ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilLocalUserGUI.php
Go to the documentation of this file.
1 <?php
2 
19 /* Copyright (c) 1998-2013 ILIAS open source, Extended GPL, see docs/LICENSE */
20 
26 class ilLocalUserGUI
27 {
28  private ilObjectGUI $parentGui;
29  private ilTabsGUI $tabsGui;
30  private ilPropertyFormGUI $form;
31  private ilToolbarGUI $toolbar;
32  private ilCtrl $ctrl;
33  private ilGlobalTemplateInterface $tpl;
35  private $object;
36  private ilLanguage $lng;
37  private ilAccessHandler $access;
38  private ilRbacSystem $rbacSystem;
39  private ilRbacReview $rbacReview;
40  private ilRbacAdmin $rbacAdmin;
41  private ilObjUser $user;
42  private \ILIAS\DI\LoggingServices $logger;
43 
44  public function __construct(ilObjectGUI $parentGui)
45  {
46  global $DIC;
47 
48  $this->parentGui = $parentGui;
49  $this->object = $parentGui->getObject();
50  $this->tpl = $DIC->ui()->mainTemplate();
51  $this->ctrl = $DIC->ctrl();
52  $this->toolbar = $DIC->toolbar();
53  $this->lng = $DIC->language();
54  $this->rbacSystem = $DIC->rbac()->system();
55  $this->rbacReview = $DIC->rbac()->review();
56  $this->rbacAdmin = $DIC->rbac()->admin();
57  $this->user = $DIC->user();
58  $this->access = $DIC->access();
59  $this->tabsGui = $DIC->tabs();
60  $this->logger = $DIC->logger();
61 
62  $this->lng->loadLanguageModule('user');
63  if (!$this->rbacSystem->checkAccess("cat_administrate_users", $this->parentGui->getObject()->getRefId())) {
64  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_no_perm_admin_users"), true);
65  }
66  }
67 
68  public function executeCommand(): bool
69  {
70  $cmd = $this->ctrl->getCmd();
71  switch ($cmd) {
72  case "assignRoles":
73  case "assignSave":
74  $this->tabsGui->clearTargets();
75  $this->tabsGui->setBackTarget(
76  $this->lng->txt("back"),
77  $this->ctrl->getLinkTargetByClass("illocalusergui", 'index')
78  );
79  $this->$cmd();
80  break;
81  default:
82  $this->$cmd();
83  break;
84  }
85 
86  return true;
87  }
88  public function getObject(): ilObjOrgUnit
89  {
90  return $this->object;
91  }
92 
93  protected function resetFilter(): void
94  {
95  $table = new ilUserTableGUI($this, "index", ilUserTableGUI::MODE_LOCAL_USER);
96  $table->resetOffset();
97  $table->resetFilter();
98  $this->index();
99  }
100 
101  protected function applyFilter(): void
102  {
103  $table = new ilUserTableGUI($this, "index", ilUserTableGUI::MODE_LOCAL_USER);
104  $table->resetOffset();
105  $table->writeFilterToSession();
106  $this->index();
107  }
108 
109  public function index(bool $show_delete = false): bool
110  {
111  $this->tpl->addBlockfile(
112  'ADM_CONTENT',
113  'adm_content',
114  'tpl.cat_admin_users.html',
115  "Modules/Category"
116  );
117  if (count($this->rbacReview->getGlobalAssignableRoles())
118  or in_array(SYSTEM_ROLE_ID, $this->rbacReview->assignedRoles($this->user->getId()))
119  ) {
120  $this->toolbar->addButton(
121  $this->lng->txt('add_user'),
122  $this->ctrl->getLinkTargetByClass('ilobjusergui', 'create')
123  );
124  $this->toolbar->addButton(
125  $this->lng->txt('import_users'),
126  $this->ctrl->getLinkTargetByClass('ilobjuserfoldergui', 'importUserForm')
127  );
128  } else {
129  $this->tpl->setOnScreenMessage('info', $this->lng->txt('no_roles_user_can_be_assigned_to'));
130  }
131  if ($show_delete) {
132  $this->tpl->setCurrentBlock("confirm_delete");
133  $this->tpl->setVariable("CONFIRM_FORMACTION", $this->ctrl->getFormAction($this));
134  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt('cancel'));
135  $this->tpl->setVariable("CONFIRM_CMD", 'performDeleteUsers');
136  $this->tpl->setVariable("TXT_CONFIRM", $this->lng->txt('delete'));
137  $this->tpl->parseCurrentBlock();
138  }
139  $table = new ilUserTableGUI($this, 'index', ilUserTableGUI::MODE_LOCAL_USER);
140  $this->tpl->setVariable('USERS_TABLE', $table->getHTML());
141 
142  return true;
143  }
144 
145  protected function addUserAutoCompleteObject(): void
146  {
147  $auto = new ilUserAutoComplete();
148  $auto->setSearchFields(array('login', 'firstname', 'lastname', 'email'));
149  $auto->enableFieldSearchableCheck(true);
150  $auto->setMoreLinkAvailable(true);
151 
152  if (($_REQUEST['fetchall'])) {
153  $auto->setLimit(ilUserAutoComplete::MAX_ENTRIES);
154  }
155 
156  echo $auto->getList($_REQUEST['term']);
157  exit();
158  }
159 
160  public function performDeleteUsers(): bool
161  {
162  $this->checkPermission("cat_administrate_users");
163  foreach ($_POST['user_ids'] as $user_id) {
164  if (!in_array($user_id, ilLocalUser::_getAllUserIds($_GET['ref_id']))) {
165  $this->logger->write(__FILE__ . ":" . __LINE__ . " User with id $user_id could not be found.");
166  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('user_not_found_to_delete'));
167  }
168  if (!$tmp_obj = ilObjectFactory::getInstanceByObjId($user_id, false)) {
169  continue;
170  }
171  $tmp_obj->delete();
172  }
173  $this->tpl->setOnScreenMessage('success', $this->lng->txt('deleted_users'), true);
174  $this->ctrl->redirect($this, 'index');
175 
176  return true;
177  }
178 
179  public function deleteUsers(): void
180  {
181  $this->checkPermission("cat_administrate_users");
182  if (!count($_POST['id'])) {
183  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('no_users_selected'));
184  $this->index();
185  return;
186  }
187  $confirm = new ilConfirmationGUI();
188  $confirm->setFormAction($this->ctrl->getFormAction($this));
189  $confirm->setHeaderText($this->lng->txt('sure_delete_selected_users'));
190  $confirm->setConfirm($this->lng->txt('delete'), 'performDeleteUsers');
191  $confirm->setCancel($this->lng->txt('cancel'), 'index');
192  foreach ($_POST['id'] as $user) {
193  $name = ilObjUser::_lookupName($user);
194  $confirm->addItem(
195  'user_ids[]',
196  $user,
197  $name['lastname'] . ', ' . $name['firstname'] . ' [' . $name['login'] . ']'
198  );
199  }
200  $this->tpl->setContent($confirm->getHTML());
201  }
202 
203 
209  public function assignRoles(): void
210  {
211  if (!$this->access->checkAccess("cat_administrate_users", "", $_GET["ref_id"])) {
212  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("permission_denied"), true);
213  $this->ctrl->redirect($this, "");
214  }
215  $offset = isset($_GET["offset"]) ? $_GET["offset"] : 0;
216  // init sort_by (unfortunatly sort_by is preset with 'title'
217  if (!isset($_GET["sort_by"]) || $_GET["sort_by"] == "title" || empty($_GET["sort_by"])) {
218  $order = "login";
219  } else {
220  $order = $_GET["sort_by"];
221  }
222 
223  $direction = isset($_GET["sort_order"]) ? $_GET["sort_order"] : 'asc';
224  if (!isset($_GET['obj_id'])) {
225  $this->tpl->setOnScreenMessage('failure', 'no_user_selected');
226  $this->index();
227  return;
228  }
229  $roles = $this->getAssignableRoles();
230  $this->tpl->addBlockfile(
231  'ADM_CONTENT',
232  'adm_content',
233  'tpl.cat_role_assignment.html',
234  "Modules/Category"
235  );
236  $ass_roles = $this->rbacReview->assignedRoles($_GET['obj_id']);
237  $counter = 0;
238  foreach ($roles as $role) {
239  $role_obj = ilObjectFactory::getInstanceByObjId($role['obj_id']);
240  $disabled = false;
241  $f_result[$counter][] = ilLegacyFormElementsUtil::formCheckbox(
242  in_array($role['obj_id'], $ass_roles) ? 1 : 0,
243  'role_ids[]',
244  $role['obj_id'],
245  $disabled
246  );
247  $f_result[$counter][] = $role_obj->getTitle();
248  $f_result[$counter][] = $role_obj->getDescription() ? $role_obj->getDescription() : '';
249  $f_result[$counter][] = (isset($role['role_type']) && $role['role_type'] == 'global')
250  ?
251  $this->lng->txt('global')
252  :
253  $this->lng->txt('local');
254  unset($role_obj);
255  ++$counter;
256  }
257  $this->showRolesTable($f_result, "assignRolesObject");
258  }
259 
260  public function assignSave(): bool
261  {
262  if (!$this->access->checkAccess("cat_administrate_users", "", $_GET["ref_id"])) {
263  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("permission_denied"), true);
264  $this->ctrl->redirect($this, "");
265  }
266  // check hack
267  if (!isset($_GET['obj_id']) or !in_array($_REQUEST['obj_id'], ilLocalUser::_getAllUserIds())) {
268  $this->tpl->setOnScreenMessage('failure', 'no_user_selected');
269  $this->index();
270 
271  return true;
272  }
273  $roles = $this->getAssignableRoles();
274  // check minimum one global role
275  if (!$this->checkGlobalRoles($_POST['role_ids'])) {
276  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('no_global_role_left'));
277  $this->assignRolesObject();
278 
279  return false;
280  }
281  $new_role_ids = $_POST['role_ids'] ? $_POST['role_ids'] : array();
282  $assigned_roles = $this->rbacReview->assignedRoles((int) $_REQUEST['obj_id']);
283  foreach ($roles as $role) {
284  if (in_array($role['obj_id'], $new_role_ids) and !in_array($role['obj_id'], $assigned_roles)) {
285  $this->rbacAdmin->assignUser($role['obj_id'], (int) $_REQUEST['obj_id']);
286  }
287  if (in_array($role['obj_id'], $assigned_roles) and !in_array($role['obj_id'], $new_role_ids)) {
288  $this->rbacAdmin->deassignUser($role['obj_id'], (int) $_REQUEST['obj_id']);
289  }
290  }
291  $this->tpl->setOnScreenMessage('success', $this->lng->txt('role_assignment_updated'));
292  $this->assignRoles();
293 
294  return true;
295  }
296 
297  public function checkGlobalRoles($new_assigned): bool
298  {
299  if (!$this->access->checkAccess("cat_administrate_users", "", $_GET["ref_id"])) {
300  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("permission_denied"), true);
301  $this->ctrl->redirect($this, "");
302  }
303  // return true if it's not a local user
304  $tmp_obj = ilObjectFactory::getInstanceByObjId($_REQUEST['obj_id']);
305  if ($tmp_obj->getTimeLimitOwner() != $this->object->getRefId() and
306  !in_array(SYSTEM_ROLE_ID, $this->rbacReview->assignedRoles($this->user->getId()))
307  ) {
308  return true;
309  }
310  // new assignment by form
311  $new_assigned = $new_assigned ? $new_assigned : array();
312  $assigned = $this->rbacReview->assignedRoles((int) $_GET['obj_id']);
313  // all assignable globals
314  if (!in_array(SYSTEM_ROLE_ID, $this->rbacReview->assignedRoles($this->user->getId()))) {
315  $ga = $this->rbacReview->getGlobalAssignableRoles();
316  } else {
317  $ga = $this->rbacReview->getGlobalRolesArray();
318  }
319  $global_assignable = array();
320  foreach ($ga as $role) {
321  $global_assignable[] = $role['obj_id'];
322  }
323  $new_visible_assigned_roles = array_intersect($new_assigned, $global_assignable);
324  $all_assigned_roles = array_intersect($assigned, $this->rbacReview->getGlobalRoles());
325  $main_assigned_roles = array_diff($all_assigned_roles, $global_assignable);
326  if (!count($new_visible_assigned_roles) and !count($main_assigned_roles)) {
327  return false;
328  }
329 
330  return true;
331  }
332 
333 
338  public function getAssignableRoles(): array
339  {
340  // check local user
341  $tmp_obj = ilObjectFactory::getInstanceByObjId($_REQUEST['obj_id']);
342  // Admin => all roles
343  if (in_array(SYSTEM_ROLE_ID, $this->rbacReview->assignedRoles($this->user->getId())) === true) {
344  $global_roles = $this->rbacReview->getGlobalRolesArray();
345  } elseif ($tmp_obj->getTimeLimitOwner() == $this->object->getRefId()) {
346  $global_roles = $this->rbacReview->getGlobalAssignableRoles();
347  } else {
348  $global_roles = array();
349  }
350 
351  return array_merge($global_roles, $this->rbacReview->getAssignableChildRoles($this->object->getRefId()));
352  }
353 
354 
361  public function showRolesTable($a_result_set, $a_from = ""): bool
362  {
363  if ($this->access->checkAccess("cat_administrate_users", "", $_GET["ref_id"]) === false) {
364  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("permission_denied"), true);
365  $this->ctrl->redirect($this, "");
366  }
367  $tbl = $this->initTableGUI();
368  $tpl = $tbl->getTemplateObject();
369  // SET FORMAACTION
370  $tpl->setCurrentBlock("tbl_form_header");
371  $this->ctrl->setParameter($this, 'obj_id', $_GET['obj_id']);
372  $tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
373  $tpl->parseCurrentBlock();
374  // SET FOOTER BUTTONS
375  $tpl->setVariable("IMG_ARROW", ilUtil::getImagePath("arrow_downright.svg"));
376  $tpl->setVariable("BTN_NAME", "assignSave");
377  $tpl->setVariable("BTN_VALUE", $this->lng->txt("change_assignment"));
378  $tpl->setCurrentBlock("tbl_action_row");
379  $tpl->parseCurrentBlock();
380  $tmp_obj = ilObjectFactory::getInstanceByObjId($_GET['obj_id']);
381  $title = $this->lng->txt('role_assignment') . ' (' . $tmp_obj->getFullname() . ')';
382  $tbl->setTitle($title, "icon_role.svg", $this->lng->txt("role_assignment"));
383  $tbl->setHeaderNames(array(
384  '',
385  $this->lng->txt("title"),
386  $this->lng->txt('description'),
387  $this->lng->txt("type"),
388  ));
389  $tbl->setHeaderVars(array(
390  "",
391  "title",
392  "description",
393  "type",
394  ), (get_class($this->parentGui) == 'ilObjOrgUnitGUI')
395  ? array(
396  "ref_id" => $this->object->getRefId(),
397  "cmd" => "assignRoles",
398  "obj_id" => $_GET['obj_id'],
399  "cmdNode" => $_GET["cmdNode"],
400  "baseClass" => 'ilAdministrationGUI',
401  "admin_mode" => "settings",
402  )
403  : array(
404  "ref_id" => $this->object->getRefId(),
405  "cmd" => "assignRoles",
406  "obj_id" => $_GET['obj_id'],
407  "cmdClass" => "ilobjcategorygui",
408  "baseClass" => 'ilRepositoryGUI',
409  "cmdNode" => $_GET["cmdNode"],
410  ));
411  $tbl->setColumnWidth(array("4%", "35%", "45%", "16%"));
412  $this->set_unlimited = true;
413  $this->setTableGUIBasicData($tbl, $a_result_set, $a_from);
414  $tbl->render();
415  $this->tpl->setVariable('OBJECTS', $tbl->getTemplateObject()->get());
416 
417  return true;
418  }
419 
420  protected function initTableGUI(): ilTableGUI
421  {
422  return new ilTableGUI([], false);
423  }
424 
425  protected function setTableGUIBasicData($tbl, &$result_set, string $a_from = ""): void
426  {
427  $order = isset($_GET["sort_by"]) ? $_GET["sort_by"] : 'title';
428  $direction = isset($_GET["sort_order"]) ? $_GET["sort_order"] : 'asc';
429  $offset = isset($_GET["offset"]) ? $_GET["offset"] : 0;
430  $limit = isset($_GET["limit"]) ? $_GET["limit"] : 0;
431 
432  if ($a_from == 'clipboardObject') $tbl->disable("footer");
433  $tbl->disable("linkbar");
434 
435  $tbl->setOrderColumn((string) $order);
436  $tbl->setOrderDirection((string) $direction);
437  $tbl->setOffset((int) $offset);
438  $tbl->setLimit((int) $limit);
439  $tbl->setFooter("tblfooter", $this->lng->txt("previous"), $this->lng->txt("next"));
440  $tbl->setData($result_set);
441  }
442 
443  protected function checkPermission(string $permission): void
444  {
445  if (!$this->access->checkAccess($permission, "", $_GET["ref_id"])) {
446  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("permission_denied"), true);
447  $this->ctrl->redirect($this, "");
448  }
449  }
450 }
ilLocalUser\_getAllUserIds
static _getAllUserIds(int $a_filter=0)
Definition: class.ilLocalUser.php:92
exit
exit
Definition: login.php:28
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:23
ilLocalUserGUI\index
index(bool $show_delete=false)
Definition: class.ilLocalUserGUI.php:109
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilUtil\getImagePath
static getImagePath(string $img, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:67
ilLocalUserGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLocalUserGUI.php:26
ilObjUser\_lookupName
static _lookupName(int $a_user_id)
lookup user name
Definition: class.ilObjUser.php:614
ilTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTableGUI.php:23
ilGlobalTemplateInterface\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ilUserAutoComplete
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserAutoComplete.php:22
$DIC
global $DIC
Definition: feed.php:28
$name
if($format !==null) $name
Definition: metadata.php:247
ilUserTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilUserTableGUI.php:24
ilLocalUserGUI\$logger
ILIAS DI LoggingServices $logger
Definition: class.ilLocalUserGUI.php:42
$_GET
$_GET['client_id']
Definition: saml1-acs.php:21
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:34
ilLocalUserGUI\$tpl
ilGlobalTemplateInterface $tpl
Definition: class.ilLocalUserGUI.php:33
ilLegacyFormElementsUtil\formCheckbox
static formCheckbox(bool $checked, string $varname, string $value, bool $disabled=false)
Definition: class.ilLegacyFormElementsUtil.php:261
ilLocalUserGUI\$rbacReview
ilRbacReview $rbacReview
Definition: class.ilLocalUserGUI.php:39
ilGlobalTemplateInterface\setCurrentBlock
setCurrentBlock(string $part=self::DEFAULT_BLOCK)
Sets the template to the given block.
ilLocalUserGUI\$access
ilAccessHandler $access
Definition: class.ilLocalUserGUI.php:37
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilLocalUserGUI\$form
ilPropertyFormGUI $form
Definition: class.ilLocalUserGUI.php:30
ilLocalUserGUI\$rbacSystem
ilRbacSystem $rbacSystem
Definition: class.ilLocalUserGUI.php:38
ilLocalUserGUI\checkGlobalRoles
checkGlobalRoles($new_assigned)
Definition: class.ilLocalUserGUI.php:297
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30
ilGlobalTemplateInterface\parseCurrentBlock
parseCurrentBlock(string $block_name=self::DEFAULT_BLOCK)
Parses the given block.
ilLocalUserGUI\showRolesTable
showRolesTable($a_result_set, $a_from="")
Definition: class.ilLocalUserGUI.php:361
ilLocalUserGUI\__construct
__construct(ilObjectGUI $parentGui)
Definition: class.ilLocalUserGUI.php:44
ilLocalUserGUI\checkPermission
checkPermission(string $permission)
Definition: class.ilLocalUserGUI.php:443
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:24
ilLocalUserGUI\setTableGUIBasicData
setTableGUIBasicData($tbl, &$result_set, string $a_from="")
Definition: class.ilLocalUserGUI.php:425