ILIAS  release_8 Revision v8.24
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\HTTP\GlobalHttpState;
22use ILIAS\Refinery\Factory;
23
32class ilObjRoleGUI extends ilObjectGUI
33{
34 protected const MODE_GLOBAL_UPDATE = 1;
35 protected const MODE_GLOBAL_CREATE = 2;
36 protected const MODE_LOCAL_UPDATE = 3;
37 protected const MODE_LOCAL_CREATE = 4;
38
39 protected int $obj_ref_id = 0;
40 protected int $obj_obj_id = 0;
41 protected string $obj_obj_type = '';
42 protected string $container_type = '';
43 protected int $role_id = 0;
44 protected ilRbacAdmin $rbacadmin;
45 protected ilHelpGUI $help;
46 private ilLogger $logger;
47 private GlobalHttpState $http;
48 protected Factory $refinery;
49
50 public function __construct(
51 $a_data,
52 int $a_id,
53 bool $a_call_by_reference = false,
54 bool $a_prepare_output = true
55 ) {
56 global $DIC;
57
58 $this->rbacadmin = $DIC->rbac()->admin();
59 $this->help = $DIC->help();
60 $this->logger = $DIC->logger()->ac();
61
62 $this->role_id = $a_id;
63 $this->http = $DIC->http();
64 $this->refinery = $DIC->refinery();
65
66 // Add ref_id of object that contains role
67 $this->initParentRefId();
68 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
69 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
70 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
71
72 $this->type = "role";
73 parent::__construct($a_data, $a_id, $a_call_by_reference, false);
74 $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
75 $this->lng->loadLanguageModule('rbac');
76 }
77
78 public function executeCommand(): void
79 {
80 $this->prepareOutput();
81
82 $next_class = $this->ctrl->getNextClass($this);
83 $cmd = $this->ctrl->getCmd();
84
85 $this->ensureRoleAccessForContext();
86
87 switch ($next_class) {
88 case 'ilrepositorysearchgui':
89
90 if (!$GLOBALS['DIC']['ilAccess']->checkAccess('edit_permission', '', $this->obj_ref_id)) {
91 $GLOBALS['DIC']['ilErr']->raiseError(
92 $GLOBALS['DIC']['lng']->txt('permission_denied'),
93 $GLOBALS['DIC']['ilErr']->WARNING
94 );
95 }
96 $rep_search = new ilRepositorySearchGUI();
97 $rep_search->setTitle($this->lng->txt('role_add_user'));
98 $rep_search->setCallback($this, 'addUserObject');
99
100 // Set tabs
101 $this->tabs_gui->setTabActive('user_assignment');
102 $this->ctrl->setReturn($this, 'userassignment');
103 $ret = $this->ctrl->forwardCommand($rep_search);
104 break;
105
106 case 'ilexportgui':
107
108 $this->tabs_gui->setTabActive('export');
109
110 $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
111 $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
112
113 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
114 $exp->addFormat('xml');
115 $this->ctrl->forwardCommand($exp);
116 break;
117
118 case 'ilrecommendedcontentroleconfiggui':
119 $this->tabs_gui->setTabActive('rep_recommended_content');
120 $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
121 $this->ctrl->forwardCommand($ui);
122 break;
123
124 default:
125 if (!$cmd) {
126 if ($this->showDefaultPermissionSettings()) {
127 $cmd = "perm";
128 } else {
129 $cmd = 'userassignment';
130 }
131 }
132 $cmd .= "Object";
133 $this->$cmd();
134
135 break;
136 }
137 }
138
139 protected function getRoleId(): int
140 {
141 return $this->role_id;
142 }
143
144 protected function initParentRefId(): void
145 {
146 $this->obj_ref_id = 0;
147
148 if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
149 $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
150 'rolf_ref_id',
151 $this->refinery->kindlyTo()->int()
152 );
153 } elseif ($this->http->wrapper()->query()->has('ref_id')) {
154 $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
155 'ref_id',
156 $this->refinery->kindlyTo()->int()
157 );
158 }
159 }
160
161 protected function retrieveTemplatePermissionsFromPost(): array
162 {
163 $template_permissions = [];
164 if ($this->http->wrapper()->post()->has('template_perm')) {
165 $custom_transformer = $this->refinery->custom()->transformation(
166 function ($array) {
167 return $array;
168 }
169 );
170 $template_permissions = $this->http->wrapper()->post()->retrieve(
171 'template_perm',
172 $custom_transformer
173 );
174 }
175 return $template_permissions;
176 }
177
181 public function getParentRefId(): int
182 {
183 return $this->obj_ref_id;
184 }
185
189 public function getParentObjId(): int
190 {
191 return $this->obj_obj_id;
192 }
193
197 public function getParentType(): string
198 {
199 return $this->obj_obj_type;
200 }
201
205 public function getAdminTabs(): void
206 {
207 $this->getTabs();
208 }
209
213 protected function getContainerType(): string
214 {
215 return $this->container_type;
216 }
217
221 protected function showDefaultPermissionSettings(): bool
222 {
223 return $this->obj_definition->isContainer($this->getContainerType())
224 || $this->obj_definition->isAdministrationObject($this->getContainerType());
225 }
226
227 protected function initFormRoleProperties(int $a_mode): ilPropertyFormGUI
228 {
229 $form = new ilPropertyFormGUI();
230
231 if ($this->creation_mode) {
232 $this->ctrl->setParameter($this, "new_type", 'role');
233 }
234 $form->setFormAction($this->ctrl->getFormAction($this));
235
236 switch ($a_mode) {
237 case self::MODE_GLOBAL_CREATE:
238 $form->setTitle($this->lng->txt('role_new'));
239 $form->addCommandButton('save', $this->lng->txt('role_new'));
240 break;
241
242 case self::MODE_GLOBAL_UPDATE:
243 $form->setTitle($this->lng->txt('role_edit'));
244 $form->addCommandButton('update', $this->lng->txt('save'));
245 break;
246
247 case self::MODE_LOCAL_CREATE:
248 case self::MODE_LOCAL_UPDATE:
249 }
250 // Fix cancel
251 $form->addCommandButton('cancel', $this->lng->txt('cancel'));
252
253 $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
254 if (ilObjRole::isAutoGenerated($this->object->getId())) {
255 $title->setDisabled(true);
256 } else {
257 //#17111 No validation for disabled fields
258 $title->setValidationRegexp('/^(?!il_).*$/');
259 $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
260 }
261
262 $title->setSize(40);
263 $title->setMaxLength(70);
264 $title->setRequired(true);
265 $form->addItem($title);
266
267 $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
268 if (ilObjRole::isAutoGenerated($this->object->getId())) {
269 $desc->setDisabled(true);
270 }
271 $desc->setCols(40);
272 $desc->setRows(3);
273 $form->addItem($desc);
274
275 if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
276 $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
277 $form->addItem($ilias_id);
278 }
279
280 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
281 $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'), 'reg');
282 $reg->setValue("1");
283 #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
284 $form->addItem($reg);
285
286 $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'), 'la');
287 $la->setValue("1");
288 #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
289 $form->addItem($la);
290 }
291
292 $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
293 $pro->setValue("1");
294 #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
295 $form->addItem($pro);
296 return $form;
297 }
298
303 protected function loadRoleProperties(ilObjRole $role, ilPropertyFormGUI $form): void
304 {
305 //Don't set if fields are disabled to prevent html manipulation.
306 if (!$form->getItemByPostVar('title')->getDisabled()) {
307 $role->setTitle((string) $form->getInput('title'));
308 }
309 if (!$form->getItemByPostVar('desc')->getDisabled()) {
310 $role->setDescription((string) $form->getInput('desc'));
311 }
312 $role->setAllowRegister((bool) $form->getInput('reg'));
313 $role->toggleAssignUsersStatus((bool) $form->getInput('la'));
314 }
315
319 protected function readRoleProperties(ilObject $role, ilPropertyFormGUI $form): void
320 {
321 global $DIC;
322
323 $rbacreview = $DIC['rbacreview'];
324
325 $data['title'] = $role->getPresentationTitle();
326 $data['desc'] = $role->getDescription();
327 $data['ilias_id'] = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($role->getId()) . '_' . $role->getId();
328 $data['reg'] = $role->getAllowRegister();
329 $data['la'] = $role->getAssignUsersStatus();
330 $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
331
332 $form->setValuesByArray($data);
333 }
334
339 public function createObject(): void
340 {
341 if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
342 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
343 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
344 }
345 $form = $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
346 $this->tpl->setContent($form->getHTML());
347 }
348
349 public function editObject(): void
350 {
351 if (!$this->checkAccess('write', 'edit_permission')) {
352 $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
353 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
354 }
355 $this->tabs_gui->activateTab('edit_properties');
356
357 // Show copy role button
358 if ($this->object->getId() != SYSTEM_ROLE_ID) {
359 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
360 if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
361 $this->toolbar->addButton(
362 $this->lng->txt('rbac_delete_role'),
363 $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
364 );
365 }
366 }
367 $form = $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
368 $this->readRoleProperties($this->object, $form);
369 $this->tpl->setContent($form->getHTML());
370 }
371
376 public function saveObject(): void
377 {
378 $form = $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
379 if ($form->checkInput()) {
380 $role = new ilObjRole();
381 $this->loadRoleProperties($role, $form);
382 $role->create();
383 $this->rbacadmin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
384 $this->rbacadmin->setProtected(
385 $this->obj_ref_id,
386 $role->getId(),
387 $form->getInput('pro') ? 'y' : 'n'
388 );
389 $this->tpl->setOnScreenMessage('success', $this->lng->txt("role_added"), true);
390 $this->ctrl->setParameter($this, 'obj_id', $role->getId());
391 $this->ctrl->redirect($this, 'perm');
392 }
393
394 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
395 $form->setValuesByPost();
396 $this->tpl->setContent($form->getHTML());
397 }
398
403 public function updateObject(): void
404 {
405 $form = $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
406 if ($form->checkInput()) {
407 $this->loadRoleProperties($this->object, $form);
408 $this->object->update();
409 $this->rbacadmin->setProtected(
410 $this->obj_ref_id,
411 $this->object->getId(),
412 $form->getInput('pro') ? 'y' : 'n'
413 );
414 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
415 $this->ctrl->redirect($this, 'edit');
416 }
417
418 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
419 $form->setValuesByPost();
420 $this->tpl->setContent($form->getHTML());
421 }
422
423 protected function permObject(bool $a_show_admin_permissions = false): void
424 {
425 $this->tabs_gui->setTabActive('default_perm_settings');
426
427 $this->setSubTabs('default_perm_settings');
428
429 if ($a_show_admin_permissions) {
430 $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
431 } else {
432 $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
433 }
434
435 if (!$this->checkAccess('write', 'edit_permission')) {
436 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
437 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
438 }
439
440 // Show copy role button
441 if ($this->object->getId() != SYSTEM_ROLE_ID) {
442 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
443 $this->toolbar->addButton(
444 $this->lng->txt("adopt_perm_from_template"),
445 $this->ctrl->getLinkTarget($this, 'adoptPerm')
446 );
447 if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
448 $this->toolbar->addButton(
449 $this->lng->txt('rbac_delete_role'),
450 $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
451 );
452 }
453 }
454
455 $this->tpl->addBlockFile(
456 'ADM_CONTENT',
457 'adm_content',
458 'tpl.rbac_template_permissions.html',
459 'Services/AccessControl'
460 );
461
462 $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
463
464 $acc = new ilAccordionGUI();
465 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
466 $acc->setId('template_perm_' . $this->getParentRefId());
467
468 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
469 if ($a_show_admin_permissions) {
470 $subs = ilObjRole::getSubObjects('adm', true);
471 } else {
472 $subs = ilObjRole::getSubObjects('root', false);
473 }
474 } else {
475 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
476 }
477
478 foreach ($subs as $subtype => $def) {
479 $tbl = new ilObjectRoleTemplatePermissionTableGUI(
480 $this,
481 'perm',
482 $this->getParentRefId(),
483 $this->object->getId(),
484 $subtype,
485 $a_show_admin_permissions
486 );
487 $tbl->parse();
488
489 $acc->addItem($def['translation'], $tbl->getHTML());
490 }
491
492 $this->tpl->setVariable('ACCORDION', $acc->getHTML());
493
494 // Add options table
495 $options = new ilObjectRoleTemplateOptionsTableGUI(
496 $this,
497 'perm',
498 $this->obj_ref_id,
499 $this->object->getId(),
500 $a_show_admin_permissions
501 );
502 if ($this->object->getId() != SYSTEM_ROLE_ID) {
503 $options->addMultiCommand(
504 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
505 $this->lng->txt('save')
506 );
507 }
508
509 $options->parse();
510 $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
511 }
512
516 protected function adminPermObject(): void
517 {
518 $this->permObject(true);
519 }
520
525 protected function adminPermSaveObject(): void
526 {
527 $this->permSaveObject(true);
528 }
529
530 protected function adoptPermObject(): void
531 {
532 $output = [];
533 $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
534
535 $this->tabs_gui->clearTargets();
536
537 $ids = [];
538 foreach (array_keys($parent_role_ids) as $id) {
539 $ids[] = $id;
540 }
541 // Sort ids
542 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
543 $key = 0;
544 foreach ($sorted_ids as $id) {
545 $par = $parent_role_ids[$id];
546 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
547 $output[$key]["role_id"] = $par["obj_id"];
548 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
549 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
550 $output[$key]["role_desc"] = $par["desc"];
551 $key++;
552 }
553 }
554
555 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
556 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
557 $tbl->setData($output);
558
559 $this->tpl->setContent($tbl->getHTML());
560 }
561
565 protected function confirmDeleteRoleObject(): void
566 {
567 $this->tabs_gui->clearTargets();
568
569 if (!$this->checkAccess('visible,write', 'edit_permission')) {
570 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
571 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
572 }
573
574 $question = $this->lng->txt('rbac_role_delete_qst');
575 if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
576 $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
577 }
578 $this->tpl->setOnScreenMessage('question', $question);
579
580 $confirm = new ilConfirmationGUI();
581 $confirm->setFormAction($this->ctrl->getFormAction($this));
582 $confirm->setHeaderText($question);
583 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
584 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
585
586 $confirm->addItem(
587 'role',
588 (string) $this->object->getId(),
589 ilObjRole::_getTranslation($this->object->getTitle()),
590 ilUtil::getImagePath('icon_role.svg')
591 );
592
593 $this->tpl->setContent($confirm->getHTML());
594 }
595
599 protected function performDeleteRoleObject(): void
600 {
601 if (!$this->checkAccess('visible,write', 'edit_permission')) {
602 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
603 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
604 }
605
606 $this->object->setParent($this->obj_ref_id);
607 $this->object->delete();
608 $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
609
610 $this->ctrl->returnToParent($this);
611 }
612
617 public function permSaveObject(bool $a_show_admin_permissions = false): void
618 {
619 if (!$this->checkAccess('visible,write', 'edit_permission')) {
620 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
621 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
622 }
623
624 // rbac log
625 $rbac_log_active = ilRbacLog::isActive();
626 if ($rbac_log_active) {
627 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
628 }
629
630 // delete all template entries of enabled types
631 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
632 if ($a_show_admin_permissions) {
633 $subs = ilObjRole::getSubObjects('adm', true);
634 } else {
635 $subs = ilObjRole::getSubObjects('root', false);
636 }
637 } else {
638 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
639 }
640
641 foreach (array_keys($subs) as $subtype) {
642 // Delete per object type
643 $this->rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
644 }
645
646 $template_permissions = $this->retrieveTemplatePermissionsFromPost();
647 foreach ($template_permissions as $key => $ops_array) {
648 // sets new template permissions
649 $this->rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
650 }
651
652 if ($rbac_log_active) {
653 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
654 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
655 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
656 }
657
658 // update object data entry (to update last modification date)
659 $this->object->update();
660
661 // set protected flag
662 $protected = false;
663 if ($this->http->wrapper()->post()->has('protected')) {
664 $protected = $this->http->wrapper()->post()->retrieve(
665 'protected',
666 $this->refinery->kindlyTo()->bool()
667 );
668 }
669 if (
670 $this->obj_ref_id == ROLE_FOLDER_ID ||
671 $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
672 $this->rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
673 }
674 $recursive = false;
675 if ($this->http->wrapper()->post()->has('recursive')) {
676 $recursive = $this->http->wrapper()->post()->retrieve(
677 'recursive',
678 $this->refinery->kindlyTo()->bool()
679 );
680 }
681 // aka change existing object for specific object types
682 $recursive_list = [];
683 if ($this->http->wrapper()->post()->has('recursive_list')) {
684 $recursive_list = $this->http->wrapper()->post()->retrieve(
685 'recursive_list',
686 $this->refinery->kindlyTo()->listOf(
687 $this->refinery->kindlyTo()->string()
688 )
689 );
690 }
691 if ($a_show_admin_permissions) {
692 $recursive = true;
693 }
694
695 // Redirect if Change existing objects is not chosen
696 if (!$recursive && !count($recursive_list)) {
697 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
698 if ($a_show_admin_permissions) {
699 $this->ctrl->redirect($this, 'adminPerm');
700 } else {
701 $this->ctrl->redirect($this, 'perm');
702 }
703 }
704 // New implementation
705 if (
706 ($recursive || count($recursive_list)) &&
707 $this->isChangeExistingObjectsConfirmationRequired() &&
708 !$a_show_admin_permissions
709 ) {
710 $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
711 return;
712 }
713
714 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
715 if ($a_show_admin_permissions) {
716 $start = $this->tree->getParentId($this->obj_ref_id);
717 }
718
719 if ($protected) {
720 $this->object->changeExistingObjects(
721 $start,
722 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
723 ['all'],
724 []
725 );
726 } else {
727 $this->object->changeExistingObjects(
728 $start,
729 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
730 ['all'],
731 []
732 );
733 }
734 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
735
736 if ($a_show_admin_permissions) {
737 $this->ctrl->redirect($this, 'adminPerm');
738 } else {
739 $this->ctrl->redirect($this, 'perm');
740 }
741 }
742
743 public function adoptPermSaveObject(): void
744 {
745 $source = 0;
746 if ($this->http->wrapper()->post()->has('adopt')) {
747 $source = $this->http->wrapper()->post()->retrieve(
748 'adopt',
749 $this->refinery->kindlyTo()->int()
750 );
751 }
752
753 if (!$source) {
754 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
755 $this->adoptPermObject();
756 return;
757 }
758
759 $access = $this->checkAccess('visible,write', 'edit_permission');
760 if (!$access) {
761 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
762 }
763 if ($this->object->getId() == $source) {
764 $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
765 } else {
766 $this->rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
767 $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
768 $this->rbacadmin->copyRoleTemplatePermissions(
769 $source,
770 $parentRoles[$source]["parent"],
771 $this->obj_ref_id,
772 $this->object->getId(),
773 false
774 );
775
776 // update object data entry (to update last modification date)
777 $this->object->update();
778
779 // send info
780 $title = ilObject::_lookupTitle($source);
781 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
782 ilObjRole::_getTranslation($title) . "'.<br/>" .
783 $this->lng->txt("msg_perm_adopted_from2"), true);
784 }
785
786 $this->ctrl->redirect($this, "perm");
787 }
788
792 public function addUserObject(array $a_user_ids): void
793 {
794 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
795 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
796 return;
797 }
798 if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
799 $this->obj_ref_id != ROLE_FOLDER_ID) {
800 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
801 return;
802 }
803 if ($a_user_ids === []) {
804 $GLOBALS['DIC']['lng']->loadLanguageModule('search');
805 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
806 return;
807 }
808
809 $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
810
811 // users to assign
812 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
813
814 // selected users all already assigned. stop
815 if (count($assigned_users_new) == 0) {
816 $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
817 $this->ctrl->redirect($this, 'userassignment');
818 }
819
820 // assign new users
821 foreach ($assigned_users_new as $user_id) {
822 if ($user_id === ANONYMOUS_USER_ID) {
823 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
824 return;
825 }
826 $this->rbacadmin->assignUser($this->object->getId(), $user_id, false);
827 }
828
829 // update object data entry (to update last modification date)
830 $this->object->update();
831
832 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
833 $this->ctrl->redirect($this, 'userassignment');
834 }
835
836 public function deassignUserObject(): void
837 {
838 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
839 $this->ilias->raiseError(
840 $this->lng->txt("msg_no_perm_assign_user_to_role"),
841 $this->ilias->error_obj->MESSAGE
842 );
843 }
844
845 $selected_users = [];
846 if ($this->http->wrapper()->query()->has('user_id')) {
847 $selected_users = [
848 $this->http->wrapper()->query()->retrieve(
849 'user_id',
850 $this->refinery->kindlyTo()->int()
851 )
852 ];
853 }
854 if ($this->http->wrapper()->post()->has('user_id')) {
855 $selected_users = $this->http->wrapper()->post()->retrieve(
856 'user_id',
857 $this->refinery->kindlyTo()->listOf(
858 $this->refinery->kindlyTo()->int()
859 )
860 );
861 }
862 if (count($selected_users) === 0) {
863 $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
864 }
865
866 // prevent unassignment of system user from system role
867 if ($this->object->getId() == SYSTEM_ROLE_ID) {
868 if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
869 unset($selected_users[$admin]);
870 }
871 }
872
873 // check for each user if the current role is his last global role before deassigning him
874 $last_role = [];
875 $global_roles = $this->rbac_review->getGlobalRoles();
876 foreach ($selected_users as $user) {
877 $assigned_roles = $this->rbac_review->assignedRoles($user);
878 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
879
880 if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
881 $this->object->getId(),
882 $assigned_global_roles
883 )) {
884 $userObj = new ilObjUser($user);
885 $last_role[$user] = $userObj->getFullName();
886 unset($userObj);
887 }
888 }
889
890 // ... else perform deassignment
891 foreach ($selected_users as $user) {
892 if (!isset($last_role[$user])) {
893 $this->rbacadmin->deassignUser($this->object->getId(), $user);
894 }
895 }
896
897 // update object data entry (to update last modification date)
898 $this->object->update();
899
900 // raise error if last role was taken from a user...
901 if ($last_role !== []) {
902 $user_list = implode(", ", $last_role);
903 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
904 } else {
905 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
906 }
907 $this->ctrl->redirect($this, 'userassignment');
908 }
909
913 public function userassignmentObject(): void
914 {
915 global $DIC;
916
917 $ilUser = $DIC['ilUser'];
918
919 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
920 $this->ilias->raiseError(
921 $this->lng->txt("msg_no_perm_assign_user_to_role"),
922 $this->ilias->error_obj->MESSAGE
923 );
924 }
925
926 $this->tabs_gui->setTabActive('user_assignment');
927
928 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
929
930 $tb = new ilToolbarGUI();
931
932 // protected admin role
933 if (
934 $this->object->getId() != SYSTEM_ROLE_ID ||
935 (
936 $this->rbac_review->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID) ||
937 !ilSecuritySettings::_getInstance()->isAdminRoleProtected()
938 )
939 ) {
940
941
942 // add member
943 ilRepositorySearchGUI::fillAutoCompleteToolbar(
944 $this,
945 $tb,
946 [
947 'auto_complete_name' => $this->lng->txt('user'),
948 'submit_name' => $this->lng->txt('add')
949 ]
950 );
951
952 $tb->addSpacer();
953
954 $tb->addButton(
955 $this->lng->txt('search_user'),
956 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
957 );
958 $tb->addSpacer();
959 }
960
961 $tb->addButton(
962 $this->lng->txt('role_mailto'),
963 $this->ctrl->getLinkTarget($this, 'mailToRole')
964 );
965 $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
966
967 $role_assignment_editable = true;
968 if (
969 $this->object->getId() == SYSTEM_ROLE_ID &&
970 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
971 $role_assignment_editable = false;
972 }
973 $ut = new ilAssignedUsersTableGUI(
974 $this,
975 'userassignment',
976 $this->object->getId(),
977 $role_assignment_editable,
978 $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
979 );
980 $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
981 }
982
987 public function cancelObject(): void
988 {
989 if ($this->requested_new_type != 'role') {
990 $this->ctrl->redirect($this, 'userassignment');
991 } else {
992 $this->ctrl->redirectByClass("ilobjrolefoldergui", "view");
993 }
994 }
995
999 protected function addAdminLocatorItems(bool $do_not_add_object = false): void
1000 {
1001 if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
1002 parent::addAdminLocatorItems(true);
1003
1004 $this->locator->addItem(
1005 $this->lng->txt('obj_' . $this->getParentType()),
1006 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1007 );
1008
1009 if ($this->getRoleId() > 0) {
1010 $this->locator->addItem(
1011 ilObjRole::_getTranslation($this->object->getTitle()),
1012 $this->ctrl->getLinkTarget($this, 'perm')
1013 );
1014 }
1015 } else {
1016 parent::addAdminLocatorItems($do_not_add_object);
1017 }
1018 }
1019
1020 protected function getTabs(): void
1021 {
1022 $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1023 $activate_role_edit = false;
1024
1025 // todo: activate the following (allow editing of local roles in
1026 // roles administration)
1027 if (
1028 in_array($this->obj_ref_id, $base_role_container) ||
1029 $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1030 ) {
1031 $activate_role_edit = true;
1032 }
1033
1034 // not so nice (workaround for using tabs in repository)
1035 $this->tabs_gui->clearTargets();
1036
1037 $this->help->setScreenIdComponent("role");
1038 $this->tabs_gui->setBackTarget(
1039 $this->lng->txt('btn_back'),
1040 (string) $this->ctrl->getParentReturn($this)
1041 );
1042 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1043 $this->tabs_gui->addTarget(
1044 "edit_properties",
1045 $this->ctrl->getLinkTarget($this, "edit"),
1046 ["edit", "update"],
1047 get_class($this)
1048 );
1049 }
1050 if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1051 $this->tabs_gui->addTarget(
1052 "default_perm_settings",
1053 $this->ctrl->getLinkTarget($this, "perm"),
1054 [],
1055 get_class($this)
1056 );
1057 }
1058
1059 if ($this->checkAccess(
1060 'write',
1061 'edit_permission'
1062 ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1063 $this->tabs_gui->addTarget(
1064 "user_assignment",
1065 $this->ctrl->getLinkTarget($this, "userassignment"),
1066 ["deassignUser", "userassignment", "assignUser", "searchUserForm", "search"],
1067 get_class($this)
1068 );
1069 }
1070
1071 if ($this->checkAccess(
1072 'write',
1073 'edit_permission'
1074 ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1075 $this->lng->loadLanguageModule("rep");
1076 $this->tabs_gui->addTarget(
1077 "rep_recommended_content",
1078 $this->ctrl->getLinkTargetByClass("ilrecommendedcontentroleconfiggui", "")
1079 );
1080 }
1081 if ($this->checkAccess('write', 'edit_permission')) {
1082 $this->tabs_gui->addTarget(
1083 'export',
1084 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1085 []
1086 );
1087 }
1088 }
1089
1090 public function mailToRoleObject(): void
1091 {
1092 $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1093
1094 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1095 if (count($obj_ids) > 1) {
1096 $mail_roles[] = '#il_role_' . $this->object->getId();
1097 } else {
1098 $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1099 }
1100 ilSession::set('mail_roles', $mail_roles);
1101 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1102 ilUtil::redirect($script);
1103 }
1104
1105 public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1106 {
1107 $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1108
1109 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1110 return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1111 } else {
1112 return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1113 }
1114 }
1115
1119 protected function isChangeExistingObjectsConfirmationRequired(): bool
1120 {
1121 // Role is protected
1122 if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1123 // TODO: check if recursive_list is enabled
1124 // and if yes: check if inheritance is broken for the relevant object types
1125 return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1126 } else {
1127 // TODO: check if recursive_list is enabled
1128 // and if yes: check if inheritance is broken for the relevant object types
1129 return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1130 }
1131 }
1132
1137 protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1138 {
1139 $protected = false;
1140 if ($this->http->wrapper()->post()->has('protected')) {
1141 $protected = $this->http->wrapper()->post()->retrieve(
1142 'protected',
1143 $this->refinery->kindlyTo()->bool()
1144 );
1145 }
1146 $form = new ilPropertyFormGUI();
1147 $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1148 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1149
1150 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1151 $form->addCommandButton('perm', $this->lng->txt('cancel'));
1152
1153 $hidden = new ilHiddenInputGUI('type_filter');
1154 $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1155 $form->addItem($hidden);
1156
1157 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1158
1159 if ($protected) {
1160 $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1161 $keep = new ilRadioOption(
1162 $this->lng->txt('rbac_keep_local_policies'),
1163 (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1164 $this->lng->txt('rbac_keep_local_policies_info')
1165 );
1166 } else {
1167 $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1168 $keep = new ilRadioOption(
1169 $this->lng->txt('rbac_keep_local_policies'),
1170 (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1171 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1172 );
1173 }
1174 $rad->addOption($keep);
1175
1176 if ($protected) {
1177 $del = new ilRadioOption(
1178 $this->lng->txt('rbac_delete_local_policies'),
1179 (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1180 $this->lng->txt('rbac_delete_local_policies_info')
1181 );
1182 } else {
1183 $del = new ilRadioOption(
1184 $this->lng->txt('rbac_delete_local_policies'),
1185 (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1186 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1187 );
1188 }
1189 $rad->addOption($del);
1190
1191 $form->addItem($rad);
1192 $this->tpl->setContent($form->getHTML());
1193 }
1194
1195 protected function changeExistingObjectsObject(): void
1196 {
1197 $mode = 0;
1198 if ($this->http->wrapper()->post()->has('mode')) {
1199 $mode = $this->http->wrapper()->post()->retrieve(
1200 'mode',
1201 $this->refinery->kindlyTo()->int()
1202 );
1203 }
1204 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1205
1206 $type_filter = [];
1207 if ($this->http->wrapper()->post()->has('type_filter')) {
1208 $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1209 'type_filter',
1210 $this->refinery->kindlyTo()->string()
1211 );
1212 $type_filter = json_decode(
1213 $serialized_type_filter,
1214 true
1215 );
1216 }
1217
1218 $this->object->changeExistingObjects($start, $mode, $type_filter);
1219 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1220 $this->ctrl->redirect($this, 'perm');
1221 }
1222
1223 protected function setSubTabs($a_tab): void
1224 {
1225 switch ($a_tab) {
1226 case 'default_perm_settings':
1227 if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1228 return;
1229 }
1230 $this->tabs_gui->addSubTabTarget(
1231 'rbac_repository_permissions',
1232 $this->ctrl->getLinkTarget($this, 'perm')
1233 );
1234 $this->tabs_gui->addSubTabTarget(
1235 'rbac_admin_permissions',
1236 $this->ctrl->getLinkTarget($this, 'adminPerm')
1237 );
1238 }
1239 }
1240
1244 protected function addToClipboardObject(): void
1245 {
1246 $users = [];
1247 if ($this->http->wrapper()->post()->has('user_id')) {
1248 $users = $this->http->wrapper()->post()->retrieve(
1249 'user_id',
1250 $this->refinery->kindlyTo()->listOf(
1251 $this->refinery->kindlyTo()->int()
1252 )
1253 );
1254 }
1255 if (count($users) === 0) {
1256 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1257 $this->ctrl->redirect($this, 'userassignment');
1258 }
1259 $clip = ilUserClipboard::getInstance($GLOBALS['DIC']['ilUser']->getId());
1260 $clip->add($users);
1261 $clip->save();
1262
1263 $this->lng->loadLanguageModule('user');
1264 $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1265 $this->ctrl->redirect($this, 'userassignment');
1266 }
1267
1271 protected function addLocatorItems(): void
1272 {
1273 if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1274 $this->ctrl->setParameterByClass(
1275 "ilobjrolegui",
1276 "obj_id",
1277 $this->getRoleId()
1278 );
1279 $this->locator->addItem(
1280 ilObjRole::_getTranslation($this->object->getTitle()),
1281 $this->ctrl->getLinkTargetByClass(
1282 [
1283 "ilpermissiongui",
1284 "ilobjrolegui"
1285 ],
1286 "perm"
1287 )
1288 );
1289 }
1290 }
1291
1296 protected function ensureRoleAccessForContext(): bool
1297 {
1298 // creation of roles
1299 if (
1300 !$this->object->getId() ||
1301 $this->object->getId() == ROLE_FOLDER_ID
1302 ) {
1303 return true;
1304 }
1305
1306 $possible_roles = [];
1307 try {
1308 $possible_roles = $this->rbac_review->getRolesOfObject(
1309 $this->obj_ref_id,
1310 false
1311 );
1312 } catch (\InvalidArgumentException $e) {
1313 $this->logger->warning('Role access check failed: ' . $e);
1314 throw new \ilObjectException($this->lng->txt('permission_denied'));
1315 }
1316
1317 if (!in_array($this->object->getId(), $possible_roles)) {
1318 $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1319 throw new \ilObjectException($this->lng->txt('permission_denied'));
1320 }
1321 return true;
1322 }
1323}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:21
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:24
ilAssignedUsersTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAssignedUsersTableGUI.php:26
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:27
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:25
ilExportGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilExportGUI.php:30
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:62
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:28
ilHiddenInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilHiddenInputGUI.php:27
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:17
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:61
ilNonEditableValueGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilNonEditableValueGUI.php:27
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:33
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:205
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1137
ilObjRoleGUI\getTabs
getTabs()
@abstract overwrite in derived GUI class of your object type
Definition: class.ilObjRoleGUI.php:1020
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:423
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:599
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:376
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:999
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:403
ilObjRoleGUI\$rbacadmin
ilRbacAdmin $rbacadmin
Definition: class.ilObjRoleGUI.php:44
ilObjRoleGUI\readRoleProperties
readRoleProperties(ilObject $role, ilPropertyFormGUI $form)
Read role properties and write them to form.
Definition: class.ilObjRoleGUI.php:319
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:913
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1296
ilObjRoleGUI\addLocatorItems
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:1271
ilObjRoleGUI\initFormRoleProperties
initFormRoleProperties(int $a_mode)
Definition: class.ilObjRoleGUI.php:227
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:197
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:213
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:792
ilObjRoleGUI\cancelObject
cancelObject()
cancelObject is called when an operation is canceled, method links back @access public
Definition: class.ilObjRoleGUI.php:987
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:221
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1105
ilObjRoleGUI\adminPermObject
adminPermObject()
Show administration permissions.
Definition: class.ilObjRoleGUI.php:516
ilObjRoleGUI\loadRoleProperties
loadRoleProperties(ilObjRole $role, ilPropertyFormGUI $form)
Store form input in role object.
Definition: class.ilObjRoleGUI.php:303
ilObjRoleGUI\adminPermSaveObject
adminPermSaveObject()
Save admin permissions.
Definition: class.ilObjRoleGUI.php:525
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:565
ilObjRoleGUI\createObject
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
Definition: class.ilObjRoleGUI.php:339
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:181
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1119
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions @access public
Definition: class.ilObjRoleGUI.php:617
ilObjRoleGUI\__construct
__construct( $a_data, int $a_id, bool $a_call_by_reference=false, bool $a_prepare_output=true)
Definition: class.ilObjRoleGUI.php:50
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:189
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1244
ilObjRoleGUI\$http
GlobalHttpState $http
Definition: class.ilObjRoleGUI.php:47
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:27
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus(bool $a_assign_users)
Definition: class.ilObjRole.php:131
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRole\isAutoGenerated
static isAutoGenerated(int $a_role_id)
Definition: class.ilObjRole.php:533
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObjRole\setAllowRegister
setAllowRegister(bool $a_allow_register)
Definition: class.ilObjRole.php:204
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjUser
User class.
Definition: class.ilObjUser.php:28
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:35
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:62
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:279
ilObjectRoleTemplateOptionsTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRoleTemplateOptionsTableGUI.php:27
ilObjectRoleTemplatePermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRoleTemplatePermissionTableGUI.php:27
ilObject
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObject.php:30
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:864
ilObject\setTitle
setTitle(string $title)
Definition: class.ilObject.php:325
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:837
ilObject\setDescription
setDescription(string $desc)
Definition: class.ilObject.php:338
ilObject\getPresentationTitle
getPresentationTitle()
get presentation title Normally same as title Overwritten for sessions
Definition: class.ilObject.php:306
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:31
ilPropertyFormGUI\setValuesByArray
setValuesByArray(array $a_values, bool $a_restrict_to_value_keys=false)
Definition: class.ilPropertyFormGUI.php:319
ilPropertyFormGUI\getInput
getInput(string $a_post_var, bool $ensureValidation=true)
Returns the input of an item, if item provides getInput method and as fallback the value of the HTTP-...
Definition: class.ilPropertyFormGUI.php:448
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar(string $a_post_var)
Definition: class.ilPropertyFormGUI.php:250
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:27
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:27
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:31
ilRbacLog\diffTemplate
static diffTemplate(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:118
ilRbacLog\gatherTemplate
static gatherTemplate(int $a_role_ref_id, int $a_role_id)
Definition: class.ilRbacLog.php:110
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:33
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:37
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:25
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt('user'), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:194
ilRoleAdoptPermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRoleAdoptPermissionTableGUI.php:27
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:92
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:27
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:27
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:26
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34
ilUtil\getImagePath
static getImagePath(string $img, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:67
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:919
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1223
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:948
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$DIC
global $DIC
Definition: feed.php:28
$ilUser
$ilUser
Definition: imgupload.php:34
ILIAS\HTTP\GlobalHttpState
Interface GlobalHttpState.
Definition: GlobalHttpState.php:43
$source
$source
Definition: metadata.php:93
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:37
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilias
header include for all ilias files.