ILIAS  release_9 Revision v9.13-25-g2c18ec4c24f
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\HTTP\GlobalHttpState;
22 use ILIAS\Refinery\Factory;
23 use ILIAS\UI\Factory as UIFactory;
24 use ILIAS\UI\Renderer;
25 
34 class ilObjRoleGUI extends ilObjectGUI
35 {
36  protected const MODE_GLOBAL_UPDATE = 1;
37  protected const MODE_GLOBAL_CREATE = 2;
38  protected const MODE_LOCAL_UPDATE = 3;
39  protected const MODE_LOCAL_CREATE = 4;
40 
41  protected int $obj_ref_id = 0;
42  protected int $obj_obj_id = 0;
43  protected string $obj_obj_type = '';
44  protected string $container_type = '';
45  protected int $role_id = 0;
46  protected ilRbacAdmin $rbacadmin;
47  protected ilHelpGUI $help;
48  private ilLogger $logger;
49  private GlobalHttpState $http;
50  protected Factory $refinery;
51  protected UIFactory $ui_factory;
52  protected Renderer $ui_renderer;
53 
54  public function __construct(
55  $a_data,
56  int $a_id,
57  bool $a_call_by_reference = false,
58  bool $a_prepare_output = true
59  ) {
61  global $DIC;
62 
63  $this->rbacadmin = $DIC['rbacadmin'];
64  $this->help = $DIC['ilHelp'];
65  $this->logger = $DIC->logger()->ac();
66 
67  $this->role_id = $a_id;
68  $this->http = $DIC['http'];
69  $this->refinery = $DIC['refinery'];
70  $this->ui_factory = $DIC['ui.factory'];
71  $this->ui_renderer = $DIC['ui.renderer'];
72 
73  // Add ref_id of object that contains role
74  $this->initParentRefId();
75  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
76  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
77  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
78 
79  $this->type = "role";
80  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
81  $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
82  $this->lng->loadLanguageModule('rbac');
83  }
84 
85  public function executeCommand(): void
86  {
87  $this->prepareOutput();
88 
89  $next_class = $this->ctrl->getNextClass($this);
90  $cmd = $this->ctrl->getCmd();
91 
92  $this->ensureRoleAccessForContext();
93 
94  switch ($next_class) {
95  case 'ilrepositorysearchgui':
96 
97  if (!$this->access->checkAccess('edit_permission', '', $this->obj_ref_id)) {
98  $this->error->raiseError(
99  $this->lng->txt('permission_denied'),
100  $this->error->WARNING
101  );
102  }
103  $rep_search = new ilRepositorySearchGUI();
104  $rep_search->setTitle($this->lng->txt('role_add_user'));
105  $rep_search->setCallback($this, 'addUserObject');
106 
107  // Set tabs
108  $this->tabs_gui->setTabActive('user_assignment');
109  $this->ctrl->setReturn($this, 'userassignment');
110  $ret = $this->ctrl->forwardCommand($rep_search);
111  break;
112 
113  case 'ilexportgui':
114 
115  $this->tabs_gui->setTabActive('export');
116 
117  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
118  $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
119 
120  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
121  $exp->addFormat('xml');
122  $this->ctrl->forwardCommand($exp);
123  break;
124 
125  case 'ilrecommendedcontentroleconfiggui':
126  $this->tabs_gui->setTabActive('rep_recommended_content');
127  $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
128  $this->ctrl->forwardCommand($ui);
129  break;
130 
131  default:
132  if (!$cmd) {
133  if ($this->showDefaultPermissionSettings()) {
134  $cmd = "perm";
135  } else {
136  $cmd = 'userassignment';
137  }
138  }
139  $cmd .= "Object";
140  $this->$cmd();
141 
142  break;
143  }
144  }
145 
146  protected function getRoleId(): int
147  {
148  return $this->role_id;
149  }
150 
151  protected function initParentRefId(): void
152  {
153  $this->obj_ref_id = 0;
154 
155  if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
156  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
157  'rolf_ref_id',
158  $this->refinery->kindlyTo()->int()
159  );
160  } elseif ($this->http->wrapper()->query()->has('ref_id')) {
161  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
162  'ref_id',
163  $this->refinery->kindlyTo()->int()
164  );
165  }
166  }
167 
168  protected function retrieveTemplatePermissionsFromPost(): array
169  {
170  $template_permissions = [];
171  if ($this->http->wrapper()->post()->has('template_perm')) {
172  $custom_transformer = $this->refinery->custom()->transformation(
173  function ($array) {
174  return $array;
175  }
176  );
177  $template_permissions = $this->http->wrapper()->post()->retrieve(
178  'template_perm',
179  $custom_transformer
180  );
181  }
182  return $template_permissions;
183  }
184 
188  public function getParentRefId(): int
189  {
190  return $this->obj_ref_id;
191  }
192 
196  public function getParentObjId(): int
197  {
198  return $this->obj_obj_id;
199  }
200 
204  public function getParentType(): string
205  {
206  return $this->obj_obj_type;
207  }
208 
212  public function getAdminTabs(): void
213  {
214  $this->getTabs();
215  }
216 
220  protected function getContainerType(): string
221  {
222  return $this->container_type;
223  }
224 
228  protected function showDefaultPermissionSettings(): bool
229  {
230  return $this->obj_definition->isContainer($this->getContainerType())
231  || $this->obj_definition->isAdministrationObject($this->getContainerType());
232  }
233 
234  protected function initFormRoleProperties(int $a_mode): ilPropertyFormGUI
235  {
236  $form = new ilPropertyFormGUI();
237 
238  if ($this->creation_mode) {
239  $this->ctrl->setParameter($this, "new_type", 'role');
240  }
241  $form->setFormAction($this->ctrl->getFormAction($this));
242 
243  switch ($a_mode) {
244  case self::MODE_GLOBAL_CREATE:
245  $form->setTitle($this->lng->txt('role_new'));
246  $form->addCommandButton('save', $this->lng->txt('role_new'));
247  break;
248 
249  case self::MODE_GLOBAL_UPDATE:
250  $form->setTitle($this->lng->txt('role_edit'));
251  $form->addCommandButton('update', $this->lng->txt('save'));
252  break;
253 
254  case self::MODE_LOCAL_CREATE:
255  case self::MODE_LOCAL_UPDATE:
256  }
257  // Fix cancel
258  $form->addCommandButton('cancel', $this->lng->txt('cancel'));
259 
260  $title = new ilTextInputGUI($this->lng->txt('title'), 'title');
261  if (ilObjRole::isAutoGenerated($this->object->getId())) {
262  $title->setDisabled(true);
263  } else {
264  //#17111 No validation for disabled fields
265  $title->setValidationRegexp('/^(?!il_).*$/');
266  $title->setValidationFailureMessage($this->lng->txt('msg_role_reserved_prefix'));
267  }
268 
269  $title->setSize(40);
270  $title->setMaxLength(70);
271  $title->setRequired(true);
272  $form->addItem($title);
273 
274  $desc = new ilTextAreaInputGUI($this->lng->txt('description'), 'desc');
275  if (ilObjRole::isAutoGenerated($this->object->getId())) {
276  $desc->setDisabled(true);
277  }
278  $desc->setCols(40);
279  $desc->setRows(3);
280  $form->addItem($desc);
281 
282  if ($a_mode != self::MODE_LOCAL_CREATE && $a_mode != self::MODE_GLOBAL_CREATE) {
283  $ilias_id = new ilNonEditableValueGUI($this->lng->txt("ilias_id"), "ilias_id");
284  $form->addItem($ilias_id);
285  }
286 
287  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
288  $reg = new ilCheckboxInputGUI($this->lng->txt('allow_register'), 'reg');
289  $reg->setValue("1");
290  #$reg->setInfo($this->lng->txt('rbac_new_acc_reg_info'));
291  $form->addItem($reg);
292 
293  $la = new ilCheckboxInputGUI($this->lng->txt('allow_assign_users'), 'la');
294  $la->setValue("1");
295  #$la->setInfo($this->lng->txt('rbac_local_admin_info'));
296  $form->addItem($la);
297  }
298 
299  $pro = new ilCheckboxInputGUI($this->lng->txt('role_protect_permissions'), 'pro');
300  $pro->setValue("1");
301  #$pro->setInfo($this->lng->txt('role_protext_permission_info'));
302  $form->addItem($pro);
303  return $form;
304  }
305 
310  protected function loadRoleProperties(ilObjRole $role, ilPropertyFormGUI $form): void
311  {
312  //Don't set if fields are disabled to prevent html manipulation.
313  if (!$form->getItemByPostVar('title')->getDisabled()) {
314  $role->setTitle((string) $form->getInput('title'));
315  }
316  if (!$form->getItemByPostVar('desc')->getDisabled()) {
317  $role->setDescription((string) $form->getInput('desc'));
318  }
319  $role->setAllowRegister((bool) $form->getInput('reg'));
320  $role->toggleAssignUsersStatus((bool) $form->getInput('la'));
321  }
322 
326  protected function readRoleProperties(ilObject $role, ilPropertyFormGUI $form): void
327  {
328  global $DIC;
329 
330  $rbacreview = $DIC['rbacreview'];
331 
332  $data['title'] = $role->getPresentationTitle();
333  $data['desc'] = $role->getDescription();
334  $data['ilias_id'] = 'il_' . IL_INST_ID . '_' . ilObject::_lookupType($role->getId()) . '_' . $role->getId();
335  $data['reg'] = $role->getAllowRegister();
336  $data['la'] = $role->getAssignUsersStatus();
337  $data['pro'] = $rbacreview->isProtected($this->obj_ref_id, $role->getId());
338 
339  $form->setValuesByArray($data);
340  }
341 
346  public function createObject(): void
347  {
348  if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
349  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
350  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
351  }
352  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
353  $this->tpl->setContent($form->getHTML());
354  }
355 
356  public function editObject(): void
357  {
358  if (!$this->checkAccess('write', 'edit_permission')) {
359  $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
360  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
361  }
362  $this->tabs_gui->activateTab('edit_properties');
363 
364  // Show copy role button
365  if ($this->object->getId() != SYSTEM_ROLE_ID) {
366  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
367  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
368  $this->toolbar->addComponent(
369  $this->ui_factory->link()->standard(
370  $this->lng->txt('rbac_delete_role'),
371  $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
372  )
373  );
374  }
375  }
376  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
377  $this->readRoleProperties($this->object, $form);
378  $this->tpl->setContent($form->getHTML());
379  }
380 
385  public function saveObject(): void
386  {
387  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_CREATE);
388  if ($form->checkInput()) {
389  $role = new ilObjRole();
390  $this->loadRoleProperties($role, $form);
391  $role->create();
392  $this->rbacadmin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
393  $this->rbacadmin->setProtected(
394  $this->obj_ref_id,
395  $role->getId(),
396  $form->getInput('pro') ? 'y' : 'n'
397  );
398  $this->tpl->setOnScreenMessage('success', $this->lng->txt("role_added"), true);
399  $this->ctrl->setParameter($this, 'obj_id', $role->getId());
400  $this->ctrl->redirect($this, 'perm');
401  }
402 
403  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
404  $form->setValuesByPost();
405  $this->tpl->setContent($form->getHTML());
406  }
407 
412  public function updateObject(): void
413  {
414  $form = $this->initFormRoleProperties(self::MODE_GLOBAL_UPDATE);
415  if ($form->checkInput()) {
416  $this->loadRoleProperties($this->object, $form);
417  $this->object->update();
418  $this->rbacadmin->setProtected(
419  $this->obj_ref_id,
420  $this->object->getId(),
421  $form->getInput('pro') ? 'y' : 'n'
422  );
423  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
424  $this->ctrl->redirect($this, 'edit');
425  }
426 
427  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_check_input'));
428  $form->setValuesByPost();
429  $this->tpl->setContent($form->getHTML());
430  }
431 
432  protected function permObject(bool $a_show_admin_permissions = false): void
433  {
434  $this->tabs_gui->setTabActive('default_perm_settings');
435 
436  $this->setSubTabs('default_perm_settings');
437 
438  if ($a_show_admin_permissions) {
439  $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
440  } else {
441  $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
442  }
443 
444  if (!$this->checkAccess('write', 'edit_permission')) {
445  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
446  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
447  }
448 
449  // Show copy role button
450  if ($this->object->getId() != SYSTEM_ROLE_ID) {
451  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
452  $this->toolbar->addComponent(
453  $this->ui_factory->link()->standard(
454  $this->lng->txt("adopt_perm_from_template"),
455  $this->ctrl->getLinkTarget($this, 'adoptPerm')
456  )
457  );
458  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
459  $this->toolbar->addComponent(
460  $this->ui_factory->link()->standard(
461  $this->lng->txt('rbac_delete_role'),
462  $this->ctrl->getLinkTarget($this, 'confirmDeleteRole')
463  )
464  );
465  }
466  }
467 
468  $this->tpl->addBlockFile(
469  'ADM_CONTENT',
470  'adm_content',
471  'tpl.rbac_template_permissions.html',
472  'Services/AccessControl'
473  );
474 
475  $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
476 
477  $acc = new ilAccordionGUI();
478  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
479  $acc->setId('template_perm_' . $this->getParentRefId());
480 
481  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
482  if ($a_show_admin_permissions) {
483  $subs = ilObjRole::getSubObjects('adm', true);
484  } else {
485  $subs = ilObjRole::getSubObjects('root', false);
486  }
487  } else {
488  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
489  }
490 
491  foreach ($subs as $subtype => $def) {
492  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
493  $this,
494  'perm',
495  $this->getParentRefId(),
496  $this->object->getId(),
497  $subtype,
498  $a_show_admin_permissions
499  );
500  $tbl->parse();
501 
502  $acc->addItem($def['translation'], $tbl->getHTML());
503  }
504 
505  $this->tpl->setVariable('ACCORDION', $acc->getHTML());
506 
507  // Add options table
508  $options = new ilObjectRoleTemplateOptionsTableGUI(
509  $this,
510  'perm',
511  $this->obj_ref_id,
512  $this->object->getId(),
513  $a_show_admin_permissions
514  );
515  if ($this->object->getId() != SYSTEM_ROLE_ID) {
516  $options->addMultiCommand(
517  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
518  $this->lng->txt('save')
519  );
520  }
521 
522  $options->parse();
523  $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
524  }
525 
529  protected function adminPermObject(): void
530  {
531  $this->permObject(true);
532  }
533 
538  protected function adminPermSaveObject(): void
539  {
540  $this->permSaveObject(true);
541  }
542 
543  protected function adoptPermObject(): void
544  {
545  $output = [];
546  $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
547 
548  $this->tabs_gui->clearTargets();
549 
550  $ids = [];
551  foreach (array_keys($parent_role_ids) as $id) {
552  $ids[] = $id;
553  }
554  // Sort ids
555  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
556  $key = 0;
557  foreach ($sorted_ids as $id) {
558  $par = $parent_role_ids[$id];
559  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
560  $output[$key]["role_id"] = $par["obj_id"];
561  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
562  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
563  $output[$key]["role_desc"] = $par["desc"];
564  $key++;
565  }
566  }
567 
568  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
569  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
570  $tbl->setData($output);
571 
572  $this->tpl->setContent($tbl->getHTML());
573  }
574 
578  protected function confirmDeleteRoleObject(): void
579  {
580  $this->tabs_gui->clearTargets();
581 
582  if (!$this->checkAccess('visible,write', 'edit_permission')) {
583  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
584  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
585  }
586 
587  $question = $this->lng->txt('rbac_role_delete_qst');
588  if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
589  $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
590  }
591  $this->tpl->setOnScreenMessage('question', $question);
592 
593  $confirm = new ilConfirmationGUI();
594  $confirm->setFormAction($this->ctrl->getFormAction($this));
595  $confirm->setHeaderText($question);
596  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
597  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
598 
599  $confirm->addItem(
600  'role',
601  (string) $this->object->getId(),
602  ilObjRole::_getTranslation($this->object->getTitle()),
603  ilUtil::getImagePath('standard/icon_role.svg')
604  );
605 
606  $this->tpl->setContent($confirm->getHTML());
607  }
608 
612  protected function performDeleteRoleObject(): void
613  {
614  if (!$this->checkAccess('visible,write', 'edit_permission')) {
615  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
616  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
617  }
618 
619  $this->object->setParent($this->obj_ref_id);
620  $this->object->delete();
621  $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
622 
623  $this->ctrl->returnToParent($this);
624  }
625 
630  public function permSaveObject(bool $a_show_admin_permissions = false): void
631  {
632  if (!$this->checkAccess('visible,write', 'edit_permission')) {
633  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
634  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
635  }
636 
637  // rbac log
638  $rbac_log_active = ilRbacLog::isActive();
639  if ($rbac_log_active) {
640  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
641  }
642 
643  // delete all template entries of enabled types
644  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
645  if ($a_show_admin_permissions) {
646  $subs = ilObjRole::getSubObjects('adm', true);
647  } else {
648  $subs = ilObjRole::getSubObjects('root', false);
649  }
650  } else {
651  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
652  }
653 
654  foreach (array_keys($subs) as $subtype) {
655  // Delete per object type
656  $this->rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
657  }
658 
659  $template_permissions = $this->retrieveTemplatePermissionsFromPost();
660  foreach ($template_permissions as $key => $ops_array) {
661  // sets new template permissions
662  $this->rbacadmin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
663  }
664 
665  if ($rbac_log_active) {
666  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
667  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
668  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
669  }
670 
671  // update object data entry (to update last modification date)
672  $this->object->update();
673 
674  // set protected flag
675  $protected = false;
676  if ($this->http->wrapper()->post()->has('protected')) {
677  $protected = $this->http->wrapper()->post()->retrieve(
678  'protected',
679  $this->refinery->kindlyTo()->bool()
680  );
681  }
682  if (
683  $this->obj_ref_id == ROLE_FOLDER_ID ||
684  $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
685  $this->rbacadmin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
686  }
687  $recursive = false;
688  if ($this->http->wrapper()->post()->has('recursive')) {
689  $recursive = $this->http->wrapper()->post()->retrieve(
690  'recursive',
691  $this->refinery->kindlyTo()->bool()
692  );
693  }
694  // aka change existing object for specific object types
695  $recursive_list = [];
696  if ($this->http->wrapper()->post()->has('recursive_list')) {
697  $recursive_list = $this->http->wrapper()->post()->retrieve(
698  'recursive_list',
699  $this->refinery->kindlyTo()->listOf(
700  $this->refinery->kindlyTo()->string()
701  )
702  );
703  }
704  if ($a_show_admin_permissions) {
705  $recursive = true;
706  }
707 
708  // Redirect if Change existing objects is not chosen
709  if (!$recursive && !count($recursive_list)) {
710  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
711  if ($a_show_admin_permissions) {
712  $this->ctrl->redirect($this, 'adminPerm');
713  } else {
714  $this->ctrl->redirect($this, 'perm');
715  }
716  }
717  // New implementation
718  if (
719  ($recursive || count($recursive_list)) &&
720  $this->isChangeExistingObjectsConfirmationRequired() &&
721  !$a_show_admin_permissions
722  ) {
723  $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
724  return;
725  }
726 
727  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
728  if ($a_show_admin_permissions) {
729  $start = $this->tree->getParentId($this->obj_ref_id);
730  }
731 
732  if ($protected) {
733  $this->object->changeExistingObjects(
734  $start,
735  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
736  ['all'],
737  []
738  );
739  } else {
740  $this->object->changeExistingObjects(
741  $start,
742  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
743  ['all'],
744  []
745  );
746  }
747  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
748 
749  if ($a_show_admin_permissions) {
750  $this->ctrl->redirect($this, 'adminPerm');
751  } else {
752  $this->ctrl->redirect($this, 'perm');
753  }
754  }
755 
756  public function adoptPermSaveObject(): void
757  {
758  $source = 0;
759  if ($this->http->wrapper()->post()->has('adopt')) {
760  $source = $this->http->wrapper()->post()->retrieve(
761  'adopt',
762  $this->refinery->kindlyTo()->int()
763  );
764  }
765 
766  if (!$source) {
767  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
768  $this->adoptPermObject();
769  return;
770  }
771 
772  $access = $this->checkAccess('visible,write', 'edit_permission');
773  if (!$access) {
774  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
775  }
776  if ($this->object->getId() == $source) {
777  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
778  } else {
779  $this->rbacadmin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
780  $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
781  $this->rbacadmin->copyRoleTemplatePermissions(
782  $source,
783  $parentRoles[$source]["parent"],
784  $this->obj_ref_id,
785  $this->object->getId(),
786  false
787  );
788 
789  // update object data entry (to update last modification date)
790  $this->object->update();
791 
792  // send info
793  $title = ilObject::_lookupTitle($source);
794  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
795  ilObjRole::_getTranslation($title) . "'.<br/>" .
796  $this->lng->txt("msg_perm_adopted_from2"), true);
797  }
798 
799  $this->ctrl->redirect($this, "perm");
800  }
801 
805  public function addUserObject(array $a_user_ids): void
806  {
807  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
808  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
809  return;
810  }
811  if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
812  $this->obj_ref_id != ROLE_FOLDER_ID) {
813  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
814  return;
815  }
816  if ($a_user_ids === []) {
817  $this->lng->loadLanguageModule('search');
818  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
819  return;
820  }
821 
822  $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
823 
824  // users to assign
825  $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
826 
827  // selected users all already assigned. stop
828  if (count($assigned_users_new) == 0) {
829  $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
830  $this->ctrl->redirect($this, 'userassignment');
831  }
832 
833  // assign new users
834  foreach ($assigned_users_new as $user_id) {
835  if ($user_id === ANONYMOUS_USER_ID) {
836  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
837  return;
838  }
839  $this->rbacadmin->assignUser($this->object->getId(), $user_id, false);
840  }
841 
842  // update object data entry (to update last modification date)
843  $this->object->update();
844 
845  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
846  $this->ctrl->redirect($this, 'userassignment');
847  }
848 
849  public function deassignUserObject(): void
850  {
851  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
852  $this->ilias->raiseError(
853  $this->lng->txt("msg_no_perm_assign_user_to_role"),
854  $this->ilias->error_obj->MESSAGE
855  );
856  }
857 
858  $selected_users = [];
859  if ($this->http->wrapper()->query()->has('user_id')) {
860  $selected_users = [
861  $this->http->wrapper()->query()->retrieve(
862  'user_id',
863  $this->refinery->kindlyTo()->int()
864  )
865  ];
866  }
867  if ($this->http->wrapper()->post()->has('user_id')) {
868  $selected_users = $this->http->wrapper()->post()->retrieve(
869  'user_id',
870  $this->refinery->kindlyTo()->listOf(
871  $this->refinery->kindlyTo()->int()
872  )
873  );
874  }
875  if (count($selected_users) === 0) {
876  $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
877  }
878 
879  // prevent unassignment of system user from system role
880  if ($this->object->getId() == SYSTEM_ROLE_ID) {
881  if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
882  unset($selected_users[$admin]);
883  }
884  }
885 
886  // check for each user if the current role is his last global role before deassigning him
887  $last_role = [];
888  $global_roles = $this->rbac_review->getGlobalRoles();
889  foreach ($selected_users as $user) {
890  $assigned_roles = $this->rbac_review->assignedRoles($user);
891  $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
892 
893  if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
894  $this->object->getId(),
895  $assigned_global_roles
896  )) {
897  $userObj = new ilObjUser($user);
898  $last_role[$user] = $userObj->getFullName();
899  unset($userObj);
900  }
901  }
902 
903  // ... else perform deassignment
904  foreach ($selected_users as $user) {
905  if (!isset($last_role[$user])) {
906  $this->rbacadmin->deassignUser($this->object->getId(), $user);
907  }
908  }
909 
910  // update object data entry (to update last modification date)
911  $this->object->update();
912 
913  // raise error if last role was taken from a user...
914  if ($last_role !== []) {
915  $user_list = implode(", ", $last_role);
916  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
917  } else {
918  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
919  }
920  $this->ctrl->redirect($this, 'userassignment');
921  }
922 
926  public function userassignmentObject(): void
927  {
928  global $DIC;
929 
930  $ilUser = $DIC['ilUser'];
931 
932  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
933  $this->tpl->setOnScreenMessage(
934  $this->lng->txt("msg_no_perm_assign_user_to_role"),
935  );
936  return;
937  }
938 
939  $this->tabs_gui->setTabActive('user_assignment');
940 
941  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'Services/AccessControl');
942 
943  $tb = new ilToolbarGUI();
944 
945  // protected admin role
946  if ($this->object->getId() != SYSTEM_ROLE_ID
947  || ($this->rbac_review->isAssigned($ilUser->getId(), SYSTEM_ROLE_ID)
948  || !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) {
949  // add member
950  ilRepositorySearchGUI::fillAutoCompleteToolbar(
951  $this,
952  $tb,
953  [
954  'auto_complete_name' => $this->lng->txt('user'),
955  'submit_name' => $this->lng->txt('add')
956  ]
957  );
958 
959  $tb->addSpacer();
960 
961  $tb->addComponent(
962  $this->ui_factory->link()->standard(
963  $this->lng->txt('search_user'),
964  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
965  )
966  );
967  $tb->addSpacer();
968  }
969 
970  $tb->addComponent(
971  $this->ui_factory->link()->standard(
972  $this->lng->txt('role_mailto'),
973  $this->ctrl->getLinkTarget($this, 'mailToRole')
974  )
975  );
976  $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
977 
978  $role_assignment_editable = true;
979  if (
980  $this->object->getId() == SYSTEM_ROLE_ID &&
981  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($ilUser->getId())) {
982  $role_assignment_editable = false;
983  }
984  $ut = new ilAssignedUsersTableGUI(
985  $this,
986  'userassignment',
987  $this->ui_factory,
988  $this->ui_renderer,
989  $this->object->getId(),
990  $role_assignment_editable,
991  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
992  );
993  $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
994  }
995 
1000  public function cancelObject(): void
1001  {
1002  if ($this->requested_new_type != 'role') {
1003  $this->ctrl->redirect($this, 'userassignment');
1004  } else {
1005  $this->ctrl->redirectByClass("ilobjrolefoldergui", "view");
1006  }
1007  }
1008 
1012  protected function addAdminLocatorItems(bool $do_not_add_object = false): void
1013  {
1014  if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
1015  parent::addAdminLocatorItems(true);
1016 
1017  $this->locator->addItem(
1018  $this->lng->txt('obj_' . $this->getParentType()),
1019  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1020  );
1021 
1022  if ($this->getRoleId() > 0) {
1023  $this->locator->addItem(
1024  ilObjRole::_getTranslation($this->object->getTitle()),
1025  $this->ctrl->getLinkTarget($this, 'perm')
1026  );
1027  }
1028  } else {
1029  parent::addAdminLocatorItems($do_not_add_object);
1030  }
1031  }
1032 
1033  protected function getTabs(): void
1034  {
1035  $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1036  $activate_role_edit = false;
1037 
1038  // todo: activate the following (allow editing of local roles in
1039  // roles administration)
1040  if (
1041  in_array($this->obj_ref_id, $base_role_container) ||
1042  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1043  ) {
1044  $activate_role_edit = true;
1045  }
1046 
1047  // not so nice (workaround for using tabs in repository)
1048  $this->tabs_gui->clearTargets();
1049 
1050  $this->help->setScreenIdComponent("role");
1051  $this->tabs_gui->setBackTarget(
1052  $this->lng->txt('btn_back'),
1053  (string) $this->ctrl->getParentReturn($this)
1054  );
1055  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1056  $this->tabs_gui->addTarget(
1057  "edit_properties",
1058  $this->ctrl->getLinkTarget($this, "edit"),
1059  ["edit", "update"],
1060  get_class($this)
1061  );
1062  }
1063  if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1064  $this->tabs_gui->addTarget(
1065  "default_perm_settings",
1066  $this->ctrl->getLinkTarget($this, "perm"),
1067  [],
1068  get_class($this)
1069  );
1070  }
1071 
1072  if ($this->checkAccess(
1073  'write',
1074  'edit_permission'
1075  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1076  $this->tabs_gui->addTarget(
1077  "user_assignment",
1078  $this->ctrl->getLinkTarget($this, "userassignment"),
1079  ["deassignUser", "userassignment", "assignUser", "searchUserForm", "search"],
1080  get_class($this)
1081  );
1082  }
1083 
1084  if ($this->checkAccess(
1085  'write',
1086  'edit_permission'
1087  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1088  $this->lng->loadLanguageModule("rep");
1089  $this->tabs_gui->addTarget(
1090  "rep_recommended_content",
1091  $this->ctrl->getLinkTargetByClass("ilrecommendedcontentroleconfiggui", "")
1092  );
1093  }
1094  if ($this->checkAccess('write', 'edit_permission')) {
1095  $this->tabs_gui->addTarget(
1096  'export',
1097  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1098  []
1099  );
1100  }
1101  }
1102 
1103  public function mailToRoleObject(): void
1104  {
1105  $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1106 
1107  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1108  if (count($obj_ids) > 1) {
1109  $mail_roles[] = '#il_role_' . $this->object->getId();
1110  } else {
1111  $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1112  }
1113  ilSession::set('mail_roles', $mail_roles);
1114  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1115  ilUtil::redirect($script);
1116  }
1117 
1118  public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1119  {
1120  $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1121 
1122  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1123  return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1124  } else {
1125  return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1126  }
1127  }
1128 
1132  protected function isChangeExistingObjectsConfirmationRequired(): bool
1133  {
1134  // Role is protected
1135  if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1136  // TODO: check if recursive_list is enabled
1137  // and if yes: check if inheritance is broken for the relevant object types
1138  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1139  } else {
1140  // TODO: check if recursive_list is enabled
1141  // and if yes: check if inheritance is broken for the relevant object types
1142  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1143  }
1144  }
1145 
1150  protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1151  {
1152  $protected = false;
1153  if ($this->http->wrapper()->post()->has('protected')) {
1154  $protected = $this->http->wrapper()->post()->retrieve(
1155  'protected',
1156  $this->refinery->kindlyTo()->bool()
1157  );
1158  }
1159  $form = new ilPropertyFormGUI();
1160  $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1161  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1162 
1163  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1164  $form->addCommandButton('perm', $this->lng->txt('cancel'));
1165 
1166  $hidden = new ilHiddenInputGUI('type_filter');
1167  $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1168  $form->addItem($hidden);
1169 
1170  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1171 
1172  if ($protected) {
1173  $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1174  $keep = new ilRadioOption(
1175  $this->lng->txt('rbac_keep_local_policies'),
1176  (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1177  $this->lng->txt('rbac_keep_local_policies_info')
1178  );
1179  } else {
1180  $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1181  $keep = new ilRadioOption(
1182  $this->lng->txt('rbac_keep_local_policies'),
1183  (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1184  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1185  );
1186  }
1187  $rad->addOption($keep);
1188 
1189  if ($protected) {
1190  $del = new ilRadioOption(
1191  $this->lng->txt('rbac_delete_local_policies'),
1192  (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1193  $this->lng->txt('rbac_delete_local_policies_info')
1194  );
1195  } else {
1196  $del = new ilRadioOption(
1197  $this->lng->txt('rbac_delete_local_policies'),
1198  (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1199  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1200  );
1201  }
1202  $rad->addOption($del);
1203 
1204  $form->addItem($rad);
1205  $this->tpl->setContent($form->getHTML());
1206  }
1207 
1208  protected function changeExistingObjectsObject(): void
1209  {
1210  $mode = 0;
1211  if ($this->http->wrapper()->post()->has('mode')) {
1212  $mode = $this->http->wrapper()->post()->retrieve(
1213  'mode',
1214  $this->refinery->kindlyTo()->int()
1215  );
1216  }
1217  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1218 
1219  $type_filter = [];
1220  if ($this->http->wrapper()->post()->has('type_filter')) {
1221  $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1222  'type_filter',
1223  $this->refinery->kindlyTo()->string()
1224  );
1225  $type_filter = json_decode(
1226  $serialized_type_filter,
1227  true
1228  );
1229  }
1230 
1231  $this->object->changeExistingObjects($start, $mode, $type_filter);
1232  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1233  $this->ctrl->redirect($this, 'perm');
1234  }
1235 
1236  protected function setSubTabs($a_tab): void
1237  {
1238  switch ($a_tab) {
1239  case 'default_perm_settings':
1240  if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1241  return;
1242  }
1243  $this->tabs_gui->addSubTabTarget(
1244  'rbac_repository_permissions',
1245  $this->ctrl->getLinkTarget($this, 'perm')
1246  );
1247  $this->tabs_gui->addSubTabTarget(
1248  'rbac_admin_permissions',
1249  $this->ctrl->getLinkTarget($this, 'adminPerm')
1250  );
1251  }
1252  }
1253 
1257  protected function addToClipboardObject(): void
1258  {
1259  $users = [];
1260  if ($this->http->wrapper()->post()->has('user_id')) {
1261  $users = $this->http->wrapper()->post()->retrieve(
1262  'user_id',
1263  $this->refinery->kindlyTo()->listOf(
1264  $this->refinery->kindlyTo()->int()
1265  )
1266  );
1267  }
1268  if (count($users) === 0) {
1269  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1270  $this->ctrl->redirect($this, 'userassignment');
1271  }
1272  $clip = ilUserClipboard::getInstance($this->user->getId());
1273  $clip->add($users);
1274  $clip->save();
1275 
1276  $this->lng->loadLanguageModule('user');
1277  $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1278  $this->ctrl->redirect($this, 'userassignment');
1279  }
1280 
1284  protected function addLocatorItems(): void
1285  {
1286  if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1287  $this->ctrl->setParameterByClass(
1288  "ilobjrolegui",
1289  "obj_id",
1290  $this->getRoleId()
1291  );
1292  $this->locator->addItem(
1293  ilObjRole::_getTranslation($this->object->getTitle()),
1294  $this->ctrl->getLinkTargetByClass(
1295  [
1296  "ilpermissiongui",
1297  "ilobjrolegui"
1298  ],
1299  "perm"
1300  )
1301  );
1302  }
1303  }
1304 
1309  protected function ensureRoleAccessForContext(): bool
1310  {
1311  // creation of roles
1312  if (
1313  !$this->object->getId() ||
1314  $this->object->getId() == ROLE_FOLDER_ID
1315  ) {
1316  return true;
1317  }
1318 
1319  $possible_roles = [];
1320  try {
1321  $possible_roles = $this->rbac_review->getRolesOfObject(
1322  $this->obj_ref_id,
1323  false
1324  );
1325  } catch (\InvalidArgumentException $e) {
1326  $this->logger->warning('Role access check failed: ' . $e);
1327  throw new \ilObjectException($this->lng->txt('permission_denied'));
1328  }
1329 
1330  if (!in_array($this->object->getId(), $possible_roles)) {
1331  $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1332  throw new \ilObjectException($this->lng->txt('permission_denied'));
1333  }
1334  return true;
1335  }
1336 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ILIAS\HTTP\GlobalHttpState
Interface GlobalHttpState.
Definition: GlobalHttpState.php:42
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:465
ilObjRole\isAutoGenerated
static isAutoGenerated(int $a_role_id)
Definition: class.ilObjRole.php:533
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
ILIAS\UI\Renderer
An entity that renders components to a string output.
Definition: Renderer.php:30
ilObjRoleGUI\createObject
createObject()
Only called from administration -> role folder ? Otherwise this check access is wrong.
Definition: class.ilObjRoleGUI.php:346
ilObjRoleGUI\$ui_factory
UIFactory $ui_factory
Definition: class.ilObjRoleGUI.php:51
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilRoleAdoptPermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRoleAdoptPermissionTableGUI.php:26
ilPropertyFormGUI\getItemByPostVar
getItemByPostVar(string $a_post_var)
Definition: class.ilPropertyFormGUI.php:250
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1257
ilObjectGUI\__construct
__construct($data, int $id=0, bool $call_by_reference=true, bool $prepare_output=true)
Definition: class.ilObjectGUI.php:122
ilObjectRoleTemplatePermissionTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRoleTemplatePermissionTableGUI.php:26
ilObjRoleGUI\adminPermObject
adminPermObject()
Show administration permissions.
Definition: class.ilObjRoleGUI.php:529
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:297
ilObjRoleGUI\readRoleProperties
readRoleProperties(ilObject $role, ilPropertyFormGUI $form)
Read role properties and write them to form.
Definition: class.ilObjRoleGUI.php:326
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:62
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:805
ilUtil\getImagePath
static getImagePath(string $img, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:66
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:27
ilObjRole\setAllowRegister
setAllowRegister(bool $a_allow_register)
Definition: class.ilObjRole.php:204
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1118
ilObjRoleGUI\adminPermSaveObject
adminPermSaveObject()
Save admin permissions.
Definition: class.ilObjRoleGUI.php:538
ilRbacLog\gatherTemplate
static gatherTemplate(int $a_role_ref_id, int $a_role_id)
Definition: class.ilRbacLog.php:110
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1309
ilObject\setTitle
setTitle(string $title)
Definition: class.ilObject.php:347
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:37
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1150
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:914
ilObjRoleGUI\cancelObject
cancelObject()
cancelObject is called when an operation is canceled, method links back public
Definition: class.ilObjRoleGUI.php:1000
ilObjectRoleTemplateOptionsTableGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilObjectRoleTemplateOptionsTableGUI.php:26
ilPropertyFormGUI\getInput
getInput(string $a_post_var, bool $ensureValidation=true)
Returns the input of an item, if item provides getInput method and as fallback the value of the HTTP-...
Definition: class.ilPropertyFormGUI.php:448
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:927
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions public
Definition: class.ilObjRoleGUI.php:630
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:432
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:385
$DIC
global $DIC
Definition: feed.php:28
ilObjRole\toggleAssignUsersStatus
toggleAssignUsersStatus(bool $a_assign_users)
Definition: class.ilObjRole.php:131
ilExportGUI
Export User Interface Class.
Definition: class.ilExportGUI.php:29
ilHiddenInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilHiddenInputGUI.php:26
ilObjRoleGUI\loadRoleProperties
loadRoleProperties(ilObjRole $role, ilPropertyFormGUI $form)
Store form input in role object.
Definition: class.ilObjRoleGUI.php:310
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ILIAS\MetaData\Repository\Validation\Data\__construct
__construct(VocabulariesInterface $vocabularies)
Definition: VocabularyBridge.php:31
ilRbacLog\add
static add(int $a_action, int $a_ref_id, array $a_diff, bool $a_source_ref_id=false)
Definition: class.ilRbacLog.php:141
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:834
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:578
ilObjRoleGUI\$http
GlobalHttpState $http
Definition: class.ilObjRoleGUI.php:49
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1132
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:196
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:612
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:38
ilRadioOption\setValue
setValue(string $a_value)
Definition: class.ilRadioOption.php:64
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:204
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilias
header include for all ilias files.
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:228
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt(&#39;user&#39;), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:195
ilPropertyFormGUI\setValuesByArray
setValuesByArray(array $a_values, bool $a_restrict_to_value_keys=false)
Definition: class.ilPropertyFormGUI.php:319
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:861
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1218
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:943
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:188
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilObjRoleGUI\initFormRoleProperties
initFormRoleProperties(int $a_mode)
Definition: class.ilObjRoleGUI.php:234
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:926
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRoleGUI\$rbacadmin
ilRbacAdmin $rbacadmin
Definition: class.ilObjRoleGUI.php:46
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
Definition: class.ilObjRoleGUI.php:1012
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:26
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:66
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:51
ilRbacLog\diffTemplate
static diffTemplate(array $a_old, array $a_new)
Definition: class.ilRbacLog.php:118
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:30
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:33
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:30
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:212
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:24
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1088
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:23
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:34
ilTable2GUI\addMultiCommand
addMultiCommand(string $a_cmd, string $a_text)
Definition: class.ilTable2GUI.php:940
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:412
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilFormPropertyGUI\setDisabled
setDisabled(bool $a_disabled)
Definition: class.ilFormPropertyGUI.php:165
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:457
ilObject\setDescription
setDescription(string $description)
Definition: class.ilObject.php:366
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:220
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34
ilObject\getPresentationTitle
getPresentationTitle()
get presentation title Normally same as title Overwritten for sessions
Definition: class.ilObject.php:328