ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilObjectRolePermissionTableGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4include_once('./Services/Table/classes/class.ilTable2GUI.php');
5include_once './Services/AccessControl/classes/class.ilPermissionGUI.php';
6require_once('./Services/Repository/classes/class.ilObjectPlugin.php');
7
18{
19 const ROLE_FILTER_ALL = 1;
24
25 private $ref_id = null;
26 private $roles = array();
27
28 private $tree_path_ids = array();
29
30 private $activeOperations = array();
31 private $visible_roles = array();
32
37 public function __construct($a_parent_obj, $a_parent_cmd, $a_ref_id)
38 {
39 global $DIC;
40
41 $ilCtrl = $DIC['ilCtrl'];
42 $rbacreview = $DIC['rbacreview'];
43 $tpl = $DIC['tpl'];
44 $tree = $DIC['tree'];
45
46 parent::__construct($a_parent_obj, $a_parent_cmd);
47
48 $this->lng->loadLanguageModule('rbac');
49
50 $this->ref_id = $a_ref_id;
51 $this->tree_path_ids = $tree->getPathId($this->ref_id);
52
53 $this->setId('objroleperm_' . $this->ref_id);
54
55 $tpl->addJavaScript('./Services/AccessControl/js/ilPermSelect.js');
56
57 $this->setTitle($this->lng->txt('permission_settings'));
58 $this->setEnableHeader(true);
59 $this->disable('sort');
60 $this->setFormAction($ilCtrl->getFormAction($a_parent_obj, $a_parent_cmd));
61 $this->disable('numinfo');
62 $this->setRowTemplate("tpl.obj_role_perm_row.html", "Services/AccessControl");
63 $this->setLimit(100);
64 $this->setShowRowsSelector(false);
65 $this->setDisableFilterHiding(true);
66 $this->setNoEntriesText($this->lng->txt('msg_no_roles_of_type'));
67
68 $this->addCommandButton('savePermissions', $this->lng->txt('save'));
69
70 $this->initFilter();
71 }
72
73
78 public function getPathIds()
79 {
80 return (array) $this->tree_path_ids;
81 }
82
87 public function getRefId()
88 {
89 return $this->ref_id;
90 }
91
96 public function getObjId()
97 {
98 return ilObject::_lookupObjId($this->getRefId());
99 }
100
105 public function getObjType()
106 {
107 return ilObject::_lookupType($this->getObjId());
108 }
109
115 public function addActiveOperation($a_ops_id)
116 {
117 $this->activeOperations[] = $a_ops_id;
118 }
119
124 public function getActiveOperations()
125 {
126 return (array) $this->activeOperations;
127 }
128
134 public function setVisibleRoles($a_ar)
135 {
136 $this->visible_roles = $a_ar;
137 }
138
143 public function getVisibleRoles()
144 {
146 }
147
152 public function initFilter()
153 {
154 global $DIC;
155
156 $tree = $DIC['tree'];
157
159 'role',
161 );
162
163 // Limit filter to local roles only for objects with group or course in path
164 if (!$roles->getValue()) {
165 if ($tree->checkForParentType($this->getRefId(), 'crs') or
166 $tree->checkForParentType($this->getRefId(), 'grp')) {
167 $roles->setValue(self::ROLE_FILTER_LOCAL);
168 } else {
169 $roles->setValue(self::ROLE_FILTER_ALL);
170 }
171 }
172
173
174 $roles->setOptions(
175 array(
176 self::ROLE_FILTER_ALL => $this->lng->txt('filter_all_roles'),
177 self::ROLE_FILTER_GLOBAL => $this->lng->txt('filter_global_roles'),
178 self::ROLE_FILTER_LOCAL => $this->lng->txt('filter_local_roles'),
179 self::ROLE_FILTER_LOCAL_POLICY => $this->lng->txt('filter_roles_local_policy'),
180 self::ROLE_FILTER_LOCAL_OBJECT => $this->lng->txt('filter_local_roles_object')
181 )
182 );
183 }
184
190 public function fillRow($row)
191 {
192 global $DIC;
193
194 $objDefinition = $DIC['objDefinition'];
195
196
197 // local policy
198 if (isset($row['show_local_policy_row'])) {
199 foreach ($row['roles'] as $role_id => $role_info) {
200 $this->tpl->setCurrentBlock('role_option');
201 $this->tpl->setVariable('INHERIT_ROLE_ID', $role_id);
202 $this->tpl->setVariable('INHERIT_CHECKED', $role_info['local_policy'] ? 'checked=checked' : '');
203 $this->tpl->setVariable('INHERIT_DISABLED', ($role_info['protected'] or $role_info['isLocal'] or $role_info['blocked']) ? 'disabled="disabled"' : '');
204 $this->tpl->setVariable('TXT_INHERIT', $this->lng->txt('rbac_local_policy'));
205 $this->tpl->setVariable('INHERIT_LONG', $this->lng->txt('perm_use_local_policy_desc'));
206 $this->tpl->parseCurrentBlock();
207 }
208 return true;
209 }
210 // protected
211 if (isset($row['show_protected_row'])) {
212 foreach ($row['roles'] as $role_id => $role_info) {
213 $this->tpl->setCurrentBlock('role_protect');
214 $this->tpl->setVariable('PROTECT_ROLE_ID', $role_id);
215 $this->tpl->setVariable('PROTECT_CHECKED', $role_info['protected_status'] ? 'checked=checked' : '');
216 $this->tpl->setVariable('PROTECT_DISABLED', $role_info['protected_allowed'] ? '' : 'disabled="disabled"');
217 $this->tpl->setVariable('TXT_PROTECT', $this->lng->txt('role_protect_permissions'));
218 $this->tpl->setVariable('PROTECT_LONG', $this->lng->txt('role_protect_permissions_desc'));
219 $this->tpl->parseCurrentBlock();
220 }
221 return true;
222 }
223
224 // block role
225 if (isset($row['show_block_row'])) {
226 foreach ($this->getVisibleRoles() as $counter => $role_info) {
227 $this->tpl->setCurrentBlock('role_block');
228 $this->tpl->setVariable('BLOCK_ROLE_ID', $role_info['obj_id']);
229 $this->tpl->setVariable('TXT_BLOCK', $this->lng->txt('role_block_role'));
230 $this->tpl->setVariable('BLOCK_LONG', $this->lng->txt('role_block_role_desc'));
231 if ($role_info['blocked']) {
232 $this->tpl->setVariable('BLOCK_CHECKED', 'checked="checked"');
233 }
234 if (
235 ($role_info['protected'] == 'y') ||
236 ($role_info['assign'] == 'y' and ($role_info['parent'] == $this->getRefId()))
237 ) {
238 $this->tpl->setVariable('BLOCK_DISABLED', 'disabled="disabled');
239 }
240
241 $this->tpl->parseCurrentBlock();
242 }
243 return true;
244 }
245
246 // Select all
247 if (isset($row['show_select_all'])) {
248 foreach ($this->getVisibleRoles() as $role) {
249 $this->tpl->setCurrentBlock('role_select_all');
250 $this->tpl->setVariable('JS_ROLE_ID', $role['obj_id']);
251 $this->tpl->setVariable('JS_SUBID', $row['subtype']);
252 $this->tpl->setVariable('JS_ALL_PERMS', "['" . implode("','", $row['ops']) . "']");
253 $this->tpl->setVariable('JS_FORM_NAME', $this->getFormName());
254 $this->tpl->setVariable('TXT_SEL_ALL', $this->lng->txt('select_all'));
255 $this->tpl->parseCurrentBlock();
256 }
257 return true;
258 }
259
260 // Object permissions
261 if (isset($row['show_start_info'])) {
262 $this->tpl->setCurrentBlock('section_info');
263 $this->tpl->setVariable('SECTION_TITLE', $this->lng->txt('perm_class_object'));
264 $this->tpl->setVariable('SECTION_DESC', $this->lng->txt('perm_class_object_desc'));
265 $this->tpl->parseCurrentBlock();
266
267 return true;
268 }
269
270 if (isset($row['show_create_info'])) {
271 $this->tpl->setCurrentBlock('section_info');
272 $this->tpl->setVariable('SECTION_TITLE', $this->lng->txt('perm_class_create'));
273 $this->tpl->setVariable('SECTION_DESC', $this->lng->txt('perm_class_create_desc'));
274 $this->tpl->parseCurrentBlock();
275
276 return true;
277 }
278
279 foreach ((array) $row['roles'] as $role_id => $role_info) {
280 $perm = "";
281 $this->tpl->setCurrentBlock('role_td');
282 $this->tpl->setVariable('PERM_ROLE_ID', $role_id);
283 $this->tpl->setVariable('PERM_PERM_ID', $row['perm']['ops_id']);
284
285
286 if (substr($row['perm']['operation'], 0, 6) == 'create') {
287 if ($objDefinition->isPlugin(substr($row['perm']['operation'], 7))) {
289 substr($row['perm']['operation'], 7),
290 "obj_" . substr($row['perm']['operation'], 7)
291 );
292 } else {
293 $perm = $this->lng->txt('obj_' . substr($row['perm']['operation'], 7));
294 }
295 } else {
296 if ($objDefinition->isPlugin($this->getObjType())) {
297 if (ilPlugin::langExitsById($this->getObjType(), $row['perm']['operation'])) {
298 $perm = ilObjectPlugin::lookupTxtById($this->getObjType(), $row['perm']['operation']);
299 }
300 }
301
302 if (!$perm) {
303 if ($this->lng->exists($this->getObjType() . '_' . $row['perm']['operation'] . '_short')) {
304 $perm = $this->lng->txt($this->getObjType() . '_' . $row['perm']['operation'] . '_short');
305 } else {
306 $perm = $this->lng->txt($row['perm']['operation']);
307 }
308 }
309 }
310
311 $this->tpl->setVariable('TXT_PERM', $perm);
312
313 if ($objDefinition->isPlugin($this->getObjType())) {
314 $this->tpl->setVariable('PERM_LONG', ilObjectPlugin::lookupTxtById(
315 $this->getObjType(),
316 $this->getObjType() . "_" . $row['perm']['operation']
317 ));
318 } elseif (substr($row['perm']['operation'], 0, 6) == 'create') {
319 if ($objDefinition->isPlugin(substr($row['perm']['operation'], 7))) {
320 $this->tpl->setVariable('PERM_LONG', ilObjectPlugin::lookupTxtById(
321 substr($row['perm']['operation'], 7),
322 $this->getObjType() . "_" . $row['perm']['operation']
323 ));
324 } else {
325 $this->tpl->setVariable('PERM_LONG', $this->lng->txt('rbac_' . $row['perm']['operation']));
326 }
327 } else {
328 $this->tpl->setVariable('PERM_LONG', $this->lng->txt($this->getObjType() . '_' . $row['perm']['operation']));
329 }
330
331 if ($role_info['protected'] || $role_info['blocked']) {
332 $this->tpl->setVariable('PERM_DISABLED', 'disabled="disabled"');
333 }
334 if ($role_info['permission_set']) {
335 $this->tpl->setVariable('PERM_CHECKED', 'checked="checked"');
336 }
337
338 $this->tpl->parseCurrentBlock();
339 }
340 }
341
342
347 public function parse()
348 {
349 global $DIC;
350
351 $rbacreview = $DIC['rbacreview'];
352 $objDefinition = $DIC['objDefinition'];
353
354 $this->initColumns();
355
356 $perms = array();
357 $roles = array();
358
359 if (!count($this->getVisibleRoles())) {
360 return $this->setData(array());
361 }
362
363 // Read operations of role
364 $operations = array();
365 foreach ($this->getVisibleRoles() as $role_data) {
366 $operations[$role_data['obj_id']] = $rbacreview->getActiveOperationsOfRole($this->getRefId(), $role_data['obj_id']);
367 }
368
369 $counter = 0;
370
371 // Local policy
373 $roles = array();
374 $local_roles = $rbacreview->getRolesOfObject($this->getRefId());
375 foreach ($this->getVisibleRoles() as $role_id => $role_data) {
376 $roles[$role_data['obj_id']] = array(
377 'blocked' => $role_data['blocked'],
378 'protected' => $role_data['protected'],
379 'local_policy' => in_array($role_data['obj_id'], $local_roles),
380 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
381 );
382 }
383 $perms[$counter]['roles'] = $roles;
384 $perms[$counter]['show_local_policy_row'] = 1;
385
386 $counter++;
387 }
388
389 // Protect permissions
391 $roles = array();
392 foreach ($this->getVisibleRoles() as $role_id => $role_data) {
393 $roles[$role_data['obj_id']] = array(
394 'blocked' => $role_data['blocked'],
395 'protected_allowed' => $rbacreview->isAssignable($role_data['obj_id'], $this->getRefId()),
396 'protected_status' => $rbacreview->isProtected($role_data['parent'], $role_data['obj_id']),
397 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
398 );
399 }
400 $perms[$counter]['roles'] = $roles;
401 $perms[$counter]['show_protected_row'] = 1;
402
403 $counter++;
404 }
405 // Block role
407 $perms[$counter++]['show_block_row'] = 1;
408 }
409
410
412 $perms[$counter++]['show_start_info'] = true;
413 }
414
415 // no creation permissions
416 $no_creation_operations = array();
417 foreach ($rbacreview->getOperationsByTypeAndClass($this->getObjType(), 'object') as $operation) {
418 $this->addActiveOperation($operation);
419 $no_creation_operations[] = $operation;
420
421 $roles = array();
422 foreach ($this->getVisibleRoles() as $role_data) {
423 $roles[$role_data['obj_id']] =
424 array(
425 'blocked' => $role_data['blocked'],
426 'protected' => $role_data['protected'],
427 'permission_set' => in_array($operation, (array) $operations[$role_data['obj_id']]),
428 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
429 );
430 }
431
432 $op = $rbacreview->getOperation($operation);
433
434 $perms[$counter]['roles'] = $roles;
435 $perms[$counter]['perm'] = $op;
436 $counter++;
437 }
438
439 /*
440 * Select all
441 */
442 if ($no_creation_operations) {
443 $perms[$counter]['show_select_all'] = 1;
444 $perms[$counter]['ops'] = $no_creation_operations;
445 $perms[$counter]['subtype'] = 'nocreation';
446 $counter++;
447 }
448
449
450 if ($objDefinition->isContainer($this->getObjType())) {
451 $perms[$counter++]['show_create_info'] = true;
452 }
453
454 // Get creatable objects
455 $objects = $objDefinition->getCreatableSubObjects($this->getObjType());
456 $ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys($objects));
457 $creation_operations = array();
458 foreach ($objects as $type => $info) {
459 $ops_id = $ops_ids[$type];
460
461 if (!$ops_id) {
462 continue;
463 }
464
465 $this->addActiveOperation($ops_id);
466 $creation_operations[] = $ops_id;
467
468 $roles = array();
469 foreach ($this->getVisibleRoles() as $role_data) {
470 $roles[$role_data['obj_id']] =
471 array(
472 'blocked' => $role_data['blocked'],
473 'protected' => $role_data['protected'],
474 'permission_set' => in_array($ops_id, (array) $operations[$role_data['obj_id']]),
475 'isLocal' => ($this->getRefId() == $role_data['parent']) && $role_data['assign'] == 'y'
476
477 );
478 }
479
480 $op = $rbacreview->getOperation($ops_id);
481
482 $perms[$counter]['roles'] = $roles;
483 $perms[$counter]['perm'] = $op;
484 $counter++;
485 }
486
487
488
489 // Select all
490 if (count($creation_operations)) {
491 $perms[$counter]['show_select_all'] = 1;
492 $perms[$counter]['ops'] = $creation_operations;
493 $perms[$counter]['subtype'] = 'creation';
494 $counter++;
495 }
496
497 $this->setData($perms);
498 }
499
504 protected function initColumns()
505 {
506 global $DIC;
507
508 $rbacreview = $DIC['rbacreview'];
509 $ilCtrl = $DIC['ilCtrl'];
510
511 $roles = $rbacreview->getParentRoleIds($this->getRefId());
512 $roles = $this->getParentObject()->applyRoleFilter(
513 $roles,
514 $this->getFilterItemByPostVar('role')->getValue()
515 );
516
517 $possible_roles = array();
518 foreach ($roles as $role) {
519 if ($rbacreview->isBlockedInUpperContext($role['obj_id'], $this->getRefId())) {
520 ilLoggerFactory::getLogger('ac')->debug('Ignoring blocked role: ' . $role['obj_id']);
521 continue;
522 }
523 $possible_roles[] = $role;
524 }
525
526
527 if (count($possible_roles)) {
528 $column_width = 100 / count($possible_roles);
529 $column_width .= '%';
530 } else {
531 $column_widht = "0%";
532 }
533
534 $all_roles = array();
535 foreach ($possible_roles as $role) {
536 if ($role['obj_id'] == SYSTEM_ROLE_ID) {
537 continue;
538 }
539
540 $role['blocked'] = (bool) $rbacreview->isBlockedAtPosition($role['obj_id'], $this->getRefId());
541 $role['role_type'] = $rbacreview->isGlobalRole($role['obj_id']) ? 'global' : 'local';
542
543 // TODO check filter
544 $this->addColumn(
545 $this->createTitle($role),
546 $role['obj_id'],
547 '',
548 '',
549 false,
550 $this->createTooltip($role)
551 );
552 $all_roles[] = $role;
553 }
554
555 $this->setVisibleRoles($all_roles);
556 return true;
557 }
558
564 protected function createTooltip($role)
565 {
566 global $DIC;
567
568 $rbacreview = $DIC['rbacreview'];
569 $tree = $DIC['tree'];
570 $objDefinition = $DIC['objDefinition'];
571
572 #vd($role);
573 $protected_status = $rbacreview->isProtected($role['parent'], $role['obj_id']) ? 'protected_' : '';
574 if ($role['role_type'] == 'global') {
575 $tp = $this->lng->txt('perm_' . $protected_status . 'global_role');
576 } else {
577 $tp = $this->lng->txt('perm_' . $protected_status . 'local_role');
578 }
579
580 $inheritance_seperator = ': ';
581
582 // Show create at info
583 if (
584 ($role['assign'] == 'y' and $role['role_type'] != 'global') or
585 ($role['assign'] == 'n' and $role['role_type'] != 'global')
586 ) {
587 $tp .= ': ';
588
589 $obj = $rbacreview->getObjectOfRole($role['obj_id']);
590 if ($obj) {
591 $type = ilObject::_lookupType($this->getRefId(), true);
592 if ($objDefinition->isPlugin($type)) {
593 $type_text = ilObjectPlugin::lookupTxtById($type, 'obj_' . $type);
594 } else {
595 $type_text = $this->lng->txt('obj_' . ilObject::_lookupType($obj));
596 }
597
598 $tp .= sprintf(
599 $this->lng->txt('perm_role_path_info_created'),
600 $type_text,
602 );
603 $inheritance_seperator = ', ';
604 }
605 }
606
607 $path_hierarchy = $rbacreview->getObjectsWithStopedInheritance(
608 $role['obj_id'],
609 $tree->getPathId($this->getRefId())
610 );
611
612 $reduced_path_hierarchy = (array) array_diff(
613 $path_hierarchy,
614 array(
615 $this->getRefId(),
616 $rbacreview->getObjectReferenceOfRole($role['obj_id'])
617 )
618 );
619
620
621 // Inheritance
622 if ($role['assign'] == 'n' and count($reduced_path_hierarchy)) {
623 $tp .= $inheritance_seperator;
624
625 $parent = end($reduced_path_hierarchy);
628 $tp .= sprintf($this->lng->txt('perm_role_path_info_inheritance'), $this->lng->txt('obj_' . $p_type), $p_title);
629 }
630
631 return $tp;
632 }
633
639 protected function createTitle($role)
640 {
641 global $DIC;
642
643 $ilCtrl = $DIC['ilCtrl'];
644 $objDefinition = $DIC['objDefinition'];
645
646 include_once './Services/AccessControl/classes/class.ilObjRole.php';
647 $role_title = ilObjRole::_getTranslation($role['title']);
648
649 // No local policies
650 if ($role['parent'] != $this->getRefId()) {
651 return $role_title;
652 }
653
654 $type = ilObject::_lookupType($this->getRefId(), true);
655 if ($objDefinition->isPlugin($type)) {
656 if (preg_match("/^il_./", $role["title"])) {
657 $role_title = ilObjectPlugin::lookupTxtById($type, ilObjRole::_removeObjectId($role["title"]));
658 }
659 }
660
661 if ($role['blocked']) {
662 return $role_title;
663 }
664 $ilCtrl->setParameterByClass('ilobjrolegui', 'obj_id', $role['obj_id']);
665
666 return '<a class="tblheader" href="' . $ilCtrl->getLinkTargetByClass('ilobjrolegui', '') . '" >' . $role_title . '</a>';
667 }
668}
An exception for terminatinating execution or to throw for unit testing.
static getLogger($a_component_id)
Get component logger.
static _getTranslation($a_role_title)
static _removeObjectId($a_role_title)
static lookupTxtById($plugin_id, $lang_var)
__construct($a_parent_obj, $a_parent_cmd, $a_ref_id)
Constructor.
addActiveOperation($a_ops_id)
Add active operation.
createTooltip($role)
Create a linked title for roles with local policy.
static _lookupObjId($a_id)
static _lookupTitle($a_id)
lookup object title
static _lookupType($a_id, $a_reference=false)
lookup object type
static hasContainerCommands($a_type)
Check if container commands are possible for the current object type.
static langExitsById(string $pluginId, string $langVar)
Is searched lang var available in plugin lang files.
static lookupCreateOperationIds($a_type_arr)
Lookup operation ids.
Class ilTable2GUI.
getFormName()
Get Form name.
setEnableHeader($a_enableheader)
Set Enable Header.
setDisableFilterHiding($a_val=true)
Set disable filter hiding.
setShowRowsSelector($a_value)
Toggle rows-per-page selector.
getParentObject()
Get parent object.
setTitle($a_title, $a_icon=0, $a_icon_alt=0)
Set title and title icon.
setNoEntriesText($a_text)
Set text for an empty table.
setData($a_data)
set table data @access public
setRowTemplate($a_template, $a_template_dir="")
Set row template.
setLimit($a_limit=0, $a_default_limit=0)
set max.
getFilterItemByPostVar($a_post_var)
addColumn( $a_text, $a_sort_field="", $a_width="", $a_is_checkbox_action_column=false, $a_class="", $a_tooltip="", $a_tooltip_with_html=false)
Add a column to the header.
addFilterItemByMetaType($id, $type=self::FILTER_TEXT, $a_optional=false, $caption=null)
Add filter by standard type.
setId($a_val)
Set id.
setFormAction($a_form_action, $a_multipart=false)
Set Form action parameter.
addCommandButton($a_cmd, $a_text, $a_onclick='', $a_id="", $a_class=null)
Add Command button.
disable($a_module_name)
diesables particular modules of table
const SYSTEM_ROLE_ID
Definition: constants.php:27
global $DIC
Definition: goto.php:24
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
$type