ILIAS  release_8 Revision v8.24
class.ilObjectPermissionStatusGUI.php
Go to the documentation of this file.
1<?php
2
3declare(strict_types=1);
28class ilObjectPermissionStatusGUI
29{
30 public ilObjUser $user;
31 protected ilLanguage $lng;
32 protected ilCtrlInterface $ctrl;
33 protected ilGlobalTemplateInterface $tpl;
34 protected ilObject $object;
35 protected ilRbacReview $rbacreview;
36 protected ilToolbarGUI $toolbar;
37
38 protected array $user_roles;
39 protected array $global_roles;
40 protected array $valid_roles;
41 protected array $assigned_valid_roles;
42
43 public const IMG_OK = 0;
44 public const IMG_NOT_OK = 1;
45
50 public function __construct(ilObject $a_obj)
51 {
52 global $DIC;
53
54 $this->lng = $DIC->language();
55 $this->ctrl = $DIC->ctrl();
56 $this->tpl = $DIC->ui()->mainTemplate();
57 $this->object = $a_obj;
58 $this->rbacreview = $DIC->rbac()->review();
59 $this->toolbar = $DIC->toolbar();
60
61 $this->user = $this->getUser();
62 $this->user_roles = $this->rbacreview->assignedRoles($this->user->getId());
63 $this->global_roles = $this->rbacreview->getGlobalRoles();
64 $this->valid_roles = $this->rbacreview->getParentRoleIds($this->object->getRefId());
65 $this->assigned_valid_roles = $this->getAssignedValidRoles();
66 }
67
71 public function executeCommand(): void
72 {
73 // determine next class in the call structure
74 $next_class = $this->ctrl->getNextClass($this);
75
76 switch ($next_class) {
77 case 'ilrepositorysearchgui':
78 $rep_search = new ilRepositorySearchGUI();
79 $this->ctrl->setReturn($this, 'perminfo');
80 $this->ctrl->forwardCommand($rep_search);
81 break;
82
83 default:
84 $cmd = $this->ctrl->getCmd();
85 $this->$cmd();
86 break;
87 }
88 }
89
94 public function perminfo(): void
95 {
96 $tpl = new ilTemplate("tpl.info_layout.html", false, false, "Services/AccessControl");
97
98 $tpl->setVariable("INFO_SUMMARY", $this->accessStatusInfo());
99 $tpl->setVariable("INFO_PERMISSIONS", $this->accessPermissionsTable());
100 $tpl->setVariable("INFO_ROLES", $this->availableRolesTable());
101 $tpl->setVariable("INFO_REMARK_INTERRUPTED", $this->lng->txt('info_remark_interrupted'));
102 $this->tpl->setVariable("ADM_CONTENT", $tpl->get());
103 $this->addToolbar();
104 }
105
109 public function addToolbar(): void
110 {
111 $this->toolbar->setFormAction($this->ctrl->getFormAction($this, "perminfo"));
112 $this->toolbar->addText($this->lng->txt('user'));
113
114 $login = new ilTextInputGUI($this->lng->txt("username"), "user_login");
115 $login->setDataSource($this->ctrl->getLinkTargetByClass(array(get_class($this),
116 'ilRepositorySearchGUI'
117 ), 'doUserAutoComplete', '', true));
118 $login->setSize(15);
119 $login->setValue($this->user->getLogin());
120 $this->toolbar->addInputItem($login);
121 $this->toolbar->addFormButton($this->lng->txt("info_change_user_view"), "perminfo");
122 }
123
127 public function accessStatusInfo(): string
128 {
129 $info = new ilInfoScreenGUI(new stdClass());
130 $info->setFormAction($this->ctrl->getFormAction($this));
131
132 $info->addSection($this->lng->txt("info_access_and_status_info"));
133
134 foreach ($this->getAccessStatusInfoData() as $data) {
135 $info->addProperty($data[0], $data[1]);
136 }
137
138 return $info->getHTML();
139 }
140
144 public function accessPermissionsTable(): string
145 {
146 $table = new ilAccessPermissionsStatusTableGUI($this, "perminfo");
147
148 $table->setData($this->getAccessPermissionTableData());
149 $table->setTitle($this->lng->txt("info_access_permissions"));
150
151 return $table->getHTML();
152 }
153
158 private function availableRolesTable(): string
159 {
160 $table = new ilAvailableRolesStatusTableGUI($this, "perminfo");
161
162 $table->setData($this->getAvailableRolesTableData());
163 $table->setTitle($this->lng->txt("info_available_roles"));
164
165 return $table->getHTML();
166 }
167
171 public function getAssignedValidRoles(): array
172 {
173 $assigned_valid_roles = array();
174
175 $ops = [];
176 foreach ($this->valid_roles as $role) {
177 $role_id = (int) $role["obj_id"];
178 if (in_array($role_id, $this->user_roles)) {
179 if ($role_id === SYSTEM_ROLE_ID) {
180 // get all possible operation of current object
181 $ops_list = ilRbacReview::_getOperationList($this->object->getType());
182
183 foreach ($ops_list as $ops_data) {
184 $ops[] = (int) $ops_data['ops_id'];
185 }
186
187 $role['ops'] = $ops;
188 } else {
189 $role['ops'] = $this->rbacreview->getRoleOperationsOnObject(
190 $role_id,
191 $this->object->getRefId()
192 );
193 }
194
195 $role['translation'] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
196 $assigned_valid_roles[] = $role;
197 }
198 }
199 $this->assigned_valid_roles = $assigned_valid_roles;
200 return $assigned_valid_roles;
201 }
202
206 public function getCommands(string $a_type): array
207 {
208 global $DIC;
209
210 $objDefinition = $DIC['objDefinition'];
211
212 $class = $objDefinition->getClassName($a_type);
213 $location = $objDefinition->getLocation($a_type);
214 $full_class = "ilObj" . $class . "Access";
215
216 $cmds = call_user_func(array($full_class, "_getCommands"));
217
218 $cmds[] = array('permission' => 'visible', 'cmd' => 'info');
219
220 return $cmds;
221 }
222
226 public function getUser(): ilObjUser
227 {
228 global $DIC;
229
230 $user_login = '';
231 if ($DIC->http()->wrapper()->post()->has('user_login')) {
232 $user_login = $DIC->http()->wrapper()->post()->retrieve(
233 'user_login',
234 $DIC->refinery()->kindlyTo()->string()
235 );
236 }
237 if (!strlen($user_login)) {
238 return $DIC->user();
239 }
240 $user_id = ilObjUser::_lookupId($user_login);
241 $user = ilObjectFactory::getInstanceByObjId($user_id, false);
242 if (!$user instanceof ilObjUser || $user->getType() != 'usr') {
243 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('info_err_user_not_exist'));
244 return $DIC->user();
245 }
246 $this->tpl->setOnScreenMessage('success', $this->lng->txt('info_user_view_changed'));
247 return $user;
248 }
249
253 public function getAccessStatusInfoData(): array
254 {
255 global $DIC;
256
257 $ilAccess = $DIC['ilAccess'];
258 $infos = array();
259
260 $result_set[0][] = $this->lng->txt('user');
261 $result_set[0][] = $this->user->getFullname() . " (#" . $this->user->getId() . ")";
262
263 $assigned_valid_roles = array();
264
265 foreach ($this->getAssignedValidRoles() as $role) {
266 $assigned_valid_roles[] = $role["translation"];
267 }
268
269 $roles_str = implode(", ", $assigned_valid_roles);
270
271 $result_set[1][] = $this->lng->txt("roles");
272 $result_set[1][] = $roles_str;
273
274 $result_set[2][] = $this->lng->txt("status");
275
276 $ilAccess->clear();
277 $ilAccess->checkAccessOfUser(
278 $this->user->getId(),
279 'read',
280 '',
281 $this->object->getRefId(),
282 $this->object->getType(),
283 $this->object->getId()
284 );
285
286 $infos = array_merge($infos, $ilAccess->getInfo());
287
288 $cmds = $this->getCommands($this->object->getType());
289
290 foreach ($cmds as $cmd) {
291 if (count($cmd) === 0) {
292 continue;
293 }
294 $ilAccess->clear();
295 $ilAccess->doStatusCheck(
296 $cmd['permission'],
297 $cmd['cmd'],
298 $this->object->getRefId(),
299 $this->user->getId(),
300 $this->object->getId(),
301 $this->object->getType()
302 );
303 $infos = array_merge($infos, $ilAccess->getInfo());
304 }
305
306 $alert = "il_ItemAlertProperty";
307 $okay = "il_ItemOkayProperty";
308 $text = "";
309
310 if ($infos === []) {
311 $text = "<span class=\"" . $okay . "\">" . $this->lng->txt("access") . "</span><br/> ";
312 } else {
313 foreach ($infos as $info) {
314 switch ($info['type']) {
315 case ilAccessInfo::IL_STATUS_MESSAGE:
316 $text .= "<span class=\"" . $okay . "\">" . $info['text'] . "</span><br/> ";
317 break;
318
319 case ilAccessInfo::IL_NO_PARENT_ACCESS:
320 $factory = new ilObjectFactory();
321 $obj = $factory->getInstanceByRefId((int) $info['data']);
322 $text .= "<span class=\"" . $alert . "\">" . $info['text'] . " (" . $this->lng->txt("obj_" . $obj->getType()) . " #" . $obj->getId() . ": " . $obj->getTitle() . ")</span><br/> ";
323 break;
324
325 default:
326 $text .= "<span class=\"" . $alert . "\">" . $info['text'] . "</span><br/> ";
327 break;
328
329 }
330 }
331 }
332
333 $result_set[2][] = $text;
334
335 return $result_set;
336 }
337
341 public function getAccessPermissionTableData(): array
342 {
343 global $DIC;
344
345 $ilAccess = $DIC['ilAccess'];
346 $ilObjDataCache = $DIC['ilObjDataCache'];
347 $objDefinition = $DIC['objDefinition'];
348
349 // get all possible operation of current object
350 $ops_list = ilRbacReview::_getOperationList($this->object->getType());
351
352 $counter = 0;
353 $result_set = array();
354
355 // check permissions of user
356 foreach ($ops_list as $ops) {
357 $access = $ilAccess->doRBACCheck(
358 $ops['operation'],
359 "info",
360 $this->object->getRefId(),
361 $this->user->getId(),
362 $this->object->getType()
363 );
364
365 $result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK;
366
367 if (substr($ops['operation'], 0, 7) == "create_" &&
368 $objDefinition->isPlugin(substr($ops['operation'], 7))) {
369 $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
370 substr($ops['operation'], 7),
371 'obj_' . substr($ops['operation'], 7)
372 );
373 } elseif ($objDefinition->isPlugin($this->object->getType())) {
374 $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
375 $this->object->getType(),
376 $this->object->getType() . "_" . $ops['operation']
377 );
378 } elseif (substr($ops['operation'], 0, 7) == 'create_') {
379 $result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']);
380 } else {
381 $result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']);
382 }
383
384 $list_role = [];
385
386 // Check ownership
387 if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
388 if (
389 (substr($ops['operation'], 0, 7) != 'create_') and
390 ($ops['operation'] != 'edit_permission') and
391 ($ops['operation'] != 'edit_leanring_progress')
392 ) {
393 $list_role[] = $this->lng->txt('info_owner_of_object');
394 }
395 }
396 // get operations on object for each assigned role to user
397 foreach ($this->getAssignedValidRoles() as $role) {
398 if (in_array($ops['ops_id'], $role['ops'])) {
399 $list_role[] = $role['translation'];
400 }
401 }
402
403 if (empty($list_role)) {
404 $list_role[] = $this->lng->txt('none');
405 }
406
407 $result_set[$counter]["role_ownership"] = $list_role;
408
409 ++$counter;
410 }
411
412 return $result_set;
413 }
414
418 private function getAvailableRolesTableData(): array
419 {
420 global $DIC;
421
422 $tree = $DIC['tree'];
423
424 $path = array_reverse($tree->getPathId($this->object->getRefId()));
425
426 $counter = 0;
427
428 $result_set = [];
429 foreach ($this->valid_roles as $role) {
430 $role_id = (int) $role["obj_id"];
431 $result_set[$counter]["img"] = in_array(
432 $role_id,
433 $this->user_roles
434 ) ? self::IMG_OK : self::IMG_NOT_OK;
435
436 if (is_subclass_of($this->object, ilObjectPlugin::class) && $role["parent"] == $this->object->getRefId()) {
437 $result_set[$counter][] = ilObjectPlugin::lookupTxtById(
438 $this->object->getType(),
439 ilObjRole::_removeObjectId($role["title"])
440 );
441 } else {
442 $result_set[$counter][] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
443 }
444
445 $result_set[$counter]["role"] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
446
447
448 if ($role['role_type'] != "linked") {
449 $result_set[$counter]["effective_from"] = "";
450 } else {
451 $rolfs = $this->rbacreview->getFoldersAssignedToRole($role_id);
452
453 // ok, try to match the next rolf in path
454 foreach ($path as $node) {
455 if ($node == 1) {
456 break;
457 }
458
459 if (in_array($node, $rolfs)) {
460 $nodedata = $tree->getNodeData($node);
461 $result_set[$counter]["effective_from"] = $nodedata["title"];
462 $result_set[$counter]["effective_from_ref_id"] = $node;
463 break;
464 }
465 }
466 }
467
468 if (in_array($role['obj_id'], $this->global_roles)) {
469 $result_set[$counter]["original_position"] = $this->lng->txt("global");
470 $result_set[$counter]["original_position_ref_id"] = false;
471 } else {
472 $rolf = $this->rbacreview->getFoldersAssignedToRole($role_id, true);
473 $parent_node = $tree->getNodeData($rolf[0]);
474 if (!array_key_exists('ref_id', $parent_node)) {
475 unset($result_set[$counter]);
476 continue;
477 }
478 $result_set[$counter]['original_position'] = $parent_node['title'];
479 $result_set[$counter]['original_position_ref_id'] = $parent_node['ref_id'];
480 }
481
482 ++$counter;
483 }
484 return $result_set;
485 }
486}
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
ilAccessPermissionsStatusTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessPermissionsStatusTableGUI.php:27
ilAvailableRolesStatusTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAvailableRolesStatusTableGUI.php:27
ilInfoScreenGUI
Class ilInfoScreenGUI.
Definition: class.ilInfoScreenGUI.php:31
ilLanguage
language handling
Definition: class.ilLanguage.php:44
ilObjRole\_removeObjectId
static _removeObjectId(string $a_role_title)
Definition: class.ilObjRole.php:386
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjUser
User class.
Definition: class.ilObjUser.php:28
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilObjectFactory
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectFactory.php:33
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectPermissionStatusGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectPermissionStatusGUI.php:29
ilObjectPermissionStatusGUI\accessStatusInfo
accessStatusInfo()
Access- and Statusinformation Info.
Definition: class.ilObjectPermissionStatusGUI.php:127
ilObjectPermissionStatusGUI\__construct
__construct(ilObject $a_obj)
Constructor @access public.
Definition: class.ilObjectPermissionStatusGUI.php:50
ilObjectPermissionStatusGUI\accessPermissionsTable
accessPermissionsTable()
Access Permissions Table.
Definition: class.ilObjectPermissionStatusGUI.php:144
ilObjectPermissionStatusGUI\getAccessPermissionTableData
getAccessPermissionTableData()
Access Permissions Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:341
ilObjectPermissionStatusGUI\getAvailableRolesTableData
getAvailableRolesTableData()
Available Roles Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:418
ilObjectPlugin\lookupTxtById
static lookupTxtById(string $plugin_id, string $lang_var)
Definition: class.ilObjectPlugin.php:55
ilObject
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObject.php:30
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1126
ilTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilTemplate.php:17
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:27
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:26
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$DIC
global $DIC
Definition: feed.php:28
ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:26
ilGlobalTemplateInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilGlobalTemplateInterface.php:25
ilGlobalTemplateInterface\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ilGlobalTemplateInterface\get
get(string $part=self::DEFAULT_BLOCK)
Renders the given block and returns the html string.
$path
$path
Definition: ltiservices.php:32
$factory
$factory
Definition: metadata.php:75