ILIAS  trunk Revision v11.0_alpha-1769-g99a433fe2dc
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilObjectPermissionStatusGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
28 class ilObjectPermissionStatusGUI
29 {
30  public ilObjUser $user;
31  protected ilLanguage $lng;
32  protected ilCtrlInterface $ctrl;
33  protected ilGlobalTemplateInterface $tpl;
34  protected ilObject $object;
35  protected ilRbacReview $rbacreview;
36  protected ilToolbarGUI $toolbar;
37 
38  protected array $user_roles;
39  protected array $global_roles;
40  protected array $valid_roles;
41  protected array $assigned_valid_roles;
42 
43  public const IMG_OK = 0;
44  public const IMG_NOT_OK = 1;
45 
50  public function __construct(ilObject $a_obj)
51  {
52  global $DIC;
53 
54  $this->lng = $DIC->language();
55  $this->ctrl = $DIC->ctrl();
56  $this->tpl = $DIC->ui()->mainTemplate();
57  $this->object = $a_obj;
58  $this->rbacreview = $DIC->rbac()->review();
59  $this->toolbar = $DIC->toolbar();
60 
61  $this->user = $this->getUser();
62  $this->user_roles = $this->rbacreview->assignedRoles($this->user->getId());
63  $this->global_roles = $this->rbacreview->getGlobalRoles();
64  $this->valid_roles = $this->rbacreview->getParentRoleIds($this->object->getRefId());
65  $this->assigned_valid_roles = $this->getAssignedValidRoles();
66  }
67 
71  public function executeCommand(): void
72  {
73  // determine next class in the call structure
74  $next_class = $this->ctrl->getNextClass($this);
75 
76  switch ($next_class) {
77  case 'ilrepositorysearchgui':
78  $rep_search = new ilRepositorySearchGUI();
79  $this->ctrl->setReturn($this, 'perminfo');
80  $this->ctrl->forwardCommand($rep_search);
81  break;
82 
83  default:
84  $cmd = $this->ctrl->getCmd();
85  $this->$cmd();
86  break;
87  }
88  }
89 
94  public function perminfo(): void
95  {
96  $tpl = new ilTemplate("tpl.info_layout.html", false, false, "components/ILIAS/AccessControl");
97 
98  $tpl->setVariable("INFO_SUMMARY", $this->accessStatusInfo());
99  $tpl->setVariable("INFO_PERMISSIONS", $this->accessPermissionsTable());
100  $tpl->setVariable("INFO_ROLES", $this->availableRolesTable());
101  $tpl->setVariable("INFO_REMARK_INTERRUPTED", $this->lng->txt('info_remark_interrupted'));
102  $this->tpl->setVariable("ADM_CONTENT", $tpl->get());
103  $this->addToolbar();
104  }
105 
109  public function addToolbar(): void
110  {
111  $this->toolbar->setFormAction($this->ctrl->getFormAction($this, "perminfo"));
112  $this->toolbar->addText($this->lng->txt('user'));
113 
114  $login = new ilTextInputGUI($this->lng->txt("username"), "user_login");
115  $login->setDataSource($this->ctrl->getLinkTargetByClass([get_class($this),
116  'ilRepositorySearchGUI'
117  ], 'doUserAutoComplete', '', true));
118  $login->setSize(15);
119  $login->setValue($this->user->getLogin());
120  $this->toolbar->addInputItem($login);
121  $this->toolbar->addFormButton($this->lng->txt("info_change_user_view"), "perminfo");
122  }
123 
127  public function accessStatusInfo(): string
128  {
129  $info = new ilInfoScreenGUI(new stdClass());
130  $info->setFormAction($this->ctrl->getFormAction($this));
131 
132  $info->addSection($this->lng->txt("info_access_and_status_info"));
133 
134  foreach ($this->getAccessStatusInfoData() as $data) {
135  $info->addProperty($data[0], $data[1]);
136  }
137 
138  return $info->getHTML();
139  }
140 
144  public function accessPermissionsTable(): string
145  {
146  $table = new ilAccessPermissionsStatusTableGUI($this, "perminfo");
147 
148  $table->setData($this->getAccessPermissionTableData());
149  $table->setTitle($this->lng->txt("info_access_permissions"));
150 
151  return $table->getHTML();
152  }
153 
158  private function availableRolesTable(): string
159  {
160  $table = new ilAvailableRolesStatusTableGUI($this, "perminfo");
161 
162  $table->setData($this->getAvailableRolesTableData());
163  $table->setTitle($this->lng->txt("info_available_roles"));
164 
165  return $table->getHTML();
166  }
167 
171  public function getAssignedValidRoles(): array
172  {
173  $assigned_valid_roles = [];
174 
175  $ops = [];
176  foreach ($this->valid_roles as $role) {
177  $role_id = (int) $role["obj_id"];
178  if (in_array($role_id, $this->user_roles)) {
179  if ($role_id === SYSTEM_ROLE_ID) {
180  // get all possible operation of current object
181  $ops_list = ilRbacReview::_getOperationList($this->object->getType());
182 
183  foreach ($ops_list as $ops_data) {
184  $ops[] = (int) $ops_data['ops_id'];
185  }
186 
187  $role['ops'] = $ops;
188  } else {
189  $role['ops'] = $this->rbacreview->getRoleOperationsOnObject(
190  $role_id,
191  $this->object->getRefId()
192  );
193  }
194 
195  $role['translation'] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
196  $assigned_valid_roles[] = $role;
197  }
198  }
199  $this->assigned_valid_roles = $assigned_valid_roles;
200  return $assigned_valid_roles;
201  }
202 
206  public function getCommands(string $a_type): array
207  {
208  global $DIC;
209 
210  $objDefinition = $DIC['objDefinition'];
211 
212  $class = $objDefinition->getClassName($a_type);
213  $location = $objDefinition->getLocation($a_type);
214  $full_class = "ilObj" . $class . "Access";
215 
216  $cmds = call_user_func([$full_class, "_getCommands"]);
217 
218  $cmds[] = ['permission' => 'visible', 'cmd' => 'info'];
219 
220  return $cmds;
221  }
222 
226  public function getUser(): ilObjUser
227  {
228  global $DIC;
229 
230  $user_login = '';
231  if ($DIC->http()->wrapper()->post()->has('user_login')) {
232  $user_login = $DIC->http()->wrapper()->post()->retrieve(
233  'user_login',
234  $DIC->refinery()->kindlyTo()->string()
235  );
236  }
237  if (!strlen($user_login)) {
238  return $DIC->user();
239  }
240  $user_id = ilObjUser::_lookupId($user_login);
241  $user = ilObjectFactory::getInstanceByObjId($user_id, false);
242  if (!$user instanceof ilObjUser || $user->getType() != 'usr') {
243  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('info_err_user_not_exist'));
244  return $DIC->user();
245  }
246  $this->tpl->setOnScreenMessage('success', $this->lng->txt('info_user_view_changed'));
247  return $user;
248  }
249 
253  public function getAccessStatusInfoData(): array
254  {
255  global $DIC;
256 
257  $ilAccess = $DIC['ilAccess'];
258  $infos = [];
259 
260  $result_set[0][] = $this->lng->txt('user');
261  $result_set[0][] = $this->user->getFullname() . " (#" . $this->user->getId() . ")";
262 
263  $assigned_valid_roles = [];
264 
265  foreach ($this->getAssignedValidRoles() as $role) {
266  $assigned_valid_roles[] = $role["translation"];
267  }
268 
269  $roles_str = implode(", ", $assigned_valid_roles);
270 
271  $result_set[1][] = $this->lng->txt("roles");
272  $result_set[1][] = $roles_str;
273 
274  $result_set[2][] = $this->lng->txt("status");
275 
276  $ilAccess->clear();
277  $ilAccess->checkAccessOfUser(
278  $this->user->getId(),
279  'read',
280  '',
281  $this->object->getRefId(),
282  $this->object->getType(),
283  $this->object->getId()
284  );
285 
286  $infos = array_merge($infos, $ilAccess->getInfo());
287 
288  $cmds = $this->getCommands($this->object->getType());
289 
290  foreach ($cmds as $cmd) {
291  if (count($cmd) === 0) {
292  continue;
293  }
294  $ilAccess->clear();
295  $ilAccess->doStatusCheck(
296  $cmd['permission'],
297  $cmd['cmd'],
298  $this->object->getRefId(),
299  $this->user->getId(),
300  $this->object->getId(),
301  $this->object->getType()
302  );
303  $infos = array_merge($infos, $ilAccess->getInfo());
304  }
305 
306  $alert = "il_ItemAlertProperty";
307  $okay = "il_ItemOkayProperty";
308  $text = "";
309 
310  if ($infos === []) {
311  $text = "<span class=\"" . $okay . "\">" . $this->lng->txt("access") . "</span><br/> ";
312  } else {
313  foreach ($infos as $info) {
314  switch ($info['type']) {
315  case ilAccessInfo::IL_STATUS_MESSAGE:
316  $text .= "<span class=\"" . $okay . "\">" . $info['text'] . "</span><br/> ";
317  break;
318 
319  case ilAccessInfo::IL_NO_PARENT_ACCESS:
320  $factory = new ilObjectFactory();
321  $obj = $factory->getInstanceByRefId((int) $info['data']);
322  $text .= "<span class=\"" . $alert . "\">" . $info['text'] . " (" . $this->lng->txt("obj_" . $obj->getType()) . " #" . $obj->getId() . ": " . $obj->getTitle() . ")</span><br/> ";
323  break;
324 
325  default:
326  $text .= "<span class=\"" . $alert . "\">" . $info['text'] . "</span><br/> ";
327  break;
328  }
329  }
330  }
331 
332  $result_set[2][] = $text;
333 
334  return $result_set;
335  }
336 
340  public function getAccessPermissionTableData(): array
341  {
342  global $DIC;
343 
344  $ilAccess = $DIC['ilAccess'];
345  $ilObjDataCache = $DIC['ilObjDataCache'];
346  $objDefinition = $DIC['objDefinition'];
347 
348  // get all possible operation of current object
349  $ops_list = ilRbacReview::_getOperationList($this->object->getType());
350 
351  $counter = 0;
352  $result_set = [];
353 
354  // check permissions of user
355  foreach ($ops_list as $ops) {
356  $access = $ilAccess->doRBACCheck(
357  $ops['operation'],
358  "info",
359  $this->object->getRefId(),
360  $this->user->getId(),
361  $this->object->getType()
362  );
363 
364  $result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK;
365 
366  if (substr($ops['operation'], 0, 7) == "create_" &&
367  $objDefinition->isPlugin(substr($ops['operation'], 7))) {
368  $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
369  substr($ops['operation'], 7),
370  'obj_' . substr($ops['operation'], 7)
371  );
372  } elseif ($objDefinition->isPlugin($this->object->getType())) {
373  $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
374  $this->object->getType(),
375  $this->object->getType() . "_" . $ops['operation']
376  );
377  } elseif (substr($ops['operation'], 0, 7) == 'create_') {
378  $result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']);
379  } else {
380  $result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']);
381  }
382 
383  $list_role = [];
384 
385  // Check ownership
386  if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
387  if (
388  (substr($ops['operation'], 0, 7) !== 'create_') and
389  ($ops['operation'] !== 'edit_permission') and
390  ($ops['operation'] !== 'edit_learning_progress')
391  ) {
392  $list_role[] = $this->lng->txt('info_owner_of_object');
393  }
394  }
395  // get operations on object for each assigned role to user
396  foreach ($this->getAssignedValidRoles() as $role) {
397  if (in_array($ops['ops_id'], $role['ops'])) {
398  $list_role[] = $role['translation'];
399  }
400  }
401 
402  if (empty($list_role)) {
403  $list_role[] = $this->lng->txt('none');
404  }
405 
406  $result_set[$counter]["role_ownership"] = $list_role;
407 
408  ++$counter;
409  }
410 
411  return $result_set;
412  }
413 
417  private function getAvailableRolesTableData(): array
418  {
419  global $DIC;
420 
421  $tree = $DIC['tree'];
422 
423  $path = array_reverse($tree->getPathId($this->object->getRefId()));
424 
425  $counter = 0;
426 
427  $result_set = [];
428  foreach ($this->valid_roles as $role) {
429  $role_id = (int) $role["obj_id"];
430  $result_set[$counter]["img"] = in_array(
431  $role_id,
432  $this->user_roles
433  ) ? self::IMG_OK : self::IMG_NOT_OK;
434 
435  if (is_subclass_of($this->object, ilObjectPlugin::class) && $role["parent"] == $this->object->getRefId()) {
436  $result_set[$counter][] = ilObjectPlugin::lookupTxtById(
437  $this->object->getType(),
438  ilObjRole::_removeObjectId($role["title"])
439  );
440  } else {
441  $result_set[$counter][] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
442  }
443 
444  $result_set[$counter]["role"] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
445 
446 
447  if ($role['role_type'] != "linked") {
448  $result_set[$counter]["effective_from"] = "";
449  } else {
450  $rolfs = $this->rbacreview->getFoldersAssignedToRole($role_id);
451 
452  // ok, try to match the next rolf in path
453  foreach ($path as $node) {
454  if ($node == 1) {
455  break;
456  }
457 
458  if (in_array($node, $rolfs)) {
459  $nodedata = $tree->getNodeData($node);
460  $result_set[$counter]["effective_from"] = $nodedata["title"];
461  $result_set[$counter]["effective_from_ref_id"] = $node;
462  break;
463  }
464  }
465  }
466 
467  if (in_array($role['obj_id'], $this->global_roles)) {
468  $result_set[$counter]["original_position"] = $this->lng->txt("global");
469  $result_set[$counter]["original_position_ref_id"] = false;
470  } else {
471  $rolf = $this->rbacreview->getFoldersAssignedToRole($role_id, true);
472  $parent_node = $tree->getNodeData($rolf[0]);
473  if (!array_key_exists('ref_id', $parent_node)) {
474  unset($result_set[$counter]);
475  continue;
476  }
477  $result_set[$counter]['original_position'] = $parent_node['title'];
478  $result_set[$counter]['original_position_ref_id'] = $parent_node['ref_id'];
479  }
480 
481  ++$counter;
482  }
483  return $result_set;
484  }
485 }
ilObjectPermissionStatusGUI\getAvailableRolesTableData
getAvailableRolesTableData()
Available Roles Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:417
ilObjectPermissionStatusGUI\getAccessStatusInfoData
getAccessStatusInfoData()
Access Status Info Data.
Definition: class.ilObjectPermissionStatusGUI.php:253
ilObjRole\_removeObjectId
static _removeObjectId(string $a_role_title)
Definition: class.ilObjRole.php:386
$location
$location
Definition: buildRTE.php:22
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilAccessPermissionsStatusTableGUI
Table for Acces Permissons in Permission > Permission of User.
Definition: class.ilAccessPermissionsStatusTableGUI.php:26
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:692
ILIAS\UICore\GlobalTemplate\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ilObjectPermissionStatusGUI\getAccessPermissionTableData
getAccessPermissionTableData()
Access Permissions Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:340
$path
$path
Definition: ltiservices.php:29
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1146
ilObjectPermissionStatusGUI\accessStatusInfo
accessStatusInfo()
Access- and Statusinformation Info.
Definition: class.ilObjectPermissionStatusGUI.php:127
ilObjectPermissionStatusGUI\__construct
__construct(ilObject $a_obj)
Constructor public.
Definition: class.ilObjectPermissionStatusGUI.php:50
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
$DIC
global $DIC
Definition: shib_login.php:22
ilObjectPermissionStatusGUI\accessPermissionsTable
accessPermissionsTable()
Access Permissions Table.
Definition: class.ilObjectPermissionStatusGUI.php:144
ILIAS\UICore\GlobalTemplate\get
get(string $part=self::DEFAULT_BLOCK)
Renders the given block and returns the html string.
ilObjectPlugin\lookupTxtById
static lookupTxtById(string $plugin_id, string $lang_var)
Definition: class.ilObjectPlugin.php:55
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilAvailableRolesStatusTableGUI
Table for Available Roles in Permission > Permission of User.
Definition: class.ilAvailableRolesStatusTableGUI.php:26
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object. ...
Definition: class.ilObjectPermissionStatusGUI.php:28
ilObjectPermissionStatusGUI\getAssignedValidRoles
getAssignedValidRoles()
get Assigned Valid Roles
Definition: class.ilObjectPermissionStatusGUI.php:171