ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\Refinery\Factory;
22 use ILIAS\UI\Factory as UIFactory;
23 use ILIAS\UI\Renderer;
24 use ILIAS\UI\Component\Modal\Interruptive as InterruptiveModal;
25 use ILIAS\UI\Component\Input\Container\Form\Standard as StandardForm;
26 
35 class ilObjRoleGUI extends ilObjectGUI
36 {
37  private const FORM_KEY_TITLE = 'title';
38  private const FORM_KEY_DESCRIPTION = 'description';
39  private const FORM_KEY_ILIAS_ID = 'ilias_id';
40  private const FORM_KEY_ON_REGISTRATION_FORM = 'on_registration_form';
41  private const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT = 'allow_local_user_assignment';
42  private const FORM_KEY_PROTECT = 'protect';
43 
44  protected int $obj_ref_id = 0;
45  protected int $obj_obj_id = 0;
46  protected string $obj_obj_type = '';
47  protected string $container_type = '';
48  protected int $role_id = 0;
49  protected ilHelpGUI $help;
50  private ilLogger $logger;
51  protected Factory $refinery;
52  protected UIFactory $ui_factory;
53  protected Renderer $ui_renderer;
54 
55  public function __construct(
56  $a_data,
57  int $a_id,
58  bool $a_call_by_reference = false,
59  bool $a_prepare_output = true
60  ) {
62  global $DIC;
63 
64  $this->help = $DIC['ilHelp'];
65  $this->logger = $DIC->logger()->ac();
66 
67  $this->role_id = $a_id;
68  $this->refinery = $DIC['refinery'];
69  $this->ui_factory = $DIC['ui.factory'];
70  $this->ui_renderer = $DIC['ui.renderer'];
71 
72  $this->type = 'role';
73 
74  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
75  // Add ref_id of object that contains role
76  $this->initParentRefId();
77  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
78  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
79  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
80 
81  $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
82  $this->lng->loadLanguageModule('rbac');
83  }
84 
85  public function executeCommand(): void
86  {
87  $this->prepareOutput();
88 
89  $next_class = $this->ctrl->getNextClass($this);
90  $cmd = $this->ctrl->getCmd();
91 
92  $this->ensureRoleAccessForContext();
93 
94  switch ($next_class) {
95  case 'ilrepositorysearchgui':
96 
97  if (!$this->access->checkAccess('edit_permission', '', $this->obj_ref_id)) {
98  $this->error->raiseError(
99  $this->lng->txt('permission_denied'),
100  $this->error->WARNING
101  );
102  }
103  $rep_search = new ilRepositorySearchGUI();
104  $rep_search->setTitle($this->lng->txt('role_add_user'));
105  $rep_search->setCallback($this, 'addUserObject');
106 
107  // Set tabs
108  $this->tabs_gui->setTabActive('user_assignment');
109  $this->ctrl->setReturn($this, 'userassignment');
110  $ret = $this->ctrl->forwardCommand($rep_search);
111  break;
112 
113  case 'ilexportgui':
114 
115  $this->tabs_gui->setTabActive('export');
116 
117  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
118  $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
119 
120  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
121  $exp->addFormat('xml');
122  $this->ctrl->forwardCommand($exp);
123  break;
124 
125  case 'ilrecommendedcontentroleconfiggui':
126  $this->tabs_gui->setTabActive('rep_recommended_content');
127  $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
128  $this->ctrl->forwardCommand($ui);
129  break;
130 
131  default:
132  if (!$cmd) {
133  if ($this->showDefaultPermissionSettings()) {
134  $cmd = "perm";
135  } else {
136  $cmd = 'userassignment';
137  }
138  }
139  $cmd .= "Object";
140  $this->$cmd();
141 
142  break;
143  }
144  }
145 
146  protected function getRoleId(): int
147  {
148  return $this->role_id;
149  }
150 
151  protected function initParentRefId(): void
152  {
153  $this->obj_ref_id = 0;
154 
155  if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
156  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
157  'rolf_ref_id',
158  $this->refinery->kindlyTo()->int()
159  );
160  } elseif ($this->http->wrapper()->query()->has('ref_id')) {
161  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
162  'ref_id',
163  $this->refinery->kindlyTo()->int()
164  );
165  }
166  }
167 
168  protected function retrieveTemplatePermissionsFromPost(): array
169  {
170  $template_permissions = [];
171  if ($this->http->wrapper()->post()->has('template_perm')) {
172  $custom_transformer = $this->refinery->custom()->transformation(
173  function ($array) {
174  return $array;
175  }
176  );
177  $template_permissions = $this->http->wrapper()->post()->retrieve(
178  'template_perm',
179  $custom_transformer
180  );
181  }
182  return $template_permissions;
183  }
184 
188  public function getParentRefId(): int
189  {
190  return $this->obj_ref_id;
191  }
192 
196  public function getParentObjId(): int
197  {
198  return $this->obj_obj_id;
199  }
200 
204  public function getParentType(): string
205  {
206  return $this->obj_obj_type;
207  }
208 
212  public function getAdminTabs(): void
213  {
214  $this->getTabs();
215  }
216 
220  protected function getContainerType(): string
221  {
222  return $this->container_type;
223  }
224 
228  protected function showDefaultPermissionSettings(): bool
229  {
230  return $this->obj_definition->isContainer($this->getContainerType())
231  || $this->obj_definition->isAdministrationObject($this->getContainerType());
232  }
233 
234  protected function getRoleForm(bool $is_role_creation_form = false): StandardForm
235  {
236  if ($this->creation_mode) {
237  $this->ctrl->setParameter($this, 'new_type', 'role');
238  }
239 
240  $ff = $this->ui_factory->input()->field();
241 
242  $title_validation_constraint = $this->refinery->custom()->constraint(
243  fn(string $v): bool => preg_match('/^il_.*$/', $v) ? false : true,
244  $this->lng->txt('msg_role_reserved_prefix')
245  );
246 
247  $role_is_autogenerated = false;
248 
249  if (!$is_role_creation_form) {
250  $role_is_autogenerated = $this->object->isAutoGenerated();
251  }
252 
253  $inputs = [
254  self::FORM_KEY_TITLE => $ff->text($this->lng->txt('title'))
255  ->withMaxLength(70)
256  ->withRequired(true)
257  ->withAdditionalTransformation($title_validation_constraint)
258  ->withValue($is_role_creation_form ? '' : $this->object->getTitle())
259  ->withDisabled($role_is_autogenerated),
260  self::FORM_KEY_DESCRIPTION => $ff->textarea($this->lng->txt('description'))
261  ->withMaxLimit(4000)
262  ->withValue($is_role_creation_form ? '' : $this->object->getDescription())
263  ->withDisabled($role_is_autogenerated),
264 
265  ];
266 
267  if (!$is_role_creation_form) {
268  $inputs[self::FORM_KEY_ILIAS_ID] = $ff->text($this->lng->txt('ilias_id'))
269  ->withDisabled(true)
270  ->withValue('il_' . IL_INST_ID . '_'
271  . $this->object->getType() . '_' . $this->object->getId());
272  }
273 
274  if ($this->obj_ref_id === ROLE_FOLDER_ID) {
275  $inputs[self::FORM_KEY_ON_REGISTRATION_FORM] = $ff->checkbox($this->lng->txt('allow_register'))
276  ->withValue($is_role_creation_form ? false : $this->object->getAllowRegister());
277  $inputs[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT] = $ff->checkbox($this->lng->txt('allow_assign_users'))
278  ->withValue($is_role_creation_form ? false : $this->object->getAssignUsersStatus());
279  }
280 
281  $inputs[self::FORM_KEY_PROTECT] = $ff->checkbox($this->lng->txt('role_protect_permissions'))
282  ->withValue(
283  $is_role_creation_form
284  ? false
285  : $this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())
286  );
287 
288  return $this->ui_factory->input()->container()->form()->standard(
289  $this->ctrl->getFormActionByClass(
290  self::class,
291  $is_role_creation_form ? 'save' : 'update'
292  ),
293  $inputs
294  )->withSubmitLabel(
295  $is_role_creation_form ? $this->lng->txt('role_new') : $this->lng->txt('save')
296  );
297  }
298 
299  public function createObject(): void
300  {
301  if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
302  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
303  $this->ctrl->returnToParent(ilRepositoryGUI::class);
304  }
305 
306  $this->tabs_gui->setBackTarget(
307  $this->lng->txt('cancel'),
308  $this->ctrl->getParentReturnByClass(self::class)
309  );
310 
311  $this->tpl->setContent(
312  $this->ui_renderer->render(
313  $this->ui_factory->panel()->standard(
314  $this->lng->txt('role_new'),
315  $this->getRoleForm(true)
316  )
317  )
318  );
319  }
320 
321  public function editObject(): void
322  {
323  if (!$this->checkAccess('write', 'edit_permission')) {
324  $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
325  $this->ctrl->returnToParent($this);
326  }
327  $this->tabs_gui->activateTab('edit_properties');
328 
329  $this->buildEditPage();
330  }
331 
336  public function saveObject(): void
337  {
338  $form = $this->getRoleForm(true)->withRequest($this->request);
339  $data = $form->getData();
340  if ($data === null) {
341  $this->tabs_gui->setBackTarget(
342  $this->lng->txt('cancel'),
343  $this->ctrl->getParentReturnByClass(self::class)
344  );
345  $this->tpl->setContent(
346  $this->ui_renderer->render(
347  $this->ui_factory->panel()->standard(
348  $this->lng->txt('role_new'),
349  $form
350  )
351  )
352  );
353  return;
354  }
355 
356  $role = new ilObjRole();
357  $role->setTitle($data[self::FORM_KEY_TITLE]);
358  $role->setDescription($data[self::FORM_KEY_DESCRIPTION]);
359  $role->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
360  $role->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
361  $role->create();
362  $this->rbac_admin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
363  $this->rbac_admin->setProtected(
364  $this->obj_ref_id,
365  $role->getId(),
366  $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
367  );
368  $this->tpl->setOnScreenMessage('success', $this->lng->txt('role_added'), true);
369  $this->ctrl->setParameter($this, 'obj_id', $role->getId());
370  $this->ctrl->redirect($this, 'perm');
371  }
372 
377  public function updateObject(): void
378  {
379  $form = $this->getRoleForm()->withRequest($this->request);
380  $data = $form->getData();
381  if ($data === null) {
382  $this->buildEditPage($form);
383  return;
384  }
385 
386  if (isset($data[self::FORM_KEY_TITLE])) {
387  $this->object->setTitle($data[self::FORM_KEY_TITLE]);
388  }
389  if (isset($data[self::FORM_KEY_DESCRIPTION])) {
390  $this->object->setDescription($data[self::FORM_KEY_DESCRIPTION]);
391  }
392  if (isset($data[self::FORM_KEY_ON_REGISTRATION_FORM])) {
393  $this->object->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
394  }
395  if (isset($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT])) {
396  $this->object->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
397  }
398  $this->object->update();
399  $this->rbac_admin->setProtected(
400  $this->obj_ref_id,
401  $this->object->getId(),
402  $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
403  );
404 
405  $this->tpl->setOnScreenMessage('success', $this->lng->txt('saved_successfully'), true);
406  $this->ctrl->redirect($this, 'edit');
407  }
408 
409  private function buildEditPage(?StandardForm $form = null): void
410  {
411  $page_content = [];
412  if ($this->object->getId() != SYSTEM_ROLE_ID) {
413  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
414  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
415  $modal = $this->buildConfirmationModal();
416  $this->toolbar->addComponent(
417  $this->ui_factory->button()->standard(
418  $this->lng->txt('rbac_delete_role'),
419  $modal->getShowSignal()
420  )
421  );
422  $page_content[] = $modal;
423  }
424  }
425 
426  $page_content[] = $this->ui_factory->panel()->standard(
427  $this->lng->txt('role_edit'),
428  $form ?? $this->getRoleForm()
429  );
430 
431  $this->tpl->setContent(
432  $this->ui_renderer->render($page_content)
433  );
434  }
435 
436  protected function permObject(bool $a_show_admin_permissions = false): void
437  {
438  $this->tabs_gui->setTabActive('default_perm_settings');
439 
440  $this->setSubTabs('default_perm_settings');
441 
442  if (!$this->checkAccess('write', 'edit_permission')) {
443  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
444  $this->ctrl->returnToParent($this);
445  }
446 
447  if ($a_show_admin_permissions) {
448  $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
449  } else {
450  $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
451  }
452 
453  $this->tpl->addBlockFile(
454  'ADM_CONTENT',
455  'adm_content',
456  'tpl.rbac_template_permissions.html',
457  'components/ILIAS/AccessControl'
458  );
459 
460  if ($this->object->getId() !== SYSTEM_ROLE_ID) {
461  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
462  $this->toolbar->addComponent(
463  $this->ui_factory->link()->standard(
464  $this->lng->txt("adopt_perm_from_template"),
465  $this->ctrl->getLinkTarget($this, 'adoptPerm')
466  )
467  );
468  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
469  $modal = $this->buildConfirmationModal();
470  $this->toolbar->addComponent(
471  $this->ui_factory->button()->standard(
472  $this->lng->txt('rbac_delete_role'),
473  $modal->getShowSignal()
474  )
475  );
476  $this->tpl->setVariable('DELETION_MODAL', $this->ui_renderer->render($modal));
477  }
478  }
479 
480  $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
481 
482  $acc = new ilAccordionGUI();
483  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
484  $acc->setId('template_perm_' . $this->getParentRefId());
485 
486  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
487  if ($a_show_admin_permissions) {
488  $subs = ilObjRole::getSubObjects('adm', true);
489  } else {
490  $subs = ilObjRole::getSubObjects('root', false);
491  }
492  } else {
493  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
494  }
495 
496  foreach ($subs as $subtype => $def) {
497  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
498  $this,
499  'perm',
500  $this->getParentRefId(),
501  $this->object->getId(),
502  $subtype,
503  $a_show_admin_permissions
504  );
505  $tbl->parse();
506 
507  $acc->addItem($def['translation'], $tbl->getHTML());
508  }
509 
510  $this->tpl->setVariable('ACCORDION', $acc->getHTML());
511 
512  // Add options table
513  $options = new ilObjectRoleTemplateOptionsTableGUI(
514  $this,
515  'perm',
516  $this->obj_ref_id,
517  $this->object->getId(),
518  $a_show_admin_permissions
519  );
520  if ($this->object->getId() != SYSTEM_ROLE_ID) {
521  $options->addMultiCommand(
522  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
523  $this->lng->txt('save')
524  );
525  }
526 
527  $options->parse();
528  $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
529  }
530 
531  protected function adminPermObject(): void
532  {
533  $this->permObject(true);
534  }
535 
536  protected function adminPermSaveObject(): void
537  {
538  $this->permSaveObject(true);
539  }
540 
541  protected function adoptPermObject(): void
542  {
543  $output = [];
544  $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
545 
546  $this->tabs_gui->clearTargets();
547 
548  $ids = [];
549  foreach (array_keys($parent_role_ids) as $id) {
550  $ids[] = $id;
551  }
552  // Sort ids
553  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
554  $key = 0;
555  foreach ($sorted_ids as $id) {
556  $par = $parent_role_ids[$id];
557  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
558  $output[$key]["role_id"] = $par["obj_id"];
559  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
560  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
561  $output[$key]["role_desc"] = $par["desc"];
562  $key++;
563  }
564  }
565 
566  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
567  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
568  $tbl->setData($output);
569 
570  $this->tpl->setContent($tbl->getHTML());
571  }
572 
576  protected function confirmDeleteRoleObject(): void
577  {
578  $this->tabs_gui->clearTargets();
579 
580  if (!$this->checkAccess('visible,write', 'edit_permission')) {
581  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
582  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
583  }
584 
585  $question = $this->lng->txt('rbac_role_delete_qst');
586  if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
587  $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
588  }
589  $this->tpl->setOnScreenMessage('question', $question);
590 
591  $confirm = new ilConfirmationGUI();
592  $confirm->setFormAction($this->ctrl->getFormAction($this));
593  $confirm->setHeaderText($question);
594  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
595  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
596 
597  $confirm->addItem(
598  'role',
599  (string) $this->object->getId(),
600  ilObjRole::_getTranslation($this->object->getTitle()),
601  ilUtil::getImagePath('standard/icon_role.svg')
602  );
603 
604  $this->tpl->setContent($confirm->getHTML());
605  }
606 
610  protected function performDeleteRoleObject(): void
611  {
612  if (!$this->checkAccess('visible,write', 'edit_permission')) {
613  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
614  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
615  }
616 
617  $this->object->setParent($this->obj_ref_id);
618  $this->object->delete();
619  $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
620 
621  $this->ctrl->returnToParent($this);
622  }
623 
628  public function permSaveObject(bool $a_show_admin_permissions = false): void
629  {
630  if (!$this->checkAccess('visible,write', 'edit_permission')) {
631  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
632  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
633  }
634 
635  // rbac log
636  $rbac_log_active = ilRbacLog::isActive();
637  if ($rbac_log_active) {
638  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
639  }
640 
641  // delete all template entries of enabled types
642  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
643  if ($a_show_admin_permissions) {
644  $subs = ilObjRole::getSubObjects('adm', true);
645  } else {
646  $subs = ilObjRole::getSubObjects('root', false);
647  }
648  } else {
649  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
650  }
651 
652  foreach (array_keys($subs) as $subtype) {
653  // Delete per object type
654  $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
655  }
656 
657  $template_permissions = $this->retrieveTemplatePermissionsFromPost();
658  foreach ($template_permissions as $key => $ops_array) {
659  // sets new template permissions
660  $this->rbac_admin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
661  }
662 
663  if ($rbac_log_active) {
664  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
665  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
666  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
667  }
668 
669  // update object data entry (to update last modification date)
670  $this->object->update();
671 
672  // set protected flag
673  $protected = false;
674  if ($this->http->wrapper()->post()->has('protected')) {
675  $protected = $this->http->wrapper()->post()->retrieve(
676  'protected',
677  $this->refinery->kindlyTo()->bool()
678  );
679  }
680  if (
681  $this->obj_ref_id == ROLE_FOLDER_ID ||
682  $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
683  $this->rbac_admin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
684  }
685  $recursive = false;
686  if ($this->http->wrapper()->post()->has('recursive')) {
687  $recursive = $this->http->wrapper()->post()->retrieve(
688  'recursive',
689  $this->refinery->kindlyTo()->bool()
690  );
691  }
692  // aka change existing object for specific object types
693  $recursive_list = [];
694  if ($this->http->wrapper()->post()->has('recursive_list')) {
695  $recursive_list = $this->http->wrapper()->post()->retrieve(
696  'recursive_list',
697  $this->refinery->kindlyTo()->listOf(
698  $this->refinery->kindlyTo()->string()
699  )
700  );
701  }
702  if ($a_show_admin_permissions) {
703  $recursive = true;
704  }
705 
706  // Redirect if Change existing objects is not chosen
707  if (!$recursive && !count($recursive_list)) {
708  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
709  if ($a_show_admin_permissions) {
710  $this->ctrl->redirect($this, 'adminPerm');
711  } else {
712  $this->ctrl->redirect($this, 'perm');
713  }
714  }
715  // New implementation
716  if (
717  ($recursive || count($recursive_list)) &&
718  $this->isChangeExistingObjectsConfirmationRequired() &&
719  !$a_show_admin_permissions
720  ) {
721  $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
722  return;
723  }
724 
725  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
726  if ($a_show_admin_permissions) {
727  $start = $this->tree->getParentId($this->obj_ref_id);
728  }
729 
730  if ($protected) {
731  $this->object->changeExistingObjects(
732  $start,
733  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
734  ['all'],
735  []
736  );
737  } else {
738  $this->object->changeExistingObjects(
739  $start,
740  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
741  ['all'],
742  []
743  );
744  }
745  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
746 
747  if ($a_show_admin_permissions) {
748  $this->ctrl->redirect($this, 'adminPerm');
749  } else {
750  $this->ctrl->redirect($this, 'perm');
751  }
752  }
753 
754  public function adoptPermSaveObject(): void
755  {
756  $source = 0;
757  if ($this->http->wrapper()->post()->has('adopt')) {
758  $source = $this->http->wrapper()->post()->retrieve(
759  'adopt',
760  $this->refinery->kindlyTo()->int()
761  );
762  }
763 
764  if (!$source) {
765  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
766  $this->adoptPermObject();
767  return;
768  }
769 
770  $access = $this->checkAccess('visible,write', 'edit_permission');
771  if (!$access) {
772  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
773  }
774  if ($this->object->getId() == $source) {
775  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
776  } else {
777  $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
778  $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
779  $this->rbac_admin->copyRoleTemplatePermissions(
780  $source,
781  $parentRoles[$source]["parent"],
782  $this->obj_ref_id,
783  $this->object->getId(),
784  false
785  );
786 
787  // update object data entry (to update last modification date)
788  $this->object->update();
789 
790  // send info
791  $title = ilObject::_lookupTitle($source);
792  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
793  ilObjRole::_getTranslation($title) . "'.<br/>" .
794  $this->lng->txt("msg_perm_adopted_from2"), true);
795  }
796 
797  $this->ctrl->redirect($this, "perm");
798  }
799 
803  public function addUserObject(array $a_user_ids): void
804  {
805  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
806  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
807  return;
808  }
809  if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
810  $this->obj_ref_id != ROLE_FOLDER_ID) {
811  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
812  return;
813  }
814  if ($a_user_ids === []) {
815  $this->lng->loadLanguageModule('search');
816  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
817  return;
818  }
819 
820  $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
821 
822  // users to assign
823  $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
824 
825  // selected users all already assigned. stop
826  if (count($assigned_users_new) == 0) {
827  $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
828  $this->ctrl->redirect($this, 'userassignment');
829  }
830 
831  // assign new users
832  foreach ($assigned_users_new as $user_id) {
833  if ($user_id === ANONYMOUS_USER_ID) {
834  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
835  return;
836  }
837  $this->rbac_admin->assignUser($this->object->getId(), $user_id, false);
838  }
839 
840  // update object data entry (to update last modification date)
841  $this->object->update();
842 
843  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
844  $this->ctrl->redirect($this, 'userassignment');
845  }
846 
847  public function deassignUserObject(): void
848  {
849  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
850  $this->ilias->raiseError(
851  $this->lng->txt("msg_no_perm_assign_user_to_role"),
852  $this->ilias->error_obj->MESSAGE
853  );
854  }
855 
856  $selected_users = [];
857  if ($this->http->wrapper()->query()->has('user_id')) {
858  $selected_users = [
859  $this->http->wrapper()->query()->retrieve(
860  'user_id',
861  $this->refinery->kindlyTo()->int()
862  )
863  ];
864  }
865  if ($this->http->wrapper()->post()->has('user_id')) {
866  $selected_users = $this->http->wrapper()->post()->retrieve(
867  'user_id',
868  $this->refinery->kindlyTo()->listOf(
869  $this->refinery->kindlyTo()->int()
870  )
871  );
872  }
873  if (count($selected_users) === 0) {
874  $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
875  }
876 
877  // prevent unassignment of system user from system role
878  if ($this->object->getId() == SYSTEM_ROLE_ID) {
879  if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
880  unset($selected_users[$admin]);
881  }
882  }
883 
884  // check for each user if the current role is his last global role before deassigning him
885  $last_role = [];
886  $global_roles = $this->rbac_review->getGlobalRoles();
887  foreach ($selected_users as $user) {
888  $assigned_roles = $this->rbac_review->assignedRoles($user);
889  $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
890 
891  if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
892  $this->object->getId(),
893  $assigned_global_roles
894  )) {
895  $userObj = new ilObjUser($user);
896  $last_role[$user] = $userObj->getFullName();
897  unset($userObj);
898  }
899  }
900 
901  // ... else perform deassignment
902  foreach ($selected_users as $user) {
903  if (!isset($last_role[$user])) {
904  $this->rbac_admin->deassignUser($this->object->getId(), $user);
905  }
906  }
907 
908  // update object data entry (to update last modification date)
909  $this->object->update();
910 
911  // raise error if last role was taken from a user...
912  if ($last_role !== []) {
913  $user_list = implode(", ", $last_role);
914  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
915  } else {
916  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
917  }
918  $this->ctrl->redirect($this, 'userassignment');
919  }
920 
924  public function userassignmentObject(): void
925  {
926  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
927  $this->tpl->setOnScreenMessage(
928  $this->lng->txt("msg_no_perm_assign_user_to_role"),
929  );
930  return;
931  }
932 
933  $this->tabs_gui->setTabActive('user_assignment');
934 
935  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'components/ILIAS/AccessControl');
936 
937  $tb = new ilToolbarGUI();
938 
939  // protected admin role
940  if ($this->object->getId() != SYSTEM_ROLE_ID
941  || ($this->rbac_review->isAssigned($this->user->getId(), SYSTEM_ROLE_ID)
942  || !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) {
943  // add member
944  ilRepositorySearchGUI::fillAutoCompleteToolbar(
945  $this,
946  $tb,
947  [
948  'auto_complete_name' => $this->lng->txt('user'),
949  'submit_name' => $this->lng->txt('add')
950  ]
951  );
952 
953  $tb->addSpacer();
954 
955  $tb->addComponent(
956  $this->ui_factory->link()->standard(
957  $this->lng->txt('search_user'),
958  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
959  )
960  );
961  $tb->addSpacer();
962  }
963 
964  $tb->addComponent(
965  $this->ui_factory->link()->standard(
966  $this->lng->txt('role_mailto'),
967  $this->ctrl->getLinkTarget($this, 'mailToRole')
968  )
969  );
970  $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
971 
972  $role_assignment_editable = true;
973  if (
974  $this->object->getId() == SYSTEM_ROLE_ID &&
975  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($this->user->getId())) {
976  $role_assignment_editable = false;
977  }
978  $ut = new ilAssignedUsersTableGUI(
979  $this,
980  'userassignment',
981  $this->ui_factory,
982  $this->ui_renderer,
983  $this->object->getId(),
984  $role_assignment_editable,
985  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
986  );
987  $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
988  }
989 
993  protected function addAdminLocatorItems(bool $do_not_add_object = false): void
994  {
995  if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
996  parent::addAdminLocatorItems(true);
997 
998  $this->locator->addItem(
999  $this->lng->txt('obj_' . $this->getParentType()),
1000  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1001  );
1002 
1003  if ($this->object instanceof ilObjRole) {
1004  $this->locator->addItem(
1005  ilObjRole::_getTranslation($this->object->getTitle()),
1006  $this->ctrl->getLinkTarget($this, 'perm')
1007  );
1008  }
1009  } else {
1010  parent::addAdminLocatorItems($do_not_add_object);
1011  }
1012  }
1013 
1014  protected function getTabs(): void
1015  {
1016  $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1017  $activate_role_edit = false;
1018 
1019  // todo: activate the following (allow editing of local roles in
1020  // roles administration)
1021  if (
1022  in_array($this->obj_ref_id, $base_role_container) ||
1023  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1024  ) {
1025  $activate_role_edit = true;
1026  }
1027 
1028  // not so nice (workaround for using tabs in repository)
1029  $this->tabs_gui->clearTargets();
1030 
1031  $this->help->setScreenIdComponent('role');
1032  $this->tabs_gui->setBackTarget(
1033  $this->lng->txt('btn_back'),
1034  (string) $this->ctrl->getParentReturn($this)
1035  );
1036  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1037  $this->tabs_gui->addTarget(
1038  "edit_properties",
1039  $this->ctrl->getLinkTarget($this, "edit"),
1040  ["edit", "update"],
1041  get_class($this)
1042  );
1043  }
1044  if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1045  $this->tabs_gui->addTarget(
1046  'default_perm_settings',
1047  $this->ctrl->getLinkTarget($this, 'perm'),
1048  [],
1049  get_class($this)
1050  );
1051  }
1052 
1053  if ($this->checkAccess(
1054  'write',
1055  'edit_permission'
1056  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1057  $this->tabs_gui->addTarget(
1058  'user_assignment',
1059  $this->ctrl->getLinkTarget($this, 'userassignment'),
1060  ['deassignUser', 'userassignment', 'assignUser', 'searchUserForm', 'search'],
1061  get_class($this)
1062  );
1063  }
1064 
1065  if ($this->checkAccess(
1066  'write',
1067  'edit_permission'
1068  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1069  $this->lng->loadLanguageModule('rep');
1070  $this->tabs_gui->addTarget(
1071  'rep_recommended_content',
1072  $this->ctrl->getLinkTargetByClass('ilrecommendedcontentroleconfiggui', '')
1073  );
1074  }
1075  if ($this->checkAccess('write', 'edit_permission')) {
1076  $this->tabs_gui->addTarget(
1077  'export',
1078  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1079  []
1080  );
1081  }
1082  }
1083 
1084  public function mailToRoleObject(): void
1085  {
1086  $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1087 
1088  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1089  if (count($obj_ids) > 1) {
1090  $mail_roles[] = '#il_role_' . $this->object->getId();
1091  } else {
1092  $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1093  }
1094  ilSession::set('mail_roles', $mail_roles);
1095  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1096  ilUtil::redirect($script);
1097  }
1098 
1099  public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1100  {
1101  $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1102 
1103  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1104  return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1105  } else {
1106  return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1107  }
1108  }
1109 
1113  protected function isChangeExistingObjectsConfirmationRequired(): bool
1114  {
1115  // Role is protected
1116  if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1117  // TODO: check if recursive_list is enabled
1118  // and if yes: check if inheritance is broken for the relevant object types
1119  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1120  } else {
1121  // TODO: check if recursive_list is enabled
1122  // and if yes: check if inheritance is broken for the relevant object types
1123  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1124  }
1125  }
1126 
1131  protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1132  {
1133  $protected = false;
1134  if ($this->http->wrapper()->post()->has('protected')) {
1135  $protected = $this->http->wrapper()->post()->retrieve(
1136  'protected',
1137  $this->refinery->kindlyTo()->bool()
1138  );
1139  }
1140  $form = new ilPropertyFormGUI();
1141  $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1142  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1143 
1144  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1145  $form->addCommandButton('perm', $this->lng->txt('cancel'));
1146 
1147  $hidden = new ilHiddenInputGUI('type_filter');
1148  $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1149  $form->addItem($hidden);
1150 
1151  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1152 
1153  if ($protected) {
1154  $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1155  $keep = new ilRadioOption(
1156  $this->lng->txt('rbac_keep_local_policies'),
1157  (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1158  $this->lng->txt('rbac_keep_local_policies_info')
1159  );
1160  } else {
1161  $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1162  $keep = new ilRadioOption(
1163  $this->lng->txt('rbac_keep_local_policies'),
1164  (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1165  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1166  );
1167  }
1168  $rad->addOption($keep);
1169 
1170  if ($protected) {
1171  $del = new ilRadioOption(
1172  $this->lng->txt('rbac_delete_local_policies'),
1173  (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1174  $this->lng->txt('rbac_delete_local_policies_info')
1175  );
1176  } else {
1177  $del = new ilRadioOption(
1178  $this->lng->txt('rbac_delete_local_policies'),
1179  (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1180  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1181  );
1182  }
1183  $rad->addOption($del);
1184 
1185  $form->addItem($rad);
1186  $this->tpl->setContent($form->getHTML());
1187  }
1188 
1189  protected function changeExistingObjectsObject(): void
1190  {
1191  $mode = 0;
1192  if ($this->http->wrapper()->post()->has('mode')) {
1193  $mode = $this->http->wrapper()->post()->retrieve(
1194  'mode',
1195  $this->refinery->kindlyTo()->int()
1196  );
1197  }
1198  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1199 
1200  $type_filter = [];
1201  if ($this->http->wrapper()->post()->has('type_filter')) {
1202  $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1203  'type_filter',
1204  $this->refinery->kindlyTo()->string()
1205  );
1206  $type_filter = json_decode(
1207  $serialized_type_filter,
1208  true
1209  );
1210  }
1211 
1212  $this->object->changeExistingObjects($start, $mode, $type_filter);
1213  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1214  $this->ctrl->redirect($this, 'perm');
1215  }
1216 
1217  protected function setSubTabs($a_tab): void
1218  {
1219  switch ($a_tab) {
1220  case 'default_perm_settings':
1221  if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1222  return;
1223  }
1224  $this->tabs_gui->addSubTabTarget(
1225  'rbac_repository_permissions',
1226  $this->ctrl->getLinkTarget($this, 'perm')
1227  );
1228  $this->tabs_gui->addSubTabTarget(
1229  'rbac_admin_permissions',
1230  $this->ctrl->getLinkTarget($this, 'adminPerm')
1231  );
1232  }
1233  }
1234 
1238  protected function addToClipboardObject(): void
1239  {
1240  $users = [];
1241  if ($this->http->wrapper()->post()->has('user_id')) {
1242  $users = $this->http->wrapper()->post()->retrieve(
1243  'user_id',
1244  $this->refinery->kindlyTo()->listOf(
1245  $this->refinery->kindlyTo()->int()
1246  )
1247  );
1248  }
1249  if (count($users) === 0) {
1250  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1251  $this->ctrl->redirect($this, 'userassignment');
1252  }
1253  $clip = ilUserClipboard::getInstance($this->user->getId());
1254  $clip->add($users);
1255  $clip->save();
1256 
1257  $this->lng->loadLanguageModule('user');
1258  $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1259  $this->ctrl->redirect($this, 'userassignment');
1260  }
1261 
1265  protected function addLocatorItems(): void
1266  {
1267  if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1268  $this->ctrl->setParameterByClass(
1269  "ilobjrolegui",
1270  "obj_id",
1271  $this->getRoleId()
1272  );
1273  $this->locator->addItem(
1274  ilObjRole::_getTranslation($this->object->getTitle()),
1275  $this->ctrl->getLinkTargetByClass(
1276  [
1277  "ilpermissiongui",
1278  "ilobjrolegui"
1279  ],
1280  "perm"
1281  )
1282  );
1283  }
1284  }
1285 
1290  protected function ensureRoleAccessForContext(): bool
1291  {
1292  // creation of roles
1293  if (
1294  !$this->object->getId() ||
1295  $this->object->getId() == ROLE_FOLDER_ID
1296  ) {
1297  return true;
1298  }
1299 
1300  $possible_roles = [];
1301  try {
1302  $possible_roles = $this->rbac_review->getRolesOfObject(
1303  $this->obj_ref_id,
1304  false
1305  );
1306  } catch (\InvalidArgumentException $e) {
1307  $this->logger->warning('Role access check failed: ' . $e);
1308  throw new \ilObjectException($this->lng->txt('permission_denied'));
1309  }
1310 
1311  if (!in_array($this->object->getId(), $possible_roles)) {
1312  $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1313  throw new \ilObjectException($this->lng->txt('permission_denied'));
1314  }
1315  return true;
1316  }
1317 
1318  private function buildConfirmationModal(): InterruptiveModal
1319  {
1320  $message = $this->lng->txt('rbac_role_delete_qst');
1321  if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
1322  $message .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
1323  }
1324  return $this->ui_factory->modal()->interruptive(
1325  $this->lng->txt('confirm'),
1326  $message,
1327  $this->ctrl->getFormActionByClass(self::class, 'performDeleteRole')
1328  )->withAffectedItems([
1329  $this->ui_factory->modal()->interruptiveItem()->standard(
1330  (string) $this->object->getId(),
1331  $this->object->getTitle()
1332  )
1333  ]);
1334  }
1335 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:27
ilObjRoleGUI\$ui_factory
UIFactory $ui_factory
Definition: class.ilObjRoleGUI.php:52
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilObjRoleGUI\getRoleForm
getRoleForm(bool $is_role_creation_form=false)
Definition: class.ilObjRoleGUI.php:234
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1238
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:307
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:62
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:803
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:28
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1099
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1290
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:122
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1131
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:910
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:931
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions public
Definition: class.ilObjRoleGUI.php:628
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:436
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:336
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:27
ilRbacLog\gatherTemplate
static gatherTemplate(int $role_ref_id, int $role_id)
Definition: class.ilRbacLog.php:195
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:27
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:838
ilObjRoleGUI\buildEditPage
buildEditPage(?StandardForm $form=null)
Definition: class.ilObjRoleGUI.php:409
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:576
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1113
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:196
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:610
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:48
ilRadioOption\setValue
setValue(string $a_value)
Definition: class.ilRadioOption.php:65
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:204
$DIC
global $DIC
Definition: shib_login.php:26
ilObjRoleGUI\FORM_KEY_ON_REGISTRATION_FORM
const FORM_KEY_ON_REGISTRATION_FORM
Definition: class.ilObjRoleGUI.php:40
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:68
ilias
Class ilObjForumAdministration.
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:228
ILIAS\UI\Implementation\Component\Input\withValue
withValue($value)
Get an input like this with another value displayed on the client side.
Definition: Group.php:61
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:865
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1214
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:939
ilRbacLog\add
static add(int $action, int $ref_id, array $diff, bool $source_ref_id=false)
Definition: class.ilRbacLog.php:226
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:188
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilObjRoleGUI\FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
Definition: class.ilObjRoleGUI.php:41
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:924
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
Definition: class.ilObjRoleGUI.php:993
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ?ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt(&#39;user&#39;), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:195
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:67
ilRbacLog\diffTemplate
static diffTemplate(array $old, array $new)
Definition: class.ilRbacLog.php:203
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:45
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:30
$message
$message
Definition: xapiexit.php:31
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:38
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:212
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:24
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1092
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:23
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:35
ilTable2GUI\addMultiCommand
addMultiCommand(string $a_cmd, string $a_text)
Definition: class.ilTable2GUI.php:926
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:377
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:220
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34