ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilObjectPermissionStatusGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
28class ilObjectPermissionStatusGUI
29{
30 public ilObjUser $user;
31 protected ilLanguage $lng;
32 protected ilCtrlInterface $ctrl;
33 protected ilGlobalTemplateInterface $tpl;
34 protected ilObject $object;
35 protected ilRbacReview $rbacreview;
36 protected ilToolbarGUI $toolbar;
37
38 protected array $user_roles;
39 protected array $global_roles;
40 protected array $valid_roles;
41 protected array $assigned_valid_roles;
42
43 public const IMG_OK = 0;
44 public const IMG_NOT_OK = 1;
45
50 public function __construct(ilObject $a_obj)
51 {
52 global $DIC;
53
54 $this->lng = $DIC->language();
55 $this->ctrl = $DIC->ctrl();
56 $this->tpl = $DIC->ui()->mainTemplate();
57 $this->object = $a_obj;
58 $this->rbacreview = $DIC->rbac()->review();
59 $this->toolbar = $DIC->toolbar();
60
61 $this->user = $this->getUser();
62 $this->user_roles = $this->rbacreview->assignedRoles($this->user->getId());
63 $this->global_roles = $this->rbacreview->getGlobalRoles();
64 $this->valid_roles = $this->rbacreview->getParentRoleIds($this->object->getRefId());
65 $this->assigned_valid_roles = $this->getAssignedValidRoles();
66 }
67
71 public function executeCommand(): void
72 {
73 // determine next class in the call structure
74 $next_class = $this->ctrl->getNextClass($this);
75
76 switch ($next_class) {
77 case 'ilrepositorysearchgui':
78 $rep_search = new ilRepositorySearchGUI();
79 $this->ctrl->setReturn($this, 'perminfo');
80 $this->ctrl->forwardCommand($rep_search);
81 break;
82
83 default:
84 $cmd = $this->ctrl->getCmd();
85 $this->$cmd();
86 break;
87 }
88 }
89
94 public function perminfo(): void
95 {
96 $tpl = new ilTemplate("tpl.info_layout.html", false, false, "components/ILIAS/AccessControl");
97
98 $tpl->setVariable("INFO_SUMMARY", $this->accessStatusInfo());
99 $tpl->setVariable("INFO_PERMISSIONS", $this->accessPermissionsTable());
100 $tpl->setVariable("INFO_ROLES", $this->availableRolesTable());
101 $tpl->setVariable("INFO_REMARK_INTERRUPTED", $this->lng->txt('info_remark_interrupted'));
102 $this->tpl->setVariable("ADM_CONTENT", $tpl->get());
103 $this->addToolbar();
104 }
105
109 public function addToolbar(): void
110 {
111 $this->toolbar->setFormAction($this->ctrl->getFormAction($this, "perminfo"));
112 $this->toolbar->addText($this->lng->txt('user'));
113
114 $login = new ilTextInputGUI($this->lng->txt("username"), "user_login");
115 $login->setDataSource($this->ctrl->getLinkTargetByClass([get_class($this),
116 'ilRepositorySearchGUI'
117 ], 'doUserAutoComplete', '', true));
118 $login->setSize(15);
119 $login->setValue($this->user->getLogin());
120 $this->toolbar->addInputItem($login);
121 $this->toolbar->addFormButton($this->lng->txt("info_change_user_view"), "perminfo");
122 }
123
127 public function accessStatusInfo(): string
128 {
129 $info = new ilInfoScreenGUI(new stdClass());
130 $info->setFormAction($this->ctrl->getFormAction($this));
131
132 $info->addSection($this->lng->txt("info_access_and_status_info"));
133
134 foreach ($this->getAccessStatusInfoData() as $data) {
135 $info->addProperty($data[0], $data[1]);
136 }
137
138 return $info->getHTML();
139 }
140
144 public function accessPermissionsTable(): string
145 {
146 $table = new ilAccessPermissionsStatusTableGUI($this, "perminfo");
147
148 $table->setData($this->getAccessPermissionTableData());
149 $table->setTitle($this->lng->txt("info_access_permissions"));
150
151 return $table->getHTML();
152 }
153
158 private function availableRolesTable(): string
159 {
160 $table = new ilAvailableRolesStatusTableGUI($this, "perminfo");
161
162 $table->setData($this->getAvailableRolesTableData());
163 $table->setTitle($this->lng->txt("info_available_roles"));
164
165 return $table->getHTML();
166 }
167
171 public function getAssignedValidRoles(): array
172 {
173 $assigned_valid_roles = [];
174
175 $ops = [];
176 foreach ($this->valid_roles as $role) {
177 $role_id = (int) $role["obj_id"];
178 if (in_array($role_id, $this->user_roles)) {
179 if ($role_id === SYSTEM_ROLE_ID) {
180 // get all possible operation of current object
181 $ops_list = ilRbacReview::_getOperationList($this->object->getType());
182
183 foreach ($ops_list as $ops_data) {
184 $ops[] = (int) $ops_data['ops_id'];
185 }
186
187 $role['ops'] = $ops;
188 } else {
189 $role['ops'] = $this->rbacreview->getRoleOperationsOnObject(
190 $role_id,
191 $this->object->getRefId()
192 );
193 }
194
195 $role['translation'] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
196 $assigned_valid_roles[] = $role;
197 }
198 }
199 $this->assigned_valid_roles = $assigned_valid_roles;
200 return $assigned_valid_roles;
201 }
202
206 public function getCommands(string $a_type): array
207 {
208 global $DIC;
209
210 $objDefinition = $DIC['objDefinition'];
211
212 $class = $objDefinition->getClassName($a_type);
213 $location = $objDefinition->getLocation($a_type);
214 $full_class = "ilObj" . $class . "Access";
215
216 $cmds = call_user_func([$full_class, "_getCommands"]);
217
218 $cmds[] = ['permission' => 'visible', 'cmd' => 'info'];
219
220 return $cmds;
221 }
222
226 public function getUser(): ilObjUser
227 {
228 global $DIC;
229
230 $user_login = '';
231 if ($DIC->http()->wrapper()->post()->has('user_login')) {
232 $user_login = $DIC->http()->wrapper()->post()->retrieve(
233 'user_login',
234 $DIC->refinery()->kindlyTo()->string()
235 );
236 }
237 if (!strlen($user_login)) {
238 return $DIC->user();
239 }
240 $user_id = ilObjUser::_lookupId($user_login);
241 $user = ilObjectFactory::getInstanceByObjId($user_id, false);
242 if (!$user instanceof ilObjUser || $user->getType() != 'usr') {
243 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('info_err_user_not_exist'));
244 return $DIC->user();
245 }
246 $this->tpl->setOnScreenMessage('success', $this->lng->txt('info_user_view_changed'));
247 return $user;
248 }
249
253 public function getAccessStatusInfoData(): array
254 {
255 global $DIC;
256
257 $ilAccess = $DIC['ilAccess'];
258 $infos = [];
259
260 $result_set[0][] = $this->lng->txt('user');
261 $result_set[0][] = $this->user->getFullname() . " (#" . $this->user->getId() . ")";
262
263 $assigned_valid_roles = [];
264
265 foreach ($this->getAssignedValidRoles() as $role) {
266 $assigned_valid_roles[] = $role["translation"];
267 }
268
269 $roles_str = implode(", ", $assigned_valid_roles);
270
271 $result_set[1][] = $this->lng->txt("roles");
272 $result_set[1][] = $roles_str;
273
274 $result_set[2][] = $this->lng->txt("status");
275
276 $ilAccess->clear();
277 $ilAccess->checkAccessOfUser(
278 $this->user->getId(),
279 'read',
280 '',
281 $this->object->getRefId(),
282 $this->object->getType(),
283 $this->object->getId()
284 );
285
286 $infos = array_merge($infos, $ilAccess->getInfo());
287
288 $cmds = $this->getCommands($this->object->getType());
289
290 foreach ($cmds as $cmd) {
291 if (count($cmd) === 0) {
292 continue;
293 }
294 $ilAccess->clear();
295 $ilAccess->doStatusCheck(
296 $cmd['permission'],
297 $cmd['cmd'],
298 $this->object->getRefId(),
299 $this->user->getId(),
300 $this->object->getId(),
301 $this->object->getType()
302 );
303 $infos = array_merge($infos, $ilAccess->getInfo());
304 }
305
306 $alert = "il_ItemAlertProperty";
307 $okay = "il_ItemOkayProperty";
308 $text = "";
309
310 if ($infos === []) {
311 $text = "<span class=\"" . $okay . "\">" . $this->lng->txt("access") . "</span><br/> ";
312 } else {
313 foreach ($infos as $info) {
314 switch ($info['type']) {
315 case ilAccessInfo::IL_STATUS_MESSAGE:
316 $text .= "<span class=\"" . $okay . "\">" . $info['text'] . "</span><br/> ";
317 break;
318
319 case ilAccessInfo::IL_NO_PARENT_ACCESS:
320 $factory = new ilObjectFactory();
321 $obj = $factory->getInstanceByRefId((int) $info['data']);
322 $text .= "<span class=\"" . $alert . "\">" . $info['text'] . " (" . $this->lng->txt("obj_" . $obj->getType()) . " #" . $obj->getId() . ": " . $obj->getTitle() . ")</span><br/> ";
323 break;
324
325 default:
326 $text .= "<span class=\"" . $alert . "\">" . $info['text'] . "</span><br/> ";
327 break;
328 }
329 }
330 }
331
332 $result_set[2][] = $text;
333
334 return $result_set;
335 }
336
340 public function getAccessPermissionTableData(): array
341 {
342 global $DIC;
343
344 $ilAccess = $DIC['ilAccess'];
345 $ilObjDataCache = $DIC['ilObjDataCache'];
346 $objDefinition = $DIC['objDefinition'];
347
348 // get all possible operation of current object
349 $ops_list = ilRbacReview::_getOperationList($this->object->getType());
350
351 $counter = 0;
352 $result_set = [];
353
354 // check permissions of user
355 foreach ($ops_list as $ops) {
356 $access = $ilAccess->doRBACCheck(
357 $ops['operation'],
358 "info",
359 $this->object->getRefId(),
360 $this->user->getId(),
361 $this->object->getType()
362 );
363
364 $result_set[$counter]["img"] = $access ? self::IMG_OK : self::IMG_NOT_OK;
365
366 if (substr($ops['operation'], 0, 7) == "create_" &&
367 $objDefinition->isPlugin(substr($ops['operation'], 7))) {
368 $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
369 substr($ops['operation'], 7),
370 'obj_' . substr($ops['operation'], 7)
371 );
372 } elseif ($objDefinition->isPlugin($this->object->getType())) {
373 $result_set[$counter]["operation"] = ilObjectPlugin::lookupTxtById(
374 $this->object->getType(),
375 $this->object->getType() . "_" . $ops['operation']
376 );
377 } elseif (substr($ops['operation'], 0, 7) == 'create_') {
378 $result_set[$counter]["operation"] = $this->lng->txt('rbac_' . $ops['operation']);
379 } else {
380 $result_set[$counter]["operation"] = $this->lng->txt($this->object->getType() . "_" . $ops['operation']);
381 }
382
383 $list_role = [];
384
385 // Check ownership
386 if ($this->user->getId() == $ilObjDataCache->lookupOwner($this->object->getId())) {
387 if (
388 (substr($ops['operation'], 0, 7) !== 'create_') and
389 ($ops['operation'] !== 'edit_permission') and
390 ($ops['operation'] !== 'edit_learning_progress')
391 ) {
392 $list_role[] = $this->lng->txt('info_owner_of_object');
393 }
394 }
395 // get operations on object for each assigned role to user
396 foreach ($this->getAssignedValidRoles() as $role) {
397 if (in_array($ops['ops_id'], $role['ops'])) {
398 $list_role[] = $role['translation'];
399 }
400 }
401
402 if (empty($list_role)) {
403 $list_role[] = $this->lng->txt('none');
404 }
405
406 $result_set[$counter]["role_ownership"] = $list_role;
407
408 ++$counter;
409 }
410
411 return $result_set;
412 }
413
417 private function getAvailableRolesTableData(): array
418 {
419 global $DIC;
420
421 $tree = $DIC['tree'];
422
423 $path = array_reverse($tree->getPathId($this->object->getRefId()));
424
425 $counter = 0;
426
427 $result_set = [];
428 foreach ($this->valid_roles as $role) {
429 $role_id = (int) $role["obj_id"];
430 $result_set[$counter]["img"] = in_array(
431 $role_id,
432 $this->user_roles
433 ) ? self::IMG_OK : self::IMG_NOT_OK;
434
435 if (is_subclass_of($this->object, ilObjectPlugin::class) && $role["parent"] == $this->object->getRefId()) {
436 $result_set[$counter][] = ilObjectPlugin::lookupTxtById(
437 $this->object->getType(),
438 ilObjRole::_removeObjectId($role["title"])
439 );
440 } else {
441 $result_set[$counter][] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
442 }
443
444 $result_set[$counter]["role"] = str_replace(" ", "&nbsp;", ilObjRole::_getTranslation($role["title"]));
445
446
447 if ($role['role_type'] != "linked") {
448 $result_set[$counter]["effective_from"] = "";
449 } else {
450 $rolfs = $this->rbacreview->getFoldersAssignedToRole($role_id);
451
452 // ok, try to match the next rolf in path
453 foreach ($path as $node) {
454 if ($node == 1) {
455 break;
456 }
457
458 if (in_array($node, $rolfs)) {
459 $nodedata = $tree->getNodeData($node);
460 $result_set[$counter]["effective_from"] = $nodedata["title"];
461 $result_set[$counter]["effective_from_ref_id"] = $node;
462 break;
463 }
464 }
465 }
466
467 if (in_array($role['obj_id'], $this->global_roles)) {
468 $result_set[$counter]["original_position"] = $this->lng->txt("global");
469 $result_set[$counter]["original_position_ref_id"] = false;
470 } else {
471 $rolf = $this->rbacreview->getFoldersAssignedToRole($role_id, true);
472 $parent_node = $tree->getNodeData($rolf[0]);
473 if (!array_key_exists('ref_id', $parent_node)) {
474 unset($result_set[$counter]);
475 continue;
476 }
477 $result_set[$counter]['original_position'] = $parent_node['title'];
478 $result_set[$counter]['original_position_ref_id'] = $parent_node['ref_id'];
479 }
480
481 ++$counter;
482 }
483 return $result_set;
484 }
485}
$location
$location
Definition: buildRTE.php:22
ilAccessPermissionsStatusTableGUI
Table for Acces Permissons in Permission > Permission of User.
Definition: class.ilAccessPermissionsStatusTableGUI.php:27
ilAvailableRolesStatusTableGUI
Table for Available Roles in Permission > Permission of User.
Definition: class.ilAvailableRolesStatusTableGUI.php:27
ilInfoScreenGUI
Class ilInfoScreenGUI.
Definition: class.ilInfoScreenGUI.php:35
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilObjRole\_removeObjectId
static _removeObjectId(string $a_role_title)
Definition: class.ilObjRole.php:386
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjUser\_lookupId
static _lookupId(string|array $a_user_str)
Definition: class.ilObjUser.php:2915
ilObjectFactory
Class ilObjectFactory This class offers methods to get instances of the type-specific object classes ...
Definition: class.ilObjectFactory.php:33
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilObjectPermissionStatusGUI
This class displays the permission status of a user concerning a specific object.
Definition: class.ilObjectPermissionStatusGUI.php:29
ilObjectPermissionStatusGUI\accessStatusInfo
accessStatusInfo()
Access- and Statusinformation Info.
Definition: class.ilObjectPermissionStatusGUI.php:127
ilObjectPermissionStatusGUI\__construct
__construct(ilObject $a_obj)
Constructor @access public.
Definition: class.ilObjectPermissionStatusGUI.php:50
ilObjectPermissionStatusGUI\accessPermissionsTable
accessPermissionsTable()
Access Permissions Table.
Definition: class.ilObjectPermissionStatusGUI.php:144
ilObjectPermissionStatusGUI\getAccessPermissionTableData
getAccessPermissionTableData()
Access Permissions Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:340
ilObjectPermissionStatusGUI\getAvailableRolesTableData
getAvailableRolesTableData()
Available Roles Table Data.
Definition: class.ilObjectPermissionStatusGUI.php:417
ilObjectPlugin\lookupTxtById
static lookupTxtById(string $plugin_id, string $lang_var)
Definition: class.ilObjectPlugin.php:55
ilObject
Class ilObject Basic functions for all objects.
Definition: class.ilObject.php:38
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1147
ilTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilTemplate.php:31
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:28
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:28
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
$info
$info
Definition: entry_point.php:21
ILIAS\UICore\GlobalTemplate\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ILIAS\UICore\GlobalTemplate\get
get(string $part=self::DEFAULT_BLOCK)
Renders the given block and returns the html string.
ilCtrlInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlInterface.php:27
$path
$path
Definition: ltiservices.php:30
$DIC
global $DIC
Definition: shib_login.php:26
$counter
$counter
Definition: shib_logout.php:170