58 public function __construct($a_data, $a_id, $a_call_by_reference =
false, $a_prepare_output =
true)
65 $lng->loadLanguageModule(
'rbac');
68 define(
"USER_FOLDER_ID", 7);
72 $this->obj_ref_id = (int) $_REQUEST[
'rolf_ref_id']
73 ? (
int) $_REQUEST[
'rolf_ref_id']
74 : (int) $_REQUEST[
'ref_id'];
83 $this->ctrl->saveParameter($this, [
'obj_id',
'rolf_ref_id']);
95 $next_class = $this->ctrl->getNextClass($this);
96 $cmd = $this->ctrl->getCmd();
100 switch ($next_class) {
101 case 'ilrepositorysearchgui':
104 $GLOBALS[
'DIC'][
'ilErr']->raiseError(
$GLOBALS[
'DIC'][
'lng']->txt(
'permission_denied'),
$GLOBALS[
'DIC'][
'ilErr']->WARNING);
106 include_once(
'./Services/Search/classes/class.ilRepositorySearchGUI.php');
108 $rep_search->setTitle($this->lng->txt(
'role_add_user'));
109 $rep_search->setCallback($this,
'addUserObject');
112 $this->tabs_gui->setTabActive(
'user_assignment');
113 $this->ctrl->setReturn($this,
'userassignment');
114 $ret = &$this->ctrl->forwardCommand($rep_search);
119 $this->tabs_gui->setTabActive(
'export');
121 include_once
'./Services/Export/classes/class.ilExportOptions.php';
125 include_once
'./Services/Export/classes/class.ilExportGUI.php';
127 $exp->addFormat(
'xml');
128 $this->ctrl->forwardCommand($exp);
131 case 'ilrecommendedcontentroleconfiggui':
132 $this->tabs_gui->setTabActive(
'rep_recommended_content');
134 $this->ctrl->forwardCommand($ui);
142 $cmd =
'userassignment';
186 $this->back_target = array(
"text" => $a_text,
192 return $this->back_target ? $this->back_target : array();
235 include_once
'./Services/Form/classes/class.ilPropertyFormGUI.php';
238 if ($this->creation_mode) {
239 $this->ctrl->setParameter($this,
"new_type",
'role');
241 $this->form->setFormAction($this->ctrl->getFormAction($this));
245 $this->form->setTitle($this->lng->txt(
'role_new'));
246 $this->form->addCommandButton(
'save', $this->lng->txt(
'role_new'));
250 $this->form->setTitle($this->lng->txt(
'role_edit'));
251 $this->form->addCommandButton(
'update', $this->lng->txt(
'save'));
258 $this->form->addCommandButton(
'cancel', $this->lng->txt(
'cancel'));
262 $title->setDisabled(
true);
265 $title->setValidationRegexp(
'/^(?!il_).*$/');
266 $title->setValidationFailureMessage($this->lng->txt(
'msg_role_reserved_prefix'));
270 $title->setMaxLength(70);
271 $title->setRequired(
true);
272 $this->form->addItem($title);
276 $desc->setDisabled(
true);
280 $this->form->addItem($desc);
282 if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
284 $this->form->addItem($ilias_id);
290 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
291 $this->form->addItem($reg);
295 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
296 $this->form->addItem($la);
301 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
302 $this->form->addItem($pro);
315 if (!$this->form->getItemByPostVar(
'title')->getDisabled()) {
316 $role->
setTitle($this->form->getInput(
'title'));
318 if (!$this->form->getItemByPostVar(
'desc')->getDisabled()) {
344 $this->form->setValuesByArray(
$data);
361 if (!
$rbacsystem->checkAccess(
'create_role', $this->obj_ref_id)) {
362 $this->tpl->setOnScreenMessage(
'failure', $this->lng->txt(
'permission_denied'),
true);
363 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
367 $this->tpl->setContent($this->form->getHTML());
379 $ilToolbar =
$DIC[
'ilToolbar'];
381 if (!$this->
checkAccess(
'write',
'edit_permission')) {
382 $this->tpl->setOnScreenMessage(
'msg_no_perm_write', $this->lng->txt(
'permission_denied'),
true);
383 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
386 $this->tabs_gui->activateTab(
'edit_properties');
390 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
391 if (
$rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
392 $ilToolbar->addButton(
393 $this->lng->txt(
'rbac_delete_role'),
394 $this->ctrl->getLinkTarget($this,
'confirmDeleteRole')
401 $this->tpl->setContent($this->form->getHTML());
413 $rbacadmin =
$DIC[
'rbacadmin'];
417 if ($this->form->checkInput() and !$this->checkDuplicate()) {
418 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
420 $this->role->create();
421 $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id,
'y');
422 $rbacadmin->setProtected(
424 $this->role->getId(),
425 $this->form->getInput(
'pro') ?
'y' :
'n'
427 ilUtil::sendSuccess($this->lng->txt(
"role_added"),
true);
428 $this->ctrl->setParameter($this,
'obj_id', $this->role->getId());
429 $this->ctrl->redirect($this,
'perm');
433 $this->form->setValuesByPost();
434 $this->tpl->setContent($this->form->getHTML());
456 $rbacadmin =
$DIC[
'rbacadmin'];
459 if ($this->form->checkInput() and !$this->checkDuplicate($this->object->getId())) {
460 include_once
'./Services/AccessControl/classes/class.ilObjRole.php';
462 $this->
object->update();
463 $rbacadmin->setProtected(
465 $this->object->getId(),
466 $this->form->getInput(
'pro') ?
'y' :
'n'
468 ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"),
true);
469 $this->ctrl->redirect($this,
'edit');
473 $this->form->setValuesByPost();
474 $this->tpl->setContent($this->form->getHTML());
482 protected function permObject($a_show_admin_permissions =
false)
486 $ilTabs =
$DIC[
'ilTabs'];
488 $ilToolbar =
$DIC[
'ilToolbar'];
492 $ilTabs->setTabActive(
'default_perm_settings');
496 if ($a_show_admin_permissions) {
497 $ilTabs->setSubTabActive(
'rbac_admin_permissions');
499 $ilTabs->setSubTabActive(
'rbac_repository_permissions');
502 if (!$this->
checkAccess(
'write',
'edit_permission')) {
503 $this->tpl->setOnScreenMessage(
'msg_no_perm_write', $this->lng->txt(
'permission_denied'),
true);
504 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
509 $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
510 $ilToolbar->addButton(
511 $this->lng->txt(
"adopt_perm_from_template"),
512 $this->ctrl->getLinkTarget($this,
'adoptPerm')
514 if (
$rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
515 $ilToolbar->addButton(
516 $this->lng->txt(
'rbac_delete_role'),
517 $this->ctrl->getLinkTarget($this,
'confirmDeleteRole')
522 $this->tpl->addBlockFile(
525 'tpl.rbac_template_permissions.html',
526 'Services/AccessControl'
529 $this->tpl->setVariable(
'PERM_ACTION', $this->ctrl->getFormAction($this));
531 include_once
'./Services/Accordion/classes/class.ilAccordionGUI.php';
537 if ($a_show_admin_permissions) {
538 $subs = ilObjRole::getSubObjects(
'adm',
true);
540 $subs = ilObjRole::getSubObjects(
'root',
false);
543 $subs = ilObjRole::getSubObjects($this->
getParentType(), $a_show_admin_permissions);
546 foreach ($subs as $subtype => $def) {
547 include_once
'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
552 $this->object->getId(),
554 $a_show_admin_permissions
558 $acc->addItem($def[
'translation'], $tbl->getHTML());
561 $this->tpl->setVariable(
'ACCORDION', $acc->getHTML());
564 include_once
'./Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
569 $this->object->getId(),
570 $a_show_admin_permissions
573 $options->addMultiCommand(
574 $a_show_admin_permissions ?
'adminPermSave' :
'permSave',
575 $this->lng->txt(
'save')
580 $this->tpl->setVariable(
'OPTIONS_TABLE', $options->getHTML());
608 $this->tabs_gui->clearTargets();
610 $parent_role_ids =
$rbacreview->getParentRoleIds($this->obj_ref_id,
true);
612 foreach ($parent_role_ids as $id => $tmp) {
616 $sorted_ids =
ilUtil::_sortIds($ids,
'object_data',
'type,title',
'obj_id');
618 foreach ($sorted_ids as $id) {
619 $par = $parent_role_ids[$id];
620 if ($par[
"obj_id"] !=
SYSTEM_ROLE_ID && $this->object->getId() != $par[
"obj_id"]) {
621 $output[$key][
"role_id"] = $par[
"obj_id"];
622 $output[$key][
"type"] = ($par[
"type"] ==
'role' ? $this->lng->txt(
'obj_role') : $this->lng->txt(
'obj_rolt'));
624 $output[$key][
"role_desc"] = $par[
"desc"];
630 include_once(
'./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
633 $tbl->setTitle($this->lng->txt(
"adopt_perm_from_template"));
634 $tbl->setData($output);
636 $this->tpl->setContent($tbl->getHTML());
650 $this->tabs_gui->clearTargets();
652 if (!$this->
checkAccess(
'visible,write',
'edit_permission')) {
653 $this->tpl->setOnScreenMessage(
'msg_no_perm_perm', $this->lng->txt(
'permission_denied'),
true);
654 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
657 $question = $this->lng->txt(
'rbac_role_delete_qst');
659 $question .= (
'<br />' . $this->lng->txt(
'rbac_role_delete_self'));
663 include_once
'./Services/Utilities/classes/class.ilConfirmationGUI.php';
666 $confirm->setFormAction($this->ctrl->getFormAction($this));
667 $confirm->setHeaderText($question);
668 $confirm->setCancel($this->lng->txt(
'cancel'),
'perm');
669 $confirm->setConfirm($this->lng->txt(
'rbac_delete_role'),
'performDeleteRole');
673 $this->object->getId(),
678 $this->tpl->setContent($confirm->getHTML());
691 $this->tpl->setOnScreenMessage(
'msg_no_perm_perm', $this->lng->txt(
'permission_denied'),
true);
692 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
695 $this->
object->setParent((
int) $this->obj_ref_id);
696 $this->
object->delete();
697 ilUtil::sendSuccess($this->lng->txt(
'msg_deleted_role'),
true);
699 $this->ctrl->returnToParent($this);
712 $rbacadmin =
$DIC[
'rbacadmin'];
717 if (!$this->
checkAccess(
'visible,write',
'edit_permission')) {
718 $this->tpl->setOnScreenMessage(
'msg_no_perm_perm', $this->lng->txt(
'permission_denied'),
true);
719 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
723 include_once
"Services/AccessControl/classes/class.ilRbacLog.php";
725 if ($rbac_log_active) {
731 if ($a_show_admin_permissions) {
732 $subs = ilObjRole::getSubObjects(
'adm',
true);
734 $subs = ilObjRole::getSubObjects(
'root',
false);
737 $subs = ilObjRole::getSubObjects($this->
getParentType(), $a_show_admin_permissions);
740 foreach ($subs as $subtype => $def) {
742 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
745 if (empty(
$_POST[
"template_perm"])) {
746 $_POST[
"template_perm"] = array();
749 foreach (
$_POST[
"template_perm"] as $key => $ops_array) {
751 $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
754 if ($rbac_log_active) {
761 $this->
object->update();
765 $rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(),
ilUtil::tf2yn(
$_POST[
'protected']));
768 if ($a_show_admin_permissions) {
769 $_POST[
'recursive'] =
true;
773 if (!
$_POST[
'recursive'] and !is_array(
$_POST[
'recursive_list'])) {
774 ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"),
true);
775 if ($a_show_admin_permissions) {
776 $this->ctrl->redirect($this,
'adminPerm');
778 $this->ctrl->redirect($this,
'perm');
788 if ($a_show_admin_permissions) {
789 $start =
$tree->getParentId($this->obj_ref_id);
792 if (
$_POST[
'protected']) {
793 $this->
object->changeExistingObjects(
800 $this->
object->changeExistingObjects(
807 ilUtil::sendSuccess($this->lng->txt(
"saved_successfully"),
true);
809 if ($a_show_admin_permissions) {
810 $this->ctrl->redirect($this,
'adminPerm');
812 $this->ctrl->redirect($this,
'perm');
827 $rbacadmin =
$DIC[
'rbacadmin'];
840 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
843 if ($this->object->getId() ==
$_POST[
"adopt"]) {
846 $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
847 $parentRoles =
$rbacreview->getParentRoleIds($this->obj_ref_id,
true);
848 $rbacadmin->copyRoleTemplatePermissions(
850 $parentRoles[
$_POST[
"adopt"]][
"parent"],
852 $this->object->getId(),
857 $this->
object->update();
860 $obj_data = &$this->
ilias->obj_factory->getInstanceByObjId($_POST[
"adopt"]);
861 ilUtil::sendSuccess($this->lng->txt(
"msg_perm_adopted_from1") .
" '" .
863 $this->lng->txt(
"msg_perm_adopted_from2"),
true);
866 $this->ctrl->redirect($this,
"perm");
876 $this->assignUserObject();
891 $rbacadmin =
$DIC[
'rbacadmin'];
893 if (!$this->
checkAccess(
'edit_userassignment',
'edit_permission')) {
897 if (!
$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
903 $GLOBALS[
'DIC'][
'lng']->loadLanguageModule(
'search');
908 $assigned_users_all =
$rbacreview->assignedUsers($this->object->getId());
911 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
914 if (count($assigned_users_new) == 0) {
916 $this->ctrl->redirect($this,
'userassignment');
920 foreach ($assigned_users_new as $user_id) {
922 $this->tpl->setOnScreenMessage(
'failure', $this->lng->txt(
'msg_anonymous_cannot_be_assigned'),
true);
925 $rbacadmin->assignUser($this->object->getId(), $user_id,
false);
929 $this->
object->update();
931 ilUtil::sendSuccess($this->lng->txt(
"msg_userassignment_changed"),
true);
932 $this->ctrl->redirect($this,
'userassignment');
945 $rbacadmin =
$DIC[
'rbacadmin'];
948 if (!$this->
checkAccess(
'edit_userassignment',
'edit_permission')) {
949 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
952 $selected_users = (
$_POST[
"user_id"]) ?
$_POST[
"user_id"] : array(
$_GET[
"user_id"]);
954 if ($selected_users[0] ===
null) {
955 $this->
ilias->raiseError($this->lng->txt(
"no_checkbox"), $this->
ilias->error_obj->MESSAGE);
960 if ($admin = array_search(
SYSTEM_USER_ID, $selected_users) !==
false) {
961 unset($selected_users[$admin]);
969 foreach ($selected_users as
$user) {
971 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
973 if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(), $assigned_global_roles))) {
974 $userObj = $this->
ilias->obj_factory->getInstanceByObjId($user);
975 $last_role[
$user] = $userObj->getFullName();
982 foreach ($selected_users as
$user) {
983 if (!isset($last_role[
$user])) {
984 $rbacadmin->deassignUser($this->object->getId(),
$user);
989 $this->
object->update();
992 if (count($last_role)) {
993 $user_list = implode(
", ", $last_role);
994 ilUtil::sendFailure($this->lng->txt(
'msg_is_last_role') .
': ' . $user_list .
'<br />' . $this->lng->txt(
'msg_min_one_role'),
true);
996 ilUtil::sendSuccess($this->lng->txt(
"msg_userassignment_changed"),
true);
998 $this->ctrl->redirect($this,
'userassignment');
1014 if (!$this->
checkAccess(
'edit_userassignment',
'edit_permission')) {
1015 $this->
ilias->raiseError($this->lng->txt(
"msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1018 $this->tabs_gui->setTabActive(
'user_assignment');
1020 $this->tpl->addBlockFile(
'ADM_CONTENT',
'adm_content',
'tpl.rbac_ua.html',
'Services/AccessControl');
1022 include_once
'./Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1026 include_once
'./Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1037 include_once
'./Services/Search/classes/class.ilRepositorySearchGUI.php';
1042 'auto_complete_name' =>
$lng->txt(
'user'),
1043 'submit_name' =>
$lng->txt(
'add')
1050 $this->lng->txt(
'search_user'),
1051 $this->ctrl->getLinkTargetByClass(
'ilRepositorySearchGUI',
'start')
1057 $this->lng->txt(
'role_mailto'),
1058 $this->ctrl->getLinkTarget($this,
'mailToRole')
1060 $this->tpl->setVariable(
'BUTTONS_UA', $tb->getHTML());
1063 include_once
'./Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1064 $role_assignment_editable =
true;
1068 $role_assignment_editable =
false;
1071 include_once
'./Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1072 $ut =
new ilAssignedUsersTableGUI($this,
'userassignment', $this->object->getId(), $role_assignment_editable);
1074 $this->tpl->setVariable(
'TABLE_UA', $ut->getHTML());
1086 if (
$_GET[
"new_type"] !=
"role") {
1087 $this->ctrl->redirect($this,
"userassignment");
1089 $this->ctrl->redirectByClass(
"ilobjrolefoldergui",
"view");
1103 if (!is_array(
$_POST[
"role"])) {
1105 $this->searchObject();
1110 $this->tpl->addBlockFile(
"ADM_CONTENT",
"adm_content",
"tpl.role_usr_selection.html",
"Services/AccessControl");
1111 $this->
__showButton(
"searchUserForm", $this->lng->txt(
"role_new_search"));
1116 foreach (
$_POST[
"role"] as $role_id) {
1117 $members = array_merge(
$rbacreview->assignedUsers($role_id), $members);
1120 $members = array_unique($members);
1124 $f_result = array();
1126 foreach ($members as
$user) {
1131 $user_ids[$counter] =
$user;
1135 $f_result[$counter][] = $tmp_obj->getLogin();
1136 $f_result[$counter][] = $tmp_obj->getFirstname();
1137 $f_result[$counter][] = $tmp_obj->getLastname();
1143 $this->__showSearchUserTable($f_result, $user_ids,
"listUsersRole");
1151 $this->tpl->addBlockFile(
"CONTENT",
"content",
"tpl.adm_content.html");
1152 $this->tpl->addBlockFile(
"STATUSLINE",
"statusline",
"tpl.statusline.html");
1155 if ($this->message) {
1168 $this->tpl->setTitle($this->lng->txt(
'role'));
1169 $this->tpl->setDescription($this->object->getTitle());
1172 $this->
getTabs($this->tabs_gui);
1183 $ilLocator =
$DIC[
'ilLocator'];
1186 $_GET[
"admin_mode"] ==
"settings"
1188 parent::addAdminLocatorItems(
true);
1190 $ilLocator->addItem(
1192 $this->ctrl->getLinkTargetByClass(
"ilobjrolefoldergui",
'view')
1195 if (
$_GET[
"obj_id"] > 0) {
1196 $ilLocator->addItem(
1198 $this->ctrl->getLinkTarget($this,
'perm')
1202 parent::addAdminLocatorItems($a_do_not_add_object);
1214 $ilHelp =
$DIC[
'ilHelp'];
1216 $base_role_container =
$rbacreview->getFoldersAssignedToRole($this->object->getId(),
true);
1218 $activate_role_edit =
false;
1222 if (in_array($this->obj_ref_id, $base_role_container) ||
1223 (strtolower(
$_GET[
"baseClass"]) ==
"iladministrationgui" &&
1224 $_GET[
"admin_mode"] ==
"settings")) {
1225 $activate_role_edit =
true;
1229 $this->tabs_gui->clearTargets();
1231 $ilHelp->setScreenIdComponent(
"role");
1233 if ($this->back_target !=
"") {
1234 $this->tabs_gui->setBackTarget(
1235 $this->back_target[
"text"],
1236 $this->back_target[
"link"]
1239 $this->tabs_gui->setBackTarget($this->lng->txt(
'btn_back'), $this->ctrl->getParentReturn($this));
1242 if ($this->
checkAccess(
'write',
'edit_permission') && $activate_role_edit) {
1243 $this->tabs_gui->addTarget(
1245 $this->ctrl->getLinkTarget($this,
"edit"),
1251 $this->tabs_gui->addTarget(
1252 "default_perm_settings",
1253 $this->ctrl->getLinkTarget($this,
"perm"),
1260 $this->tabs_gui->addTarget(
1262 $this->ctrl->getLinkTarget($this,
"userassignment"),
1263 [
"deassignUser",
"userassignment",
"assignUser",
"searchUserForm",
"search"],
1269 $this->lng->loadLanguageModule(
"rep");
1270 $this->tabs_gui->addTarget(
1271 "rep_recommended_content",
1272 $this->ctrl->getLinkTargetByClass(
"ilrecommendedcontentroleconfiggui",
"")
1275 if ($this->
checkAccess(
'write',
'edit_permission')) {
1276 $this->tabs_gui->addTarget(
1278 $this->ctrl->getLinkTargetByClass(
'ilExportGUI'),
1287 if (count($obj_ids) > 1) {
1288 $_SESSION[
'mail_roles'][] =
'#il_role_' . $this->
object->getId();
1290 $_SESSION[
'mail_roles'][] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1293 require_once
'Services/Mail/classes/class.ilMailFormCall.php';
1303 $ilAccess =
$DIC[
'ilAccess'];
1305 $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1308 return $rbacsystem->checkAccess($a_perm_global, $this->obj_ref_id);
1310 return $ilAccess->checkAccess($a_perm_obj,
'', $this->obj_ref_id);
1324 if (!(
int)
$_POST[
'recursive'] and !is_array(
$_POST[
'recursive_list'])) {
1329 if (
$rbacreview->isProtected($this->obj_ref_id, $this->object->getId())) {
1332 return count(
$rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1336 return count(
$rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1346 $protected =
$_POST[
'protected'];
1348 include_once
'./Services/Form/classes/class.ilPropertyFormGUI.php';
1350 $form->setFormAction($this->ctrl->getFormAction($this,
'changeExistingObjects'));
1351 $form->setTitle($this->lng->txt(
'rbac_change_existing_confirm_tbl'));
1353 $form->addCommandButton(
'changeExistingObjects', $this->lng->txt(
'change_existing_objects'));
1354 $form->addCommandButton(
'perm', $this->lng->txt(
'cancel'));
1357 $hidden->setValue(
$_POST[
'recursive'] ? json_encode([
'all']) : json_encode(
$_POST[
'recursive_list']));
1358 $form->addItem($hidden);
1365 $this->lng->txt(
'rbac_keep_local_policies'),
1367 $this->lng->txt(
'rbac_keep_local_policies_info')
1372 $this->lng->txt(
'rbac_keep_local_policies'),
1374 $this->lng->txt(
'rbac_unprotected_keep_local_policies_info')
1377 $rad->addOption($keep);
1381 $this->lng->txt(
'rbac_delete_local_policies'),
1383 $this->lng->txt(
'rbac_delete_local_policies_info')
1387 $this->lng->txt(
'rbac_delete_local_policies'),
1389 $this->lng->txt(
'rbac_unprotected_delete_local_policies_info')
1392 $rad->addOption($del);
1394 $form->addItem($rad);
1395 $this->tpl->setContent($form->getHTML());
1404 $mode = (int)
$_POST[
'mode'];
1406 $this->
object->changeExistingObjects(
1414 ilUtil::sendSuccess($this->lng->txt(
'settings_saved'),
true);
1415 $this->ctrl->redirect($this,
'perm');
1427 $ilTabs =
$DIC[
'ilTabs'];
1430 case 'default_perm_settings':
1434 $ilTabs->addSubTabTarget(
1435 'rbac_repository_permissions',
1436 $this->ctrl->getLinkTarget($this,
'perm')
1438 $ilTabs->addSubTabTarget(
1439 'rbac_admin_permissions',
1440 $this->ctrl->getLinkTarget($this,
'adminPerm')
1454 $ilCtrl =
$DIC[
'ilCtrl'];
1456 $users = (array)
$_POST[
'user_id'];
1457 if (!count($users)) {
1459 $ilCtrl->redirect($this,
'userassignment');
1461 include_once
'./Services/User/classes/class.ilUserClipboard.php';
1466 $lng->loadLanguageModule(
'user');
1467 ilUtil::sendSuccess($this->lng->txt(
'clipboard_user_added'),
true);
1468 $ilCtrl->redirect($this,
'userassignment');
1478 $ilLocator =
$DIC[
'ilLocator'];
1480 if (
$_GET[
"admin_mode"] ==
"") {
1481 $this->ctrl->setParameterByClass(
1484 (
int)
$_GET[
"obj_id"]
1486 $ilLocator->addItem(
1488 $this->ctrl->getLinkTargetByClass(
1507 $review =
$DIC->rbac()->review();
1508 $logger =
$DIC->logger()->ac();
1512 !$this->object->getId() ||
1519 $possible_roles = [];
1521 $possible_roles = $review->getRolesOfObject(
1525 }
catch (\InvalidArgumentException
$e) {
1526 $logger->warning(
'Role access check failed: ' .
$e);
1528 include_once
"Services/Object/exceptions/class.ilObjectException.php";
1529 throw new \ilObjectException($this->lng->txt(
'permission_denied'));
1532 if (!in_array($this->object->getId(), $possible_roles)) {
1533 $logger->warning(
'Object id: ' . $this->object->getId() .
' is not accessible for ref_id: ' . $this->obj_ref_id);
1534 include_once
"Services/Object/exceptions/class.ilObjectException.php";
1535 throw new \ilObjectException($this->lng->txt(
'permission_denied'));
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
An exception for terminatinating execution or to throw for unit testing.
return true
Flag indicating whether or not HTTP headers will be sent when outputting captcha image/audio.
Accordion user interface class.
TableGUI class for role administration.
Confirmation screen class.
Export User Interface Class.
static newInstance($a_export_id)
Create new instance.
static allocateExportId()
Allocate a new export id.
This class represents a non editable value in a property form.
getAdminTabs()
admin and normal tabs are equal for roles
editObject()
Edit role properties.
getTabs()
get tabs abstract method.
performDeleteRoleObject()
Delete role.
saveObject()
Save new role.
updateObject()
Save role settings.
initFormRoleProperties($a_mode)
Create role prperty form.
userassignmentObject()
display user assignment panel
showChangeExistingObjectsConfirmation()
Show confirmation screen.
ensureRoleAccessForContext()
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor @access public.
setBackTarget($a_text, $a_link)
set back tab target
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
deassignUserObject()
de-assign users from role
permObject($a_show_admin_permissions=false)
Show template permissions.
loadRoleProperties(ilObjRole $role)
Store form input in role object.
assignSaveObject()
wrapper for renamed function
permSaveObject($a_show_admin_permissions=false)
save permissions
getParentType()
get type of current object (not role folder)
getContainerType()
Get type of role container.
addAdminLocatorItems($a_do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
checkAccess($a_perm_global, $a_perm_obj='')
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
showDefaultPermissionSettings()
check if default permissions are shown or not
adminPermObject()
Show administration permissions.
executeCommand()
execute command
adminPermSaveObject()
Save admin permissions.
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
confirmDeleteRoleObject()
Show delete confirmation screen.
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
getParentRefId()
Get ref id of current object (not role folder id)
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
adoptPermSaveObject()
copy permissions from role
getParentObjId()
Get obj_id of current object.
setSubTabs($a_tab)
Set sub tabs.
addToClipboardObject()
Add selected users to user clipboard.
changeExistingObjectsObject()
Change existing objects.
setAllowRegister($a_allow_register)
set allow_register of role
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
getAllowRegister()
get allow_register
static _getTranslation($a_role_title)
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
static isAutoGenerated($a_role_id)
toggleAssignUsersStatus($a_assign_users)
getPresentationTitle()
For autogenerated roles this returns 'Translated Title (untranslated title)'.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Class ilObjectGUI Basic methods of all Output classes.
__showButton($a_cmd, $a_text, $a_target='')
prepareOutput($a_show_subobjects=true)
prepare output
Table for object role permissions.
Table for object role permissions.
static _lookupObjId($a_id)
setTitle($a_title)
set object title
setDescription($a_desc)
set object description
getDescription()
get object description
getId()
get object id @access public
static _lookupType($a_id, $a_reference=false)
lookup object type
static _getIdsForTitle($title, $type='', $partialmatch=false)
This class represents an option in a radio group.
static diffTemplate(array $a_old, array $a_new)
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
static gatherTemplate($a_role_ref_id, $a_role_id)
Recommended content configuration for roles.
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07....
static _getInstance()
Get instance of ilSecuritySettings.
This class represents a text area property in a property form.
This class represents a text property in a property form.
static getInstance($a_usr_id)
Get singelton instance.
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
static tf2yn($a_tf)
convert true/false to "y"/"n"
static redirect($a_script)
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static infoPanel($a_keep=true)
const SYSTEM_USER_ID
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Interface GlobalHttpState.
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
redirection script todo: (a better solution should control the processing via a xml file)