ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
19 declare(strict_types=1);
20 
31 class ilPermissionGUI extends ilPermission2GUI
32 {
33  protected const CMD_PERM_POSITIONS = 'permPositions';
34  public const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
35 
36  protected object $current_obj;
37 
38  protected ilRecommendedContentManager $recommended_content_manager;
39  protected ilToolbarGUI $toolbar;
40  protected \ILIAS\HTTP\Wrapper\WrapperFactory $wrapper;
41 
42  public function __construct(object $a_gui_obj)
43  {
44  global $DIC;
45 
46  $this->wrapper = $DIC->http()->wrapper();
47  $this->toolbar = $DIC->toolbar();
48  parent::__construct($a_gui_obj);
49  $this->recommended_content_manager = new ilRecommendedContentManager();
50  }
51 
57  public function executeCommand(): void
58  {
59  // access to all functions in this class are only allowed if edit_permission is granted
60  if (!$this->rbacsystem->checkAccess("edit_permission", $this->gui_obj->getObject()->getRefId())) {
61  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
62  $this->ctrl->redirect($this->gui_obj);
63  }
64  $next_class = $this->ctrl->getNextClass($this);
65  switch ($next_class) {
66  case "ilobjrolegui":
67 
68  $role_id = 0;
69  if ($this->http->wrapper()->query()->has('obj_id')) {
70  $role_id = $this->http->wrapper()->query()->retrieve(
71  'obj_id',
72  $this->refinery->kindlyTo()->int()
73  );
74  }
75  $this->ctrl->setReturn($this, 'perm');
76  $this->gui_obj = new ilObjRoleGUI("", $role_id, false, false);
77  $this->ctrl->forwardCommand($this->gui_obj);
78  break;
79 
80  case 'ildidactictemplategui':
81  $this->ctrl->setReturn($this, 'perm');
82  $did = new ilDidacticTemplateGUI($this->gui_obj);
83  $this->ctrl->forwardCommand($did);
84  break;
85 
86  case 'ilrepositorysearchgui':
87  // used for owner autocomplete
88  $rep_search = new ilRepositorySearchGUI();
89  $this->ctrl->forwardCommand($rep_search);
90  break;
91 
92  case 'ilobjectpermissionstatusgui':
93  $this->__initSubTabs("perminfo");
94  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->getObject());
95  $this->ctrl->forwardCommand($perm_stat);
96  break;
97 
98  default:
99  $cmd = $this->ctrl->getCmd();
100  $this->$cmd();
101  break;
102  }
103  }
104 
105  public function getCurrentObject(): object
106  {
107  return $this->gui_obj->getObject();
108  }
109 
113  protected function confirmTemplateSwitch(): void
114  {
115  $this->ctrl->setReturn($this, 'perm');
116  $this->ctrl->setCmdClass('ildidactictemplategui');
117  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
118  $this->ctrl->forwardCommand($dtpl_gui);
119  }
120 
121  public function perm(ilTable2GUI $table = null): void
122  {
123  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
124  if ($dtpl->appendToolbarSwitch(
125  $this->toolbar,
126  $this->getCurrentObject()->getType(),
127  $this->getCurrentObject()->getRefId()
128  )) {
129  $this->toolbar->addSeparator();
130  }
131 
132  if ($this->objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) && !$this->isAdministrationObject()
133  ) {
134  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
135 
136  if (!$this->isAdminRoleFolder()) {
137  $this->toolbar->addButton(
138  $this->lng->txt('rbac_add_new_local_role'),
139  $this->ctrl->getLinkTarget($this, 'displayAddRoleForm')
140  );
141  }
142  $this->toolbar->addButton(
143  $this->lng->txt('rbac_import_role'),
144  $this->ctrl->getLinkTarget($this, 'displayImportRoleForm')
145  );
146  }
147  $this->__initSubTabs("perm");
148 
149  if (!$table instanceof ilTable2GUI) {
150  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
151  }
152  $table->parse();
153  $this->tpl->setContent($table->getHTML());
154  }
155 
156  protected function isAdminRoleFolder(): bool
157  {
158  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
159  }
160 
161  protected function isAdministrationObject(): bool
162  {
163  return $this->getCurrentObject()->getType() == 'adm';
164  }
165 
169  protected function isInAdministration(): bool
170  {
171  return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
172  }
173 
174  protected function applyFilter(): void
175  {
176  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
177  $table->resetOffset();
178  $table->writeFilterToSession();
179  $this->perm($table);
180  }
181 
182  protected function resetFilter(): void
183  {
184  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
185  $table->resetOffset();
186  $table->resetFilter();
187  $this->perm($table);
188  }
189 
190  public function applyRoleFilter(array $a_roles, int $a_filter_id): array
191  {
192  // Always delete administrator role from view
193  if (isset($a_roles[SYSTEM_ROLE_ID])) {
194  unset($a_roles[SYSTEM_ROLE_ID]);
195  }
196 
197  switch ($a_filter_id) {
198  // all roles in context
199  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
200  return $a_roles;
201 
202  // only global roles
203  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
204  $arr_global_roles = $this->rbacreview->getGlobalRoles();
205  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
206  foreach ($arr_remove_roles as $role_id) {
207  unset($a_roles[$role_id]);
208  }
209  return $a_roles;
210 
211  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
212  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
213  $arr_global_roles = $this->rbacreview->getGlobalRoles();
214  foreach ($arr_global_roles as $role_id) {
215  unset($a_roles[$role_id]);
216  }
217  return $a_roles;
218 
219  // only roles which use a local policy
220  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
221  $arr_local_roles = $this->rbacreview->getRolesOfObject($this->getCurrentObject()->getRefId());
222  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
223  foreach ($arr_remove_roles as $role_id) {
224  unset($a_roles[$role_id]);
225  }
226  return $a_roles;
227 
228  // only true local role defined at current position
229  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
230  $arr_local_roles = $this->rbacreview->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
231  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
232  foreach ($arr_remove_roles as $role_id) {
233  unset($a_roles[$role_id]);
234  }
235  return $a_roles;
236 
237  default:
238  return $a_roles;
239  }
240  }
241 
242  protected function savePermissions(): void
243  {
244  global $DIC;
245 
246  $rbacreview = $DIC['rbacreview'];
247  $objDefinition = $DIC['objDefinition'];
248  $rbacadmin = $DIC['rbacadmin'];
249 
250  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
251 
252  $roles = $this->applyRoleFilter(
253  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
254  (int) $table->getFilterItemByPostVar('role')->getValue()
255  );
256 
257  // Log history
258  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
259 
260  # all possible create permissions
261  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
262  $this->getCurrentObject()->getType(),
263  'create'
264  );
265 
266  # createable (activated) create permissions
267  $create_types = $objDefinition->getCreatableSubObjects(
268  $this->getCurrentObject()->getType()
269  );
270  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
271 
272  $post_perm = $this->wrapper->post()->has('perm')
273  ? $this->wrapper->post()->retrieve(
274  'perm',
275  $this->refinery->kindlyTo()->dictOf(
276  $this->refinery->kindlyTo()->dictOf(
277  $this->refinery->kindlyTo()->int()
278  )
279  )
280  )
281  : [];
282 
283  foreach ($roles as $role => $role_data) {
284  if ($role_data['protected']) {
285  continue;
286  }
287 
288  $new_ops = array_keys((array) ($post_perm[$role] ?? []));
289  $old_ops = $rbacreview->getRoleOperationsOnObject(
290  $role,
291  $this->getCurrentObject()->getRefId()
292  );
293 
294  // Add operations which were enabled and are not activated.
295  foreach ($possible_ops_ids as $create_ops_id) {
296  if (in_array($create_ops_id, $createable_ops_ids)) {
297  continue;
298  }
299  if (in_array($create_ops_id, $old_ops)) {
300  $new_ops[] = $create_ops_id;
301  }
302  }
303 
304  $rbacadmin->revokePermission(
305  $this->getCurrentObject()->getRefId(),
306  $role
307  );
308 
309  $rbacadmin->grantPermission(
310  $role,
311  array_unique($new_ops),
312  $this->getCurrentObject()->getRefId()
313  );
314  }
315 
316  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
317  $inherit_post = $this->wrapper->post()->has('inherit')
318  ? $this->wrapper->post()->retrieve(
319  'inherit',
320  $this->refinery->kindlyTo()->dictOf(
321  $this->refinery->kindlyTo()->bool()
322  )
323  )
324  : [];
325 
326  foreach ($roles as $role) {
327  $obj_id = (int) $role['obj_id'];
328  $parent_id = (int) $role['parent'];
329  // No action for local roles
330  if ($parent_id === $this->getCurrentObject()->getRefId() && $role['assign'] === 'y') {
331  continue;
332  }
333  // Nothing for protected roles
334  if ($role['protected']) {
335  continue;
336  }
337  // Stop local policy
338  if (
339  $parent_id === $this->getCurrentObject()->getRefId()
340  && !isset($inherit_post[$obj_id])
341  && !$rbacreview->isBlockedAtPosition($obj_id, $this->getCurrentObject()->getRefId())
342  ) {
343  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
344  $role_obj = ilObjectFactory::getInstanceByObjId($obj_id);
345  $role_obj->setParent($this->getCurrentObject()->getRefId());
346  $role_obj->delete();
347  continue;
348  }
349  // Add local policy
350  if (
351  $parent_id !== $this->getCurrentObject()->getRefId()
352  && isset($inherit_post[$obj_id])
353  ) {
354  ilLoggerFactory::getLogger('ac')->debug('Create local policy');
355  $rbacadmin->copyRoleTemplatePermissions(
356  $obj_id,
357  $parent_id,
358  $this->getCurrentObject()->getRefId(),
359  $obj_id
360  );
361  ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
362  $rbacadmin->assignRoleToFolder($obj_id, $this->getCurrentObject()->getRefId(), 'n');
363  }
364  }
365  }
366 
367  // Protect permissions
368  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
369  $protected_post = $this->wrapper->post()->has('protect')
370  ? $this->wrapper->post()->retrieve(
371  'protect',
372  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
373  )
374  : [];
375  foreach ($roles as $role) {
376  $obj_id = (int) $role['obj_id'];
377  if ($rbacreview->isAssignable($obj_id, $this->getCurrentObject()->getRefId())) {
378  if (isset($protected_post[$obj_id]) &&
379  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $obj_id)) {
380  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $obj_id, 'y');
381  } elseif (!isset($protected_post[$obj_id]) &&
382  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $obj_id)) {
383  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $obj_id, 'n');
384  }
385  }
386  }
387  }
388 
389  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
390  $log = ilRbacLog::diffFaPa($log_old, $log_new);
391  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
392 
393  $blocked_info = $this->getModifiedBlockedSettings();
394  ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
395  if ($blocked_info['num'] > 0) {
396  $this->showConfirmBlockRole($blocked_info);
397  return;
398  }
399  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
400  $this->ctrl->redirect($this, 'perm');
401  #$this->perm();
402  }
403 
404  protected function showConfirmBlockRole(array $a_blocked_info): void
405  {
406  $info = '';
407  if ($a_blocked_info['new_blocked']) {
408  $info .= $this->lng->txt('role_confirm_block_role_info');
409  if ($a_blocked_info['new_unblocked']) {
410  $info .= '<br /><br />';
411  }
412  }
413  if ($a_blocked_info['new_unblocked']) {
414  $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
415  }
416 
417  $this->tpl->setOnScreenMessage('info', $info);
418 
419  $confirm = new ilConfirmationGUI();
420  $confirm->setFormAction($this->ctrl->getFormAction($this));
421  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
422  $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
423  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
424 
425  foreach ($a_blocked_info['new_blocked'] as $role_id) {
426  $confirm->addItem(
427  'new_block[]',
428  (string) $role_id,
429  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
430  );
431  }
432  foreach ($a_blocked_info['new_unblocked'] as $role_id) {
433  $confirm->addItem(
434  'new_unblock[]',
435  (string) $role_id,
436  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
437  );
438  }
439  $this->tpl->setContent($confirm->getHTML());
440  }
441 
442  protected function modifyBlockRoles(): void
443  {
444  $this->blockRoles(
445  $this->wrapper->post()->has('new_block')
446  ? $this->wrapper->post()->retrieve(
447  'new_block',
448  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
449  )
450  : []
451  );
452  $this->unblockRoles($this->wrapper->post()->has('new_unblock')
453  ? $this->wrapper->post()->retrieve(
454  'new_unblock',
455  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
456  )
457  : []);
458 
459  $this->tpl->setOnScreenMessage('info', $this->lng->txt('settings_saved'));
460  $this->ctrl->redirect($this, 'perm');
461  }
462 
466  protected function unblockRoles($roles): void
467  {
468  foreach ($roles as $role) {
469  // delete local policy
470  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
471  $role_obj = ilObjectFactory::getInstanceByObjId($role);
472  $role_obj->setParent($this->getCurrentObject()->getRefId());
473  $role_obj->delete();
474 
475  $role_obj->changeExistingObjects(
476  $this->getCurrentObject()->getRefId(),
477  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
478  ['all']
479  );
480 
481  // finally set blocked status
482  $this->rbacadmin->setBlockedStatus(
483  $role,
484  $this->getCurrentObject()->getRefId(),
485  false
486  );
487  }
488  }
489 
490  protected function blockRoles($roles): void
491  {
492  foreach ($roles as $role) {
493  // Set assign to 'y' only if it is a local role
494  $assign = $this->rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
495 
496  // Delete permissions
497  $this->rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
498 
499  // Delete template permissions
500  $this->rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
501 
502  $this->rbacadmin->assignRoleToFolder(
503  $role,
504  $this->getCurrentObject()->getRefId(),
505  $assign
506  );
507 
508  // finally set blocked status
509  $this->rbacadmin->setBlockedStatus(
510  $role,
511  $this->getCurrentObject()->getRefId(),
512  true
513  );
514  }
515  }
516 
517  public static function hasContainerCommands(string $a_type): bool
518  {
519  global $DIC;
520 
521  $objDefinition = $DIC['objDefinition'];
522  return $objDefinition->isContainer($a_type) && $a_type != 'root' && $a_type != 'adm' && $a_type != 'rolf';
523  }
524 
525  protected function displayImportRoleForm(ilPropertyFormGUI $form = null): void
526  {
527  $this->tabs->clearTargets();
528 
529  if (!$form) {
530  $form = $this->initImportForm();
531  }
532  $this->tpl->setContent($form->getHTML());
533  }
534 
535  protected function doImportRole(): void
536  {
537  $form = $this->initImportForm();
538  if ($form->checkInput()) {
539  try {
540 
541  // For global roles set import id to parent of current ref_id (adm)
542  $imp = new ilImport($this->getCurrentObject()->getRefId());
543  $imp->getMapping()->addMapping(
544  'Services/AccessControl',
545  'rolf',
546  '0',
547  (string) $this->getCurrentObject()->getRefId()
548  );
549 
550  $imp->importObject(
551  null,
552  $_FILES["importfile"]["tmp_name"],
553  $_FILES["importfile"]["name"],
554  'role'
555  );
556  $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_role_imported'), true);
557  $this->ctrl->redirect($this, 'perm');
558  return;
559  } catch (Exception $e) {
560  $this->tpl->setOnScreenMessage('failure', $e->getMessage());
561  $form->setValuesByPost();
562  $this->displayImportRoleForm($form);
563  return;
564  }
565  }
566  $form->setValuesByPost();
567  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
568  $this->displayImportRoleForm($form);
569  }
570 
574  protected function initImportForm(): ilPropertyFormGUI
575  {
576  $form = new ilPropertyFormGUI();
577  $form->setFormAction($this->ctrl->getFormAction($this));
578  $form->setTitle($this->lng->txt('rbac_import_role'));
579  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
580  $form->addCommandButton('perm', $this->lng->txt('cancel'));
581 
582  $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
583  $zip->setRequired(true);
584  $zip->setSuffixes(['zip']);
585  $form->addItem($zip);
586 
587  return $form;
588  }
589 
590  protected function initRoleForm(): ilPropertyFormGUI
591  {
592  $form = new ilPropertyFormGUI();
593  $form->setFormAction($this->ctrl->getFormAction($this));
594  $form->setTitle($this->lng->txt('role_new'));
595  $form->addCommandButton('addrole', $this->lng->txt('role_new'));
596  $form->addCommandButton('perm', $this->lng->txt('cancel'));
597 
598  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
599  $title->setValidationRegexp('/^(?!il_).*$/');
600  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
601  $title->setSize(40);
602  $title->setMaxLength(70);
603  $title->setRequired(true);
604  $form->addItem($title);
605 
606  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
607  $desc->setCols(40);
608  $desc->setRows(3);
609  $form->addItem($desc);
610 
611  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
612  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
613  $pro->setValue("1");
614  $form->addItem($pro);
615 
616  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_add_recommended_content'), 'desktop');
617  $pd->setInfo(
618  str_replace(
619  "%1",
620  $this->getCurrentObject()->getTitle(),
621  $this->lng->txt('rbac_add_recommended_content_info')
622  )
623  );
624  $pd->setValue((string) 1);
625  $form->addItem($pd);
626 
627  if (!$this->isInAdministration()) {
628  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
629  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), (string) 0);
630  $rights->addOption($option);
631 
632  $parent_role_ids = $this->rbacreview->getParentRoleIds($this->gui_obj->getObject()->getRefId(), true);
633  $ids = [];
634  foreach (array_keys($parent_role_ids) as $id) {
635  $ids[] = $id;
636  }
637 
638  // Sort ids
639  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
640 
641  $key = 0;
642  foreach ($sorted_ids as $id) {
643  $par = $parent_role_ids[$id];
644  if ($par["obj_id"] != SYSTEM_ROLE_ID) {
645  $option = new ilRadioOption(
646  ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt(
647  'obj_rolt'
648  )) . ": " . ilObjRole::_getTranslation($par["title"]),
649  (string) $par["obj_id"]
650  );
651  $option->setInfo($par["desc"] ?? '');
652  $rights->addOption($option);
653  }
654  $key++;
655  }
656  $form->addItem($rights);
657  }
658 
659  // Local policy only for containers
660  if ($this->objDefinition->isContainer($this->getCurrentObject()->getType())) {
661  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
662  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
663  $form->addItem($check);
664  }
665  return $form;
666  }
667 
671  protected function displayAddRoleForm(): void
672  {
673  $this->tabs->clearTargets();
674  $form = $this->initRoleForm();
675  $this->tpl->setContent($form->getHTML());
676  }
677 
684  protected function addRole(): void
685  {
686  $form = $this->initRoleForm();
687  if ($form->checkInput()) {
688  $new_title = $form->getInput("title");
689 
690  $role = new ilObjRole();
691  $role->setTitle($new_title);
692  $role->setDescription($form->getInput('desc'));
693  $role->create();
694 
695  $this->rbacadmin->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
696 
697  // protect
698  $this->rbacadmin->setProtected(
699  $this->getCurrentObject()->getRefId(),
700  $role->getId(),
701  $form->getInput('pro') ? 'y' : 'n'
702  );
703 
704  // copy rights
705  $right_id_to_copy = (int) $form->getInput("rights");
706  if ($right_id_to_copy) {
707  $parentRoles = $this->rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
708  $this->rbacadmin->copyRoleTemplatePermissions(
709  $right_id_to_copy,
710  $parentRoles[$right_id_to_copy]["parent"],
711  $this->getCurrentObject()->getRefId(),
712  $role->getId(),
713  false
714  );
715 
716  if ($form->getInput('existing')) {
717  if ($form->getInput('pro')) {
718  $role->changeExistingObjects(
719  $this->getCurrentObject()->getRefId(),
720  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
721  ['all']
722  );
723  } else {
724  $role->changeExistingObjects(
725  $this->getCurrentObject()->getRefId(),
726  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
727  ['all']
728  );
729  }
730  }
731  }
732 
733  // add to desktop items
734  if ($form->getInput("desktop")) {
735  $this->recommended_content_manager->addRoleRecommendation(
736  $role->getId(),
737  $this->getCurrentObject()->getRefId()
738  );
739  }
740 
741  $this->tpl->setOnScreenMessage('success', $this->lng->txt("role_added"), true);
742  $this->ctrl->redirect($this, 'perm');
743  } else {
744  $form->setValuesByPost();
745  $this->tpl->setContent($form->getHTML());
746  }
747  }
748 
749  protected function getModifiedBlockedSettings(): array
750  {
751  global $DIC;
752 
753  $rbacreview = $DIC['rbacreview'];
754 
755  $blocked_info['new_blocked'] = [];
756  $blocked_info['new_unblocked'] = [];
757  $blocked_info['num'] = 0;
758  $visible_block = $this->wrapper->post()->has('visible_block')
759  ? $this->wrapper->post()->retrieve(
760  'visible_block',
761  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
762  )
763  : [];
764  $block_post = $this->wrapper->post()->has('block')
765  ? $this->wrapper->post()->retrieve(
766  'block',
767  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
768  )
769  : [];
770 
771 
772  foreach ($visible_block as $role => $one) {
773  $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
774  if (isset($block_post[$role]) && !$blocked) {
775  $blocked_info['new_blocked'][] = $role;
776  $blocked_info['num']++;
777  }
778  if (!isset($block_post[$role]) && $blocked) {
779  $blocked_info['new_unblocked'][] = $role;
780  $blocked_info['num']++;
781  }
782  }
783  return $blocked_info;
784  }
785 
786  //
787  // OrgUnit Position Permissions
788  //
789 
790  protected function permPositions(): void
791  {
792  $perm = self::CMD_PERM_POSITIONS;
793  $this->__initSubTabs($perm);
794 
795  $ref_id = $this->getCurrentObject()->getRefId();
796  $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
797  $table->collectData();
798  $this->tpl->setContent($table->getHTML());
799  }
800 
801  protected function savePositionsPermissions(): void
802  {
803  $this->__initSubTabs(self::CMD_PERM_POSITIONS);
804 
805  $positions = ilOrgUnitPosition::getArray(null, 'id');
806  $ref_id = $this->getCurrentObject()->getRefId();
807 
808  // handle local sets
809  $local_post = $this->wrapper->post()->has('local')
810  ? $this->wrapper->post()->retrieve(
811  'local',
812  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
813  )
814  : [];
815 
816  foreach ($positions as $position_id) {
817  if (isset($local_post[$position_id])) {
818  ilOrgUnitPermissionQueries::findOrCreateSetForRefId($ref_id, (int) $position_id);
819  } else {
820  ilOrgUnitPermissionQueries::removeLocalSetForRefId($ref_id, (int) $position_id);
821  }
822  }
823 
824  $position_perm_post = $this->wrapper->post()->has('position_perm')
825  ? $this->wrapper->post()->retrieve(
826  'position_perm',
827  $this->refinery->kindlyTo()->dictOf(
828  $this->refinery->kindlyTo()->dictOf(
829  $this->refinery->kindlyTo()->int()
830  )
831  )
832  )
833  : [];
834  ;
835  if ($position_perm_post) {
836  foreach ($position_perm_post as $position_id => $ops) {
837  if (!isset($local_post[$position_id])) {
838  continue;
839  }
840  $ilOrgUnitPermission = ilOrgUnitPermissionQueries::getSetForRefId($ref_id, (int) $position_id);
841  $new_ops = [];
842  foreach ($ops as $op_id => $op) {
843  $new_ops[] = ilOrgUnitOperationQueries::findById($op_id);
844  }
845  $ilOrgUnitPermission->setOperations($new_ops);
846  $ilOrgUnitPermission->save();
847  }
848  }
849  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
850  $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
851  }
852 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
ilRbacLog\gatherFaPa
static gatherFaPa(int $a_ref_id, array $a_role_ids, bool $a_add_action=false)
Definition: class.ilRbacLog.php:42
ilRbacAdmin\grantPermission
grantPermission(int $a_rol_id, array $a_ops, int $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:259
ilOrgUnitPermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPermissionTableGUI.php:23
ActiveRecord\getArray
static getArray(?string $key=null, $values=null)
Definition: class.ActiveRecord.php:656
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:723
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:1043
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions(int $a_source_id, int $a_source_parent, int $a_dest_parent, int $a_dest_id, bool $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:438
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:28
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option &#39;you may add local roles&#39;...
Definition: class.ilPermissionGUI.php:684
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilObjectDefinition\isContainer
isContainer(string $obj_name)
Check if object type is container (&#39;crs&#39;,&#39;fold&#39;,&#39;grp&#39; ...)
Definition: class.ilObjectDefinition.php:609
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:169
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole(array $a_blocked_info)
Definition: class.ilPermissionGUI.php:404
ilImport
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilImport.php:25
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:26
ilRbacAdmin\revokePermission
revokePermission(int $a_ref_id, int $a_rol_id=0, bool $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:301
ilPermission2GUI\__initSubTabs
__initSubTabs(string $a_cmd)
Definition: class.ilPermission2GUI.php:131
ilObjectDefinition\getCreatableSubObjects
getCreatableSubObjects(string $obj_type, int $context=self::MODE_REPOSITORY, int $parent_ref_id=null)
Definition: class.ilObjectDefinition.php:556
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:75
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilPermissionGUI\$recommended_content_manager
ilRecommendedContentManager $recommended_content_manager
Definition: class.ilPermissionGUI.php:38
$DIC
global $DIC
Definition: feed.php:28
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:28
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds(array $a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:997
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass(string $a_type, string $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:770
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Definition: class.ilPermissionGUI.php:525
$ref_id
$ref_id
Definition: ltiauth.php:67
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilDidacticTemplateGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilDidacticTemplateGUI.php:27
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:113
$log
$log
Definition: result.php:33
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilPermissionGUI\hasContainerCommands
static hasContainerCommands(string $a_type)
Definition: class.ilPermissionGUI.php:517
ilRbacReview\getParentRoleIds
getParentRoleIds(int $a_endnode_id, bool $a_templates=false)
Get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:122
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilFormPropertyGUI\setRequired
setRequired(bool $a_required)
Definition: class.ilFormPropertyGUI.php:149
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:671
ilRbacAdmin\setProtected
setProtected(int $a_ref_id, int $a_role_id, string $a_value)
Set protected.
Definition: class.ilRbacAdmin.php:736
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder(int $a_rol_id, int $a_parent, string $a_assign="y")
Assigns a role to a role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:677
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1223
ilPermission2GUI\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilPermission2GUI.php:38
ilPermissionGUI\$wrapper
ILIAS HTTP Wrapper WrapperFactory $wrapper
Definition: class.ilPermissionGUI.php:40
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilPermissionGUI\__construct
__construct(object $a_gui_obj)
Definition: class.ilPermissionGUI.php:42
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:574
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:26
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:57
$check
$check
Definition: buildRTE.php:81
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:31
ilPermissionGUI\applyRoleFilter
applyRoleFilter(array $a_roles, int $a_filter_id)
Definition: class.ilPermissionGUI.php:190
ilObjectRolePermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRolePermissionTableGUI.php:26
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:446
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:30
ilObjectPermissionStatusGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectPermissionStatusGUI.php:28
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
Definition: class.ilPermissionGUI.php:121
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:32
ilRecommendedContentManager
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentManager.php:25
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:24
ilRbacReview\isProtected
isProtected(int $a_ref_id, int $a_role_id)
ref_id not used yet.
Definition: class.ilRbacReview.php:1030