ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilObjectPermissionStatusGUI.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
28 class ilObjectPermissionStatusGUI
29 {
30  public ilObjUser $user;
31  protected ilLanguage $lng;
32  protected ilCtrlInterface $ctrl;
33  protected ilGlobalTemplateInterface $tpl;
34  protected ilObject $object;
35  protected ilRbacReview $rbacreview;
36  protected ilToolbarGUI $toolbar;
37 
38  protected array $user_roles;
39  protected array $global_roles;
40  protected array $valid_roles;
41  protected array $assigned_valid_roles;
42 
43  public const IMG_OK = 0;
44  public const IMG_NOT_OK = 1;
45 
50  public function __construct(ilObject $a_obj)
51  {
52  global $DIC;
53 
54  $this->lng = $DIC->language();
55  $this->ctrl = $DIC->ctrl();
56  $this->tpl = $DIC->ui()->mainTemplate();
57  $this->object = $a_obj;
58  $this->rbacreview = $DIC->rbac()->review();
59  $this->toolbar = $DIC->toolbar();
60 
61  $this->user = $this->getUser();
62  $this->user_roles = $this->rbacreview->assignedRoles($this->user->getId());
63  $this->global_roles = $this->rbacreview->getGlobalRoles();
64  $this->valid_roles = $this->rbacreview->getParentRoleIds($this->object->getRefId());
65  $this->assigned_valid_roles = $this->getAssignedValidRoles();
66  }
67 
71  public function executeCommand(): void
72  {
73  // determine next class in the call structure
74  $next_class = $this->ctrl->getNextClass($this);
75 
76  switch ($next_class) {
77  case 'ilrepositorysearchgui':
78  $rep_search = new ilRepositorySearchGUI();
79  $this->ctrl->setReturn($this, 'perminfo');
80  $this->ctrl->forwardCommand($rep_search);
81  break;
82 
83  default:
84  $cmd = $this->ctrl->getCmd();
85  $this->$cmd();
86  break;
87  }
88  }
89 
94  public function perminfo(): void
95  {
96  $tpl = new ilTemplate("tpl.info_layout.html", false, false, "Services/AccessControl");
97 
98  $tpl->setVariable("INFO_SUMMARY", $this->accessStatusInfo());
99  $tpl->setVariable("INFO_PERMISSIONS", $this->accessPermissionsTable());
100  $tpl->setVariable("INFO_ROLES", $this->availableRolesTable());
101  $tpl->setVariable("INFO_REMARK_INTERRUPTED", $this->lng->txt('info_remark_interrupted'));
102  $this->tpl->setVariable("ADM_CONTENT", $tpl->get());
103  $this->addToolbar();
104  }
105 
109  public function addToolbar(): void
110  {
111  $this->toolbar->setFormAction($this->ctrl->getFormAction($this, "perminfo"));
112  $this->toolbar->addText($this->lng->txt('user'));
113 
114  $login = new ilTextInputGUI($this->lng->txt("username"), "user_login");
115  $login->setDataSource($this->ctrl->getLinkTargetByClass(array(get_class($this),
116  'ilRepositorySearchGUI'
117  ), 'doUserAutoComplete', '', true));
118  $login->setSize(15);
119  $login->setValue($this->user->getLogin());
120  $this->toolbar->addInputItem($login);
121  $this->toolbar->addFormButton($this->lng->txt("info_change_user_view"), "perminfo");
122  }
123 
127  public function accessStatusInfo(): string
128  {
129  $info = new ilInfoScreenGUI(new stdClass());
130  $info->setFormAction($this->ctrl->getFormAction($this));
131 
132  $info->addSection($this->lng->txt("info_access_and_status_info"));
133 
134  foreach ($this->getAccessStatusInfoData() as $data) {
135  $info->addProperty($data[0], $data[1]);
136  }
137 
138  return $info->getHTML();
139  }
140 
144  public function accessPermissionsTable(): string
145  {
146  $table = new ilAccessPermissionsStatusTableGUI($this, "perminfo");
147 
148  $table->setData($this->getAccessPermissionTableData());
149  $table->setTitle($this->lng->txt("info_access_permissions"));
150 
151  return $table->getHTML();
152  }
153 
158  private function availableRolesTable(): string
159  {
160  $table = new ilAvailableRolesStatusTableGUI($this, "perminfo");
161 
162  $table->setData($this->getAvailableRolesTableData());
163  $table->setTitle($this->lng->txt("info_available_roles"));
164 
165  return $table->getHTML();
166  }
167 
171  public function getAssignedValidRoles(): array
172  {
173  $assigned_valid_roles = array();
174 
175  $ops = [];
176  foreach ($this->valid_roles as $role) {
177  $role_id = (int) $role["obj_id"];
178  if (in_array($role_id, $this->user_roles)) {
179  if ($role_id === SYSTEM_ROLE_ID) {
180  // get all possible operation of current object
181  $ops_list = ilRbacReview::_getOperationList($this->object->getType());
182 
183  foreach ($ops_list as $ops_data) {
184  $ops[] = (int) $ops_data['ops_id'];
185  }
186 
187  $role['ops'] = $ops;
188  } else {
189  $role['ops'] = $this->rbacreview->getRoleOperationsOnObject(
190  $role_id,
191  $this->object->getRefId()
192  );
193  }
194 
195  $role['translation'] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
196  $assigned_valid_roles[] = $role;
197  }
198  }
199  $this->assigned_valid_roles = $assigned_valid_roles;
200  return $assigned_valid_roles;
201  }
202 
206  public function getCommands(string $a_type): array
207  {
208  global $DIC;
209 
210  $objDefinition = $DIC['objDefinition'];
211 
212  $class = $objDefinition->getClassName($a_type);
213  $location = $objDefinition->getLocation($a_type);
214  $full_class = "ilObj" . $class . "Access";
215 
216  $cmds = call_user_func(array($full_class, "_getCommands"));
217 
218  $cmds[] = array('permission' => 'visible', 'cmd' => 'info');
219 
220  return $cmds;
221  }
222 
226  public function getUser(): ilObjUser
227  {
228  global $DIC;
229 
230  $user_login = '';
231  if ($DIC->http()->wrapper()->post()->has('user_login')) {
232  $user_login = $DIC->http()->wrapper()->post()->retrieve(
233  'user_login',
234  $DIC->refinery()->kindlyTo()->string()
235  );
236  }
237  if (!strlen($user_login)) {
238  return $DIC->user();
239  }
240  $user_id = ilObjUser::_lookupId($user_login);
241  $user = ilObjectFactory::getInstanceByObjId($user_id, false);
242  if (!$user instanceof ilObjUser || $user->getType() != 'usr') {
243  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('info_err_user_not_exist'));
244  return $DIC->user();
245  }
246  $this->tpl->setOnScreenMessage('success', $this->lng->txt('info_user_view_changed'));
247  return $user;
248  }
249 
253  public function getAccessStatusInfoData(): array
254  {
255  global $DIC;
256 
257  $ilAccess = $DIC['ilAccess'];
258  $infos = array();
259 
260  $result_set[0][] = $this->lng->txt('user');
261  $result_set[0][] = $this->user->getFullname() . " (#" . $this->user->getId() . ")";
262 
263  $assigned_valid_roles = array();
264 
265  foreach ($this->getAssignedValidRoles() as $role) {
266  $assigned_valid_roles[] = $role["translation"];
267  }
268 
269  $roles_str = implode(", ", $assigned_valid_roles);
270 
271  $result_set[1][] = $this->lng->txt("roles");
272  $result_set[1][] = $roles_str;
273 
274  $result_set[2][] = $this->lng->txt("status");
275 
276  $ilAccess->clear();
277  $ilAccess->checkAccessOfUser(
278  $this->user->getId(),
279  'read',
280  '',
281  $this->object->getRefId(),
282  $this->object->getType(),
283  $this->object->getId()
284  );
285 
286  $infos = array_merge($infos, $ilAccess->getInfo());
287 
288  $cmds = $this->getCommands($this->object->getType());
289 
290  foreach ($cmds as $cmd) {
291  if (count($cmd) === 0) {
292  continue;
293  }
294  $ilAccess->clear();
295  $ilAccess->doStatusCheck(
296  $cmd['permission'],
297  $cmd['cmd'],
298  $this->object->getRefId(),
299  $this->user->getId(),
300  $this->object->getId(),
301  $this->object->getType()
302  );
303  $infos = array_merge($infos, $ilAccess->getInfo());
304  }
305 
306  $alert = "il_ItemAlertProperty";
307  $okay = "il_ItemOkayProperty";
308  $text = "";
309 
310  if ($infos === []) {
311  $text = "<span class=\"" . $okay . "\">" . $this->lng->txt("access") . "</span><br/> ";
312  } else {
313  foreach ($infos as $info) {
314  switch ($info['type']) {
315  case ilAccessInfo::IL_STATUS_MESSAGE:
316  $text .= "<span class=\"" . $okay . "\">" . $info['text'] . "</span><br/> ";
317  break;
318 
319  case ilAccessInfo::IL_NO_PARENT_ACCESS:
320  $factory = new ilObjectFactory();
321  $obj = $factory->getInstanceByRefId((int) $info['data']);
322  $text .= "<span class=\"" . $alert . "\">" . $info['text'] . " (" . $this->lng->txt("obj_" . $obj->getType()) . " #" . $obj->getId() . ": " . $obj->getTitle() . ")</span><br/> ";
323  break;
324 
325  default:
326  $text .= "<span class=\"" . $alert . "\">" . $info['text'] . "</span><br/> ";
327  break;
328 
329  }
330  }
331  }
332 
333  $result_set[2][] = $text;
334 
335  return $result_set;
336  }
337 
341  public function getAccessPermissionTableData(): array
342  {
343  global $DIC;
344 
345  $ilAccess = $DIC['ilAccess'];
346  $ilObjDataCache = $DIC['ilObjDataCache'];
347  $objDefinition = $DIC['objDefinition'];
348 
349  // get all possible operation of current object
350  $ops_list = ilRbacReview::_getOperationList($this->object->getType());
351 
352  $counter = 0;
353  $result_set = array();
354 
355  // check permissions of user
356  foreach ($ops_list as $ops) {
357  $access = $ilAccess->doRBACCheck(
358  $ops['operation'],
359  "info",
360  $this->object->getRefId(),
361  $this->user->getId(),
362  $this->object->getType()
363  );
364 
365  $result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK;
366 
367  if (substr($ops['operation'], 0, 7) == "create_" &&
368  $objDefinition->isPlugin(substr($ops['operation'], 7))) {
369  $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
370  substr($ops['operation'], 7),
371  'obj_' . substr($ops['operation'], 7)
372  );
373  } elseif ($objDefinition->isPlugin($this->object->getType())) {
374  $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
375  $this->object->getType(),
376  $this->object->getType() . "_" . $ops['operation']
377  );
378  } elseif (substr($ops['operation'], 0, 7) == 'create_') {
379  $result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']);
380  } else {
381  $result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']);
382  }
383 
384  $list_role = [];
385 
386  // Check ownership
387  if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
388  if (
389  (substr($ops['operation'], 0, 7) != 'create_') and
390  ($ops['operation'] != 'edit_permission') and
391  ($ops['operation'] != 'edit_leanring_progress')
392  ) {
393  $list_role[] = $this->lng->txt('info_owner_of_object');
394  }
395  }
396  // get operations on object for each assigned role to user
397  foreach ($this->getAssignedValidRoles() as $role) {
398  if (in_array($ops['ops_id'], $role['ops'])) {
399  $list_role[] = $role['translation'];
400  }
401  }
402 
403  if (empty($list_role)) {
404  $list_role[] = $this->lng->txt('none');
405  }
406 
407  $result_set[$counter]["role_ownership"] = $list_role;
408 
409  ++$counter;
410  }
411 
412  return $result_set;
413  }
414 
418  private function getAvailableRolesTableData(): array
419  {
420  global $DIC;
421 
422  $tree = $DIC['tree'];
423 
424  $path = array_reverse($tree->getPathId($this->object->getRefId()));
425 
426  $counter = 0;
427 
428  $result_set = [];
429  foreach ($this->valid_roles as $role) {
430  $role_id = (int) $role["obj_id"];
431  $result_set[$counter]["img"] = in_array(
432  $role_id,
433  $this->user_roles
434  ) ? self::IMG_OK : self::IMG_NOT_OK;
435 
436  if (is_subclass_of($this->object, ilObjectPlugin::class) && $role["parent"] == $this->object->getRefId()) {
437  $result_set[$counter][] = ilObjectPlugin::lookupTxtById(
438  $this->object->getType(),
439  ilObjRole::_removeObjectId($role["title"])
440  );
441  } else {
442  $result_set[$counter][] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
443  }
444 
445  $result_set[$counter]["role"] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
446 
447 
448  if ($role['role_type'] != "linked") {
449  $result_set[$counter]["effective_from"] = "";
450  } else {
451  $rolfs = $this->rbacreview->getFoldersAssignedToRole($role_id);
452 
453  // ok, try to match the next rolf in path
454  foreach ($path as $node) {
455  if ($node == 1) {
456  break;
457  }
458 
459  if (in_array($node, $rolfs)) {
460  $nodedata = $tree->getNodeData($node);
461  $result_set[$counter]["effective_from"] = $nodedata["title"];
462  $result_set[$counter]["effective_from_ref_id"] = $node;
463  break;
464  }
465  }
466  }
467 
468  if (in_array($role['obj_id'], $this->global_roles)) {
469  $result_set[$counter]["original_position"] = $this->lng->txt("global");
470  $result_set[$counter]["original_position_ref_id"] = false;
471  } else {
472  $rolf = $this->rbacreview->getFoldersAssignedToRole($role_id, true);
473  $parent_node = $tree->getNodeData($rolf[0]);
474  if (!array_key_exists('ref_id', $parent_node)) {
475  unset($result_set[$counter]);
476  continue;
477  }
478  $result_set[$counter]['original_position'] = $parent_node['title'];
479  $result_set[$counter]['original_position_ref_id'] = $parent_node['ref_id'];
480  }
481 
482  ++$counter;
483  }
484  return $result_set;
485  }
486 }
ilObjectPermissionStatusGUI\getAvailableRolesTableData
getAvailableRolesTableData()
Available Roles Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:418
ilObjectPermissionStatusGUI\getAccessStatusInfoData
getAccessStatusInfoData()
Access Status Info Data.
Definition: class.ilObjectPermissionStatusGUI.php:253
ilInfoScreenGUI
Class ilInfoScreenGUI.
Definition: class.ilInfoScreenGUI.php:30
ilObjRole\_removeObjectId
static _removeObjectId(string $a_role_title)
Definition: class.ilObjRole.php:386
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilAccessPermissionsStatusTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessPermissionsStatusTableGUI.php:26
ilGlobalTemplateInterface\get
get(string $part=self::DEFAULT_BLOCK)
Renders the given block and returns the html string.
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilGlobalTemplateInterface\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ilObjectPermissionStatusGUI\getAccessPermissionTableData
getAccessPermissionTableData()
Access Permissions Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:341
$path
$path
Definition: ltiservices.php:32
$DIC
global $DIC
Definition: feed.php:28
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1126
ilObjectPermissionStatusGUI\accessStatusInfo
accessStatusInfo()
Access- and Statusinformation Info.
Definition: class.ilObjectPermissionStatusGUI.php:127
ilObjectPermissionStatusGUI\__construct
__construct(ilObject $a_obj)
Constructor public.
Definition: class.ilObjectPermissionStatusGUI.php:50
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectPermissionStatusGUI\accessPermissionsTable
accessPermissionsTable()
Access Permissions Table.
Definition: class.ilObjectPermissionStatusGUI.php:144
ilObjectPlugin\lookupTxtById
static lookupTxtById(string $plugin_id, string $lang_var)
Definition: class.ilObjectPlugin.php:55
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilAvailableRolesStatusTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAvailableRolesStatusTableGUI.php:26
ilObjectPermissionStatusGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectPermissionStatusGUI.php:28
$factory
$factory
Definition: metadata.php:75
ilObjectPermissionStatusGUI\getAssignedValidRoles
getAssignedValidRoles()
get Assigned Valid Roles
Definition: class.ilObjectPermissionStatusGUI.php:171