ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilSettingsPermissionGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
28class ilSettingsPermissionGUI
29{
30 protected array $permissions = []; // permissions selected by context
31 protected array $base_permissions = []; // base permissions of the object type (ops_id -> permission)
32 protected array $base_permissions_by_op = [];// base permissions of the object type (permission -> ops_id)
33 protected array $role_required_permissions = [];
34 protected array $role_prohibited_permissions = [];
35 protected array $base_roles = [];
36
37 private object $obj;
38
39 protected ilRbacReview $review;
40 protected ilRbacAdmin $admin;
41 protected ilGlobalTemplateInterface $tpl;
42 protected ilLanguage $lng;
43 protected ilCtrl $ctrl;
44
45 public function __construct(object $a_gui_obj)
46 {
47 global $DIC;
48
49 $this->lng = $DIC->language();
50 $this->lng->loadLanguageModule("rbac");
51 $this->ctrl = $DIC->ctrl();
52 $this->obj = $a_gui_obj->getObject();
53 $this->review = $DIC->rbac()->review();
54 $this->admin = $DIC->rbac()->admin();
55 $this->tpl = $DIC->ui()->mainTemplate();
56
57 foreach (ilRbacReview::_getOperationList($this->obj->getType()) as $p) {
58 $this->base_permissions[$p["ops_id"]] = $p["operation"];
59 $this->base_permissions_by_op[$p["operation"]] = $p["ops_id"];
60 }
61
62 $this->base_roles = $this->review->getParentRoleIds($this->obj->getRefId());
63 }
64
68 public function determineRoles(): array
69 {
70 $roles = [];
71 foreach ($this->base_roles as $k => $r) {
72 $ops = $this->review->getActiveOperationsOfRole($this->obj->getRefId(), (int) $r["rol_id"]);
73 $use = true;
74 foreach ($this->getRoleRequiredPermissions() as $o) {
75 if (!in_array($o, $ops)) {
76 $use = false;
77 }
78 }
79 foreach ($this->getRoleProhibitedPermissions() as $o) {
80 if (in_array($o, $ops)) {
81 $use = false;
82 }
83 }
84 if ($use) {
85 $roles[$k] = $r;
86 }
87 }
88 return $roles;
89 }
90
94 public function setRoleRequiredPermissions(array $a_val): void
95 {
96 if (is_array($a_val)) {
97 foreach ($a_val as $p) {
98 if (in_array($p, $this->base_permissions)) {
99 $this->role_required_permissions[] = $this->base_permissions_by_op[$p];
100 }
101 }
102 }
103 }
104
109 public function getRoleRequiredPermissions(): array
110 {
111 return $this->role_required_permissions;
112 }
113
118 public function setRoleProhibitedPermissions(array $a_val): void
119 {
120 if (is_array($a_val)) {
121 foreach ($a_val as $p) {
122 if (in_array($p, $this->base_permissions)) {
123 $this->role_prohibited_permissions[] = $this->base_permissions_by_op[$p];
124 }
125 }
126 }
127 }
128
133 public function getRoleProhibitedPermissions(): array
134 {
135 return $this->role_prohibited_permissions;
136 }
137
142 public function setPermissions(array $a_val): void
143 {
144 if (is_array($a_val)) {
145 foreach ($a_val as $p) {
146 if (in_array($p, $this->base_permissions)) {
147 $this->permissions[$this->base_permissions_by_op[$p]] = $p;
148 }
149 }
150 }
151 }
152
157 public function getPermissions(): array
158 {
159 return $this->permissions;
160 }
161
165 public function executeCommand(): void
166 {
167 $cmd = $this->ctrl->getCmd("showForm");
168 if (in_array($cmd, ["showForm", "save"])) {
169 $this->$cmd();
170 }
171 }
172
176 public function showForm(): void
177 {
178 $form = $this->initPermissionForm();
179 $this->tpl->setContent($form->getHTML());
180 }
181
185 public function initPermissionForm(): ilPropertyFormGUI
186 {
187 $form = new ilPropertyFormGUI();
188 $roles = $this->determineRoles();
189 $ops = [];
190 foreach ($roles as $r) {
191 $ops[(int) $r["rol_id"]] = $this->review->getActiveOperationsOfRole($this->obj->getRefId(), (int) $r["rol_id"]);
192 }
193
194 // for each permission, collect all roles that have the permission activated
195 $perm_roles = [];
196 foreach ($ops as $r => $o2) {
197 foreach ($o2 as $o) {
198 $perm_roles[$o][] = $r;
199 }
200 }
201
202 // for each permission
203 foreach ($this->getPermissions() as $p) {
204 // roles
205 $cb = new ilCheckboxGroupInputGUI($this->lng->txt($p), $p);
206 reset($roles);
207 foreach ($roles as $k => $r) {
208 $option = new ilCheckboxOption(ilObjRole::_getTranslation($r["title"]), (string) $k);
209 $cb->addOption($option);
210 }
211 if (isset($perm_roles[$this->base_permissions_by_op[$p]])) {
212 $cb->setValue($perm_roles[$this->base_permissions_by_op[$p]]);
213 }
214 $form->addItem($cb);
215 }
216
217 $form->addCommandButton("save", $this->lng->txt("save"));
218
219 $form->setTitle($this->lng->txt("rbac_permissions"));
220 $form->setFormAction($this->ctrl->getFormAction($this));
221 return $form;
222 }
223
227 public function save(): void
228 {
229 $form = $this->initPermissionForm();
230 if ($form->checkInput()) {
231 foreach ($this->determineRoles() as $r) {
232 // get active operations for role
233 $ops = $this->review->getActiveOperationsOfRole($this->obj->getRefId(), $r["rol_id"]);
234
235 // revode all permissions for the role
236 $this->admin->revokePermission($this->obj->getRefId(), $r["rol_id"]);
237
238 // for all permissions of the form...
239 foreach ($this->getPermissions() as $p) {
240 $roles = $form->getInput($p);
241 if (!is_array($roles)) {
242 $roles = [];
243 }
244 $o = $this->base_permissions_by_op[$p];
245
246 // ... if in original operations, but not checked, remove it from operations
247 if (in_array($o, $ops) && !in_array($r["rol_id"], $roles)) {
248 if (($key = array_search($o, $ops)) !== false) {
249 unset($ops[$key]);
250 }
251 }
252
253 // ...if not in original operations, but checked, add to operations
254 if (!in_array($o, $ops) && in_array($r["rol_id"], $roles)) {
255 $ops[] = $o;
256 }
257 }
258 // now grant resulting permissions
259 $this->admin->grantPermission(
260 $r["rol_id"],
261 array_unique($ops),
262 $this->obj->getRefId()
263 );
264 }
265
266 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_obj_modified"), true);
267 $this->ctrl->redirect($this, "");
268 } else {
269 $form->setValuesByPost();
270 $this->tpl->setContent($form->getHTML());
271 }
272 }
273}
ilCheckboxGroupInputGUI
This class represents a property in a property form.
Definition: class.ilCheckboxGroupInputGUI.php:28
ilCheckboxOption
This class represents an option in a checkbox group.
Definition: class.ilCheckboxOption.php:28
ilCtrl
Class ilCtrl provides processing control methods.
Definition: class.ilCtrl.php:36
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:32
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRbacReview\_getOperationList
static _getOperationList(string $a_type='')
get operation list by object type
Definition: class.ilRbacReview.php:1147
ilSettingsPermissionGUI
UI class for handling permissions that can be configured having the write permission for an object.
Definition: class.ilSettingsPermissionGUI.php:29
ilSettingsPermissionGUI\setRoleRequiredPermissions
setRoleRequiredPermissions(array $a_val)
Set role required permissions (this permissions are required for a role to be listed)
Definition: class.ilSettingsPermissionGUI.php:94
ilSettingsPermissionGUI\getRoleProhibitedPermissions
getRoleProhibitedPermissions()
Get role prohibited permissions.
Definition: class.ilSettingsPermissionGUI.php:133
ilSettingsPermissionGUI\getRoleRequiredPermissions
getRoleRequiredPermissions()
Get role required permissions.
Definition: class.ilSettingsPermissionGUI.php:109
ilSettingsPermissionGUI\setPermissions
setPermissions(array $a_val)
Set permissions.
Definition: class.ilSettingsPermissionGUI.php:142
ilSettingsPermissionGUI\initPermissionForm
initPermissionForm()
Init permission form.
Definition: class.ilSettingsPermissionGUI.php:185
ilSettingsPermissionGUI\setRoleProhibitedPermissions
setRoleProhibitedPermissions(array $a_val)
Set role prohibited permissions (this permissions are prohibited for a role to be listed)
Definition: class.ilSettingsPermissionGUI.php:118
$DIC
global $DIC
Definition: shib_login.php:26