ILIAS  release_7 Revision v7.30-3-g800a261c036
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 
19 use ILIAS\HTTP\GlobalHttpState;
20 use ILIAS\Refinery\Factory;
21 
31 class ilObjRoleGUI extends ilObjectGUI
32 {
33  const MODE_GLOBAL_UPDATE = 1;
34  const MODE_GLOBAL_CREATE = 2;
35  const MODE_LOCAL_UPDATE = 3;
36  const MODE_LOCAL_CREATE = 4;
37 
43  public $type;
44 
45 
46  protected $obj_ref_id = 0;
47  protected $obj_obj_id = 0;
48  protected $obj_obj_type = '';
49  protected $container_type = '';
50 
51 
52  public $ctrl;
53 
58  public function __construct($a_data, $a_id, $a_call_by_reference = false, $a_prepare_output = true)
59  {
60  global $DIC;
61 
62  $tree = $DIC['tree'];
63  $lng = $DIC['lng'];
64 
65  $lng->loadLanguageModule('rbac');
66 
67  //TODO: move this to class.ilias.php
68  define("USER_FOLDER_ID", 7);
69 
70  // Add ref_id of object that contains this role folder
71 
72  $this->obj_ref_id = (int) $_REQUEST['rolf_ref_id']
73  ? (int) $_REQUEST['rolf_ref_id']
74  : (int) $_REQUEST['ref_id'];
75 
76  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
77  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
78 
79  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
80 
81  $this->type = "role";
82  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
83  $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
84  }
85 
86 
87  public function executeCommand()
88  {
89  global $DIC;
90 
91  $rbacsystem = $DIC['rbacsystem'];
92 
93  $this->prepareOutput();
94 
95  $next_class = $this->ctrl->getNextClass($this);
96  $cmd = $this->ctrl->getCmd();
97 
98  $this->ensureRoleAccessForContext();
99 
100  switch ($next_class) {
101  case 'ilrepositorysearchgui':
102 
103  if (!$GLOBALS['DIC']['ilAccess']->checkAccess('edit_permission', '', $this->obj_ref_id)) {
104  $GLOBALS['DIC']['ilErr']->raiseError($GLOBALS['DIC']['lng']->txt('permission_denied'), $GLOBALS['DIC']['ilErr']->WARNING);
105  }
106  include_once('./Services/Search/classes/class.ilRepositorySearchGUI.php');
107  $rep_search = new ilRepositorySearchGUI();
108  $rep_search->setTitle($this->lng->txt('role_add_user'));
109  $rep_search->setCallback($this, 'addUserObject');
110 
111  // Set tabs
112  $this->tabs_gui->setTabActive('user_assignment');
113  $this->ctrl->setReturn($this, 'userassignment');
114  $ret = &$this->ctrl->forwardCommand($rep_search);
115  break;
116 
117  case 'ilexportgui':
118 
119  $this->tabs_gui->setTabActive('export');
120 
121  include_once './Services/Export/classes/class.ilExportOptions.php';
122  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
123  $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
124 
125  include_once './Services/Export/classes/class.ilExportGUI.php';
126  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
127  $exp->addFormat('xml');
128  $this->ctrl->forwardCommand($exp);
129  break;
130 
131  case 'ilrecommendedcontentroleconfiggui':
132  $this->tabs_gui->setTabActive('rep_recommended_content');
133  $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
134  $this->ctrl->forwardCommand($ui);
135  break;
136 
137  default:
138  if (!$cmd) {
139  if ($this->showDefaultPermissionSettings()) {
140  $cmd = "perm";
141  } else {
142  $cmd = 'userassignment';
143  }
144  }
145  $cmd .= "Object";
146  $this->$cmd();
147 
148  break;
149  }
150 
151  return true;
152  }
153 
158  public function getParentRefId()
159  {
160  return $this->obj_ref_id;
161  }
162 
167  public function getParentObjId()
168  {
169  return $this->obj_obj_id;
170  }
171 
176  public function getParentType()
177  {
178  return $this->obj_obj_type;
179  }
180 
184  public function setBackTarget($a_text, $a_link)
185  {
186  $this->back_target = array("text" => $a_text,
187  "link" => $a_link);
188  }
189 
190  public function getBackTarget()
191  {
192  return $this->back_target ? $this->back_target : array();
193  }
194 
198  public function getAdminTabs()
199  {
200  $this->getTabs();
201  }
202 
207  protected function getContainerType()
208  {
209  return $this->container_type;
210  }
211 
216  protected function showDefaultPermissionSettings()
217  {
218  global $DIC;
219 
220  $objDefinition = $DIC['objDefinition'];
221 
222  return $objDefinition->isContainer($this->getContainerType())
223  || $objDefinition->isAdministrationObject($this->getContainerType());
224  }
225 
226 
227 
233  protected function initFormRoleProperties($a_mode)
234  {
235  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
236  $this->form = new ilPropertyFormGUI();
237 
238  if ($this->creation_mode) {
239  $this->ctrl->setParameter($this, "new_type", 'role');
240  }
241  $this->form->setFormAction($this->ctrl->getFormAction($this));
242 
243  switch ($a_mode) {
244  case self::MODE_GLOBAL_CREATE:
245  $this->form->setTitle($this->lng->txt('role_new'));
246  $this->form->addCommandButton('save', $this->lng->txt('role_new'));
247  break;
248 
249  case self::MODE_GLOBAL_UPDATE:
250  $this->form->setTitle($this->lng->txt('role_edit'));
251  $this->form->addCommandButton('update', $this->lng->txt('save'));
252  break;
253 
254  case self::MODE_LOCAL_CREATE:
255  case self::MODE_LOCAL_UPDATE:
256  }
257  // Fix cancel
258  $this->form->addCommandButton('cancel', $this->lng->txt('cancel'));
259 
260  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
261  if (ilObjRole::isAutoGenerated($this->object->getId())) {
262  $title->setDisabled(true);
263  } else {
264  //#17111 No validation for disabled fields
265  $title->setValidationRegexp('/^(?!il_).*$/');
266  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
267  }
268 
269  $title->setSize(40);
270  $title->setMaxLength(70);
271  $title->setRequired(true);
272  $this->form->addItem($title);
273 
274  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
275  if (ilObjRole::isAutoGenerated($this->object->getId())) {
276  $desc->setDisabled(true);
277  }
278  $desc->setCols(40);
279  $desc->setRows(3);
280  $this->form->addItem($desc);
281 
282  if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
283  $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
284  $this->form->addItem($ilias_id);
285  }
286 
287  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
288  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'), 'reg');
289  $reg->setValue(1);
290  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
291  $this->form->addItem($reg);
292 
293  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'), 'la');
294  $la->setValue(1);
295  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
296  $this->form->addItem($la);
297  }
298 
299  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
300  $pro->setValue(1);
301  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
302  $this->form->addItem($pro);
303 
304  return true;
305  }
306 
312  protected function loadRoleProperties(ilObjRole $role)
313  {
314  //Don't set if fields are disabled to prevent html manipulation.
315  if (!$this->form->getItemByPostVar('title')->getDisabled()) {
316  $role->setTitle($this->form->getInput('title'));
317  }
318  if (!$this->form->getItemByPostVar('desc')->getDisabled()) {
319  $role->setDescription($this->form->getInput('desc'));
320  }
321  $role->setAllowRegister($this->form->getInput('reg'));
322  $role->toggleAssignUsersStatus($this->form->getInput('la'));
323  return true;
324  }
325 
331  protected function readRoleProperties(ilObjRole $role)
332  {
333  global $DIC;
334 
335  $rbacreview = $DIC['rbacreview'];
336 
337  $data['title'] = $role->getPresentationTitle();
338  $data['desc'] = $role->getDescription();
339  $data['ilias_id'] = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($role->getId()) . '_' . $role->getId();
340  $data['reg'] = $role->getAllowRegister();
341  $data['la'] = $role->getAssignUsersStatus();
342  $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
343 
344  $this->form->setValuesByArray($data);
345  }
346 
347 
348 
349 
355  public function createObject()
356  {
357  global $DIC;
358 
359  $rbacsystem = $DIC['rbacsystem'];
360 
361  if (!$rbacsystem->checkAccess('create_role', $this->obj_ref_id)) {
362  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
363  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
364  }
365 
366  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
367  $this->tpl->setContent($this->form->getHTML());
368  }
369 
374  public function editObject()
375  {
376  global $DIC;
377 
378  $rbacreview = $DIC['rbacreview'];
379  $ilToolbar = $DIC['ilToolbar'];
380 
381  if (!$this->checkAccess('write', 'edit_permission')) {
382  $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
383  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
384  }
385 
386  $this->tabs_gui->activateTab('edit_properties');
387 
388  // Show copy role button
389  if ($this->object->getId() != SYSTEM_ROLE_ID) {
390  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
391  if ($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
392  $ilToolbar->addButton(
393  $this->lng->txt('rbac_delete_role'),
394  $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
395  );
396  }
397  }
398 
399  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
400  $this->readRoleProperties($this->object);
401  $this->tpl->setContent($this->form->getHTML());
402  }
403 
404 
409  public function saveObject()
410  {
411  global $DIC;
412 
413  $rbacadmin = $DIC['rbacadmin'];
414  $rbacreview = $DIC['rbacreview'];
415 
416  $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
417  if ($this->form->checkInput() and !$this->checkDuplicate()) {
418  include_once './Services/AccessControl/classes/class.ilObjRole.php';
419  $this->loadRoleProperties($this->role = new ilObjRole());
420  $this->role->create();
421  $rbacadmin->assignRoleToFolder($this->role->getId(), $this->obj_ref_id, 'y');
422  $rbacadmin->setProtected(
423  $this->obj_ref_id,
424  $this->role->getId(),
425  $this->form->getInput('pro') ? 'y' : 'n'
426  );
427  ilUtil::sendSuccess($this->lng->txt("role_added"), true);
428  $this->ctrl->setParameter($this, 'obj_id', $this->role->getId());
429  $this->ctrl->redirect($this, 'perm');
430  }
431 
432  ilUtil::sendFailure($this->lng->txt('err_check_input'));
433  $this->form->setValuesByPost();
434  $this->tpl->setContent($this->form->getHTML());
435  return false;
436  }
437 
442  protected function checkDuplicate($a_role_id = 0)
443  {
444  // disabled due to mantis #0013742: Renaming global roles: ILIAS denies if title fits other role title partially
445  return false;
446  }
447 
452  public function updateObject()
453  {
454  global $DIC;
455 
456  $rbacadmin = $DIC['rbacadmin'];
457 
458  $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
459  if ($this->form->checkInput() and !$this->checkDuplicate($this->object->getId())) {
460  include_once './Services/AccessControl/classes/class.ilObjRole.php';
461  $this->loadRoleProperties($this->object);
462  $this->object->update();
463  $rbacadmin->setProtected(
464  $this->obj_ref_id,
465  $this->object->getId(),
466  $this->form->getInput('pro') ? 'y' : 'n'
467  );
468  ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
469  $this->ctrl->redirect($this, 'edit');
470  }
471 
472  ilUtil::sendFailure($this->lng->txt('err_check_input'));
473  $this->form->setValuesByPost();
474  $this->tpl->setContent($this->form->getHTML());
475  return false;
476  }
477 
482  protected function permObject($a_show_admin_permissions = false)
483  {
484  global $DIC;
485 
486  $ilTabs = $DIC['ilTabs'];
487  $ilErr = $DIC['ilErr'];
488  $ilToolbar = $DIC['ilToolbar'];
489  $objDefinition = $DIC['objDefinition'];
490  $rbacreview = $DIC['rbacreview'];
491 
492  $ilTabs->setTabActive('default_perm_settings');
493 
494  $this->setSubTabs('default_perm_settings');
495 
496  if ($a_show_admin_permissions) {
497  $ilTabs->setSubTabActive('rbac_admin_permissions');
498  } else {
499  $ilTabs->setSubTabActive('rbac_repository_permissions');
500  }
501 
502  if (!$this->checkAccess('write', 'edit_permission')) {
503  $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
504  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
505  }
506 
507  // Show copy role button
508  if ($this->object->getId() != SYSTEM_ROLE_ID) {
509  $ilToolbar->setFormAction($this->ctrl->getFormAction($this));
510  $ilToolbar->addButton(
511  $this->lng->txt("adopt_perm_from_template"),
512  $this->ctrl->getLinkTarget($this, 'adoptPerm')
513  );
514  if ($rbacreview->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
515  $ilToolbar->addButton(
516  $this->lng->txt('rbac_delete_role'),
517  $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
518  );
519  }
520  }
521 
522  $this->tpl->addBlockFile(
523  'ADM_CONTENT',
524  'adm_content',
525  'tpl.rbac_template_permissions.html',
526  'Services/AccessControl'
527  );
528 
529  $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
530 
531  include_once './Services/Accordion/classes/class.ilAccordionGUI.php';
532  $acc = new ilAccordionGUI();
533  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
534  $acc->setId('template_perm_' . $this->getParentRefId());
535 
536  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
537  if ($a_show_admin_permissions) {
538  $subs = ilObjRole::getSubObjects('adm', true);
539  } else {
540  $subs = ilObjRole::getSubObjects('root', false);
541  }
542  } else {
543  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
544  }
545 
546  foreach ($subs as $subtype => $def) {
547  include_once 'Services/AccessControl/classes/class.ilObjectRoleTemplatePermissionTableGUI.php';
548  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
549  $this,
550  'perm',
551  $this->getParentRefId(),
552  $this->object->getId(),
553  $subtype,
554  $a_show_admin_permissions
555  );
556  $tbl->parse();
557 
558  $acc->addItem($def['translation'], $tbl->getHTML());
559  }
560 
561  $this->tpl->setVariable('ACCORDION', $acc->getHTML());
562 
563  // Add options table
564  include_once './Services/AccessControl/classes/class.ilObjectRoleTemplateOptionsTableGUI.php';
565  $options = new ilObjectRoleTemplateOptionsTableGUI(
566  $this,
567  'perm',
568  $this->obj_ref_id,
569  $this->object->getId(),
570  $a_show_admin_permissions
571  );
572  if ($this->object->getId() != SYSTEM_ROLE_ID) {
573  $options->addMultiCommand(
574  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
575  $this->lng->txt('save')
576  );
577  }
578 
579  $options->parse();
580  $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
581  }
582 
587  protected function adminPermObject()
588  {
589  return $this->permObject(true);
590  }
591 
596  protected function adminPermSaveObject()
597  {
598  return $this->permSaveObject(true);
599  }
600 
601  protected function adoptPermObject()
602  {
603  global $DIC;
604 
605  $rbacreview = $DIC['rbacreview'];
606  $output = [];
607 
608  $this->tabs_gui->clearTargets();
609 
610  $parent_role_ids = $rbacreview->getParentRoleIds($this->obj_ref_id, true);
611  $ids = [];
612  foreach ($parent_role_ids as $id => $tmp) {
613  $ids[] = $id;
614  }
615  // Sort ids
616  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
617  $key = 0;
618  foreach ($sorted_ids as $id) {
619  $par = $parent_role_ids[$id];
620  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
621  $output[$key]["role_id"] = $par["obj_id"];
622  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
623  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
624  $output[$key]["role_desc"] = $par["desc"];
625  $key++;
626  }
627  }
628 
629 
630  include_once('./Services/AccessControl/classes/class.ilRoleAdoptPermissionTableGUI.php');
631 
632  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
633  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
634  $tbl->setData($output);
635 
636  $this->tpl->setContent($tbl->getHTML());
637  }
638 
643  protected function confirmDeleteRoleObject()
644  {
645  global $DIC;
646 
647  $rbacreview = $DIC['rbacreview'];
648  $ilUser = $DIC['ilUser'];
649 
650  $this->tabs_gui->clearTargets();
651 
652  if (!$this->checkAccess('visible,write', 'edit_permission')) {
653  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
654  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
655  }
656 
657  $question = $this->lng->txt('rbac_role_delete_qst');
658  if ($rbacreview->isAssigned($ilUser->getId(), $this->object->getId())) {
659  $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
660  }
661  ilUtil::sendQuestion($question);
662 
663  include_once './Services/Utilities/classes/class.ilConfirmationGUI.php';
664 
665  $confirm = new ilConfirmationGUI();
666  $confirm->setFormAction($this->ctrl->getFormAction($this));
667  $confirm->setHeaderText($question);
668  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
669  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
670 
671  $confirm->addItem(
672  'role',
673  $this->object->getId(),
674  ilObjRole::_getTranslation($this->object->getTitle()),
675  ilUtil::getImagePath('icon_role.svg')
676  );
677 
678  $this->tpl->setContent($confirm->getHTML());
679  return true;
680  }
681 
682 
687  protected function performDeleteRoleObject()
688  {
689  $access = $this->checkAccess('visible,write', 'edit_permission');
690  if (!$access) {
691  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
692  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
693  }
694 
695  $this->object->setParent((int) $this->obj_ref_id);
696  $this->object->delete();
697  ilUtil::sendSuccess($this->lng->txt('msg_deleted_role'), true);
698 
699  $this->ctrl->returnToParent($this);
700  }
701 
707  public function permSaveObject($a_show_admin_permissions = false)
708  {
709  global $DIC;
710 
711  $rbacsystem = $DIC['rbacsystem'];
712  $rbacadmin = $DIC['rbacadmin'];
713  $rbacreview = $DIC['rbacreview'];
714  $objDefinition = $DIC['objDefinition'];
715  $tree = $DIC['tree'];
716 
717  if (!$this->checkAccess('visible,write', 'edit_permission')) {
718  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
719  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
720  }
721 
722  // rbac log
723  include_once "Services/AccessControl/classes/class.ilRbacLog.php";
724  $rbac_log_active = ilRbacLog::isActive();
725  if ($rbac_log_active) {
726  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
727  }
728 
729  // delete all template entries of enabled types
730  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
731  if ($a_show_admin_permissions) {
732  $subs = ilObjRole::getSubObjects('adm', true);
733  } else {
734  $subs = ilObjRole::getSubObjects('root', false);
735  }
736  } else {
737  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
738  }
739 
740  foreach ($subs as $subtype => $def) {
741  // Delete per object type
742  $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
743  }
744 
745  if (empty($_POST["template_perm"])) {
746  $_POST["template_perm"] = array();
747  }
748 
749  foreach ($_POST["template_perm"] as $key => $ops_array) {
750  // sets new template permissions
751  $rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
752  }
753 
754  if ($rbac_log_active) {
755  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
756  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
757  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
758  }
759 
760  // update object data entry (to update last modification date)
761  $this->object->update();
762 
763  // set protected flag
764  if ($this->obj_ref_id == ROLE_FOLDER_ID or $rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id)) {
765  $rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($_POST['protected']));
766  }
767 
768  if ($a_show_admin_permissions) {
769  $_POST['recursive'] = true;
770  }
771 
772  // Redirect if Change existing objects is not chosen
773  if (!$_POST['recursive'] and !is_array($_POST['recursive_list'])) {
774  ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
775  if ($a_show_admin_permissions) {
776  $this->ctrl->redirect($this, 'adminPerm');
777  } else {
778  $this->ctrl->redirect($this, 'perm');
779  }
780  }
781  // New implementation
782  if ($this->isChangeExistingObjectsConfirmationRequired() and !$a_show_admin_permissions) {
783  $this->showChangeExistingObjectsConfirmation();
784  return true;
785  }
786 
787  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
788  if ($a_show_admin_permissions) {
789  $start = $tree->getParentId($this->obj_ref_id);
790  }
791 
792  if ($_POST['protected']) {
793  $this->object->changeExistingObjects(
794  $start,
795  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
796  ['all'],
797  []
798  );
799  } else {
800  $this->object->changeExistingObjects(
801  $start,
802  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
803  ['all'],
804  []
805  );
806  }
807  ilUtil::sendSuccess($this->lng->txt("saved_successfully"), true);
808 
809  if ($a_show_admin_permissions) {
810  $this->ctrl->redirect($this, 'adminPerm');
811  } else {
812  $this->ctrl->redirect($this, 'perm');
813  }
814  return true;
815  }
816 
817 
823  public function adoptPermSaveObject()
824  {
825  global $DIC;
826 
827  $rbacadmin = $DIC['rbacadmin'];
828  $rbacsystem = $DIC['rbacsystem'];
829  $rbacreview = $DIC['rbacreview'];
830  $tree = $DIC['tree'];
831 
832  if (!$_POST['adopt']) {
833  ilUtil::sendFailure($this->lng->txt('select_one'));
834  $this->adoptPermObject();
835  return false;
836  }
837 
838  $access = $this->checkAccess('visible,write', 'edit_permission');
839  if (!$access) {
840  $this->ilias->raiseError($this->lng->txt("msg_no_perm_perm"), $this->ilias->error_obj->MESSAGE);
841  }
842 
843  if ($this->object->getId() == $_POST["adopt"]) {
844  ilUtil::sendFailure($this->lng->txt("msg_perm_adopted_from_itself"), true);
845  } else {
846  $rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
847  $parentRoles = $rbacreview->getParentRoleIds($this->obj_ref_id, true);
848  $rbacadmin->copyRoleTemplatePermissions(
849  $_POST["adopt"],
850  $parentRoles[$_POST["adopt"]]["parent"],
851  $this->obj_ref_id,
852  $this->object->getId(),
853  false
854  );
855 
856  // update object data entry (to update last modification date)
857  $this->object->update();
858 
859  // send info
860  $obj_data = &$this->ilias->obj_factory->getInstanceByObjId($_POST["adopt"]);
861  ilUtil::sendSuccess($this->lng->txt("msg_perm_adopted_from1") . " '" .
862  ilObjRole::_getTranslation($obj_data->getTitle()) . "'.<br/>" .
863  $this->lng->txt("msg_perm_adopted_from2"), true);
864  }
865 
866  $this->ctrl->redirect($this, "perm");
867  }
868 
874  public function assignSaveObject()
875  {
876  $this->assignUserObject();
877  }
878 
879 
880 
886  public function addUserObject($a_user_ids)
887  {
888  global $DIC;
889 
890  $rbacreview = $DIC['rbacreview'];
891  $rbacadmin = $DIC['rbacadmin'];
892 
893  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
894  ilUtil::sendFailure($this->lng->txt('msg_no_perm_assign_user_to_role'), true);
895  return false;
896  }
897  if (!$rbacreview->isAssignable($this->object->getId(), $this->obj_ref_id) &&
898  $this->obj_ref_id != ROLE_FOLDER_ID) {
899  ilUtil::sendFailure($this->lng->txt('err_role_not_assignable'), true);
900  return false;
901  }
902  if (!$a_user_ids) {
903  $GLOBALS['DIC']['lng']->loadLanguageModule('search');
904  ilUtil::sendFailure($this->lng->txt('search_err_user_not_exist'), true);
905  return false;
906  }
907 
908  $assigned_users_all = $rbacreview->assignedUsers($this->object->getId());
909 
910  // users to assign
911  $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
912 
913  // selected users all already assigned. stop
914  if (count($assigned_users_new) == 0) {
915  ilUtil::sendInfo($this->lng->txt("rbac_msg_user_already_assigned"), true);
916  $this->ctrl->redirect($this, 'userassignment');
917  }
918 
919  // assign new users
920  foreach ($assigned_users_new as $user_id) {
921  if ($user_id === ANONYMOUS_USER_ID) {
922  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
923  return;
924  }
925  $rbacadmin->assignUser($this->object->getId(), $user_id, false);
926  }
927 
928  // update object data entry (to update last modification date)
929  $this->object->update();
930 
931  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
932  $this->ctrl->redirect($this, 'userassignment');
933  }
934 
940  public function deassignUserObject()
941  {
942  global $DIC;
943 
944  $rbacsystem = $DIC['rbacsystem'];
945  $rbacadmin = $DIC['rbacadmin'];
946  $rbacreview = $DIC['rbacreview'];
947 
948  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
949  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
950  }
951 
952  $selected_users = ($_POST["user_id"]) ? $_POST["user_id"] : array($_GET["user_id"]);
953 
954  if ($selected_users[0] === null) {
955  $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
956  }
957 
958  // prevent unassignment of system user from system role
959  if ($this->object->getId() == SYSTEM_ROLE_ID) {
960  if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
961  unset($selected_users[$admin]);
962  }
963  }
964 
965  // check for each user if the current role is his last global role before deassigning him
966  $last_role = [];
967  $global_roles = $rbacreview->getGlobalRoles();
968 
969  foreach ($selected_users as $user) {
970  $assigned_roles = $rbacreview->assignedRoles($user);
971  $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
972 
973  if (count($assigned_roles) == 1 or (count($assigned_global_roles) == 1 and in_array($this->object->getId(), $assigned_global_roles))) {
974  $userObj = $this->ilias->obj_factory->getInstanceByObjId($user);
975  $last_role[$user] = $userObj->getFullName();
976  unset($userObj);
977  }
978  }
979 
980 
981  // ... else perform deassignment
982  foreach ($selected_users as $user) {
983  if (!isset($last_role[$user])) {
984  $rbacadmin->deassignUser($this->object->getId(), $user);
985  }
986  }
987 
988  // update object data entry (to update last modification date)
989  $this->object->update();
990 
991  // raise error if last role was taken from a user...
992  if (count($last_role)) {
993  $user_list = implode(", ", $last_role);
994  ilUtil::sendFailure($this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
995  } else {
996  ilUtil::sendSuccess($this->lng->txt("msg_userassignment_changed"), true);
997  }
998  $this->ctrl->redirect($this, 'userassignment');
999  }
1000 
1001 
1005  public function userassignmentObject()
1006  {
1007  global $DIC;
1008 
1009  $rbacreview = $DIC['rbacreview'];
1010  $rbacsystem = $DIC['rbacsystem'];
1011  $lng = $DIC['lng'];
1012  $ilUser = $DIC['ilUser'];
1013 
1014  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
1015  $this->ilias->raiseError($this->lng->txt("msg_no_perm_assign_user_to_role"), $this->ilias->error_obj->MESSAGE);
1016  }
1017 
1018  $this->tabs_gui->setTabActive('user_assignment');
1019 
1020  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
1021 
1022  include_once './Services/UIComponent/Toolbar/classes/class.ilToolbarGUI.php';
1023  $tb = new ilToolbarGUI();
1024 
1025  // protected admin role
1026  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1027  if (
1028  $this->object->getId() != SYSTEM_ROLE_ID ||
1029  (
1030  $rbacreview->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) ||
1031  !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
1032  )
1033  ) {
1034 
1035 
1036  // add member
1037  include_once './Services/Search/classes/class.ilRepositorySearchGUI.php';
1038  ilRepositorySearchGUI::fillAutoCompleteToolbar(
1039  $this,
1040  $tb,
1041  [
1042  'auto_complete_name' => $lng->txt('user'),
1043  'submit_name' => $lng->txt('add')
1044  ]
1045  );
1046 
1047  $tb->addSpacer();
1048 
1049  $tb->addButton(
1050  $this->lng->txt('search_user'),
1051  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
1052  );
1053  $tb->addSpacer();
1054  }
1055 
1056  $tb->addButton(
1057  $this->lng->txt('role_mailto'),
1058  $this->ctrl->getLinkTarget($this, 'mailToRole')
1059  );
1060  $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
1061 
1062 
1063  include_once './Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
1064  $role_assignment_editable = true;
1065  if (
1066  $this->object->getId() == SYSTEM_ROLE_ID &&
1067  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
1068  $role_assignment_editable = false;
1069  }
1070 
1071  include_once './Services/AccessControl/classes/class.ilAssignedUsersTableGUI.php';
1072  $ut = new ilAssignedUsersTableGUI($this, 'userassignment', $this->object->getId(), $role_assignment_editable);
1073 
1074  $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
1075 
1076  return true;
1077  }
1078 
1079 
1084  public function cancelObject()
1085  {
1086  if ($_GET["new_type"] != "role") {
1087  $this->ctrl->redirect($this, "userassignment");
1088  } else {
1089  $this->ctrl->redirectByClass("ilobjrolefoldergui", "view");
1090  }
1091  }
1092 
1093 
1094  public function listUsersRoleObject()
1095  {
1096  global $DIC;
1097 
1098  $rbacsystem = $DIC['rbacsystem'];
1099  $rbacreview = $DIC['rbacreview'];
1100 
1101  $_SESSION["role_role"] = $_POST["role"] = $_POST["role"] ? $_POST["role"] : $_SESSION["role_role"];
1102 
1103  if (!is_array($_POST["role"])) {
1104  ilUtil::sendFailure($this->lng->txt("role_no_roles_selected"));
1105  $this->searchObject();
1106 
1107  return false;
1108  }
1109 
1110  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.role_usr_selection.html", "Services/AccessControl");
1111  $this->__showButton("searchUserForm", $this->lng->txt("role_new_search"));
1112 
1113  // GET ALL MEMBERS
1114  $members = array();
1115 
1116  foreach ($_POST["role"] as $role_id) {
1117  $members = array_merge($rbacreview->assignedUsers($role_id), $members);
1118  }
1119 
1120  $members = array_unique($members);
1121 
1122  // FORMAT USER DATA
1123  $counter = 0;
1124  $f_result = array();
1125 
1126  foreach ($members as $user) {
1127  if (!$tmp_obj = ilObjectFactory::getInstanceByObjId($user, false)) {
1128  continue;
1129  }
1130 
1131  $user_ids[$counter] = $user;
1132 
1133  // TODO: exclude anonymous user
1134  $f_result[$counter][] = ilUtil::formCheckbox(0, "user[]", $user);
1135  $f_result[$counter][] = $tmp_obj->getLogin();
1136  $f_result[$counter][] = $tmp_obj->getFirstname();
1137  $f_result[$counter][] = $tmp_obj->getLastname();
1138 
1139  unset($tmp_obj);
1140  ++$counter;
1141  }
1142 
1143  $this->__showSearchUserTable($f_result, $user_ids, "listUsersRole");
1144 
1145  return true;
1146  }
1147 
1148  public function __prepareOutput()
1149  {
1150  // output objects
1151  $this->tpl->addBlockFile("CONTENT", "content", "tpl.adm_content.html");
1152  $this->tpl->addBlockFile("STATUSLINE", "statusline", "tpl.statusline.html");
1153 
1154  // output message
1155  if ($this->message) {
1156  ilUtil::sendInfo($this->message);
1157  }
1158 
1159  // display infopanel if something happened
1160  ilUtil::infoPanel();
1161 
1162  // set header
1163  $this->__setHeader();
1164  }
1165 
1166  public function __setHeader()
1167  {
1168  $this->tpl->setTitle($this->lng->txt('role'));
1169  $this->tpl->setDescription($this->object->getTitle());
1170  $this->tpl->setTitleIcon(ilUtil::getImagePath("icon_role.svg"));
1171 
1172  $this->getTabs($this->tabs_gui);
1173  }
1174 
1175 
1179  protected function addAdminLocatorItems($a_do_not_add_object = false)
1180  {
1181  global $DIC;
1182 
1183  $ilLocator = $DIC['ilLocator'];
1184 
1185  if (
1186  $_GET["admin_mode"] == "settings"
1187  && $_GET["ref_id"] == ROLE_FOLDER_ID) { // system settings
1188  parent::addAdminLocatorItems(true);
1189 
1190  $ilLocator->addItem(
1191  $this->lng->txt("obj_" . ilObject::_lookupType(ilObject::_lookupObjId($_GET["ref_id"]))),
1192  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1193  );
1194 
1195  if ($_GET["obj_id"] > 0) {
1196  $ilLocator->addItem(
1197  ilObjRole::_getTranslation($this->object->getTitle()),
1198  $this->ctrl->getLinkTarget($this, 'perm')
1199  );
1200  }
1201  } else {
1202  parent::addAdminLocatorItems($a_do_not_add_object);
1203  }
1204  }
1205 
1206 
1207 
1208 
1209  public function getTabs()
1210  {
1211  global $DIC;
1212 
1213  $rbacreview = $DIC['rbacreview'];
1214  $ilHelp = $DIC['ilHelp'];
1215 
1216  $base_role_container = $rbacreview->getFoldersAssignedToRole($this->object->getId(), true);
1217 
1218  $activate_role_edit = false;
1219 
1220  // todo: activate the following (allow editing of local roles in
1221  // roles administration)
1222  if (in_array($this->obj_ref_id, $base_role_container) ||
1223  (strtolower($_GET["baseClass"]) == "iladministrationgui" &&
1224  $_GET["admin_mode"] == "settings")) {
1225  $activate_role_edit = true;
1226  }
1227 
1228  // not so nice (workaround for using tabs in repository)
1229  $this->tabs_gui->clearTargets();
1230 
1231  $ilHelp->setScreenIdComponent("role");
1232 
1233  if ($this->back_target != "") {
1234  $this->tabs_gui->setBackTarget(
1235  $this->back_target["text"],
1236  $this->back_target["link"]
1237  );
1238  } else {
1239  $this->tabs_gui->setBackTarget($this->lng->txt('btn_back'), $this->ctrl->getParentReturn($this));
1240  }
1241 
1242  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1243  $this->tabs_gui->addTarget(
1244  "edit_properties",
1245  $this->ctrl->getLinkTarget($this, "edit"),
1246  ["edit", "update"],
1247  get_class($this)
1248  );
1249  }
1250  if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1251  $this->tabs_gui->addTarget(
1252  "default_perm_settings",
1253  $this->ctrl->getLinkTarget($this, "perm"),
1254  [],
1255  get_class($this)
1256  );
1257  }
1258 
1259  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1260  $this->tabs_gui->addTarget(
1261  "user_assignment",
1262  $this->ctrl->getLinkTarget($this, "userassignment"),
1263  ["deassignUser", "userassignment", "assignUser", "searchUserForm", "search"],
1264  get_class($this)
1265  );
1266  }
1267 
1268  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1269  $this->lng->loadLanguageModule("rep");
1270  $this->tabs_gui->addTarget(
1271  "rep_recommended_content",
1272  $this->ctrl->getLinkTargetByClass("ilrecommendedcontentroleconfiggui", "")
1273  );
1274  }
1275  if ($this->checkAccess('write', 'edit_permission')) {
1276  $this->tabs_gui->addTarget(
1277  'export',
1278  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1279  []
1280  );
1281  }
1282  }
1283 
1284  public function mailToRoleObject()
1285  {
1286  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1287  if (count($obj_ids) > 1) {
1288  $_SESSION['mail_roles'][] = '#il_role_' . $this->object->getId();
1289  } else {
1290  $_SESSION['mail_roles'][] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1291  }
1292 
1293  require_once 'Services/Mail/classes/class.ilMailFormCall.php';
1294  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1295  ilUtil::redirect($script);
1296  }
1297 
1298  public function checkAccess($a_perm_global, $a_perm_obj = '')
1299  {
1300  global $DIC;
1301 
1302  $rbacsystem = $DIC['rbacsystem'];
1303  $ilAccess = $DIC['ilAccess'];
1304 
1305  $a_perm_obj = $a_perm_obj ? $a_perm_obj : $a_perm_global;
1306 
1307  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1308  return $rbacsystem->checkAccess($a_perm_global, $this->obj_ref_id);
1309  } else {
1310  return $ilAccess->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1311  }
1312  }
1313 
1318  protected function isChangeExistingObjectsConfirmationRequired()
1319  {
1320  global $DIC;
1321 
1322  $rbacreview = $DIC['rbacreview'];
1323 
1324  if (!(int) $_POST['recursive'] and !is_array($_POST['recursive_list'])) {
1325  return false;
1326  }
1327 
1328  // Role is protected
1329  if ($rbacreview->isProtected($this->obj_ref_id, $this->object->getId())) {
1330  // TODO: check if recursive_list is enabled
1331  // and if yes: check if inheritance is broken for the relevant object types
1332  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1333  } else {
1334  // TODO: check if recursive_list is enabled
1335  // and if yes: check if inheritance is broken for the relevant object types
1336  return count($rbacreview->getFoldersAssignedToRole($this->object->getId())) > 1;
1337  }
1338  }
1339 
1344  protected function showChangeExistingObjectsConfirmation()
1345  {
1346  $protected = $_POST['protected'];
1347 
1348  include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
1349  $form = new ilPropertyFormGUI();
1350  $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1351  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1352 
1353  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1354  $form->addCommandButton('perm', $this->lng->txt('cancel'));
1355 
1356  $hidden = new ilHiddenInputGUI('type_filter');
1357  $hidden->setValue($_POST['recursive'] ? json_encode(['all']) : json_encode($_POST['recursive_list']));
1358  $form->addItem($hidden);
1359 
1360  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1361 
1362  if ($protected) {
1363  $rad->setValue(ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1364  $keep = new ilRadioOption(
1365  $this->lng->txt('rbac_keep_local_policies'),
1366  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1367  $this->lng->txt('rbac_keep_local_policies_info')
1368  );
1369  } else {
1370  $rad->setValue(ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1371  $keep = new ilRadioOption(
1372  $this->lng->txt('rbac_keep_local_policies'),
1373  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1374  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1375  );
1376  }
1377  $rad->addOption($keep);
1378 
1379  if ($protected) {
1380  $del = new ilRadioOption(
1381  $this->lng->txt('rbac_delete_local_policies'),
1382  ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1383  $this->lng->txt('rbac_delete_local_policies_info')
1384  );
1385  } else {
1386  $del = new ilRadioOption(
1387  $this->lng->txt('rbac_delete_local_policies'),
1388  ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1389  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1390  );
1391  }
1392  $rad->addOption($del);
1393 
1394  $form->addItem($rad);
1395  $this->tpl->setContent($form->getHTML());
1396  }
1397 
1402  protected function changeExistingObjectsObject()
1403  {
1404  $mode = (int) $_POST['mode'];
1405  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1406  $this->object->changeExistingObjects(
1407  $start,
1408  $mode,
1409  json_decode(
1410  ilUtil::stripSlashes($_POST['type_filter']),
1411  true
1412  )
1413  );
1414  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
1415  $this->ctrl->redirect($this, 'perm');
1416  }
1417 
1423  protected function setSubTabs($a_tab)
1424  {
1425  global $DIC;
1426 
1427  $ilTabs = $DIC['ilTabs'];
1428 
1429  switch ($a_tab) {
1430  case 'default_perm_settings':
1431  if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1432  return true;
1433  }
1434  $ilTabs->addSubTabTarget(
1435  'rbac_repository_permissions',
1436  $this->ctrl->getLinkTarget($this, 'perm')
1437  );
1438  $ilTabs->addSubTabTarget(
1439  'rbac_admin_permissions',
1440  $this->ctrl->getLinkTarget($this, 'adminPerm')
1441  );
1442  }
1443  return true;
1444  }
1445 
1449  protected function addToClipboardObject()
1450  {
1451  global $DIC;
1452 
1453  $lng = $DIC['lng'];
1454  $ilCtrl = $DIC['ilCtrl'];
1455 
1456  $users = (array) $_POST['user_id'];
1457  if (!count($users)) {
1458  ilUtil::sendFailure($this->lng->txt('select_one'), true);
1459  $ilCtrl->redirect($this, 'userassignment');
1460  }
1461  include_once './Services/User/classes/class.ilUserClipboard.php';
1462  $clip = ilUserClipboard::getInstance($GLOBALS['DIC']['ilUser']->getId());
1463  $clip->add($users);
1464  $clip->save();
1465 
1466  $lng->loadLanguageModule('user');
1467  ilUtil::sendSuccess($this->lng->txt('clipboard_user_added'), true);
1468  $ilCtrl->redirect($this, 'userassignment');
1469  }
1470 
1474  protected function addLocatorItems()
1475  {
1476  global $DIC;
1477 
1478  $ilLocator = $DIC['ilLocator'];
1479 
1480  if ($_GET["admin_mode"] == "") {
1481  $this->ctrl->setParameterByClass(
1482  "ilobjrolegui",
1483  "obj_id",
1484  (int) $_GET["obj_id"]
1485  );
1486  $ilLocator->addItem(
1487  ilObjRole::_getTranslation($this->object->getTitle()),
1488  $this->ctrl->getLinkTargetByClass(
1489  [
1490  "ilpermissiongui",
1491  "ilobjrolegui"
1492  ],
1493  "perm"
1494  )
1495  );
1496  }
1497  }
1498 
1499  /*
1500  * Ensure access to role for ref_id
1501  * @throws ilObjectException
1502  */
1503  protected function ensureRoleAccessForContext()
1504  {
1505  global $DIC;
1506 
1507  $review = $DIC->rbac()->review();
1508  $logger = $DIC->logger()->ac();
1509 
1510  // creation of roles
1511  if (
1512  !$this->object->getId() ||
1513  $this->object->getId() == ROLE_FOLDER_ID
1514  ) {
1515  return true;
1516  }
1517 
1518 
1519  $possible_roles = [];
1520  try {
1521  $possible_roles = $review->getRolesOfObject(
1522  $this->obj_ref_id,
1523  false
1524  );
1525  } catch (\InvalidArgumentException $e) {
1526  $logger->warning('Role access check failed: ' . $e);
1527 
1528  include_once "Services/Object/exceptions/class.ilObjectException.php";
1529  throw new \ilObjectException($this->lng->txt('permission_denied'));
1530  }
1531 
1532  if (!in_array($this->object->getId(), $possible_roles)) {
1533  $logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1534  include_once "Services/Object/exceptions/class.ilObjectException.php";
1535  throw new \ilObjectException($this->lng->txt('permission_denied'));
1536  }
1537  return true;
1538  }
1539 } // END class.ilObjRoleGUI
ilObjRoleGUI\adoptPermSaveObject
adoptPermSaveObject()
copy permissions from role
Definition: class.ilObjRoleGUI.php:823
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:16
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:31
ilUtil\tf2yn
static tf2yn($a_tf)
convert true/false to "y"/"n"
Definition: class.ilUtil.php:2984
ilObjRoleGUI\createObject
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
Definition: class.ilObjRoleGUI.php:355
ilObjRoleGUI\setSubTabs
setSubTabs($a_tab)
Set sub tabs.
Definition: class.ilObjRoleGUI.php:1423
ilObjRoleGUI\setBackTarget
setBackTarget($a_text, $a_link)
set back tab target
Definition: class.ilObjRoleGUI.php:184
IL_INST_ID
const IL_INST_ID
Definition: constants.php:38
ilUserClipboard\getInstance
static getInstance($a_usr_id)
Get singelton instance.
Definition: class.ilUserClipboard.php:35
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:25
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
ilRoleAdoptPermissionTableGUI
Copyright (c) 1998-2015 ILIAS open source, Extended GPL, see docs/LICENSE Date: 07.01.15 Time: 11:43.
Definition: class.ilRoleAdoptPermissionTableGUI.php:16
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:47
ilObjRole\getPresentationTitle
getPresentationTitle()
For autogenerated roles this returns &#39;Translated Title (untranslated title)&#39;.
Definition: class.ilObjRole.php:135
ilObjRoleGUI\checkDuplicate
checkDuplicate($a_role_id=0)
Check if role with same name already exists in this folder.
Definition: class.ilObjRoleGUI.php:442
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:30
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1449
$_GET
$_GET["client_id"]
Definition: cfg.phpunit.template.php:12
ilObjRoleGUI\adminPermObject
adminPermObject()
Show administration permissions.
Definition: class.ilObjRoleGUI.php:587
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:18
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:27
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: constants.php:24
ilObjectGUI\__showButton
__showButton($a_cmd, $a_text, $a_target='')
Definition: class.ilObjectGUI.php:1745
ilObjRoleGUI\deassignUserObject
deassignUserObject()
de-assign users from role
Definition: class.ilObjRoleGUI.php:940
ilObjRoleGUI\assignSaveObject
assignSaveObject()
wrapper for renamed function
Definition: class.ilObjRoleGUI.php:874
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus($a_assign_users)
Definition: class.ilObjRole.php:146
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:33
ilObjRoleGUI\permObject
permObject($a_show_admin_permissions=false)
Show template permissions.
Definition: class.ilObjRoleGUI.php:482
ilObjRoleGUI\adminPermSaveObject
adminPermSaveObject()
Save admin permissions.
Definition: class.ilObjRoleGUI.php:596
ilObjRole\setAllowRegister
setAllowRegister($a_allow_register)
set allow_register of role
Definition: class.ilObjRole.php:263
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:25
ilObjRoleGUI\cancelObject
cancelObject()
cancelObject is called when an operation is canceled, method links back public
Definition: class.ilObjRoleGUI.php:1084
ilObjRole\getAllowRegister
getAllowRegister()
get allow_register
Definition: class.ilObjRole.php:278
GlobalHttpState
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilObjRoleGUI\addUserObject
addUserObject($a_user_ids)
Assign user (callback from ilRepositorySearchGUI)
Definition: class.ilObjRoleGUI.php:886
ilObject\setTitle
setTitle($a_title)
set object title
Definition: class.ilObject.php:417
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:19
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:409
ilUtil\sendInfo
static sendInfo($a_info="", $a_keep=false)
Send Info Message to Screen.
Definition: class.ilUtil.php:4518
ilExportGUI
Export User Interface Class.
Definition: class.ilExportGUI.php:14
ilExportOptions\newInstance
static newInstance($a_export_id)
Create new instance.
Definition: class.ilExportOptions.php:56
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:32
ilObjectGUI\prepareOutput
prepareOutput($a_show_subobjects=true)
prepare output
Definition: class.ilObjectGUI.php:334
ilObjRole\isAutoGenerated
static isAutoGenerated($a_role_id)
Definition: class.ilObjRole.php:637
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:33
ilRadioOption\setValue
setValue($a_value)
Set Value.
Definition: class.ilRadioOption.php:91
ilObjRoleGUI\permSaveObject
permSaveObject($a_show_admin_permissions=false)
save permissions
Definition: class.ilObjRoleGUI.php:707
ilObjRoleGUI\loadRoleProperties
loadRoleProperties(ilObjRole $role)
Store form input in role object.
Definition: class.ilObjRoleGUI.php:312
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:643
ilObject\getId
getId()
get object id public
Definition: class.ilObject.php:319
ilUtil\_sortIds
static _sortIds($a_ids, $a_table, $a_field, $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:4422
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1318
ilUtil\getImagePath
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:96
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:167
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:687
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:16
ilObject\_lookupObjId
static _lookupObjId($a_id)
Definition: class.ilObject.php:1110
ilCheckboxInputGUI\setValue
setValue($a_value)
Set Value.
Definition: class.ilCheckboxInputGUI.php:65
ilObjRoleGUI\initFormRoleProperties
initFormRoleProperties($a_mode)
Create role prperty form.
Definition: class.ilObjRoleGUI.php:233
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:176
$DIC
global $DIC
Definition: goto.php:24
ilObjRoleGUI\editObject
editObject()
Edit role properties.
Definition: class.ilObjRoleGUI.php:374
ilTable2GUI\addMultiCommand
addMultiCommand($a_cmd, $a_text)
Add Command button.
Definition: class.ilTable2GUI.php:1272
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ilUtil\infoPanel
static infoPanel($a_keep=true)
Definition: class.ilUtil.php:4575
ilObject\getDescription
getDescription()
get object description
Definition: class.ilObject.php:431
ilias
redirection script todo: (a better solution should control the processing via a xml file) ...
ilObjRoleGUI\readRoleProperties
readRoleProperties(ilObjRole $role)
Read role properties and write them to form.
Definition: class.ilObjRoleGUI.php:331
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:216
ilUtil\stripSlashes
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
Definition: class.ilUtil.php:2406
ilUtil\sendQuestion
static sendQuestion($a_info="", $a_keep=false)
Send Question to Screen.
Definition: class.ilUtil.php:4550
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:70
ilObjRole\_getTranslation
static _getTranslation($a_role_title)
Definition: class.ilObjRole.php:454
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:32
ilObject\_lookupType
static _lookupType($a_id, $a_reference=false)
lookup object type
Definition: class.ilObject.php:1281
ilUtil\sendFailure
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
Definition: class.ilUtil.php:4534
ilObjRoleGUI\__construct
__construct($a_data, $a_id, $a_call_by_reference=false, $a_prepare_output=true)
Constructor public.
Definition: class.ilObjRoleGUI.php:58
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation()
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1344
ilRbacLog\gatherTemplate
static gatherTemplate($a_role_ref_id, $a_role_id)
Definition: class.ilRbacLog.php:105
ilObjRoleGUI\checkAccess
checkAccess($a_perm_global, $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1298
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:158
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:26
ilObjRoleGUI\changeExistingObjectsObject
changeExistingObjectsObject()
Change existing objects.
Definition: class.ilObjRoleGUI.php:1402
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:1005
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:13
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:20
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:40
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:34
ilRbacLog\add
static add($a_action, $a_ref_id, array $a_diff, $a_source_ref_id=false)
Definition: class.ilRbacLog.php:137
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:21
$ret
$ret
Definition: parser.php:6
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:63
ilRbacLog\diffTemplate
static diffTemplate(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:114
ilObject\_getIdsForTitle
static _getIdsForTitle($title, $type='', $partialmatch=false)
Definition: class.ilObject.php:1033
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:15
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:21
ilObject\setDescription
setDescription($a_desc)
set object description
Definition: class.ilObject.php:442
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems($a_do_not_add_object=false)
Definition: class.ilObjRoleGUI.php:1179
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar($parent_object, ilToolbarGUI $toolbar=null, $a_options=array(), $a_sticky=false)
fill toolbar with
Definition: class.ilRepositorySearchGUI.php:196
$ilUser
$ilUser
Definition: imgupload.php:18
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:198
ilRecommendedContentRoleConfigGUI
Recommended content configuration for roles.
Definition: class.ilRecommendedContentRoleConfigGUI.php:10
ilExportOptions\allocateExportId
static allocateExportId()
Allocate a new export id.
Definition: class.ilExportOptions.php:65
ilUtil\redirect
static redirect($a_script)
Definition: class.ilUtil.php:3302
ilAccordionGUI
Accordion user interface class.
Definition: class.ilAccordionGUI.php:11
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:31
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:452
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:107
ilFormPropertyGUI\setDisabled
setDisabled($a_disabled)
Set Disabled.
Definition: class.ilFormPropertyGUI.php:205
$_POST
$_POST["username"]
Definition: cfg.phpunit.template.php:11
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:207
ilUtil\formCheckbox
static formCheckbox($checked, $varname, $value, $disabled=false)
??? public
Definition: class.ilUtil.php:439
ilConfirmationGUI
Confirmation screen class.
Definition: class.ilConfirmationGUI.php:15