ILIAS  release_8 Revision v8.24
class.ilPermissionGUI.php
Go to the documentation of this file.
1<?php
19declare(strict_types=1);
20
31class ilPermissionGUI extends ilPermission2GUI
32{
33 protected const CMD_PERM_POSITIONS = 'permPositions';
34 public const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
35
36 protected object $current_obj;
37
38 protected ilRecommendedContentManager $recommended_content_manager;
39 protected ilToolbarGUI $toolbar;
40 protected \ILIAS\HTTP\Wrapper\WrapperFactory $wrapper;
41
42 public function __construct(object $a_gui_obj)
43 {
44 global $DIC;
45
46 $this->wrapper = $DIC->http()->wrapper();
47 $this->toolbar = $DIC->toolbar();
48 parent::__construct($a_gui_obj);
49 $this->recommended_content_manager = new ilRecommendedContentManager();
50 }
51
57 public function executeCommand(): void
58 {
59 // access to all functions in this class are only allowed if edit_permission is granted
60 if (!$this->rbacsystem->checkAccess("edit_permission", $this->gui_obj->getObject()->getRefId())) {
61 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
62 $this->ctrl->redirect($this->gui_obj);
63 }
64 $next_class = $this->ctrl->getNextClass($this);
65 switch ($next_class) {
66 case "ilobjrolegui":
67
68 $role_id = 0;
69 if ($this->http->wrapper()->query()->has('obj_id')) {
70 $role_id = $this->http->wrapper()->query()->retrieve(
71 'obj_id',
72 $this->refinery->kindlyTo()->int()
73 );
74 }
75 $this->ctrl->setReturn($this, 'perm');
76 $this->gui_obj = new ilObjRoleGUI("", $role_id, false, false);
77 $this->ctrl->forwardCommand($this->gui_obj);
78 break;
79
80 case 'ildidactictemplategui':
81 $this->ctrl->setReturn($this, 'perm');
82 $did = new ilDidacticTemplateGUI($this->gui_obj);
83 $this->ctrl->forwardCommand($did);
84 break;
85
86 case 'ilrepositorysearchgui':
87 // used for owner autocomplete
88 $rep_search = new ilRepositorySearchGUI();
89 $this->ctrl->forwardCommand($rep_search);
90 break;
91
92 case 'ilobjectpermissionstatusgui':
93 $this->__initSubTabs("perminfo");
94 $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->getObject());
95 $this->ctrl->forwardCommand($perm_stat);
96 break;
97
98 default:
99 $cmd = $this->ctrl->getCmd();
100 $this->$cmd();
101 break;
102 }
103 }
104
105 public function getCurrentObject(): object
106 {
107 return $this->gui_obj->getObject();
108 }
109
113 protected function confirmTemplateSwitch(): void
114 {
115 $this->ctrl->setReturn($this, 'perm');
116 $this->ctrl->setCmdClass('ildidactictemplategui');
117 $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
118 $this->ctrl->forwardCommand($dtpl_gui);
119 }
120
121 public function perm(ilTable2GUI $table = null): void
122 {
123 $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
124 if ($dtpl->appendToolbarSwitch(
125 $this->toolbar,
126 $this->getCurrentObject()->getType(),
127 $this->getCurrentObject()->getRefId()
128 )) {
129 $this->toolbar->addSeparator();
130 }
131
132 if ($this->objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) && !$this->isAdministrationObject()
133 ) {
134 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
135
136 if (!$this->isAdminRoleFolder()) {
137 $this->toolbar->addButton(
138 $this->lng->txt('rbac_add_new_local_role'),
139 $this->ctrl->getLinkTarget($this, 'displayAddRoleForm')
140 );
141 }
142 $this->toolbar->addButton(
143 $this->lng->txt('rbac_import_role'),
144 $this->ctrl->getLinkTarget($this, 'displayImportRoleForm')
145 );
146 }
147 $this->__initSubTabs("perm");
148
149 if (!$table instanceof ilTable2GUI) {
150 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
151 }
152 $table->parse();
153 $this->tpl->setContent($table->getHTML());
154 }
155
156 protected function isAdminRoleFolder(): bool
157 {
158 return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
159 }
160
161 protected function isAdministrationObject(): bool
162 {
163 return $this->getCurrentObject()->getType() == 'adm';
164 }
165
169 protected function isInAdministration(): bool
170 {
171 return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
172 }
173
174 protected function applyFilter(): void
175 {
176 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
177 $table->resetOffset();
178 $table->writeFilterToSession();
179 $this->perm($table);
180 }
181
182 protected function resetFilter(): void
183 {
184 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
185 $table->resetOffset();
186 $table->resetFilter();
187 $this->perm($table);
188 }
189
190 public function applyRoleFilter(array $a_roles, int $a_filter_id): array
191 {
192 // Always delete administrator role from view
193 if (isset($a_roles[SYSTEM_ROLE_ID])) {
194 unset($a_roles[SYSTEM_ROLE_ID]);
195 }
196
197 switch ($a_filter_id) {
198 // all roles in context
199 case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
200 return $a_roles;
201
202 // only global roles
203 case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
204 $arr_global_roles = $this->rbacreview->getGlobalRoles();
205 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
206 foreach ($arr_remove_roles as $role_id) {
207 unset($a_roles[$role_id]);
208 }
209 return $a_roles;
210
211 // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
212 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
213 $arr_global_roles = $this->rbacreview->getGlobalRoles();
214 foreach ($arr_global_roles as $role_id) {
215 unset($a_roles[$role_id]);
216 }
217 return $a_roles;
218
219 // only roles which use a local policy
220 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
221 $arr_local_roles = $this->rbacreview->getRolesOfObject($this->getCurrentObject()->getRefId());
222 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
223 foreach ($arr_remove_roles as $role_id) {
224 unset($a_roles[$role_id]);
225 }
226 return $a_roles;
227
228 // only true local role defined at current position
229 case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
230 $arr_local_roles = $this->rbacreview->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
231 $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
232 foreach ($arr_remove_roles as $role_id) {
233 unset($a_roles[$role_id]);
234 }
235 return $a_roles;
236
237 default:
238 return $a_roles;
239 }
240 }
241
242 protected function savePermissions(): void
243 {
244 global $DIC;
245
246 $rbacreview = $DIC['rbacreview'];
247 $objDefinition = $DIC['objDefinition'];
248 $rbacadmin = $DIC['rbacadmin'];
249
250 $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
251
252 $roles = $this->applyRoleFilter(
253 $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
254 (int) $table->getFilterItemByPostVar('role')->getValue()
255 );
256
257 // Log history
258 $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
259
260 # all possible create permissions
261 $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
262 $this->getCurrentObject()->getType(),
263 'create'
264 );
265
266 # createable (activated) create permissions
267 $create_types = $objDefinition->getCreatableSubObjects(
268 $this->getCurrentObject()->getType()
269 );
270 $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
271
272 $post_perm = $this->wrapper->post()->has('perm')
273 ? $this->wrapper->post()->retrieve(
274 'perm',
275 $this->refinery->kindlyTo()->dictOf(
276 $this->refinery->kindlyTo()->dictOf(
277 $this->refinery->kindlyTo()->int()
278 )
279 )
280 )
281 : [];
282
283 foreach ($roles as $role => $role_data) {
284 if ($role_data['protected']) {
285 continue;
286 }
287
288 $new_ops = array_keys((array) ($post_perm[$role] ?? []));
289 $old_ops = $rbacreview->getRoleOperationsOnObject(
290 $role,
291 $this->getCurrentObject()->getRefId()
292 );
293
294 // Add operations which were enabled and are not activated.
295 foreach ($possible_ops_ids as $create_ops_id) {
296 if (in_array($create_ops_id, $createable_ops_ids)) {
297 continue;
298 }
299 if (in_array($create_ops_id, $old_ops)) {
300 $new_ops[] = $create_ops_id;
301 }
302 }
303
304 $rbacadmin->revokePermission(
305 $this->getCurrentObject()->getRefId(),
306 $role
307 );
308
309 $rbacadmin->grantPermission(
310 $role,
311 array_unique($new_ops),
312 $this->getCurrentObject()->getRefId()
313 );
314 }
315
316 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
317 $inherit_post = $this->wrapper->post()->has('inherit')
318 ? $this->wrapper->post()->retrieve(
319 'inherit',
320 $this->refinery->kindlyTo()->dictOf(
321 $this->refinery->kindlyTo()->bool()
322 )
323 )
324 : [];
325
326 foreach ($roles as $role) {
327 $obj_id = (int) $role['obj_id'];
328 $parent_id = (int) $role['parent'];
329 // No action for local roles
330 if ($parent_id === $this->getCurrentObject()->getRefId() && $role['assign'] === 'y') {
331 continue;
332 }
333 // Nothing for protected roles
334 if ($role['protected']) {
335 continue;
336 }
337 // Stop local policy
338 if (
339 $parent_id === $this->getCurrentObject()->getRefId()
340 && !isset($inherit_post[$obj_id])
341 && !$rbacreview->isBlockedAtPosition($obj_id, $this->getCurrentObject()->getRefId())
342 ) {
343 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
344 $role_obj = ilObjectFactory::getInstanceByObjId($obj_id);
345 $role_obj->setParent($this->getCurrentObject()->getRefId());
346 $role_obj->delete();
347 continue;
348 }
349 // Add local policy
350 if (
351 $parent_id !== $this->getCurrentObject()->getRefId()
352 && isset($inherit_post[$obj_id])
353 ) {
354 ilLoggerFactory::getLogger('ac')->debug('Create local policy');
355 $rbacadmin->copyRoleTemplatePermissions(
356 $obj_id,
357 $parent_id,
358 $this->getCurrentObject()->getRefId(),
359 $obj_id
360 );
361 ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
362 $rbacadmin->assignRoleToFolder($obj_id, $this->getCurrentObject()->getRefId(), 'n');
363 }
364 }
365 }
366
367 // Protect permissions
368 if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
369 $protected_post = $this->wrapper->post()->has('protect')
370 ? $this->wrapper->post()->retrieve(
371 'protect',
372 $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
373 )
374 : [];
375 foreach ($roles as $role) {
376 $obj_id = (int) $role['obj_id'];
377 if ($rbacreview->isAssignable($obj_id, $this->getCurrentObject()->getRefId())) {
378 if (isset($protected_post[$obj_id]) &&
379 !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $obj_id)) {
380 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $obj_id, 'y');
381 } elseif (!isset($protected_post[$obj_id]) &&
382 $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $obj_id)) {
383 $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $obj_id, 'n');
384 }
385 }
386 }
387 }
388
389 $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
390 $log = ilRbacLog::diffFaPa($log_old, $log_new);
391 ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
392
393 $blocked_info = $this->getModifiedBlockedSettings();
394 ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
395 if ($blocked_info['num'] > 0) {
396 $this->showConfirmBlockRole($blocked_info);
397 return;
398 }
399 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
400 $this->ctrl->redirect($this, 'perm');
401 #$this->perm();
402 }
403
404 protected function showConfirmBlockRole(array $a_blocked_info): void
405 {
406 $info = '';
407 if ($a_blocked_info['new_blocked']) {
408 $info .= $this->lng->txt('role_confirm_block_role_info');
409 if ($a_blocked_info['new_unblocked']) {
410 $info .= '<br /><br />';
411 }
412 }
413 if ($a_blocked_info['new_unblocked']) {
414 $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
415 }
416
417 $this->tpl->setOnScreenMessage('info', $info);
418
419 $confirm = new ilConfirmationGUI();
420 $confirm->setFormAction($this->ctrl->getFormAction($this));
421 $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
422 $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
423 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
424
425 foreach ($a_blocked_info['new_blocked'] as $role_id) {
426 $confirm->addItem(
427 'new_block[]',
428 (string) $role_id,
429 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
430 );
431 }
432 foreach ($a_blocked_info['new_unblocked'] as $role_id) {
433 $confirm->addItem(
434 'new_unblock[]',
435 (string) $role_id,
436 ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
437 );
438 }
439 $this->tpl->setContent($confirm->getHTML());
440 }
441
442 protected function modifyBlockRoles(): void
443 {
444 $this->blockRoles(
445 $this->wrapper->post()->has('new_block')
446 ? $this->wrapper->post()->retrieve(
447 'new_block',
448 $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
449 )
450 : []
451 );
452 $this->unblockRoles($this->wrapper->post()->has('new_unblock')
453 ? $this->wrapper->post()->retrieve(
454 'new_unblock',
455 $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
456 )
457 : []);
458
459 $this->tpl->setOnScreenMessage('info', $this->lng->txt('settings_saved'));
460 $this->ctrl->redirect($this, 'perm');
461 }
462
466 protected function unblockRoles($roles): void
467 {
468 foreach ($roles as $role) {
469 // delete local policy
470 ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
471 $role_obj = ilObjectFactory::getInstanceByObjId($role);
472 $role_obj->setParent($this->getCurrentObject()->getRefId());
473 $role_obj->delete();
474
475 $role_obj->changeExistingObjects(
476 $this->getCurrentObject()->getRefId(),
477 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
478 ['all']
479 );
480
481 // finally set blocked status
482 $this->rbacadmin->setBlockedStatus(
483 $role,
484 $this->getCurrentObject()->getRefId(),
485 false
486 );
487 }
488 }
489
490 protected function blockRoles($roles): void
491 {
492 foreach ($roles as $role) {
493 // Set assign to 'y' only if it is a local role
494 $assign = $this->rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
495
496 // Delete permissions
497 $this->rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
498
499 // Delete template permissions
500 $this->rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
501
502 $this->rbacadmin->assignRoleToFolder(
503 $role,
504 $this->getCurrentObject()->getRefId(),
505 $assign
506 );
507
508 // finally set blocked status
509 $this->rbacadmin->setBlockedStatus(
510 $role,
511 $this->getCurrentObject()->getRefId(),
512 true
513 );
514 }
515 }
516
517 public static function hasContainerCommands(string $a_type): bool
518 {
519 global $DIC;
520
521 $objDefinition = $DIC['objDefinition'];
522 return $objDefinition->isContainer($a_type) && $a_type != 'root' && $a_type != 'adm' && $a_type != 'rolf';
523 }
524
525 protected function displayImportRoleForm(ilPropertyFormGUI $form = null): void
526 {
527 $this->tabs->clearTargets();
528
529 if (!$form) {
530 $form = $this->initImportForm();
531 }
532 $this->tpl->setContent($form->getHTML());
533 }
534
535 protected function doImportRole(): void
536 {
537 $form = $this->initImportForm();
538 if ($form->checkInput()) {
539 try {
540
541 // For global roles set import id to parent of current ref_id (adm)
542 $imp = new ilImport($this->getCurrentObject()->getRefId());
543 $imp->getMapping()->addMapping(
544 'Services/AccessControl',
545 'rolf',
546 '0',
547 (string) $this->getCurrentObject()->getRefId()
548 );
549
550 $imp->importObject(
551 null,
552 $_FILES["importfile"]["tmp_name"],
553 $_FILES["importfile"]["name"],
554 'role'
555 );
556 $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_role_imported'), true);
557 $this->ctrl->redirect($this, 'perm');
558 return;
559 } catch (Exception $e) {
560 $this->tpl->setOnScreenMessage('failure', $e->getMessage());
561 $form->setValuesByPost();
562 $this->displayImportRoleForm($form);
563 return;
564 }
565 }
566 $form->setValuesByPost();
567 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
568 $this->displayImportRoleForm($form);
569 }
570
574 protected function initImportForm(): ilPropertyFormGUI
575 {
576 $form = new ilPropertyFormGUI();
577 $form->setFormAction($this->ctrl->getFormAction($this));
578 $form->setTitle($this->lng->txt('rbac_import_role'));
579 $form->addCommandButton('doImportRole', $this->lng->txt('import'));
580 $form->addCommandButton('perm', $this->lng->txt('cancel'));
581
582 $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
583 $zip->setRequired(true);
584 $zip->setSuffixes(['zip']);
585 $form->addItem($zip);
586
587 return $form;
588 }
589
590 protected function initRoleForm(): ilPropertyFormGUI
591 {
592 $form = new ilPropertyFormGUI();
593 $form->setFormAction($this->ctrl->getFormAction($this));
594 $form->setTitle($this->lng->txt('role_new'));
595 $form->addCommandButton('addrole', $this->lng->txt('role_new'));
596 $form->addCommandButton('perm', $this->lng->txt('cancel'));
597
598 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
599 $title->setValidationRegexp('/^(?!il_).*$/');
600 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
601 $title->setSize(40);
602 $title->setMaxLength(70);
603 $title->setRequired(true);
604 $form->addItem($title);
605
606 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
607 $desc->setCols(40);
608 $desc->setRows(3);
609 $form->addItem($desc);
610
611 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
612 $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
613 $pro->setValue("1");
614 $form->addItem($pro);
615
616 $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_add_recommended_content'), 'desktop');
617 $pd->setInfo(
618 str_replace(
619 "%1",
620 $this->getCurrentObject()->getTitle(),
621 $this->lng->txt('rbac_add_recommended_content_info')
622 )
623 );
624 $pd->setValue((string) 1);
625 $form->addItem($pd);
626
627 if (!$this->isInAdministration()) {
628 $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
629 $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), (string) 0);
630 $rights->addOption($option);
631
632 $parent_role_ids = $this->rbacreview->getParentRoleIds($this->gui_obj->getObject()->getRefId(), true);
633 $ids = [];
634 foreach (array_keys($parent_role_ids) as $id) {
635 $ids[] = $id;
636 }
637
638 // Sort ids
639 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
640
641 $key = 0;
642 foreach ($sorted_ids as $id) {
643 $par = $parent_role_ids[$id];
644 if ($par["obj_id"] != SYSTEM_ROLE_ID) {
645 $option = new ilRadioOption(
646 ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt(
647 'obj_rolt'
648 )) . ": " . ilObjRole::_getTranslation($par["title"]),
649 (string) $par["obj_id"]
650 );
651 $option->setInfo($par["desc"] ?? '');
652 $rights->addOption($option);
653 }
654 $key++;
655 }
656 $form->addItem($rights);
657 }
658
659 // Local policy only for containers
660 if ($this->objDefinition->isContainer($this->getCurrentObject()->getType())) {
661 $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
662 $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
663 $form->addItem($check);
664 }
665 return $form;
666 }
667
671 protected function displayAddRoleForm(): void
672 {
673 $this->tabs->clearTargets();
674 $form = $this->initRoleForm();
675 $this->tpl->setContent($form->getHTML());
676 }
677
684 protected function addRole(): void
685 {
686 $form = $this->initRoleForm();
687 if ($form->checkInput()) {
688 $new_title = $form->getInput("title");
689
690 $role = new ilObjRole();
691 $role->setTitle($new_title);
692 $role->setDescription($form->getInput('desc'));
693 $role->create();
694
695 $this->rbacadmin->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
696
697 // protect
698 $this->rbacadmin->setProtected(
699 $this->getCurrentObject()->getRefId(),
700 $role->getId(),
701 $form->getInput('pro') ? 'y' : 'n'
702 );
703
704 // copy rights
705 $right_id_to_copy = (int) $form->getInput("rights");
706 if ($right_id_to_copy) {
707 $parentRoles = $this->rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
708 $this->rbacadmin->copyRoleTemplatePermissions(
709 $right_id_to_copy,
710 $parentRoles[$right_id_to_copy]["parent"],
711 $this->getCurrentObject()->getRefId(),
712 $role->getId(),
713 false
714 );
715
716 if ($form->getInput('existing')) {
717 if ($form->getInput('pro')) {
718 $role->changeExistingObjects(
719 $this->getCurrentObject()->getRefId(),
720 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
721 ['all']
722 );
723 } else {
724 $role->changeExistingObjects(
725 $this->getCurrentObject()->getRefId(),
726 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
727 ['all']
728 );
729 }
730 }
731 }
732
733 // add to desktop items
734 if ($form->getInput("desktop")) {
735 $this->recommended_content_manager->addRoleRecommendation(
736 $role->getId(),
737 $this->getCurrentObject()->getRefId()
738 );
739 }
740
741 $this->tpl->setOnScreenMessage('success', $this->lng->txt("role_added"), true);
742 $this->ctrl->redirect($this, 'perm');
743 } else {
744 $form->setValuesByPost();
745 $this->tpl->setContent($form->getHTML());
746 }
747 }
748
749 protected function getModifiedBlockedSettings(): array
750 {
751 global $DIC;
752
753 $rbacreview = $DIC['rbacreview'];
754
755 $blocked_info['new_blocked'] = [];
756 $blocked_info['new_unblocked'] = [];
757 $blocked_info['num'] = 0;
758 $visible_block = $this->wrapper->post()->has('visible_block')
759 ? $this->wrapper->post()->retrieve(
760 'visible_block',
761 $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
762 )
763 : [];
764 $block_post = $this->wrapper->post()->has('block')
765 ? $this->wrapper->post()->retrieve(
766 'block',
767 $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
768 )
769 : [];
770
771
772 foreach ($visible_block as $role => $one) {
773 $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
774 if (isset($block_post[$role]) && !$blocked) {
775 $blocked_info['new_blocked'][] = $role;
776 $blocked_info['num']++;
777 }
778 if (!isset($block_post[$role]) && $blocked) {
779 $blocked_info['new_unblocked'][] = $role;
780 $blocked_info['num']++;
781 }
782 }
783 return $blocked_info;
784 }
785
786 //
787 // OrgUnit Position Permissions
788 //
789
790 protected function permPositions(): void
791 {
792 $perm = self::CMD_PERM_POSITIONS;
793 $this->__initSubTabs($perm);
794
795 $ref_id = $this->getCurrentObject()->getRefId();
796 $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
797 $table->collectData();
798 $this->tpl->setContent($table->getHTML());
799 }
800
801 protected function savePositionsPermissions(): void
802 {
803 $this->__initSubTabs(self::CMD_PERM_POSITIONS);
804
805 $positions = ilOrgUnitPosition::getArray(null, 'id');
806 $ref_id = $this->getCurrentObject()->getRefId();
807
808 // handle local sets
809 $local_post = $this->wrapper->post()->has('local')
810 ? $this->wrapper->post()->retrieve(
811 'local',
812 $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
813 )
814 : [];
815
816 foreach ($positions as $position_id) {
817 if (isset($local_post[$position_id])) {
818 ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, (int) $position_id);
819 } else {
820 ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, (int) $position_id);
821 }
822 }
823
824 $position_perm_post = $this->wrapper->post()->has('position_perm')
825 ? $this->wrapper->post()->retrieve(
826 'position_perm',
827 $this->refinery->kindlyTo()->dictOf(
828 $this->refinery->kindlyTo()->dictOf(
829 $this->refinery->kindlyTo()->int()
830 )
831 )
832 )
833 : [];
834 ;
835 if ($position_perm_post) {
836 foreach ($position_perm_post as $position_id => $ops) {
837 if (!isset($local_post[$position_id])) {
838 continue;
839 }
840 $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, (int) $position_id);
841 $new_ops = [];
842 foreach ($ops as $op_id => $op) {
843 $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
844 }
845 $ilOrgUnitPermission->setOperations($new_ops);
846 $ilOrgUnitPermission->save();
847 }
848 }
849 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
850 $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
851 }
852}
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$check
$check
Definition: buildRTE.php:81
ActiveRecord\getArray
static getArray(?string $key=null, $values=null)
Definition: class.ActiveRecord.php:656
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:27
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:25
ilDidacticTemplateGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilDidacticTemplateGUI.php:28
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:29
ilImport
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilImport.php:26
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:33
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:27
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectDefinition\getCreatableSubObjects
getCreatableSubObjects(string $obj_type, int $context=self::MODE_REPOSITORY, int $parent_ref_id=null)
Definition: class.ilObjectDefinition.php:556
ilObjectDefinition\isContainer
isContainer(string $obj_name)
Check if object type is container ('crs','fold','grp' ...)
Definition: class.ilObjectDefinition.php:609
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectPermissionStatusGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectPermissionStatusGUI.php:29
ilObjectRolePermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRolePermissionTableGUI.php:27
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilOrgUnitPermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPermissionTableGUI.php:24
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:31
ilPermission2GUI\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilPermission2GUI.php:38
ilPermission2GUI\__initSubTabs
__initSubTabs(string $a_cmd)
Definition: class.ilPermission2GUI.php:131
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:32
ilPermissionGUI\hasContainerCommands
static hasContainerCommands(string $a_type)
Definition: class.ilPermissionGUI.php:517
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Definition: class.ilPermissionGUI.php:525
ilPermissionGUI\__construct
__construct(object $a_gui_obj)
Definition: class.ilPermissionGUI.php:42
ilPermissionGUI\applyRoleFilter
applyRoleFilter(array $a_roles, int $a_filter_id)
Definition: class.ilPermissionGUI.php:190
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:113
ilPermissionGUI\$wrapper
ILIAS HTTP Wrapper WrapperFactory $wrapper
Definition: class.ilPermissionGUI.php:40
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:57
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:671
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:574
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
Definition: class.ilPermissionGUI.php:121
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole(array $a_blocked_info)
Definition: class.ilPermissionGUI.php:404
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:169
ilPermissionGUI\$recommended_content_manager
ilRecommendedContentManager $recommended_content_manager
Definition: class.ilPermissionGUI.php:38
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option 'you may add local roles'.
Definition: class.ilPermissionGUI.php:684
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:31
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:27
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:27
ilRbacAdmin\setProtected
setProtected(int $a_ref_id, int $a_role_id, string $a_value)
Set protected.
Definition: class.ilRbacAdmin.php:736
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder(int $a_rol_id, int $a_parent, string $a_assign="y")
Assigns a role to a role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:677
ilRbacAdmin\revokePermission
revokePermission(int $a_ref_id, int $a_rol_id=0, bool $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:301
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions(int $a_source_id, int $a_source_parent, int $a_dest_parent, int $a_dest_id, bool $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:438
ilRbacAdmin\grantPermission
grantPermission(int $a_rol_id, array $a_ops, int $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:259
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:28
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:75
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilRbacLog\gatherFaPa
static gatherFaPa(int $a_ref_id, array $a_role_ids, bool $a_add_action=false)
Definition: class.ilRbacLog.php:42
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:1043
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds(array $a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:997
ilRbacReview\isProtected
isProtected(int $a_ref_id, int $a_role_id)
ref_id not used yet.
Definition: class.ilRbacReview.php:1030
ilRbacReview\getParentRoleIds
getParentRoleIds(int $a_endnode_id, bool $a_templates=false)
Get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:122
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:446
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass(string $a_type, string $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:770
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:723
ilRecommendedContentManager
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentManager.php:26
ilTable2GUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTable2GUI.php:24
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:27
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:27
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:26
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1223
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
$DIC
global $DIC
Definition: feed.php:28
$ref_id
$ref_id
Definition: ltiauth.php:67
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:37
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
$log
$log
Definition: result.php:33