ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilPermissionGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\UI\Factory as UIFactory;
22 use ILIAS\HTTP\Wrapper\WrapperFactory;
23 
34 class ilPermissionGUI extends ilPermission2GUI
35 {
36  protected const CMD_PERM_POSITIONS = 'permPositions';
37  public const CMD_SAVE_POSITIONS_PERMISSIONS = 'savePositionsPermissions';
38 
39  protected object $current_obj;
40 
41  protected ilRecommendedContentManager $recommended_content_manager;
42  protected ilToolbarGUI $toolbar;
43  protected UIFactory $ui_factory;
44  protected ILIAS\HTTP\Wrapper\WrapperFactory $wrapper;
45  protected ilOrgUnitPositionDBRepository $positionRepo;
46  protected ilOrgUnitPermissionDBRepository $permissionRepo;
47  protected ilOrgUnitOperationDBRepository $operationRepo;
48 
49  public function __construct(object $a_gui_obj)
50  {
51  global $DIC;
52 
53  $this->wrapper = $DIC->http()->wrapper();
54  $this->toolbar = $DIC['ilToolbar'];
55  $this->ui_factory = $DIC['ui.factory'];
56  parent::__construct($a_gui_obj);
57  $this->recommended_content_manager = new ilRecommendedContentManager();
58  }
59 
60  private function getPositionRepo(): ilOrgUnitPositionDBRepository
61  {
62  if (!isset($this->positionRepo)) {
63  $dic = ilOrgUnitLocalDIC::dic();
64  $this->positionRepo = $dic["repo.Positions"];
65  }
66 
67  return $this->positionRepo;
68  }
69 
70  private function getPermissionRepo(): ilOrgUnitPermissionDBRepository
71  {
72  if (!isset($this->permissionRepo)) {
73  $dic = ilOrgUnitLocalDIC::dic();
74  $this->permissionRepo = $dic["repo.Permissions"];
75  }
76 
77  return $this->permissionRepo;
78  }
79 
80  private function getOperationRepo(): ilOrgUnitOperationDBRepository
81  {
82  if (!isset($this->operationRepo)) {
83  $dic = ilOrgUnitLocalDIC::dic();
84  $this->operationRepo = $dic["repo.Operations"];
85  }
86 
87  return $this->operationRepo;
88  }
89 
95  public function executeCommand(): void
96  {
97  // access to all functions in this class are only allowed if edit_permission is granted
98  if (!$this->rbacsystem->checkAccess("edit_permission", $this->gui_obj->getObject()->getRefId())) {
99  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
100  $this->ctrl->redirect($this->gui_obj);
101  }
102  $next_class = $this->ctrl->getNextClass($this);
103  switch ($next_class) {
104  case "ilobjrolegui":
105 
106  $role_id = 0;
107  if ($this->http->wrapper()->query()->has('obj_id')) {
108  $role_id = $this->http->wrapper()->query()->retrieve(
109  'obj_id',
110  $this->refinery->kindlyTo()->int()
111  );
112  }
113  $this->ctrl->setReturn($this, 'perm');
114  $this->gui_obj = new ilObjRoleGUI("", $role_id, false, false);
115  $this->ctrl->forwardCommand($this->gui_obj);
116  break;
117 
118  case 'ildidactictemplategui':
119  $this->ctrl->setReturn($this, 'perm');
120  $did = new ilDidacticTemplateGUI($this->gui_obj);
121  $this->ctrl->forwardCommand($did);
122  break;
123 
124  case 'ilrepositorysearchgui':
125  // used for owner autocomplete
126  $rep_search = new ilRepositorySearchGUI();
127  $this->ctrl->forwardCommand($rep_search);
128  break;
129 
130  case 'ilobjectpermissionstatusgui':
131  $this->__initSubTabs("perminfo");
132  $perm_stat = new ilObjectPermissionStatusGUI($this->gui_obj->getObject());
133  $this->ctrl->forwardCommand($perm_stat);
134  break;
135 
136  default:
137  $cmd = $this->ctrl->getCmd();
138  $this->$cmd();
139  break;
140  }
141  }
142 
143  public function getCurrentObject(): object
144  {
145  return $this->gui_obj->getObject();
146  }
147 
151  protected function confirmTemplateSwitch(): void
152  {
153  $this->ctrl->setReturn($this, 'perm');
154  $this->ctrl->setCmdClass('ildidactictemplategui');
155  $dtpl_gui = new ilDidacticTemplateGUI($this->gui_obj);
156  $this->ctrl->forwardCommand($dtpl_gui);
157  }
158 
159  public function perm(ilTable2GUI $table = null): void
160  {
161  $dtpl = new ilDidacticTemplateGUI($this->gui_obj);
162  if ($dtpl->appendToolbarSwitch(
163  $this->toolbar,
164  $this->getCurrentObject()->getType(),
165  $this->getCurrentObject()->getRefId()
166  )) {
167  $this->toolbar->addSeparator();
168  }
169 
170  if ($this->objDefinition->hasLocalRoles($this->getCurrentObject()->getType()) && !$this->isAdministrationObject()
171  ) {
172  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
173 
174  if (!$this->isAdminRoleFolder()) {
175  $this->toolbar->addComponent(
176  $this->ui_factory->link()->standard(
177  $this->lng->txt('rbac_add_new_local_role'),
178  $this->ctrl->getLinkTarget($this, 'displayAddRoleForm')
179  )
180  );
181  }
182  $this->toolbar->addComponent(
183  $this->ui_factory->link()->standard(
184  $this->lng->txt('rbac_import_role'),
185  $this->ctrl->getLinkTarget($this, 'displayImportRoleForm')
186  )
187  );
188  }
189  $this->__initSubTabs("perm");
190 
191  if (!$table instanceof ilTable2GUI) {
192  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
193  }
194  $table->parse();
195  $this->tpl->setContent($table->getHTML());
196  }
197 
198  protected function isAdminRoleFolder(): bool
199  {
200  return $this->getCurrentObject()->getRefId() == ROLE_FOLDER_ID;
201  }
202 
203  protected function isAdministrationObject(): bool
204  {
205  return $this->getCurrentObject()->getType() == 'adm';
206  }
207 
211  protected function isInAdministration(): bool
212  {
213  return (bool) $GLOBALS['DIC']['tree']->isGrandChild(SYSTEM_FOLDER_ID, $this->getCurrentObject()->getRefId());
214  }
215 
216  protected function applyFilter(): void
217  {
218  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
219  $table->resetOffset();
220  $table->writeFilterToSession();
221  $this->perm($table);
222  }
223 
224  protected function resetFilter(): void
225  {
226  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
227  $table->resetOffset();
228  $table->resetFilter();
229  $this->perm($table);
230  }
231 
232  public function applyRoleFilter(array $a_roles, int $a_filter_id): array
233  {
234  // Always delete administrator role from view
235  if (isset($a_roles[SYSTEM_ROLE_ID])) {
236  unset($a_roles[SYSTEM_ROLE_ID]);
237  }
238 
239  switch ($a_filter_id) {
240  // all roles in context
241  case ilObjectRolePermissionTableGUI::ROLE_FILTER_ALL:
242  return $a_roles;
243 
244  // only global roles
245  case ilObjectRolePermissionTableGUI::ROLE_FILTER_GLOBAL:
246  $arr_global_roles = $this->rbacreview->getGlobalRoles();
247  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_global_roles);
248  foreach ($arr_remove_roles as $role_id) {
249  unset($a_roles[$role_id]);
250  }
251  return $a_roles;
252 
253  // only local roles (all local roles in context that are not defined at ROLE_FOLDER_ID)
254  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL:
255  $arr_global_roles = $this->rbacreview->getGlobalRoles();
256  foreach ($arr_global_roles as $role_id) {
257  unset($a_roles[$role_id]);
258  }
259  return $a_roles;
260 
261  // only roles which use a local policy
262  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_POLICY:
263  $arr_local_roles = $this->rbacreview->getRolesOfObject($this->getCurrentObject()->getRefId());
264  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
265  foreach ($arr_remove_roles as $role_id) {
266  unset($a_roles[$role_id]);
267  }
268  return $a_roles;
269 
270  // only true local role defined at current position
271  case ilObjectRolePermissionTableGUI::ROLE_FILTER_LOCAL_OBJECT:
272  $arr_local_roles = $this->rbacreview->getRolesOfObject($this->getCurrentObject()->getRefId(), true);
273  $arr_remove_roles = array_diff(array_keys($a_roles), $arr_local_roles);
274  foreach ($arr_remove_roles as $role_id) {
275  unset($a_roles[$role_id]);
276  }
277  return $a_roles;
278 
279  default:
280  return $a_roles;
281  }
282  }
283 
284  protected function savePermissions(): void
285  {
286  global $DIC;
287 
288  $rbacreview = $DIC['rbacreview'];
289  $objDefinition = $DIC['objDefinition'];
290  $rbacadmin = $DIC['rbacadmin'];
291 
292  $table = new ilObjectRolePermissionTableGUI($this, 'perm', $this->getCurrentObject()->getRefId());
293 
294  $roles = $this->applyRoleFilter(
295  $rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId()),
296  (int) $table->getFilterItemByPostVar('role')->getValue()
297  );
298 
299  // Log history
300  $log_old = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
301 
302  # all possible create permissions
303  $possible_ops_ids = $rbacreview->getOperationsByTypeAndClass(
304  $this->getCurrentObject()->getType(),
305  'create'
306  );
307 
308  # createable (activated) create permissions
309  $create_types = $objDefinition->getCreatableSubObjects(
310  $this->getCurrentObject()->getType()
311  );
312  $createable_ops_ids = ilRbacReview::lookupCreateOperationIds(array_keys((array) $create_types));
313 
314  $post_perm = $this->wrapper->post()->has('perm')
315  ? $this->wrapper->post()->retrieve(
316  'perm',
317  $this->refinery->kindlyTo()->dictOf(
318  $this->refinery->kindlyTo()->dictOf(
319  $this->refinery->kindlyTo()->int()
320  )
321  )
322  )
323  : [];
324 
325  foreach ($roles as $role => $role_data) {
326  if ($role_data['protected']) {
327  continue;
328  }
329 
330  $new_ops = array_keys((array) ($post_perm[$role] ?? []));
331  $old_ops = $rbacreview->getRoleOperationsOnObject(
332  $role,
333  $this->getCurrentObject()->getRefId()
334  );
335 
336  // Add operations which were enabled and are not activated.
337  foreach ($possible_ops_ids as $create_ops_id) {
338  if (in_array($create_ops_id, $createable_ops_ids)) {
339  continue;
340  }
341  if (in_array($create_ops_id, $old_ops)) {
342  $new_ops[] = $create_ops_id;
343  }
344  }
345 
346  $rbacadmin->revokePermission(
347  $this->getCurrentObject()->getRefId(),
348  $role
349  );
350 
351  $rbacadmin->grantPermission(
352  $role,
353  array_unique($new_ops),
354  $this->getCurrentObject()->getRefId()
355  );
356  }
357 
358  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
359  $inherit_post = $this->wrapper->post()->has('inherit')
360  ? $this->wrapper->post()->retrieve(
361  'inherit',
362  $this->refinery->kindlyTo()->dictOf(
363  $this->refinery->kindlyTo()->bool()
364  )
365  )
366  : [];
367 
368  foreach ($roles as $role) {
369  $obj_id = (int) $role['obj_id'];
370  $parent_id = (int) $role['parent'];
371  // No action for local roles
372  if ($parent_id === $this->getCurrentObject()->getRefId() && $role['assign'] === 'y') {
373  continue;
374  }
375  // Nothing for protected roles
376  if ($role['protected']) {
377  continue;
378  }
379  // Stop local policy
380  if (
381  $parent_id === $this->getCurrentObject()->getRefId()
382  && !isset($inherit_post[$obj_id])
383  && !$rbacreview->isBlockedAtPosition($obj_id, $this->getCurrentObject()->getRefId())
384  ) {
385  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role['obj_id']);
386  $role_obj = ilObjectFactory::getInstanceByObjId($obj_id);
387  $role_obj->setParent($this->getCurrentObject()->getRefId());
388  $role_obj->delete();
389  continue;
390  }
391  // Add local policy
392  if (
393  $parent_id !== $this->getCurrentObject()->getRefId()
394  && isset($inherit_post[$obj_id])
395  ) {
396  ilLoggerFactory::getLogger('ac')->debug('Create local policy');
397  $rbacadmin->copyRoleTemplatePermissions(
398  $obj_id,
399  $parent_id,
400  $this->getCurrentObject()->getRefId(),
401  $obj_id
402  );
403  ilLoggerFactory::getLogger('ac')->debug('Assign role to folder');
404  $rbacadmin->assignRoleToFolder($obj_id, $this->getCurrentObject()->getRefId(), 'n');
405  }
406  }
407  }
408 
409  // Protect permissions
410  if (ilPermissionGUI::hasContainerCommands($this->getCurrentObject()->getType())) {
411  $protected_post = $this->wrapper->post()->has('protect')
412  ? $this->wrapper->post()->retrieve(
413  'protect',
414  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
415  )
416  : [];
417  foreach ($roles as $role) {
418  $obj_id = (int) $role['obj_id'];
419  if ($rbacreview->isAssignable($obj_id, $this->getCurrentObject()->getRefId())) {
420  if (isset($protected_post[$obj_id]) &&
421  !$rbacreview->isProtected($this->getCurrentObject()->getRefId(), $obj_id)) {
422  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $obj_id, 'y');
423  } elseif (!isset($protected_post[$obj_id]) &&
424  $rbacreview->isProtected($this->getCurrentObject()->getRefId(), $obj_id)) {
425  $rbacadmin->setProtected($this->getCurrentObject()->getRefId(), $obj_id, 'n');
426  }
427  }
428  }
429  }
430 
431  $log_new = ilRbacLog::gatherFaPa($this->getCurrentObject()->getRefId(), array_keys((array) $roles));
432  $log = ilRbacLog::diffFaPa($log_old, $log_new);
433  ilRbacLog::add(ilRbacLog::EDIT_PERMISSIONS, $this->getCurrentObject()->getRefId(), $log);
434 
435  $blocked_info = $this->getModifiedBlockedSettings();
436  ilLoggerFactory::getLogger('ac')->debug('Blocked settings: ' . print_r($blocked_info, true));
437  if ($blocked_info['num'] > 0) {
438  $this->showConfirmBlockRole($blocked_info);
439  return;
440  }
441  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
442  $this->ctrl->redirect($this, 'perm');
443  #$this->perm();
444  }
445 
446  protected function showConfirmBlockRole(array $a_blocked_info): void
447  {
448  $info = '';
449  if ($a_blocked_info['new_blocked']) {
450  $info .= $this->lng->txt('role_confirm_block_role_info');
451  if ($a_blocked_info['new_unblocked']) {
452  $info .= '<br /><br />';
453  }
454  }
455  if ($a_blocked_info['new_unblocked']) {
456  $info .= ('<br />' . $this->lng->txt('role_confirm_unblock_role_info'));
457  }
458 
459  $this->tpl->setOnScreenMessage('info', $info);
460 
461  $confirm = new ilConfirmationGUI();
462  $confirm->setFormAction($this->ctrl->getFormAction($this));
463  $confirm->setHeaderText($this->lng->txt('role_confirm_block_role_header'));
464  $confirm->setConfirm($this->lng->txt('role_confirm_block_role'), 'modifyBlockRoles');
465  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
466 
467  foreach ($a_blocked_info['new_blocked'] as $role_id) {
468  $confirm->addItem(
469  'new_block[]',
470  (string) $role_id,
471  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_blocked')
472  );
473  }
474  foreach ($a_blocked_info['new_unblocked'] as $role_id) {
475  $confirm->addItem(
476  'new_unblock[]',
477  (string) $role_id,
478  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id)) . ' ' . $this->lng->txt('role_unblocked')
479  );
480  }
481  $this->tpl->setContent($confirm->getHTML());
482  }
483 
484  protected function modifyBlockRoles(): void
485  {
486  $this->blockRoles(
487  $this->wrapper->post()->has('new_block')
488  ? $this->wrapper->post()->retrieve(
489  'new_block',
490  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
491  )
492  : []
493  );
494  $this->unblockRoles($this->wrapper->post()->has('new_unblock')
495  ? $this->wrapper->post()->retrieve(
496  'new_unblock',
497  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
498  )
499  : []);
500 
501  $this->tpl->setOnScreenMessage('info', $this->lng->txt('settings_saved'));
502  $this->ctrl->redirect($this, 'perm');
503  }
504 
508  protected function unblockRoles($roles): void
509  {
510  foreach ($roles as $role) {
511  // delete local policy
512  ilLoggerFactory::getLogger('ac')->debug('Stop local policy for: ' . $role);
513  $role_obj = ilObjectFactory::getInstanceByObjId($role);
514  $role_obj->setParent($this->getCurrentObject()->getRefId());
515  $role_obj->delete();
516 
517  $role_obj->changeExistingObjects(
518  $this->getCurrentObject()->getRefId(),
519  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
520  ['all']
521  );
522 
523  // finally set blocked status
524  $this->rbacadmin->setBlockedStatus(
525  $role,
526  $this->getCurrentObject()->getRefId(),
527  false
528  );
529  }
530  }
531 
532  protected function blockRoles($roles): void
533  {
534  foreach ($roles as $role) {
535  // Set assign to 'y' only if it is a local role
536  $assign = $this->rbacreview->isAssignable($role, $this->getCurrentObject()->getRefId()) ? 'y' : 'n';
537 
538  // Delete permissions
539  $this->rbacadmin->revokeSubtreePermissions($this->getCurrentObject()->getRefId(), $role);
540 
541  // Delete template permissions
542  $this->rbacadmin->deleteSubtreeTemplates($this->getCurrentObject()->getRefId(), $role);
543 
544  $this->rbacadmin->assignRoleToFolder(
545  $role,
546  $this->getCurrentObject()->getRefId(),
547  $assign
548  );
549 
550  // finally set blocked status
551  $this->rbacadmin->setBlockedStatus(
552  $role,
553  $this->getCurrentObject()->getRefId(),
554  true
555  );
556  }
557  }
558 
559  public static function hasContainerCommands(string $a_type): bool
560  {
561  global $DIC;
562 
563  $objDefinition = $DIC['objDefinition'];
564  return $objDefinition->isContainer($a_type) && $a_type != 'root' && $a_type != 'adm' && $a_type != 'rolf';
565  }
566 
567  protected function displayImportRoleForm(ilPropertyFormGUI $form = null): void
568  {
569  $this->tabs->clearTargets();
570 
571  if (!$form) {
572  $form = $this->initImportForm();
573  }
574  $this->tpl->setContent($form->getHTML());
575  }
576 
577  protected function doImportRole(): void
578  {
579  $form = $this->initImportForm();
580  if ($form->checkInput()) {
581  try {
582  // For global roles set import id to parent of current ref_id (adm)
583  $imp = new ilImport($this->getCurrentObject()->getRefId());
584  $imp->getMapping()->addMapping(
585  'Services/AccessControl',
586  'rolf',
587  '0',
588  (string) $this->getCurrentObject()->getRefId()
589  );
590 
591  $imp->importObject(
592  null,
593  $_FILES["importfile"]["tmp_name"],
594  $_FILES["importfile"]["name"],
595  'role'
596  );
597  $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_role_imported'), true);
598  $this->ctrl->redirect($this, 'perm');
599  return;
600  } catch (Exception $e) {
601  $this->tpl->setOnScreenMessage('failure', $e->getMessage());
602  $form->setValuesByPost();
603  $this->displayImportRoleForm($form);
604  return;
605  }
606  }
607  $form->setValuesByPost();
608  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
609  $this->displayImportRoleForm($form);
610  }
611 
615  protected function initImportForm(): ilPropertyFormGUI
616  {
617  $form = new ilPropertyFormGUI();
618  $form->setFormAction($this->ctrl->getFormAction($this));
619  $form->setTitle($this->lng->txt('rbac_import_role'));
620  $form->addCommandButton('doImportRole', $this->lng->txt('import'));
621  $form->addCommandButton('perm', $this->lng->txt('cancel'));
622 
623  $zip = new ilFileInputGUI($this->lng->txt('import_file'), 'importfile');
624  $zip->setRequired(true);
625  $zip->setSuffixes(['zip']);
626  $form->addItem($zip);
627 
628  return $form;
629  }
630 
631  protected function initRoleForm(): ilPropertyFormGUI
632  {
633  $form = new ilPropertyFormGUI();
634  $form->setFormAction($this->ctrl->getFormAction($this));
635  $form->setTitle($this->lng->txt('role_new'));
636  $form->addCommandButton('addrole', $this->lng->txt('role_new'));
637  $form->addCommandButton('perm', $this->lng->txt('cancel'));
638 
639  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
640  $title->setValidationRegexp('/^(?!il_).*$/');
641  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
642  $title->setSize(40);
643  $title->setMaxLength(70);
644  $title->setRequired(true);
645  $form->addItem($title);
646 
647  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
648  $desc->setCols(40);
649  $desc->setRows(3);
650  $form->addItem($desc);
651 
652  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
653  $pro->setInfo($this->lng->txt('role_protect_permissions_desc'));
654  $pro->setValue("1");
655  $form->addItem($pro);
656 
657  $pd = new ilCheckboxInputGUI($this->lng->txt('rbac_add_recommended_content'), 'desktop');
658  $pd->setInfo(
659  str_replace(
660  "%1",
661  $this->getCurrentObject()->getTitle(),
662  $this->lng->txt('rbac_add_recommended_content_info')
663  )
664  );
665  $pd->setValue((string) 1);
666  $form->addItem($pd);
667 
668  if (!$this->isInAdministration()) {
669  $rights = new ilRadioGroupInputGUI($this->lng->txt("rbac_role_rights_copy"), 'rights');
670  $option = new ilRadioOption($this->lng->txt("rbac_role_rights_copy_empty"), (string) 0);
671  $rights->addOption($option);
672 
673  $parent_role_ids = $this->rbacreview->getParentRoleIds($this->gui_obj->getObject()->getRefId(), true);
674  $ids = [];
675  foreach (array_keys($parent_role_ids) as $id) {
676  $ids[] = $id;
677  }
678 
679  // Sort ids
680  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type DESC,title', 'obj_id');
681 
682  $key = 0;
683  foreach ($sorted_ids as $id) {
684  $par = $parent_role_ids[$id];
685  if ($par["obj_id"] != SYSTEM_ROLE_ID) {
686  $option = new ilRadioOption(
687  ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt(
688  'obj_rolt'
689  )) . ": " . ilObjRole::_getTranslation($par["title"]),
690  (string) $par["obj_id"]
691  );
692  $option->setInfo($par["desc"] ?? '');
693  $rights->addOption($option);
694  }
695  $key++;
696  }
697  $form->addItem($rights);
698  }
699 
700  // Local policy only for containers
701  if ($this->objDefinition->isContainer($this->getCurrentObject()->getType())) {
702  $check = new ilCheckboxInputGui($this->lng->txt("rbac_role_rights_copy_change_existing"), 'existing');
703  $check->setInfo($this->lng->txt('rbac_change_existing_objects_desc_new_role'));
704  $form->addItem($check);
705  }
706  return $form;
707  }
708 
712  protected function displayAddRoleForm(): void
713  {
714  $this->tabs->clearTargets();
715  $form = $this->initRoleForm();
716  $this->tpl->setContent($form->getHTML());
717  }
718 
725  protected function addRole(): void
726  {
727  $form = $this->initRoleForm();
728  if ($form->checkInput()) {
729  $new_title = $form->getInput("title");
730 
731  $role = new ilObjRole();
732  $role->setTitle($new_title);
733  $role->setDescription($form->getInput('desc'));
734  $role->create();
735 
736  $this->rbacadmin->assignRoleToFolder($role->getId(), $this->getCurrentObject()->getRefId());
737 
738  // protect
739  $this->rbacadmin->setProtected(
740  $this->getCurrentObject()->getRefId(),
741  $role->getId(),
742  $form->getInput('pro') ? 'y' : 'n'
743  );
744 
745  // copy rights
746  $right_id_to_copy = (int) $form->getInput("rights");
747  if ($right_id_to_copy) {
748  $parentRoles = $this->rbacreview->getParentRoleIds($this->getCurrentObject()->getRefId(), true);
749  $this->rbacadmin->copyRoleTemplatePermissions(
750  $right_id_to_copy,
751  $parentRoles[$right_id_to_copy]["parent"],
752  $this->getCurrentObject()->getRefId(),
753  $role->getId(),
754  false
755  );
756 
757  if ($form->getInput('existing')) {
758  if ($form->getInput('pro')) {
759  $role->changeExistingObjects(
760  $this->getCurrentObject()->getRefId(),
761  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
762  ['all']
763  );
764  } else {
765  $role->changeExistingObjects(
766  $this->getCurrentObject()->getRefId(),
767  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
768  ['all']
769  );
770  }
771  }
772  }
773 
774  // add to desktop items
775  if ($form->getInput("desktop")) {
776  $this->recommended_content_manager->addRoleRecommendation(
777  $role->getId(),
778  $this->getCurrentObject()->getRefId()
779  );
780  }
781 
782  $this->tpl->setOnScreenMessage('success', $this->lng->txt("role_added"), true);
783  $this->ctrl->redirect($this, 'perm');
784  } else {
785  $form->setValuesByPost();
786  $this->tpl->setContent($form->getHTML());
787  }
788  }
789 
790  protected function getModifiedBlockedSettings(): array
791  {
792  global $DIC;
793 
794  $rbacreview = $DIC['rbacreview'];
795 
796  $blocked_info['new_blocked'] = [];
797  $blocked_info['new_unblocked'] = [];
798  $blocked_info['num'] = 0;
799  $visible_block = $this->wrapper->post()->has('visible_block')
800  ? $this->wrapper->post()->retrieve(
801  'visible_block',
802  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
803  )
804  : [];
805  $block_post = $this->wrapper->post()->has('block')
806  ? $this->wrapper->post()->retrieve(
807  'block',
808  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
809  )
810  : [];
811 
812 
813  foreach ($visible_block as $role => $one) {
814  $blocked = $rbacreview->isBlockedAtPosition($role, $this->getCurrentObject()->getRefId());
815  if (isset($block_post[$role]) && !$blocked) {
816  $blocked_info['new_blocked'][] = $role;
817  $blocked_info['num']++;
818  }
819  if (!isset($block_post[$role]) && $blocked) {
820  $blocked_info['new_unblocked'][] = $role;
821  $blocked_info['num']++;
822  }
823  }
824  return $blocked_info;
825  }
826 
827  //
828  // OrgUnit Position Permissions
829  //
830 
831  protected function permPositions(): void
832  {
833  $perm = self::CMD_PERM_POSITIONS;
834  $this->__initSubTabs($perm);
835 
836  $ref_id = $this->getCurrentObject()->getRefId();
837  $table = new ilOrgUnitPermissionTableGUI($this, $perm, $ref_id);
838  $table->collectData();
839  $this->tpl->setContent($table->getHTML());
840  }
841 
842  protected function savePositionsPermissions(): void
843  {
844  $this->__initSubTabs(self::CMD_PERM_POSITIONS);
845 
846  $positions = $this->getPositionRepo()->getArray(null, 'id');
847  $ref_id = $this->getCurrentObject()->getRefId();
848 
849  // handle local sets
850  $positions_with_local_perms_from_post = $this->wrapper->post()->has('local')
851  ? $this->wrapper->post()->retrieve(
852  'local',
853  $this->refinery->kindlyTo()->dictOf($this->refinery->kindlyTo()->int())
854  )
855  : [];
856 
857  foreach ($positions as $position_id) {
858  if (isset($positions_with_local_perms_from_post[$position_id])) {
859  $this->getPermissionRepo()->get($ref_id, $position_id);
860  } else {
861  $this->getPermissionRepo()->delete($ref_id, $position_id);
862  }
863  }
864 
865  $position_perm_post = $this->wrapper->post()->has('position_perm')
866  ? $this->wrapper->post()->retrieve(
867  'position_perm',
868  $this->refinery->kindlyTo()->dictOf(
869  $this->refinery->kindlyTo()->dictOf(
870  $this->refinery->kindlyTo()->int()
871  )
872  )
873  )
874  : [];
875 
876  foreach ($position_perm_post as $position_id => $ops) {
877  if (!isset($positions_with_local_perms_from_post[$position_id])) {
878  continue;
879  }
880  $org_unit_permissions = $this->getPermissionRepo()->getLocalorDefault($ref_id, $position_id);
881  if (!$org_unit_permissions->isTemplate()) {
882  $new_ops = [];
883  foreach ($ops as $op_id => $op) {
884  $new_ops[] = $this->getOperationRepo()->getById($op_id);
885  }
886  $org_unit_permissions = $this->getPermissionRepo()->store(
887  $org_unit_permissions->withOperations($new_ops)
888  );
889  }
890  }
891 
892  foreach (array_keys($positions_with_local_perms_from_post) as $position_id_from_post) {
893  if (array_key_exists($position_id_from_post, $position_perm_post)) {
894  continue;
895  }
896  $org_unit_permissions = $this->getPermissionRepo()->find($ref_id, $position_id_from_post);
897  if ($org_unit_permissions !== null && !$org_unit_permissions->isTemplate()) {
898  $this->getPermissionRepo()->store($org_unit_permissions->withOperations([]));
899  }
900  }
901 
902  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
903  $this->ctrl->redirect($this, self::CMD_PERM_POSITIONS);
904  }
905 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
ilRbacLog\gatherFaPa
static gatherFaPa(int $a_ref_id, array $a_role_ids, bool $a_add_action=false)
Definition: class.ilRbacLog.php:42
ilRbacAdmin\grantPermission
grantPermission(int $a_rol_id, array $a_ops, int $a_ref_id)
Grants a permission to an object and a specific role.
Definition: class.ilRbacAdmin.php:259
ilOrgUnitPermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilOrgUnitPermissionTableGUI.php:23
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
ilRbacReview\getRoleOperationsOnObject
getRoleOperationsOnObject(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:723
ilRbacReview\isBlockedAtPosition
isBlockedAtPosition(int $a_role_id, int $a_ref_id)
Definition: class.ilRbacReview.php:1040
ilRbacAdmin\copyRoleTemplatePermissions
copyRoleTemplatePermissions(int $a_source_id, int $a_source_parent, int $a_dest_parent, int $a_dest_id, bool $a_consider_protected=true)
Copies template permissions of one role to another.
Definition: class.ilRbacAdmin.php:438
ilFileInputGUI
This class represents a file property in a property form.
Definition: class.ilFileInputGUI.php:30
ilPermissionGUI\addRole
addRole()
adds a local role This method is only called when choose the option &#39;you may add local roles&#39;...
Definition: class.ilPermissionGUI.php:725
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilObjectDefinition\isContainer
isContainer(string $obj_name)
Check if object type is container (&#39;crs&#39;,&#39;fold&#39;,&#39;grp&#39; ...)
Definition: class.ilObjectDefinition.php:507
ilPermissionGUI\$positionRepo
ilOrgUnitPositionDBRepository $positionRepo
Definition: class.ilPermissionGUI.php:45
ilPermissionGUI\isInAdministration
isInAdministration()
Check if node is subobject of administration folder.
Definition: class.ilPermissionGUI.php:211
ilPermissionGUI\showConfirmBlockRole
showConfirmBlockRole(array $a_blocked_info)
Definition: class.ilPermissionGUI.php:446
ilImport
Import class.
Definition: class.ilImport.php:38
ilPermissionGUI\$operationRepo
ilOrgUnitOperationDBRepository $operationRepo
Definition: class.ilPermissionGUI.php:47
ilRbacAdmin\revokePermission
revokePermission(int $a_ref_id, int $a_rol_id=0, bool $a_keep_protected=true)
Revokes permissions of an object of one role.
Definition: class.ilRbacAdmin.php:301
ilPermission2GUI\__initSubTabs
__initSubTabs(string $a_cmd)
Definition: class.ilPermission2GUI.php:131
ilObjectDefinition\getCreatableSubObjects
getCreatableSubObjects(string $obj_type, int $context=self::MODE_REPOSITORY, int $parent_ref_id=null)
Definition: class.ilObjectDefinition.php:454
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
ilRbacLog\diffFaPa
static diffFaPa(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:75
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilPermissionGUI\$permissionRepo
ilOrgUnitPermissionDBRepository $permissionRepo
Definition: class.ilPermissionGUI.php:46
ilPermissionGUI\$recommended_content_manager
ilRecommendedContentManager $recommended_content_manager
Definition: class.ilPermissionGUI.php:41
$DIC
global $DIC
Definition: feed.php:28
ilRbacLog\EDIT_PERMISSIONS
const EDIT_PERMISSIONS
Definition: class.ilRbacLog.php:28
ilRbacReview\lookupCreateOperationIds
static lookupCreateOperationIds(array $a_type_arr)
Lookup operation ids.
Definition: class.ilRbacReview.php:994
ilRbacReview\getOperationsByTypeAndClass
getOperationsByTypeAndClass(string $a_type, string $a_class)
Get operations by type and class.
Definition: class.ilRbacReview.php:772
ilPermissionGUI\displayImportRoleForm
displayImportRoleForm(ilPropertyFormGUI $form=null)
Definition: class.ilPermissionGUI.php:567
$ref_id
$ref_id
Definition: ltiauth.php:67
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ILIAS\MetaData\Repository\Validation\Data\__construct
__construct(VocabulariesInterface $vocabularies)
Definition: VocabularyBridge.php:31
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilDidacticTemplateGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilDidacticTemplateGUI.php:27
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:834
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:31
ilPermissionGUI\confirmTemplateSwitch
confirmTemplateSwitch()
Called after toolbar action applyTemplateSwitch.
Definition: class.ilPermissionGUI.php:151
$log
$log
Definition: result.php:33
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilPermissionGUI\hasContainerCommands
static hasContainerCommands(string $a_type)
Definition: class.ilPermissionGUI.php:559
ilRbacReview\getParentRoleIds
getParentRoleIds(int $a_endnode_id, bool $a_templates=false)
Get an array of parent role ids of all parent roles, if last parameter is set true you get also all p...
Definition: class.ilRbacReview.php:122
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilFormPropertyGUI\setRequired
setRequired(bool $a_required)
Definition: class.ilFormPropertyGUI.php:155
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilPermissionGUI\displayAddRoleForm
displayAddRoleForm()
Show add role form.
Definition: class.ilPermissionGUI.php:712
ilRbacAdmin\setProtected
setProtected(int $a_ref_id, int $a_role_id, string $a_value)
Set protected.
Definition: class.ilRbacAdmin.php:735
ilRbacAdmin\assignRoleToFolder
assignRoleToFolder(int $a_rol_id, int $a_parent, string $a_assign="y")
Assigns a role to a role folder A role folder is an object to store roles.
Definition: class.ilRbacAdmin.php:676
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1218
ilPermission2GUI\$objDefinition
ilObjectDefinition $objDefinition
Definition: class.ilPermission2GUI.php:38
ilPermissionGUI\$wrapper
ILIAS HTTP Wrapper WrapperFactory $wrapper
Definition: class.ilPermissionGUI.php:44
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
WrapperFactory
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
$rights
$rights
Definition: LOMStructure.php:380
ilPermissionGUI\__construct
__construct(object $a_gui_obj)
Definition: class.ilPermissionGUI.php:49
ilPermissionGUI\initImportForm
initImportForm()
init import form
Definition: class.ilPermissionGUI.php:615
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:26
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ilPermissionGUI\executeCommand
executeCommand()
Execute command.
Definition: class.ilPermissionGUI.php:95
$dic
$dic
Definition: result.php:32
$check
$check
Definition: buildRTE.php:81
ilPermissionGUI
New PermissionGUI (extends from old ilPermission2GUI) RBAC related output.
Definition: class.ilPermissionGUI.php:34
ilPermissionGUI\applyRoleFilter
applyRoleFilter(array $a_roles, int $a_filter_id)
Definition: class.ilPermissionGUI.php:232
ilObjectRolePermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRolePermissionTableGUI.php:26
ilRbacReview\isAssignable
isAssignable(int $a_rol_id, int $a_ref_id)
Check if its possible to assign users.
Definition: class.ilRbacReview.php:446
ilPermission2GUI
Class ilPermissionGUI RBAC related output.
Definition: class.ilPermission2GUI.php:30
ilObjectPermissionStatusGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectPermissionStatusGUI.php:28
ilPermissionGUI\perm
perm(ilTable2GUI $table=null)
Definition: class.ilPermissionGUI.php:159
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:34
ilRecommendedContentManager
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentManager.php:25
ilRbacReview\isProtected
isProtected(int $a_ref_id, int $a_role_id)
ref_id not used yet.
Definition: class.ilRbacReview.php:1027