ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\HTTP\GlobalHttpState;
22 use ILIAS\Refinery\Factory;
23 
32 class ilObjRoleGUI extends ilObjectGUI
33 {
34  protected const MODE_GLOBAL_UPDATE = 1;
35  protected const MODE_GLOBAL_CREATE = 2;
36  protected const MODE_LOCAL_UPDATE = 3;
37  protected const MODE_LOCAL_CREATE = 4;
38 
39  protected int $obj_ref_id = 0;
40  protected int $obj_obj_id = 0;
41  protected string $obj_obj_type = '';
42  protected string $container_type = '';
43  protected int $role_id = 0;
44  protected ilRbacAdmin $rbacadmin;
45  protected ilHelpGUI $help;
46  private ilLogger $logger;
47  private GlobalHttpState $http;
48  protected Factory $refinery;
49 
50  public function __construct(
51  $a_data,
52  int $a_id,
53  bool $a_call_by_reference = false,
54  bool $a_prepare_output = true
55  ) {
56  global $DIC;
57 
58  $this->rbacadmin = $DIC->rbac()->admin();
59  $this->help = $DIC->help();
60  $this->logger = $DIC->logger()->ac();
61 
62  $this->role_id = $a_id;
63  $this->http = $DIC->http();
64  $this->refinery = $DIC->refinery();
65 
66  // Add ref_id of object that contains role
67  $this->initParentRefId();
68  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
69  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
70  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
71 
72  $this->type = "role";
73  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
74  $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
75  $this->lng->loadLanguageModule('rbac');
76  }
77 
78  public function executeCommand(): void
79  {
80  $this->prepareOutput();
81 
82  $next_class = $this->ctrl->getNextClass($this);
83  $cmd = $this->ctrl->getCmd();
84 
85  $this->ensureRoleAccessForContext();
86 
87  switch ($next_class) {
88  case 'ilrepositorysearchgui':
89 
90  if (!$GLOBALS['DIC']['ilAccess']->checkAccess('edit_permission', '', $this->obj_ref_id)) {
91  $GLOBALS['DIC']['ilErr']->raiseError(
92  $GLOBALS['DIC']['lng']->txt('permission_denied'),
93  $GLOBALS['DIC']['ilErr']->WARNING
94  );
95  }
96  $rep_search = new ilRepositorySearchGUI();
97  $rep_search->setTitle($this->lng->txt('role_add_user'));
98  $rep_search->setCallback($this, 'addUserObject');
99 
100  // Set tabs
101  $this->tabs_gui->setTabActive('user_assignment');
102  $this->ctrl->setReturn($this, 'userassignment');
103  $ret = $this->ctrl->forwardCommand($rep_search);
104  break;
105 
106  case 'ilexportgui':
107 
108  $this->tabs_gui->setTabActive('export');
109 
110  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
111  $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
112 
113  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
114  $exp->addFormat('xml');
115  $this->ctrl->forwardCommand($exp);
116  break;
117 
118  case 'ilrecommendedcontentroleconfiggui':
119  $this->tabs_gui->setTabActive('rep_recommended_content');
120  $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
121  $this->ctrl->forwardCommand($ui);
122  break;
123 
124  default:
125  if (!$cmd) {
126  if ($this->showDefaultPermissionSettings()) {
127  $cmd = "perm";
128  } else {
129  $cmd = 'userassignment';
130  }
131  }
132  $cmd .= "Object";
133  $this->$cmd();
134 
135  break;
136  }
137  }
138 
139  protected function getRoleId(): int
140  {
141  return $this->role_id;
142  }
143 
144  protected function initParentRefId(): void
145  {
146  $this->obj_ref_id = 0;
147 
148  if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
149  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
150  'rolf_ref_id',
151  $this->refinery->kindlyTo()->int()
152  );
153  } elseif ($this->http->wrapper()->query()->has('ref_id')) {
154  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
155  'ref_id',
156  $this->refinery->kindlyTo()->int()
157  );
158  }
159  }
160 
161  protected function retrieveTemplatePermissionsFromPost(): array
162  {
163  $template_permissions = [];
164  if ($this->http->wrapper()->post()->has('template_perm')) {
165  $custom_transformer = $this->refinery->custom()->transformation(
166  function ($array) {
167  return $array;
168  }
169  );
170  $template_permissions = $this->http->wrapper()->post()->retrieve(
171  'template_perm',
172  $custom_transformer
173  );
174  }
175  return $template_permissions;
176  }
177 
181  public function getParentRefId(): int
182  {
183  return $this->obj_ref_id;
184  }
185 
189  public function getParentObjId(): int
190  {
191  return $this->obj_obj_id;
192  }
193 
197  public function getParentType(): string
198  {
199  return $this->obj_obj_type;
200  }
201 
205  public function getAdminTabs(): void
206  {
207  $this->getTabs();
208  }
209 
213  protected function getContainerType(): string
214  {
215  return $this->container_type;
216  }
217 
221  protected function showDefaultPermissionSettings(): bool
222  {
223  return $this->obj_definition->isContainer($this->getContainerType())
224  || $this->obj_definition->isAdministrationObject($this->getContainerType());
225  }
226 
227  protected function initFormRoleProperties(int $a_mode): ilPropertyFormGUI
228  {
229  $form = new ilPropertyFormGUI();
230 
231  if ($this->creation_mode) {
232  $this->ctrl->setParameter($this, "new_type", 'role');
233  }
234  $form->setFormAction($this->ctrl->getFormAction($this));
235 
236  switch ($a_mode) {
237  case self::MODE_GLOBAL_CREATE:
238  $form->setTitle($this->lng->txt('role_new'));
239  $form->addCommandButton('save', $this->lng->txt('role_new'));
240  break;
241 
242  case self::MODE_GLOBAL_UPDATE:
243  $form->setTitle($this->lng->txt('role_edit'));
244  $form->addCommandButton('update', $this->lng->txt('save'));
245  break;
246 
247  case self::MODE_LOCAL_CREATE:
248  case self::MODE_LOCAL_UPDATE:
249  }
250  // Fix cancel
251  $form->addCommandButton('cancel', $this->lng->txt('cancel'));
252 
253  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
254  if (ilObjRole::isAutoGenerated($this->object->getId())) {
255  $title->setDisabled(true);
256  } else {
257  //#17111 No validation for disabled fields
258  $title->setValidationRegexp('/^(?!il_).*$/');
259  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
260  }
261 
262  $title->setSize(40);
263  $title->setMaxLength(70);
264  $title->setRequired(true);
265  $form->addItem($title);
266 
267  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
268  if (ilObjRole::isAutoGenerated($this->object->getId())) {
269  $desc->setDisabled(true);
270  }
271  $desc->setCols(40);
272  $desc->setRows(3);
273  $form->addItem($desc);
274 
275  if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
276  $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
277  $form->addItem($ilias_id);
278  }
279 
280  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
281  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'), 'reg');
282  $reg->setValue("1");
283  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
284  $form->addItem($reg);
285 
286  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'), 'la');
287  $la->setValue("1");
288  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
289  $form->addItem($la);
290  }
291 
292  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
293  $pro->setValue("1");
294  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
295  $form->addItem($pro);
296  return $form;
297  }
298 
303  protected function loadRoleProperties(ilObjRole $role, ilPropertyFormGUI $form): void
304  {
305  //Don't set if fields are disabled to prevent html manipulation.
306  if (!$form->getItemByPostVar('title')->getDisabled()) {
307  $role->setTitle((string) $form->getInput('title'));
308  }
309  if (!$form->getItemByPostVar('desc')->getDisabled()) {
310  $role->setDescription((string) $form->getInput('desc'));
311  }
312  $role->setAllowRegister((bool) $form->getInput('reg'));
313  $role->toggleAssignUsersStatus((bool) $form->getInput('la'));
314  }
315 
319  protected function readRoleProperties(ilObject $role, ilPropertyFormGUI $form): void
320  {
321  global $DIC;
322 
323  $rbacreview = $DIC['rbacreview'];
324 
325  $data['title'] = $role->getPresentationTitle();
326  $data['desc'] = $role->getDescription();
327  $data['ilias_id'] = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($role->getId()) . '_' . $role->getId();
328  $data['reg'] = $role->getAllowRegister();
329  $data['la'] = $role->getAssignUsersStatus();
330  $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
331 
332  $form->setValuesByArray($data);
333  }
334 
339  public function createObject(): void
340  {
341  if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
342  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
343  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
344  }
345  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
346  $this->tpl->setContent($form->getHTML());
347  }
348 
349  public function editObject(): void
350  {
351  if (!$this->checkAccess('write', 'edit_permission')) {
352  $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
353  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
354  }
355  $this->tabs_gui->activateTab('edit_properties');
356 
357  // Show copy role button
358  if ($this->object->getId() != SYSTEM_ROLE_ID) {
359  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
360  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
361  $this->toolbar->addButton(
362  $this->lng->txt('rbac_delete_role'),
363  $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
364  );
365  }
366  }
367  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
368  $this->readRoleProperties($this->object, $form);
369  $this->tpl->setContent($form->getHTML());
370  }
371 
376  public function saveObject(): void
377  {
378  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
379  if ($form->checkInput()) {
380  $role = new ilObjRole();
381  $this->loadRoleProperties($role, $form);
382  $role->create();
383  $this->rbacadmin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
384  $this->rbacadmin->setProtected(
385  $this->obj_ref_id,
386  $role->getId(),
387  $form->getInput('pro') ? 'y' : 'n'
388  );
389  $this->tpl->setOnScreenMessage('success', $this->lng->txt("role_added"), true);
390  $this->ctrl->setParameter($this, 'obj_id', $role->getId());
391  $this->ctrl->redirect($this, 'perm');
392  }
393 
394  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
395  $form->setValuesByPost();
396  $this->tpl->setContent($form->getHTML());
397  }
398 
403  public function updateObject(): void
404  {
405  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
406  if ($form->checkInput()) {
407  $this->loadRoleProperties($this->object, $form);
408  $this->object->update();
409  $this->rbacadmin->setProtected(
410  $this->obj_ref_id,
411  $this->object->getId(),
412  $form->getInput('pro') ? 'y' : 'n'
413  );
414  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
415  $this->ctrl->redirect($this, 'edit');
416  }
417 
418  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
419  $form->setValuesByPost();
420  $this->tpl->setContent($form->getHTML());
421  }
422 
423  protected function permObject(bool $a_show_admin_permissions = false): void
424  {
425  $this->tabs_gui->setTabActive('default_perm_settings');
426 
427  $this->setSubTabs('default_perm_settings');
428 
429  if ($a_show_admin_permissions) {
430  $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
431  } else {
432  $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
433  }
434 
435  if (!$this->checkAccess('write', 'edit_permission')) {
436  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
437  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
438  }
439 
440  // Show copy role button
441  if ($this->object->getId() != SYSTEM_ROLE_ID) {
442  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
443  $this->toolbar->addButton(
444  $this->lng->txt("adopt_perm_from_template"),
445  $this->ctrl->getLinkTarget($this, 'adoptPerm')
446  );
447  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
448  $this->toolbar->addButton(
449  $this->lng->txt('rbac_delete_role'),
450  $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
451  );
452  }
453  }
454 
455  $this->tpl->addBlockFile(
456  'ADM_CONTENT',
457  'adm_content',
458  'tpl.rbac_template_permissions.html',
459  'Services/AccessControl'
460  );
461 
462  $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
463 
464  $acc = new ilAccordionGUI();
465  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
466  $acc->setId('template_perm_' . $this->getParentRefId());
467 
468  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
469  if ($a_show_admin_permissions) {
470  $subs = ilObjRole::getSubObjects('adm', true);
471  } else {
472  $subs = ilObjRole::getSubObjects('root', false);
473  }
474  } else {
475  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
476  }
477 
478  foreach ($subs as $subtype => $def) {
479  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
480  $this,
481  'perm',
482  $this->getParentRefId(),
483  $this->object->getId(),
484  $subtype,
485  $a_show_admin_permissions
486  );
487  $tbl->parse();
488 
489  $acc->addItem($def['translation'], $tbl->getHTML());
490  }
491 
492  $this->tpl->setVariable('ACCORDION', $acc->getHTML());
493 
494  // Add options table
495  $options = new ilObjectRoleTemplateOptionsTableGUI(
496  $this,
497  'perm',
498  $this->obj_ref_id,
499  $this->object->getId(),
500  $a_show_admin_permissions
501  );
502  if ($this->object->getId() != SYSTEM_ROLE_ID) {
503  $options->addMultiCommand(
504  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
505  $this->lng->txt('save')
506  );
507  }
508 
509  $options->parse();
510  $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
511  }
512 
516  protected function adminPermObject(): void
517  {
518  $this->permObject(true);
519  }
520 
525  protected function adminPermSaveObject(): void
526  {
527  $this->permSaveObject(true);
528  }
529 
530  protected function adoptPermObject(): void
531  {
532  $output = [];
533  $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
534 
535  $this->tabs_gui->clearTargets();
536 
537  $ids = [];
538  foreach (array_keys($parent_role_ids) as $id) {
539  $ids[] = $id;
540  }
541  // Sort ids
542  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
543  $key = 0;
544  foreach ($sorted_ids as $id) {
545  $par = $parent_role_ids[$id];
546  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
547  $output[$key]["role_id"] = $par["obj_id"];
548  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
549  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
550  $output[$key]["role_desc"] = $par["desc"];
551  $key++;
552  }
553  }
554 
555  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
556  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
557  $tbl->setData($output);
558 
559  $this->tpl->setContent($tbl->getHTML());
560  }
561 
565  protected function confirmDeleteRoleObject(): void
566  {
567  $this->tabs_gui->clearTargets();
568 
569  if (!$this->checkAccess('visible,write', 'edit_permission')) {
570  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
571  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
572  }
573 
574  $question = $this->lng->txt('rbac_role_delete_qst');
575  if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
576  $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
577  }
578  $this->tpl->setOnScreenMessage('question', $question);
579 
580  $confirm = new ilConfirmationGUI();
581  $confirm->setFormAction($this->ctrl->getFormAction($this));
582  $confirm->setHeaderText($question);
583  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
584  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
585 
586  $confirm->addItem(
587  'role',
588  (string) $this->object->getId(),
589  ilObjRole::_getTranslation($this->object->getTitle()),
590  ilUtil::getImagePath('icon_role.svg')
591  );
592 
593  $this->tpl->setContent($confirm->getHTML());
594  }
595 
599  protected function performDeleteRoleObject(): void
600  {
601  if (!$this->checkAccess('visible,write', 'edit_permission')) {
602  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
603  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
604  }
605 
606  $this->object->setParent($this->obj_ref_id);
607  $this->object->delete();
608  $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
609 
610  $this->ctrl->returnToParent($this);
611  }
612 
617  public function permSaveObject(bool $a_show_admin_permissions = false): void
618  {
619  if (!$this->checkAccess('visible,write', 'edit_permission')) {
620  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
621  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
622  }
623 
624  // rbac log
625  $rbac_log_active = ilRbacLog::isActive();
626  if ($rbac_log_active) {
627  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
628  }
629 
630  // delete all template entries of enabled types
631  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
632  if ($a_show_admin_permissions) {
633  $subs = ilObjRole::getSubObjects('adm', true);
634  } else {
635  $subs = ilObjRole::getSubObjects('root', false);
636  }
637  } else {
638  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
639  }
640 
641  foreach (array_keys($subs) as $subtype) {
642  // Delete per object type
643  $this->rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
644  }
645 
646  $template_permissions = $this->retrieveTemplatePermissionsFromPost();
647  foreach ($template_permissions as $key => $ops_array) {
648  // sets new template permissions
649  $this->rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
650  }
651 
652  if ($rbac_log_active) {
653  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
654  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
655  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
656  }
657 
658  // update object data entry (to update last modification date)
659  $this->object->update();
660 
661  // set protected flag
662  $protected = false;
663  if ($this->http->wrapper()->post()->has('protected')) {
664  $protected = $this->http->wrapper()->post()->retrieve(
665  'protected',
666  $this->refinery->kindlyTo()->bool()
667  );
668  }
669  if (
670  $this->obj_ref_id == ROLE_FOLDER_ID ||
671  $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
672  $this->rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
673  }
674  $recursive = false;
675  if ($this->http->wrapper()->post()->has('recursive')) {
676  $recursive = $this->http->wrapper()->post()->retrieve(
677  'recursive',
678  $this->refinery->kindlyTo()->bool()
679  );
680  }
681  // aka change existing object for specific object types
682  $recursive_list = [];
683  if ($this->http->wrapper()->post()->has('recursive_list')) {
684  $recursive_list = $this->http->wrapper()->post()->retrieve(
685  'recursive_list',
686  $this->refinery->kindlyTo()->listOf(
687  $this->refinery->kindlyTo()->string()
688  )
689  );
690  }
691  if ($a_show_admin_permissions) {
692  $recursive = true;
693  }
694 
695  // Redirect if Change existing objects is not chosen
696  if (!$recursive && !count($recursive_list)) {
697  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
698  if ($a_show_admin_permissions) {
699  $this->ctrl->redirect($this, 'adminPerm');
700  } else {
701  $this->ctrl->redirect($this, 'perm');
702  }
703  }
704  // New implementation
705  if (
706  ($recursive || count($recursive_list)) &&
707  $this->isChangeExistingObjectsConfirmationRequired() &&
708  !$a_show_admin_permissions
709  ) {
710  $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
711  return;
712  }
713 
714  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
715  if ($a_show_admin_permissions) {
716  $start = $this->tree->getParentId($this->obj_ref_id);
717  }
718 
719  if ($protected) {
720  $this->object->changeExistingObjects(
721  $start,
722  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
723  ['all'],
724  []
725  );
726  } else {
727  $this->object->changeExistingObjects(
728  $start,
729  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
730  ['all'],
731  []
732  );
733  }
734  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
735 
736  if ($a_show_admin_permissions) {
737  $this->ctrl->redirect($this, 'adminPerm');
738  } else {
739  $this->ctrl->redirect($this, 'perm');
740  }
741  }
742 
743  public function adoptPermSaveObject(): void
744  {
745  $source = 0;
746  if ($this->http->wrapper()->post()->has('adopt')) {
747  $source = $this->http->wrapper()->post()->retrieve(
748  'adopt',
749  $this->refinery->kindlyTo()->int()
750  );
751  }
752 
753  if (!$source) {
754  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
755  $this->adoptPermObject();
756  return;
757  }
758 
759  $access = $this->checkAccess('visible,write', 'edit_permission');
760  if (!$access) {
761  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
762  }
763  if ($this->object->getId() == $source) {
764  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
765  } else {
766  $this->rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
767  $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
768  $this->rbacadmin->copyRoleTemplatePermissions(
769  $source,
770  $parentRoles[$source]["parent"],
771  $this->obj_ref_id,
772  $this->object->getId(),
773  false
774  );
775 
776  // update object data entry (to update last modification date)
777  $this->object->update();
778 
779  // send info
780  $title = ilObject::_lookupTitle($source);
781  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
782  ilObjRole::_getTranslation($title) . "'.<br/>" .
783  $this->lng->txt("msg_perm_adopted_from2"), true);
784  }
785 
786  $this->ctrl->redirect($this, "perm");
787  }
788 
792  public function addUserObject(array $a_user_ids): void
793  {
794  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
795  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
796  return;
797  }
798  if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
799  $this->obj_ref_id != ROLE_FOLDER_ID) {
800  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
801  return;
802  }
803  if ($a_user_ids === []) {
804  $GLOBALS['DIC']['lng']->loadLanguageModule('search');
805  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
806  return;
807  }
808 
809  $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
810 
811  // users to assign
812  $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
813 
814  // selected users all already assigned. stop
815  if (count($assigned_users_new) == 0) {
816  $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
817  $this->ctrl->redirect($this, 'userassignment');
818  }
819 
820  // assign new users
821  foreach ($assigned_users_new as $user_id) {
822  if ($user_id === ANONYMOUS_USER_ID) {
823  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
824  return;
825  }
826  $this->rbacadmin->assignUser($this->object->getId(), $user_id, false);
827  }
828 
829  // update object data entry (to update last modification date)
830  $this->object->update();
831 
832  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
833  $this->ctrl->redirect($this, 'userassignment');
834  }
835 
836  public function deassignUserObject(): void
837  {
838  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
839  $this->ilias->raiseError(
840  $this->lng->txt("msg_no_perm_assign_user_to_role"),
841  $this->ilias->error_obj->MESSAGE
842  );
843  }
844 
845  $selected_users = [];
846  if ($this->http->wrapper()->query()->has('user_id')) {
847  $selected_users = [
848  $this->http->wrapper()->query()->retrieve(
849  'user_id',
850  $this->refinery->kindlyTo()->int()
851  )
852  ];
853  }
854  if ($this->http->wrapper()->post()->has('user_id')) {
855  $selected_users = $this->http->wrapper()->post()->retrieve(
856  'user_id',
857  $this->refinery->kindlyTo()->listOf(
858  $this->refinery->kindlyTo()->int()
859  )
860  );
861  }
862  if (count($selected_users) === 0) {
863  $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
864  }
865 
866  // prevent unassignment of system user from system role
867  if ($this->object->getId() == SYSTEM_ROLE_ID) {
868  if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
869  unset($selected_users[$admin]);
870  }
871  }
872 
873  // check for each user if the current role is his last global role before deassigning him
874  $last_role = [];
875  $global_roles = $this->rbac_review->getGlobalRoles();
876  foreach ($selected_users as $user) {
877  $assigned_roles = $this->rbac_review->assignedRoles($user);
878  $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
879 
880  if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
881  $this->object->getId(),
882  $assigned_global_roles
883  )) {
884  $userObj = new ilObjUser($user);
885  $last_role[$user] = $userObj->getFullName();
886  unset($userObj);
887  }
888  }
889 
890  // ... else perform deassignment
891  foreach ($selected_users as $user) {
892  if (!isset($last_role[$user])) {
893  $this->rbacadmin->deassignUser($this->object->getId(), $user);
894  }
895  }
896 
897  // update object data entry (to update last modification date)
898  $this->object->update();
899 
900  // raise error if last role was taken from a user...
901  if ($last_role !== []) {
902  $user_list = implode(", ", $last_role);
903  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
904  } else {
905  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
906  }
907  $this->ctrl->redirect($this, 'userassignment');
908  }
909 
913  public function userassignmentObject(): void
914  {
915  global $DIC;
916 
917  $ilUser = $DIC['ilUser'];
918 
919  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
920  $this->ilias->raiseError(
921  $this->lng->txt("msg_no_perm_assign_user_to_role"),
922  $this->ilias->error_obj->MESSAGE
923  );
924  }
925 
926  $this->tabs_gui->setTabActive('user_assignment');
927 
928  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
929 
930  $tb = new ilToolbarGUI();
931 
932  // protected admin role
933  if (
934  $this->object->getId() != SYSTEM_ROLE_ID ||
935  (
936  $this->rbac_review->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) ||
937  !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
938  )
939  ) {
940 
941 
942  // add member
943  ilRepositorySearchGUI::fillAutoCompleteToolbar(
944  $this,
945  $tb,
946  [
947  'auto_complete_name' => $this->lng->txt('user'),
948  'submit_name' => $this->lng->txt('add')
949  ]
950  );
951 
952  $tb->addSpacer();
953 
954  $tb->addButton(
955  $this->lng->txt('search_user'),
956  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
957  );
958  $tb->addSpacer();
959  }
960 
961  $tb->addButton(
962  $this->lng->txt('role_mailto'),
963  $this->ctrl->getLinkTarget($this, 'mailToRole')
964  );
965  $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
966 
967  $role_assignment_editable = true;
968  if (
969  $this->object->getId() == SYSTEM_ROLE_ID &&
970  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
971  $role_assignment_editable = false;
972  }
973  $ut = new ilAssignedUsersTableGUI(
974  $this,
975  'userassignment',
976  $this->object->getId(),
977  $role_assignment_editable,
978  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
979  );
980  $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
981  }
982 
987  public function cancelObject(): void
988  {
989  if ($this->requested_new_type != 'role') {
990  $this->ctrl->redirect($this, 'userassignment');
991  } else {
992  $this->ctrl->redirectByClass("ilobjrolefoldergui", "view");
993  }
994  }
995 
999  protected function addAdminLocatorItems(bool $do_not_add_object = false): void
1000  {
1001  if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
1002  parent::addAdminLocatorItems(true);
1003 
1004  $this->locator->addItem(
1005  $this->lng->txt('obj_' . $this->getParentType()),
1006  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1007  );
1008 
1009  if ($this->getRoleId() > 0) {
1010  $this->locator->addItem(
1011  ilObjRole::_getTranslation($this->object->getTitle()),
1012  $this->ctrl->getLinkTarget($this, 'perm')
1013  );
1014  }
1015  } else {
1016  parent::addAdminLocatorItems($do_not_add_object);
1017  }
1018  }
1019 
1020  protected function getTabs(): void
1021  {
1022  $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1023  $activate_role_edit = false;
1024 
1025  // todo: activate the following (allow editing of local roles in
1026  // roles administration)
1027  if (
1028  in_array($this->obj_ref_id, $base_role_container) ||
1029  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1030  ) {
1031  $activate_role_edit = true;
1032  }
1033 
1034  // not so nice (workaround for using tabs in repository)
1035  $this->tabs_gui->clearTargets();
1036 
1037  $this->help->setScreenIdComponent("role");
1038  $this->tabs_gui->setBackTarget(
1039  $this->lng->txt('btn_back'),
1040  (string) $this->ctrl->getParentReturn($this)
1041  );
1042  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1043  $this->tabs_gui->addTarget(
1044  "edit_properties",
1045  $this->ctrl->getLinkTarget($this, "edit"),
1046  ["edit", "update"],
1047  get_class($this)
1048  );
1049  }
1050  if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1051  $this->tabs_gui->addTarget(
1052  "default_perm_settings",
1053  $this->ctrl->getLinkTarget($this, "perm"),
1054  [],
1055  get_class($this)
1056  );
1057  }
1058 
1059  if ($this->checkAccess(
1060  'write',
1061  'edit_permission'
1062  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1063  $this->tabs_gui->addTarget(
1064  "user_assignment",
1065  $this->ctrl->getLinkTarget($this, "userassignment"),
1066  ["deassignUser", "userassignment", "assignUser", "searchUserForm", "search"],
1067  get_class($this)
1068  );
1069  }
1070 
1071  if ($this->checkAccess(
1072  'write',
1073  'edit_permission'
1074  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1075  $this->lng->loadLanguageModule("rep");
1076  $this->tabs_gui->addTarget(
1077  "rep_recommended_content",
1078  $this->ctrl->getLinkTargetByClass("ilrecommendedcontentroleconfiggui", "")
1079  );
1080  }
1081  if ($this->checkAccess('write', 'edit_permission')) {
1082  $this->tabs_gui->addTarget(
1083  'export',
1084  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1085  []
1086  );
1087  }
1088  }
1089 
1090  public function mailToRoleObject(): void
1091  {
1092  $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1093 
1094  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1095  if (count($obj_ids) > 1) {
1096  $mail_roles[] = '#il_role_' . $this->object->getId();
1097  } else {
1098  $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1099  }
1100  ilSession::set('mail_roles', $mail_roles);
1101  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1102  ilUtil::redirect($script);
1103  }
1104 
1105  public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1106  {
1107  $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1108 
1109  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1110  return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1111  } else {
1112  return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1113  }
1114  }
1115 
1119  protected function isChangeExistingObjectsConfirmationRequired(): bool
1120  {
1121  // Role is protected
1122  if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1123  // TODO: check if recursive_list is enabled
1124  // and if yes: check if inheritance is broken for the relevant object types
1125  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1126  } else {
1127  // TODO: check if recursive_list is enabled
1128  // and if yes: check if inheritance is broken for the relevant object types
1129  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1130  }
1131  }
1132 
1137  protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1138  {
1139  $protected = false;
1140  if ($this->http->wrapper()->post()->has('protected')) {
1141  $protected = $this->http->wrapper()->post()->retrieve(
1142  'protected',
1143  $this->refinery->kindlyTo()->bool()
1144  );
1145  }
1146  $form = new ilPropertyFormGUI();
1147  $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1148  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1149 
1150  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1151  $form->addCommandButton('perm', $this->lng->txt('cancel'));
1152 
1153  $hidden = new ilHiddenInputGUI('type_filter');
1154  $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1155  $form->addItem($hidden);
1156 
1157  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1158 
1159  if ($protected) {
1160  $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1161  $keep = new ilRadioOption(
1162  $this->lng->txt('rbac_keep_local_policies'),
1163  (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1164  $this->lng->txt('rbac_keep_local_policies_info')
1165  );
1166  } else {
1167  $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1168  $keep = new ilRadioOption(
1169  $this->lng->txt('rbac_keep_local_policies'),
1170  (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1171  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1172  );
1173  }
1174  $rad->addOption($keep);
1175 
1176  if ($protected) {
1177  $del = new ilRadioOption(
1178  $this->lng->txt('rbac_delete_local_policies'),
1179  (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1180  $this->lng->txt('rbac_delete_local_policies_info')
1181  );
1182  } else {
1183  $del = new ilRadioOption(
1184  $this->lng->txt('rbac_delete_local_policies'),
1185  (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1186  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1187  );
1188  }
1189  $rad->addOption($del);
1190 
1191  $form->addItem($rad);
1192  $this->tpl->setContent($form->getHTML());
1193  }
1194 
1195  protected function changeExistingObjectsObject(): void
1196  {
1197  $mode = 0;
1198  if ($this->http->wrapper()->post()->has('mode')) {
1199  $mode = $this->http->wrapper()->post()->retrieve(
1200  'mode',
1201  $this->refinery->kindlyTo()->int()
1202  );
1203  }
1204  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1205 
1206  $type_filter = [];
1207  if ($this->http->wrapper()->post()->has('type_filter')) {
1208  $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1209  'type_filter',
1210  $this->refinery->kindlyTo()->string()
1211  );
1212  $type_filter = json_decode(
1213  $serialized_type_filter,
1214  true
1215  );
1216  }
1217 
1218  $this->object->changeExistingObjects($start, $mode, $type_filter);
1219  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1220  $this->ctrl->redirect($this, 'perm');
1221  }
1222 
1223  protected function setSubTabs($a_tab): void
1224  {
1225  switch ($a_tab) {
1226  case 'default_perm_settings':
1227  if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1228  return;
1229  }
1230  $this->tabs_gui->addSubTabTarget(
1231  'rbac_repository_permissions',
1232  $this->ctrl->getLinkTarget($this, 'perm')
1233  );
1234  $this->tabs_gui->addSubTabTarget(
1235  'rbac_admin_permissions',
1236  $this->ctrl->getLinkTarget($this, 'adminPerm')
1237  );
1238  }
1239  }
1240 
1244  protected function addToClipboardObject(): void
1245  {
1246  $users = [];
1247  if ($this->http->wrapper()->post()->has('user_id')) {
1248  $users = $this->http->wrapper()->post()->retrieve(
1249  'user_id',
1250  $this->refinery->kindlyTo()->listOf(
1251  $this->refinery->kindlyTo()->int()
1252  )
1253  );
1254  }
1255  if (count($users) === 0) {
1256  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1257  $this->ctrl->redirect($this, 'userassignment');
1258  }
1259  $clip = ilUserClipboard::getInstance($GLOBALS['DIC']['ilUser']->getId());
1260  $clip->add($users);
1261  $clip->save();
1262 
1263  $this->lng->loadLanguageModule('user');
1264  $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1265  $this->ctrl->redirect($this, 'userassignment');
1266  }
1267 
1271  protected function addLocatorItems(): void
1272  {
1273  if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1274  $this->ctrl->setParameterByClass(
1275  "ilobjrolegui",
1276  "obj_id",
1277  $this->getRoleId()
1278  );
1279  $this->locator->addItem(
1280  ilObjRole::_getTranslation($this->object->getTitle()),
1281  $this->ctrl->getLinkTargetByClass(
1282  [
1283  "ilpermissiongui",
1284  "ilobjrolegui"
1285  ],
1286  "perm"
1287  )
1288  );
1289  }
1290  }
1291 
1296  protected function ensureRoleAccessForContext(): bool
1297  {
1298  // creation of roles
1299  if (
1300  !$this->object->getId() ||
1301  $this->object->getId() == ROLE_FOLDER_ID
1302  ) {
1303  return true;
1304  }
1305 
1306  $possible_roles = [];
1307  try {
1308  $possible_roles = $this->rbac_review->getRolesOfObject(
1309  $this->obj_ref_id,
1310  false
1311  );
1312  } catch (\InvalidArgumentException $e) {
1313  $this->logger->warning('Role access check failed: ' . $e);
1314  throw new \ilObjectException($this->lng->txt('permission_denied'));
1315  }
1316 
1317  if (!in_array($this->object->getId(), $possible_roles)) {
1318  $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1319  throw new \ilObjectException($this->lng->txt('permission_denied'));
1320  }
1321  return true;
1322  }
1323 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ILIAS\HTTP\GlobalHttpState
Interface GlobalHttpState.
Definition: GlobalHttpState.php:42
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459
ilObjRole\isAutoGenerated
static isAutoGenerated(int $a_role_id)
Definition: class.ilObjRole.php:533
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
ilObjRoleGUI\createObject
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
Definition: class.ilObjRoleGUI.php:339
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilRoleAdoptPermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRoleAdoptPermissionTableGUI.php:26
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar(string $a_post_var)
Definition: class.ilPropertyFormGUI.php:250
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1244
ilObjectRoleTemplatePermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRoleTemplatePermissionTableGUI.php:26
ilObjRoleGUI\adminPermObject
adminPermObject()
Show administration permissions.
Definition: class.ilObjRoleGUI.php:516
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:279
ilObjRoleGUI\readRoleProperties
readRoleProperties(ilObject $role, ilPropertyFormGUI $form)
Read role properties and write them to form.
Definition: class.ilObjRoleGUI.php:319
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:62
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:792
ilUtil\getImagePath
static getImagePath(string $img, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:67
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:27
ilObjRole\setAllowRegister
setAllowRegister(bool $a_allow_register)
Definition: class.ilObjRole.php:204
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:26
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1105
ilObjRoleGUI\adminPermSaveObject
adminPermSaveObject()
Save admin permissions.
Definition: class.ilObjRoleGUI.php:525
ilRbacLog\gatherTemplate
static gatherTemplate(int $a_role_ref_id, int $a_role_id)
Definition: class.ilRbacLog.php:110
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1296
ilObject\setTitle
setTitle(string $title)
Definition: class.ilObject.php:325
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:37
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1137
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:919
ilObjRoleGUI\cancelObject
cancelObject()
cancelObject is called when an operation is canceled, method links back public
Definition: class.ilObjRoleGUI.php:987
ilObjectRoleTemplateOptionsTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRoleTemplateOptionsTableGUI.php:26
ilPropertyFormGUI\getInput
getInput(string $a_post_var, bool $ensureValidation=true)
Returns the input of an item, if item provides getInput method and as fallback the value of the HTTP-...
Definition: class.ilPropertyFormGUI.php:448
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions public
Definition: class.ilObjRoleGUI.php:617
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:423
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:376
$DIC
global $DIC
Definition: feed.php:28
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus(bool $a_assign_users)
Definition: class.ilObjRole.php:131
ilObject\setDescription
setDescription(string $desc)
Definition: class.ilObject.php:338
ilExportGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilExportGUI.php:29
ilHiddenInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilHiddenInputGUI.php:26
ilObjRoleGUI\loadRoleProperties
loadRoleProperties(ilObjRole $role, ilPropertyFormGUI $form)
Store form input in role object.
Definition: class.ilObjRoleGUI.php:303
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:565
ilObjRoleGUI\$http
GlobalHttpState $http
Definition: class.ilObjRoleGUI.php:47
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1119
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:189
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:599
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:34
ilRadioOption\setValue
setValue(string $a_value)
Definition: class.ilRadioOption.php:64
ilObjRoleGUI\__construct
__construct( $a_data, int $a_id, bool $a_call_by_reference=false, bool $a_prepare_output=true)
Definition: class.ilObjRoleGUI.php:50
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:197
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilias
header include for all ilias files.
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:221
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt(&#39;user&#39;), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:194
ilPropertyFormGUI\setValuesByArray
setValuesByArray(array $a_values, bool $a_restrict_to_value_keys=false)
Definition: class.ilPropertyFormGUI.php:319
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:864
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1223
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:948
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:181
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilObjRoleGUI\initFormRoleProperties
initFormRoleProperties(int $a_mode)
Definition: class.ilObjRoleGUI.php:227
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:913
ilNonEditableValueGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilNonEditableValueGUI.php:26
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRoleGUI\$rbacadmin
ilRbacAdmin $rbacadmin
Definition: class.ilObjRoleGUI.php:44
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
Definition: class.ilObjRoleGUI.php:999
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:26
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:62
$ilUser
$ilUser
Definition: imgupload.php:34
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:61
ilRbacLog\diffTemplate
static diffTemplate(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:118
ilAssignedUsersTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAssignedUsersTableGUI.php:25
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:33
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:205
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:24
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:23
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:32
ilTable2GUI\addMultiCommand
addMultiCommand(string $a_cmd, string $a_text)
Definition: class.ilTable2GUI.php:936
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:403
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:92
ilFormPropertyGUI\setDisabled
setDisabled(bool $a_disabled)
Definition: class.ilFormPropertyGUI.php:159
$source
$source
Definition: metadata.php:93
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:213
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34
ilObject\getPresentationTitle
getPresentationTitle()
get presentation title Normally same as title Overwritten for sessions
Definition: class.ilObject.php:306
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:24