ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilDidacticTemplateLocalPolicyAction.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateAction.php';
5
12class ilDidacticTemplateLocalPolicyAction extends ilDidacticTemplateAction
13{
14 const TPL_ACTION_OVERWRITE = 1;
15 const TPL_ACTION_INTERSECT = 2;
16 const TPL_ACTION_ADD = 3;
17 const TPL_ACTION_SUBTRACT = 4;
18 const TPL_ACTION_UNION = 5;
19
20
21 private $pattern = array();
22 private $filter_type = self::FILTER_SOURCE_TITLE;
23 private $role_template_type = self::TPL_ACTION_OVERWRITE;
24 private $role_template_id = 0;
25
26
31 public function __construct($action_id = 0)
32 {
33 parent::__construct($action_id);
34 }
35
40 public function addFilterPattern(ilDidacticTemplateFilterPattern $pattern)
41 {
42 $this->pattern[] = $pattern;
43 }
44
49 public function setFilterPatterns(array $patterns)
50 {
51 $this->pattern = $patterns;
52 }
53
58 public function getFilterPattern()
59 {
60 return $this->pattern;
61 }
62
67 public function setFilterType($a_type)
68 {
69 $this->filter_type = $a_type;
70 }
71
76 public function getFilterType()
77 {
78 return $this->filter_type;
79 }
80
85 public function setRoleTemplateType($a_tpl_type)
86 {
87 $this->role_template_type = $a_tpl_type;
88 }
89
93 public function getRoleTemplateType()
94 {
95 return $this->role_template_type;
96 }
97
102 public function setRoleTemplateId($a_id)
103 {
104 $this->role_template_id = $a_id;
105 }
106
111 public function getRoleTemplateId()
112 {
113 return $this->role_template_id;
114 }
115
119 public function save()
120 {
121 global $DIC;
122
123 $ilDB = $DIC['ilDB'];
124
125 parent::save();
126
127 $query = 'INSERT INTO didactic_tpl_alp (action_id,filter_type,template_type,template_id) ' .
128 'VALUES( ' .
129 $ilDB->quote($this->getActionId(), 'integer') . ', ' .
130 $ilDB->quote($this->getFilterType(), 'integer') . ', ' .
131 $ilDB->quote($this->getRoleTemplateType(), 'integer') . ', ' .
132 $ilDB->quote($this->getRoleTemplateId(), 'integer') . ' ' .
133 ')';
134 $ilDB->manipulate($query);
135
136 foreach ($this->getFilterPattern() as $pattern) {
137 /* @var ilDidacticTemplateFilterPattern $pattern */
138 $pattern->setParentId($this->getActionId());
139 $pattern->setParentType(self::PATTERN_PARENT_TYPE);
140 $pattern->save();
141 }
142 }
143
149 public function delete()
150 {
151 global $DIC;
152
153 $ilDB = $DIC['ilDB'];
154
155 parent::delete();
156
157 $query = 'DELETE FROM didactic_tpl_alp ' .
158 'WHERE action_id = ' . $ilDB->quote($this->getActionId(), 'integer');
159 $ilDB->manipulate($query);
160
161 foreach ($this->getFilterPattern() as $pattern) {
162 $pattern->delete();
163 }
164 return true;
165 }
166
167
168
169
173 public function apply()
174 {
175 $rbacreview = $GLOBALS['DIC']->rbac()->review();
176
177 $source = $this->initSourceObject();
178 // Create a role folder for the new local policies
179
180 $roles = $this->filterRoles($source);
181
182 // Create local policy for filtered roles
183 foreach ($roles as $role_id => $role) {
184 $this->getLogger()->debug('Apply to role: ' . $role['title']);
185 $this->getLogger()->debug('Role parent: ' . $role['parent']);
186 $this->getLogger()->debug('Source ref_id: ' . $source->getRefId());
187
188 // No local policies for protected roles of higher context
189 if (
190 $rbacreview->isProtected($role['parent'], $role_id) &&
191 $role['parent'] != $source->getRefId()
192 ) {
193 $this->getLogger()->debug('Ignoring protected role.');
194 continue;
195 }
196 $this->createLocalPolicy($source, $role);
197 }
198 return true;
199 }
200
206 public function revert()
207 {
208 global $DIC;
209
210 $rbacadmin = $DIC['rbacadmin'];
211 $tree = $DIC['tree'];
212 $rbacreview = $GLOBALS['DIC']->rbac()->review();
213
214 $source = $this->initSourceObject();
215 $roles = $this->filterRoles($source);
216
217 // Delete local policy for filtered roles
218 foreach ($roles as $role_id => $role) {
219 // Do not delete local policies of auto generated roles
220 if (!$rbacreview->isGlobalRole($role['obj_id']) and
221 $rbacreview->isAssignable($role['obj_id'], $source->getRefId()) and
222 $rbacreview->isSystemGeneratedRole($role['obj_id'])) {
223 $this->getLogger()->debug('Reverting local policy of auto generated role: ' . $role['title']);
224 $this->revertLocalPolicy($source, $role);
225 } else {
226 $this->getLogger()->debug('Reverting local policy and deleting local role: ' . $role['title']);
227
228 // delete local role and change exiting objects
229 $rbacadmin->deleteLocalRole($role_id, $source->getRefId());
230 // Change existing object
231 include_once './Services/AccessControl/classes/class.ilObjRole.php';
232 $role_obj = new ilObjRole($role_id);
233
234 $protected = $rbacreview->isProtected($role['parent'], $role['rol_id']);
235
236 $role_obj->changeExistingObjects(
237 $source->getRefId(),
238 $protected ?
239 ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES :
240 ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
241 array('all')
242 );
243 }
244 }
245 return true;
246 }
247
252 public function getType()
253 {
254 return self::TYPE_LOCAL_POLICY;
255 }
256
262 public function toXml(ilXmlWriter $writer)
263 {
264 $writer->xmlStartTag('localPolicyAction');
265
266 switch ($this->getFilterType()) {
267 case self::FILTER_SOURCE_TITLE:
268 $writer->xmlStartTag('roleFilter', ['source' => 'title']);
269 break;
270
271 case self::FILTER_SOURCE_OBJ_ID:
272 $writer->xmlStartTag('roleFilter', ['source' => 'objId']);
273 break;
274
275 case self::FILTER_PARENT_ROLES:
276 $writer->xmlStartTag('roleFilter', ['source' => 'parentRoles']);
277 break;
278
279 case self::FILTER_LOCAL_ROLES:
280 $writer->xmlStartTag('roleFilter', ['source' => 'localRoles']);
281 break;
282
283 default:
284 $writer->xmlStartTag('roleFilter', ['source' => 'title']);
285 break;
286 }
287
288 foreach ($this->getFilterPattern() as $pattern) {
289 $pattern->toXml($writer);
290 }
291 $writer->xmlEndTag('roleFilter');
292
293 $il_role_id = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($this->getRoleTemplateId()) . '_' . $this->getRoleTemplateId();
294
295 switch ($this->getRoleTemplateType()) {
296 case self::TPL_ACTION_OVERWRITE:
297 $writer->xmlStartTag(
298 'localPolicyTemplate',
299 array(
300 'type' => 'overwrite',
301 'id' => $il_role_id
302 )
303 );
304 break;
305
306 case self::TPL_ACTION_INTERSECT:
307 $writer->xmlStartTag(
308 'localPolicyTemplate',
309 array(
310 'type' => 'intersect',
311 'id' => $il_role_id
312 )
313 );
314 break;
315
316 case self::TPL_ACTION_UNION:
317 $writer->xmlStartTag(
318 'localPolicyTemplate',
319 array(
320 'type' => 'union',
321 'id' => $il_role_id
322 )
323 );
324 break;
325 }
326
327 include_once './Services/AccessControl/classes/class.ilRoleXmlExport.php';
328 $exp = new ilRoleXmlExport();
329 $exp->setMode(ilRoleXmlExport::MODE_DTPL);
330 $exp->addRole($this->getRoleTemplateId(), ROLE_FOLDER_ID);
331 $exp->write();
332 $writer->appendXML($exp->xmlDumpMem(false));
333 $writer->xmlEndTag('localPolicyTemplate');
334 $writer->xmlEndTag('localPolicyAction');
335 return;
336 }
337
341 public function __clone()
342 {
343 parent::__clone();
344
345 // Clone patterns
346 $cloned = array();
347 foreach ($this->getFilterPattern() as $pattern) {
348 $clones[] = clone $pattern;
349 }
350 $this->setFilterPatterns($clones);
351 }
352
353 public function read()
354 {
355 global $DIC;
356
357 $ilDB = $DIC['ilDB'];
358
359 if (!parent::read()) {
360 return false;
361 }
362
363 $query = 'SELECT * FROM didactic_tpl_alp ' .
364 'WHERE action_id = ' . $ilDB->quote($this->getActionId());
365 $res = $ilDB->query($query);
366 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
367 $this->setFilterType($row->filter_type);
368 $this->setRoleTemplateType($row->template_type);
369 $this->setRoleTemplateId($row->template_id);
370 }
371
372 // Read filter
373 include_once './Services/DidacticTemplate/classes/class.ilDidacticTemplateFilterPatternFactory.php';
374 foreach (ilDidacticTemplateFilterPatternFactory::lookupPatternsByParentId($this->getActionId(), self::PATTERN_PARENT_TYPE) as $pattern) {
375 $this->addFilterPattern($pattern);
376 }
377 }
378
379
386 protected function createLocalPolicy(ilObject $source, $role)
387 {
388 global $DIC;
389
390 $rbacreview = $DIC->rbac()->review();
391 $rbacadmin = $DIC->rbac()->admin();
392
393 // fetch role information
394 $role_data = array();
395 foreach ($rbacreview->getParentRoleIds($source->getRefId()) as $role_id => $tmp_role) {
396 if ($role_id == $role['obj_id']) {
397 $role_data = $tmp_role;
398 }
399 }
400
401 // Add local policy
402 if (!$rbacreview->isRoleAssignedToObject($role['obj_id'], $source->getRefId())) {
403 $GLOBALS['DIC']->rbac()->admin()->assignRoleToFolder(
404 $role['obj_id'],
405 $source->getRefId(),
406 'n'
407 );
408 }
409
410
411 // do nothing if role is protected in higher context
412 if (
413 $rbacreview->isProtected($source->getRefId(),$role['obj_id']) &&
414 $role['parent'] != $source->getRefId()
415 ) {
416 $this->getLogger()->info('Ignoring protected role: ' . $role['title']);
417 return true;
418 }
419
420 switch ($this->getRoleTemplateType()) {
421 case self::TPL_ACTION_UNION:
422
423 ilLoggerFactory::getLogger('otpl')->info('Using ilRbacAdmin::copyRolePermissionUnion()');
424 $rbacadmin->copyRolePermissionUnion(
425 $role_data['obj_id'],
426 $role_data['parent'],
427 $this->getRoleTemplateId(),
428 ROLE_FOLDER_ID,
429 $role_data['obj_id'],
430 $source->getRefId()
431 );
432 break;
433
434 case self::TPL_ACTION_OVERWRITE:
435
436 ilLoggerFactory::getLogger('otpl')->info('Using ilRbacAdmin::copyRoleTemplatePermission()');
437 $rbacadmin->copyRoleTemplatePermissions(
438 $this->getRoleTemplateId(),
439 ROLE_FOLDER_ID,
440 $source->getRefId(),
441 $role_data['obj_id'],
442 true
443 );
444 break;
445
446 case self::TPL_ACTION_INTERSECT:
447
448 ilLoggerFactory::getLogger('otpl')->info('Using ilRbacAdmin::copyRolePermissionIntersection()' . $this->getRoleTemplateId());
449 $rbacadmin->copyRolePermissionIntersection(
450 $role_data['obj_id'],
451 $role_data['parent'],
452 $this->getRoleTemplateId(),
453 ROLE_FOLDER_ID,
454 $source->getRefId(),
455 $role_data['obj_id']
456 );
457 break;
458
459 }
460
461 // Change existing object
462 include_once './Services/AccessControl/classes/class.ilObjRole.php';
463 $role_obj = new ilObjRole($role_data['obj_id']);
464 $role_obj->changeExistingObjects(
465 $source->getRefId(),
466 $role_data['protected'] ? ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES : ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
467 array('all')
468 );
469
470 return true;
471 }
472
473 protected function revertLocalPolicy(ilObject $source, $role)
474 {
475 global $DIC;
476
477 $rbacadmin = $DIC['rbacadmin'];
478 $rbacreview = $DIC['rbacreview'];
479 $ilDB = $DIC['ilDB'];
480
481 ilLoggerFactory::getLogger('otpl')->info('Reverting policy for role ' . $role['title']);
482 // Local policies can only be reverted for auto generated roles. Otherwise the
483 // original role settings are unknown
484 if (substr($role['title'], 0, 3) != 'il_') {
485 ilLoggerFactory::getLogger('otpl')->warning('Cannot revert local policy for role ' . $role['title']);
486 return false;
487 }
488
489
490 // No local policies
491 if (!$rbacreview->getLocalPolicies($source->getRefId())) {
492 return false;
493 }
494
495 $exploded_title = explode('_', $role['title']);
496 $rolt_title = $exploded_title[0] . '_' . $exploded_title[1] . '_' . $exploded_title[2];
497
498 // Lookup role template
499 $query = 'SELECT obj_id FROM object_data ' .
500 'WHERE title = ' . $ilDB->quote($rolt_title, 'text') . ' ' .
501 'AND type = ' . $ilDB->quote('rolt', 'text');
502 $res = $ilDB->query($query);
503 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
504 $rolt_id = $row->obj_id;
505 }
506
507 // No template found
508 if (!$rolt_id) {
509 return false;
510 }
511
512 $rbacadmin->copyRoleTemplatePermissions(
513 $rolt_id,
514 ROLE_FOLDER_ID,
515 $source->getRefId(),
516 $role['obj_id'],
517 true
518 );
519
520 // Change existing object
521 include_once './Services/AccessControl/classes/class.ilObjRole.php';
522 $role_obj = new ilObjRole($role['obj_id']);
523 $role_obj->changeExistingObjects(
524 $source->getRefId(),
525 $role['protected'] ? ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES : ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
526 array('all')
527 );
528 }
529}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
php
An exception for terminatinating execution or to throw for unit testing.
ilDidacticTemplateAction
Abstract class for template actions.
Definition: class.ilDidacticTemplateAction.php:11
ilDidacticTemplateAction\initSourceObject
initSourceObject()
Init the source object.
Definition: class.ilDidacticTemplateAction.php:226
ilDidacticTemplateAction\filterRoles
filterRoles(ilObject $source)
Filter roles.
Definition: class.ilDidacticTemplateAction.php:237
ilDidacticTemplateFilterPatternFactory\lookupPatternsByParentId
static lookupPatternsByParentId($a_parent_id, $a_parent_type)
Get patterns by template id.
Definition: class.ilDidacticTemplateFilterPatternFactory.php:18
ilDidacticTemplateFilterPattern
Represents a filter pattern for didactic template actions.
Definition: class.ilDidacticTemplateFilterPattern.php:12
ilDidacticTemplateLocalPolicyAction\createLocalPolicy
createLocalPolicy(ilObject $source, $role)
Create local policy.
Definition: class.ilDidacticTemplateLocalPolicyAction.php:386
ilDidacticTemplateLocalPolicyAction\addFilterPattern
addFilterPattern(ilDidacticTemplateFilterPattern $pattern)
Add filter.
Definition: class.ilDidacticTemplateLocalPolicyAction.php:40
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:17
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ilObject
Class ilObject Basic functions for all objects.
Definition: class.ilObject.php:14
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1278
ilRoleXmlExport
Xml export of roles and role templates.
Definition: class.ilRoleXmlExport.php:13
ilXmlWriter
XML writer class.
Definition: class.ilXmlWriter.php:18
ilXmlWriter\xmlEndTag
xmlEndTag($tag)
Writes an endtag.
Definition: class.ilXmlWriter.php:343
ilXmlWriter\appendXML
appendXML($a_str)
append xml string to document
Definition: class.ilXmlWriter.php:461
ilXmlWriter\xmlStartTag
xmlStartTag($tag, $attrs=null, $empty=false, $encode=true, $escape=true)
Writes a starttag.
Definition: class.ilXmlWriter.php:307
$source
$source
Definition: metadata.php:76
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:30
$query
$query
Definition: proxy_ylocal.php:13
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$a_type
$a_type
Definition: workflow.php:92
$DIC
$DIC
Definition: xapitoken.php:46