checkAccess
checkAccess($a_perm_global, $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1320
ilObjRoleGUI\cancelObject
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
Definition: class.ilObjRoleGUI.php:1105
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:208
ilObjRoleGUI\adminPermObject
adminPermObject()
Show administration permissions.
Definition: class.ilObjRoleGUI.php:603
ilObjRoleGUI\executeCommand
executeCommand()
execute command
Definition: class.ilObjRoleGUI.php:79
ilObjRoleGUI\adminPermSaveObject
adminPermSaveObject()
Save admin permissions.
Definition: class.ilObjRoleGUI.php:612
ilObjRoleGUI\checkDuplicate
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
Definition: class.ilObjRoleGUI.php:458
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:658
ilObjRoleGUI\createObject
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
Definition: class.ilObjRoleGUI.php:370
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:150
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1340
ilObjRoleGUI\adoptPermSaveObject
adoptPermSaveObject()
copy permissions from role
Definition: class.ilObjRoleGUI.php:844
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:159
ilObjRoleGUI\setSubTabs
setSubTabs($a_tab)
Set sub tabs.
Definition: class.ilObjRoleGUI.php:1450
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1476
ilObjRoleGUI\changeExistingObjectsObject
changeExistingObjectsObject()
Change existing objects.
Definition: class.ilObjRoleGUI.php:1428
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\setAllowRegister
setAllowRegister($a_allow_register)
set allow_register of role
Definition: class.ilObjRole.php:268
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObjRole\getPersonalWorkspaceDiskQuota
getPersonalWorkspaceDiskQuota()
Gets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:338
ilObjRole\getAllowRegister
getAllowRegister()
get allow_register
Definition: class.ilObjRole.php:283
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:514
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjRole\isAutoGenerated
static isAutoGenerated($a_role_id)
Definition: class.ilObjRole.php:697
ilObjRole\getDiskQuota
getDiskQuota()
Gets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:310
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus($a_assign_users)
Definition: class.ilObjRole.php:145
ilObjRole\setDiskQuota
setDiskQuota($a_disk_quota)
Sets the minimal disk quota imposed by this role.
Definition: class.ilObjRole.php:296
ilObjRole\setPersonalWorkspaceDiskQuota
setPersonalWorkspaceDiskQuota($a_disk_quota)
Sets the minimal personal workspace disk quota imposed by this role.
Definition: class.ilObjRole.php:324
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:77
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:14
ilObjectGUI\__showButton
__showButton($a_cmd, $a_text, $a_target='')
Definition: class.ilObjectGUI.php:1647
ilObjectGUI\prepareOutput
prepareOutput($a_show_subobjects=true)
prepare output
Definition: class.ilObjectGUI.php:309
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1107
ilObject\setTitle
setTitle($a_title)
set object title
Definition: class.ilObject.php:418
ilObject\setDescription
setDescription($a_desc)
set object description
Definition: class.ilObject.php:443
ilObject\getDescription
getDescription()
get object description
Definition: class.ilObject.php:432
ilObject\getId
getId()
get object id @access public
Definition: class.ilObject.php:320
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1278
ilObject\_getIdsForTitle
static _getIdsForTitle($title, $type='', $partialmatch=false)
Definition: class.ilObject.php:1030
ilObject\getTitle
getTitle()
get object title @access public
Definition: class.ilObject.php:396
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:48
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:34
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:32
ilRbacLog\diffTemplate
static diffTemplate(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:114
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilRbacLog\gatherTemplate
static gatherTemplate($a_role_ref_id, $a_role_id)
Definition: class.ilRbacLog.php:105
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:21
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilRecommendedContentRoleConfigGUI
Recommended content configuration for roles.
Definition: class.ilRecommendedContentRoleConfigGUI.php:11
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Definition: class.ilRepositorySearchGUI.php:195
ilRoleAdoptPermissionTableGUI
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
Definition: class.ilRoleAdoptPermissionTableGUI.php:17
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:107
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:35
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:17
ilUserClipboard\getInstance
static getInstance($a_usr_id)
Get singelton instance.
Definition: class.ilUserClipboard.php:35
ilUtil\formCheckbox
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
Definition: class.ilUtil.php:433
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:4407
ilUtil\sendQuestion
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
Definition: class.ilUtil.php:4535
ilUtil\tf2yn
static tf2yn($a_tf)
convert true/false to "y"/"n"
Definition: class.ilUtil.php:2986
ilUtil\redirect
static redirect($a_script)
Definition: class.ilUtil.php:3306
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4519
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2408
ilUtil\MB2Bytes
static MB2Bytes($a_value)
Definition: class.ilUtil.php:5023
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4503
ilUtil\getImagePath
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:80
ilUtil\infoPanel
static infoPanel($a_keep=true)
Definition: class.ilUtil.php:4560
ilUtil\Bytes2MB
static Bytes2MB($a_value)
Definition: class.ilUtil.php:5028
$ilCtrl
global $ilCtrl
Definition: ilias.php:18
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:30
ilias
redirection script todo: (a better solution should control the processing via a xml file)
$ret
$ret
Definition: parser.php:6
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$ilUser
$ilUser
Definition: imgupload.php:18
$DIC
$DIC
Definition: xapitoken.php:46