ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Refinery\Factory;
22use ILIAS\UI\Factory as UIFactory;
23use ILIAS\UI\Renderer;
24use ILIAS\UI\Component\Modal\Interruptive as InterruptiveModal;
25use ILIAS\UI\Component\Input\Container\Form\Standard as StandardForm;
26
35class ilObjRoleGUI extends ilObjectGUI
36{
37 private const FORM_KEY_TITLE = 'title';
38 private const FORM_KEY_DESCRIPTION = 'description';
39 private const FORM_KEY_ILIAS_ID = 'ilias_id';
40 private const FORM_KEY_ON_REGISTRATION_FORM = 'on_registration_form';
41 private const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT = 'allow_local_user_assignment';
42 private const FORM_KEY_PROTECT = 'protect';
43
44 protected int $obj_ref_id = 0;
45 protected int $obj_obj_id = 0;
46 protected string $obj_obj_type = '';
47 protected string $container_type = '';
48 protected int $role_id = 0;
49 protected ilHelpGUI $help;
50 private ilLogger $logger;
51 protected Factory $refinery;
52 protected UIFactory $ui_factory;
53 protected Renderer $ui_renderer;
54
55 public function __construct(
56 $a_data,
57 int $a_id,
58 bool $a_call_by_reference = false,
59 bool $a_prepare_output = true
60 ) {
62 global $DIC;
63
64 $this->help = $DIC['ilHelp'];
65 $this->logger = $DIC->logger()->ac();
66
67 $this->role_id = $a_id;
68 $this->refinery = $DIC['refinery'];
69 $this->ui_factory = $DIC['ui.factory'];
70 $this->ui_renderer = $DIC['ui.renderer'];
71
72 $this->type = 'role';
73
74 parent::__construct($a_data, $a_id, $a_call_by_reference, false);
75 // Add ref_id of object that contains role
76 $this->initParentRefId();
77 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
78 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
79 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
80
81 $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
82 $this->lng->loadLanguageModule('rbac');
83 }
84
85 public function executeCommand(): void
86 {
87 $this->prepareOutput();
88
89 $next_class = $this->ctrl->getNextClass($this);
90 $cmd = $this->ctrl->getCmd();
91
92 $this->ensureRoleAccessForContext();
93
94 switch ($next_class) {
95 case 'ilrepositorysearchgui':
96
97 if (!$this->access->checkAccess('edit_permission', '', $this->obj_ref_id)) {
98 $this->error->raiseError(
99 $this->lng->txt('permission_denied'),
100 $this->error->WARNING
101 );
102 }
103 $rep_search = new ilRepositorySearchGUI();
104 $rep_search->setTitle($this->lng->txt('role_add_user'));
105 $rep_search->setCallback($this, 'addUserObject');
106
107 // Set tabs
108 $this->tabs_gui->setTabActive('user_assignment');
109 $this->ctrl->setReturn($this, 'userassignment');
110 $ret = $this->ctrl->forwardCommand($rep_search);
111 break;
112
113 case 'ilexportgui':
114
115 $this->tabs_gui->setTabActive('export');
116
117 $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
118 $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
119
120 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
121 $exp->addFormat('xml');
122 $this->ctrl->forwardCommand($exp);
123 break;
124
125 case 'ilrecommendedcontentroleconfiggui':
126 $this->tabs_gui->setTabActive('rep_recommended_content');
127 $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
128 $this->ctrl->forwardCommand($ui);
129 break;
130
131 default:
132 if (!$cmd) {
133 if ($this->showDefaultPermissionSettings()) {
134 $cmd = "perm";
135 } else {
136 $cmd = 'userassignment';
137 }
138 }
139 $cmd .= "Object";
140 $this->$cmd();
141
142 break;
143 }
144 }
145
146 protected function getRoleId(): int
147 {
148 return $this->role_id;
149 }
150
151 protected function initParentRefId(): void
152 {
153 $this->obj_ref_id = 0;
154
155 if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
156 $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
157 'rolf_ref_id',
158 $this->refinery->kindlyTo()->int()
159 );
160 } elseif ($this->http->wrapper()->query()->has('ref_id')) {
161 $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
162 'ref_id',
163 $this->refinery->kindlyTo()->int()
164 );
165 }
166 }
167
168 protected function retrieveTemplatePermissionsFromPost(): array
169 {
170 $template_permissions = [];
171 if ($this->http->wrapper()->post()->has('template_perm')) {
172 $custom_transformer = $this->refinery->custom()->transformation(
173 function ($array) {
174 return $array;
175 }
176 );
177 $template_permissions = $this->http->wrapper()->post()->retrieve(
178 'template_perm',
179 $custom_transformer
180 );
181 }
182 return $template_permissions;
183 }
184
188 public function getParentRefId(): int
189 {
190 return $this->obj_ref_id;
191 }
192
196 public function getParentObjId(): int
197 {
198 return $this->obj_obj_id;
199 }
200
204 public function getParentType(): string
205 {
206 return $this->obj_obj_type;
207 }
208
212 public function getAdminTabs(): void
213 {
214 $this->getTabs();
215 }
216
220 protected function getContainerType(): string
221 {
222 return $this->container_type;
223 }
224
228 protected function showDefaultPermissionSettings(): bool
229 {
230 return $this->obj_definition->isContainer($this->getContainerType())
231 || $this->obj_definition->isAdministrationObject($this->getContainerType());
232 }
233
234 protected function getRoleForm(bool $is_role_creation_form = false): StandardForm
235 {
236 if ($this->creation_mode) {
237 $this->ctrl->setParameter($this, 'new_type', 'role');
238 }
239
240 $ff = $this->ui_factory->input()->field();
241
242 $title_validation_constraint = $this->refinery->custom()->constraint(
243 fn(string $v): bool => preg_match('/^il_.*$/', $v) ? false : true,
244 $this->lng->txt('msg_role_reserved_prefix')
245 );
246
247 $role_is_autogenerated = false;
248
249 if (!$is_role_creation_form) {
250 $role_is_autogenerated = $this->object->isAutoGenerated();
251 }
252
253 $inputs = [
254 self::FORM_KEY_TITLE => $ff->text($this->lng->txt('title'))
255 ->withMaxLength(70)
256 ->withRequired(true)
257 ->withAdditionalTransformation($title_validation_constraint)
258 ->withValue($is_role_creation_form ? '' : $this->object->getTitle())
259 ->withDisabled($role_is_autogenerated),
260 self::FORM_KEY_DESCRIPTION => $ff->textarea($this->lng->txt('description'))
261 ->withMaxLimit(4000)
262 ->withValue($is_role_creation_form ? '' : $this->object->getDescription())
263 ->withDisabled($role_is_autogenerated),
264
265 ];
266
267 if (!$is_role_creation_form) {
268 $inputs[self::FORM_KEY_ILIAS_ID] = $ff->text($this->lng->txt('ilias_id'))
269 ->withDisabled(true)
270 ->withValue('il_' . IL_INST_ID . '_'
271 . $this->object->getType() . '_' . $this->object->getId());
272 }
273
274 if ($this->obj_ref_id === ROLE_FOLDER_ID) {
275 $inputs[self::FORM_KEY_ON_REGISTRATION_FORM] = $ff->checkbox($this->lng->txt('allow_register'))
276 ->withValue($is_role_creation_form ? false : $this->object->getAllowRegister());
277 $inputs[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT] = $ff->checkbox($this->lng->txt('allow_assign_users'))
278 ->withValue($is_role_creation_form ? false : $this->object->getAssignUsersStatus());
279 }
280
281 $inputs[self::FORM_KEY_PROTECT] = $ff->checkbox($this->lng->txt('role_protect_permissions'))
282 ->withValue(
283 $is_role_creation_form
284 ? false
285 : $this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())
286 );
287
288 return $this->ui_factory->input()->container()->form()->standard(
289 $this->ctrl->getFormActionByClass(
290 self::class,
291 $is_role_creation_form ? 'save' : 'update'
292 ),
293 $inputs
294 )->withSubmitLabel(
295 $is_role_creation_form ? $this->lng->txt('role_new') : $this->lng->txt('save')
296 );
297 }
298
299 public function createObject(): void
300 {
301 if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
302 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
303 $this->ctrl->returnToParent(ilRepositoryGUI::class);
304 }
305
306 $this->tabs_gui->setBackTarget(
307 $this->lng->txt('cancel'),
308 $this->ctrl->getParentReturnByClass(self::class)
309 );
310
311 $this->tpl->setContent(
312 $this->ui_renderer->render(
313 $this->ui_factory->panel()->standard(
314 $this->lng->txt('role_new'),
315 $this->getRoleForm(true)
316 )
317 )
318 );
319 }
320
321 public function editObject(): void
322 {
323 if (!$this->checkAccess('write', 'edit_permission')) {
324 $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
325 $this->ctrl->returnToParent($this);
326 }
327 $this->tabs_gui->activateTab('edit_properties');
328
329 $this->buildEditPage();
330 }
331
336 public function saveObject(): void
337 {
338 $form = $this->getRoleForm(true)->withRequest($this->request);
339 $data = $form->getData();
340 if ($data === null) {
341 $this->tabs_gui->setBackTarget(
342 $this->lng->txt('cancel'),
343 $this->ctrl->getParentReturnByClass(self::class)
344 );
345 $this->tpl->setContent(
346 $this->ui_renderer->render(
347 $this->ui_factory->panel()->standard(
348 $this->lng->txt('role_new'),
349 $form
350 )
351 )
352 );
353 return;
354 }
355
356 $role = new ilObjRole();
357 $role->setTitle($data[self::FORM_KEY_TITLE]);
358 $role->setDescription($data[self::FORM_KEY_DESCRIPTION]);
359 $role->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
360 $role->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
361 $role->create();
362 $this->rbac_admin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
363 $this->rbac_admin->setProtected(
364 $this->obj_ref_id,
365 $role->getId(),
366 $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
367 );
368 $this->tpl->setOnScreenMessage('success', $this->lng->txt('role_added'), true);
369 $this->ctrl->setParameter($this, 'obj_id', $role->getId());
370 $this->ctrl->redirect($this, 'perm');
371 }
372
377 public function updateObject(): void
378 {
379 $form = $this->getRoleForm()->withRequest($this->request);
380 $data = $form->getData();
381 if ($data === null) {
382 $this->buildEditPage($form);
383 return;
384 }
385
386 if (isset($data[self::FORM_KEY_TITLE])) {
387 $this->object->setTitle($data[self::FORM_KEY_TITLE]);
388 }
389 if (isset($data[self::FORM_KEY_DESCRIPTION])) {
390 $this->object->setDescription($data[self::FORM_KEY_DESCRIPTION]);
391 }
392 if (isset($data[self::FORM_KEY_ON_REGISTRATION_FORM])) {
393 $this->object->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
394 }
395 if (isset($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT])) {
396 $this->object->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
397 }
398 $this->object->update();
399 $this->rbac_admin->setProtected(
400 $this->obj_ref_id,
401 $this->object->getId(),
402 $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
403 );
404
405 $this->tpl->setOnScreenMessage('success', $this->lng->txt('saved_successfully'), true);
406 $this->ctrl->redirect($this, 'edit');
407 }
408
409 private function buildEditPage(?StandardForm $form = null): void
410 {
411 $page_content = [];
412 if ($this->object->getId() != SYSTEM_ROLE_ID) {
413 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
414 if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
415 $modal = $this->buildConfirmationModal();
416 $this->toolbar->addComponent(
417 $this->ui_factory->button()->standard(
418 $this->lng->txt('rbac_delete_role'),
419 $modal->getShowSignal()
420 )
421 );
422 $page_content[] = $modal;
423 }
424 }
425
426 $page_content[] = $this->ui_factory->panel()->standard(
427 $this->lng->txt('role_edit'),
428 $form ?? $this->getRoleForm()
429 );
430
431 $this->tpl->setContent(
432 $this->ui_renderer->render($page_content)
433 );
434 }
435
436 protected function permObject(bool $a_show_admin_permissions = false): void
437 {
438 $this->tabs_gui->setTabActive('default_perm_settings');
439
440 $this->setSubTabs('default_perm_settings');
441
442 if (!$this->checkAccess('write', 'edit_permission')) {
443 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
444 $this->ctrl->returnToParent($this);
445 }
446
447 if ($a_show_admin_permissions) {
448 $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
449 } else {
450 $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
451 }
452
453 $this->tpl->addBlockFile(
454 'ADM_CONTENT',
455 'adm_content',
456 'tpl.rbac_template_permissions.html',
457 'components/ILIAS/AccessControl'
458 );
459
460 if ($this->object->getId() !== SYSTEM_ROLE_ID) {
461 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
462 $this->toolbar->addComponent(
463 $this->ui_factory->link()->standard(
464 $this->lng->txt("adopt_perm_from_template"),
465 $this->ctrl->getLinkTarget($this, 'adoptPerm')
466 )
467 );
468 if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
469 $modal = $this->buildConfirmationModal();
470 $this->toolbar->addComponent(
471 $this->ui_factory->button()->standard(
472 $this->lng->txt('rbac_delete_role'),
473 $modal->getShowSignal()
474 )
475 );
476 $this->tpl->setVariable('DELETION_MODAL', $this->ui_renderer->render($modal));
477 }
478 }
479
480 $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
481
482 $acc = new ilAccordionGUI();
483 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
484 $acc->setId('template_perm_' . $this->getParentRefId());
485
486 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
487 if ($a_show_admin_permissions) {
488 $subs = ilObjRole::getSubObjects('adm', true);
489 } else {
490 $subs = ilObjRole::getSubObjects('root', false);
491 }
492 } else {
493 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
494 }
495
496 foreach ($subs as $subtype => $def) {
497 $tbl = new ilObjectRoleTemplatePermissionTableGUI(
498 $this,
499 'perm',
500 $this->getParentRefId(),
501 $this->object->getId(),
502 $subtype,
503 $a_show_admin_permissions
504 );
505 $tbl->parse();
506
507 $acc->addItem($def['translation'], $tbl->getHTML());
508 }
509
510 $this->tpl->setVariable('ACCORDION', $acc->getHTML());
511
512 // Add options table
513 $options = new ilObjectRoleTemplateOptionsTableGUI(
514 $this,
515 'perm',
516 $this->obj_ref_id,
517 $this->object->getId(),
518 $a_show_admin_permissions
519 );
520 if ($this->object->getId() != SYSTEM_ROLE_ID) {
521 $options->addMultiCommand(
522 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
523 $this->lng->txt('save')
524 );
525 }
526
527 $options->parse();
528 $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
529 }
530
531 protected function adminPermObject(): void
532 {
533 $this->permObject(true);
534 }
535
536 protected function adminPermSaveObject(): void
537 {
538 $this->permSaveObject(true);
539 }
540
541 protected function adoptPermObject(): void
542 {
543 $output = [];
544 $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
545
546 $this->tabs_gui->clearTargets();
547
548 $ids = [];
549 foreach (array_keys($parent_role_ids) as $id) {
550 $ids[] = $id;
551 }
552 // Sort ids
553 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
554 $key = 0;
555 foreach ($sorted_ids as $id) {
556 $par = $parent_role_ids[$id];
557 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
558 $output[$key]["role_id"] = $par["obj_id"];
559 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
560 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
561 $output[$key]["role_desc"] = $par["desc"];
562 $key++;
563 }
564 }
565
566 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
567 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
568 $tbl->setData($output);
569
570 $this->tpl->setContent($tbl->getHTML());
571 }
572
576 protected function confirmDeleteRoleObject(): void
577 {
578 $this->tabs_gui->clearTargets();
579
580 if (!$this->checkAccess('visible,write', 'edit_permission')) {
581 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
582 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
583 }
584
585 $question = $this->lng->txt('rbac_role_delete_qst');
586 if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
587 $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
588 }
589 $this->tpl->setOnScreenMessage('question', $question);
590
591 $confirm = new ilConfirmationGUI();
592 $confirm->setFormAction($this->ctrl->getFormAction($this));
593 $confirm->setHeaderText($question);
594 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
595 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
596
597 $confirm->addItem(
598 'role',
599 (string) $this->object->getId(),
600 ilObjRole::_getTranslation($this->object->getTitle()),
601 ilUtil::getImagePath('standard/icon_role.svg')
602 );
603
604 $this->tpl->setContent($confirm->getHTML());
605 }
606
610 protected function performDeleteRoleObject(): void
611 {
612 if (!$this->checkAccess('visible,write', 'edit_permission')) {
613 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
614 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
615 }
616
617 $this->object->setParent($this->obj_ref_id);
618 $this->object->delete();
619 $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
620
621 $this->ctrl->returnToParent($this);
622 }
623
628 public function permSaveObject(bool $a_show_admin_permissions = false): void
629 {
630 if (!$this->checkAccess('visible,write', 'edit_permission')) {
631 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
632 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
633 }
634
635 // rbac log
636 $rbac_log_active = ilRbacLog::isActive();
637 if ($rbac_log_active) {
638 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
639 }
640
641 // delete all template entries of enabled types
642 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
643 if ($a_show_admin_permissions) {
644 $subs = ilObjRole::getSubObjects('adm', true);
645 } else {
646 $subs = ilObjRole::getSubObjects('root', false);
647 }
648 } else {
649 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
650 }
651
652 foreach (array_keys($subs) as $subtype) {
653 // Delete per object type
654 $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
655 }
656
657 $template_permissions = $this->retrieveTemplatePermissionsFromPost();
658 foreach ($template_permissions as $key => $ops_array) {
659 // sets new template permissions
660 $this->rbac_admin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
661 }
662
663 if ($rbac_log_active) {
664 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
665 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
666 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
667 }
668
669 // update object data entry (to update last modification date)
670 $this->object->update();
671
672 // set protected flag
673 $protected = false;
674 if ($this->http->wrapper()->post()->has('protected')) {
675 $protected = $this->http->wrapper()->post()->retrieve(
676 'protected',
677 $this->refinery->kindlyTo()->bool()
678 );
679 }
680 if (
681 $this->obj_ref_id == ROLE_FOLDER_ID ||
682 $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
683 $this->rbac_admin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
684 }
685 $recursive = false;
686 if ($this->http->wrapper()->post()->has('recursive')) {
687 $recursive = $this->http->wrapper()->post()->retrieve(
688 'recursive',
689 $this->refinery->kindlyTo()->bool()
690 );
691 }
692 // aka change existing object for specific object types
693 $recursive_list = [];
694 if ($this->http->wrapper()->post()->has('recursive_list')) {
695 $recursive_list = $this->http->wrapper()->post()->retrieve(
696 'recursive_list',
697 $this->refinery->kindlyTo()->listOf(
698 $this->refinery->kindlyTo()->string()
699 )
700 );
701 }
702 if ($a_show_admin_permissions) {
703 $recursive = true;
704 }
705
706 // Redirect if Change existing objects is not chosen
707 if (!$recursive && !count($recursive_list)) {
708 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
709 if ($a_show_admin_permissions) {
710 $this->ctrl->redirect($this, 'adminPerm');
711 } else {
712 $this->ctrl->redirect($this, 'perm');
713 }
714 }
715 // New implementation
716 if (
717 ($recursive || count($recursive_list)) &&
718 $this->isChangeExistingObjectsConfirmationRequired() &&
719 !$a_show_admin_permissions
720 ) {
721 $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
722 return;
723 }
724
725 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
726 if ($a_show_admin_permissions) {
727 $start = $this->tree->getParentId($this->obj_ref_id);
728 }
729
730 if ($protected) {
731 $this->object->changeExistingObjects(
732 $start,
733 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
734 ['all'],
735 []
736 );
737 } else {
738 $this->object->changeExistingObjects(
739 $start,
740 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
741 ['all'],
742 []
743 );
744 }
745 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
746
747 if ($a_show_admin_permissions) {
748 $this->ctrl->redirect($this, 'adminPerm');
749 } else {
750 $this->ctrl->redirect($this, 'perm');
751 }
752 }
753
754 public function adoptPermSaveObject(): void
755 {
756 $source = 0;
757 if ($this->http->wrapper()->post()->has('adopt')) {
758 $source = $this->http->wrapper()->post()->retrieve(
759 'adopt',
760 $this->refinery->kindlyTo()->int()
761 );
762 }
763
764 if (!$source) {
765 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
766 $this->adoptPermObject();
767 return;
768 }
769
770 $access = $this->checkAccess('visible,write', 'edit_permission');
771 if (!$access) {
772 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
773 }
774 if ($this->object->getId() == $source) {
775 $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
776 } else {
777 $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
778 $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
779 $this->rbac_admin->copyRoleTemplatePermissions(
780 $source,
781 $parentRoles[$source]["parent"],
782 $this->obj_ref_id,
783 $this->object->getId(),
784 false
785 );
786
787 // update object data entry (to update last modification date)
788 $this->object->update();
789
790 // send info
791 $title = ilObject::_lookupTitle($source);
792 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
793 ilObjRole::_getTranslation($title) . "'.<br/>" .
794 $this->lng->txt("msg_perm_adopted_from2"), true);
795 }
796
797 $this->ctrl->redirect($this, "perm");
798 }
799
803 public function addUserObject(array $a_user_ids): void
804 {
805 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
806 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
807 return;
808 }
809 if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
810 $this->obj_ref_id != ROLE_FOLDER_ID) {
811 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
812 return;
813 }
814 if ($a_user_ids === []) {
815 $this->lng->loadLanguageModule('search');
816 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
817 return;
818 }
819
820 $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
821
822 // users to assign
823 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
824
825 // selected users all already assigned. stop
826 if (count($assigned_users_new) == 0) {
827 $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
828 $this->ctrl->redirect($this, 'userassignment');
829 }
830
831 // assign new users
832 foreach ($assigned_users_new as $user_id) {
833 if ($user_id === ANONYMOUS_USER_ID) {
834 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
835 return;
836 }
837 $this->rbac_admin->assignUser($this->object->getId(), $user_id, false);
838 }
839
840 // update object data entry (to update last modification date)
841 $this->object->update();
842
843 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
844 $this->ctrl->redirect($this, 'userassignment');
845 }
846
847 public function deassignUserObject(): void
848 {
849 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
850 $this->ilias->raiseError(
851 $this->lng->txt("msg_no_perm_assign_user_to_role"),
852 $this->ilias->error_obj->MESSAGE
853 );
854 }
855
856 $selected_users = [];
857 if ($this->http->wrapper()->query()->has('user_id')) {
858 $selected_users = [
859 $this->http->wrapper()->query()->retrieve(
860 'user_id',
861 $this->refinery->kindlyTo()->int()
862 )
863 ];
864 }
865 if ($this->http->wrapper()->post()->has('user_id')) {
866 $selected_users = $this->http->wrapper()->post()->retrieve(
867 'user_id',
868 $this->refinery->kindlyTo()->listOf(
869 $this->refinery->kindlyTo()->int()
870 )
871 );
872 }
873 if (count($selected_users) === 0) {
874 $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
875 }
876
877 // prevent unassignment of system user from system role
878 if ($this->object->getId() == SYSTEM_ROLE_ID) {
879 if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
880 unset($selected_users[$admin]);
881 }
882 }
883
884 // check for each user if the current role is his last global role before deassigning him
885 $last_role = [];
886 $global_roles = $this->rbac_review->getGlobalRoles();
887 foreach ($selected_users as $user) {
888 $assigned_roles = $this->rbac_review->assignedRoles($user);
889 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
890
891 if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
892 $this->object->getId(),
893 $assigned_global_roles
894 )) {
895 $userObj = new ilObjUser($user);
896 $last_role[$user] = $userObj->getFullName();
897 unset($userObj);
898 }
899 }
900
901 // ... else perform deassignment
902 foreach ($selected_users as $user) {
903 if (!isset($last_role[$user])) {
904 $this->rbac_admin->deassignUser($this->object->getId(), $user);
905 }
906 }
907
908 // update object data entry (to update last modification date)
909 $this->object->update();
910
911 // raise error if last role was taken from a user...
912 if ($last_role !== []) {
913 $user_list = implode(", ", $last_role);
914 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
915 } else {
916 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
917 }
918 $this->ctrl->redirect($this, 'userassignment');
919 }
920
924 public function userassignmentObject(): void
925 {
926 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
927 $this->tpl->setOnScreenMessage(
928 $this->lng->txt("msg_no_perm_assign_user_to_role"),
929 );
930 return;
931 }
932
933 $this->tabs_gui->setTabActive('user_assignment');
934
935 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'components/ILIAS/AccessControl');
936
937 $tb = new ilToolbarGUI();
938
939 // protected admin role
940 if ($this->object->getId() != SYSTEM_ROLE_ID
941 || ($this->rbac_review->isAssigned($this->user->getId(), SYSTEM_ROLE_ID)
942 || !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) {
943 // add member
944 ilRepositorySearchGUI::fillAutoCompleteToolbar(
945 $this,
946 $tb,
947 [
948 'auto_complete_name' => $this->lng->txt('user'),
949 'submit_name' => $this->lng->txt('add')
950 ]
951 );
952
953 $tb->addSpacer();
954
955 $tb->addComponent(
956 $this->ui_factory->link()->standard(
957 $this->lng->txt('search_user'),
958 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
959 )
960 );
961 $tb->addSpacer();
962 }
963
964 $tb->addComponent(
965 $this->ui_factory->link()->standard(
966 $this->lng->txt('role_mailto'),
967 $this->ctrl->getLinkTarget($this, 'mailToRole')
968 )
969 );
970 $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
971
972 $role_assignment_editable = true;
973 if (
974 $this->object->getId() == SYSTEM_ROLE_ID &&
975 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($this->user->getId())) {
976 $role_assignment_editable = false;
977 }
978 $ut = new ilAssignedUsersTableGUI(
979 $this,
980 'userassignment',
981 $this->ui_factory,
982 $this->ui_renderer,
983 $this->object->getId(),
984 $role_assignment_editable,
985 $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
986 );
987 $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
988 }
989
993 protected function addAdminLocatorItems(bool $do_not_add_object = false): void
994 {
995 if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
996 parent::addAdminLocatorItems(true);
997
998 $this->locator->addItem(
999 $this->lng->txt('obj_' . $this->getParentType()),
1000 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1001 );
1002
1003 if ($this->object instanceof ilObjRole) {
1004 $this->locator->addItem(
1005 ilObjRole::_getTranslation($this->object->getTitle()),
1006 $this->ctrl->getLinkTarget($this, 'perm')
1007 );
1008 }
1009 } else {
1010 parent::addAdminLocatorItems($do_not_add_object);
1011 }
1012 }
1013
1014 protected function getTabs(): void
1015 {
1016 $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1017 $activate_role_edit = false;
1018
1019 // todo: activate the following (allow editing of local roles in
1020 // roles administration)
1021 if (
1022 in_array($this->obj_ref_id, $base_role_container) ||
1023 $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1024 ) {
1025 $activate_role_edit = true;
1026 }
1027
1028 // not so nice (workaround for using tabs in repository)
1029 $this->tabs_gui->clearTargets();
1030
1031 $this->help->setScreenIdComponent('role');
1032 $this->tabs_gui->setBackTarget(
1033 $this->lng->txt('btn_back'),
1034 (string) $this->ctrl->getParentReturn($this)
1035 );
1036 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1037 $this->tabs_gui->addTarget(
1038 "edit_properties",
1039 $this->ctrl->getLinkTarget($this, "edit"),
1040 ["edit", "update"],
1041 get_class($this)
1042 );
1043 }
1044 if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1045 $this->tabs_gui->addTarget(
1046 'default_perm_settings',
1047 $this->ctrl->getLinkTarget($this, 'perm'),
1048 [],
1049 get_class($this)
1050 );
1051 }
1052
1053 if ($this->checkAccess(
1054 'write',
1055 'edit_permission'
1056 ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1057 $this->tabs_gui->addTarget(
1058 'user_assignment',
1059 $this->ctrl->getLinkTarget($this, 'userassignment'),
1060 ['deassignUser', 'userassignment', 'assignUser', 'searchUserForm', 'search'],
1061 get_class($this)
1062 );
1063 }
1064
1065 if ($this->checkAccess(
1066 'write',
1067 'edit_permission'
1068 ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1069 $this->lng->loadLanguageModule('rep');
1070 $this->tabs_gui->addTarget(
1071 'rep_recommended_content',
1072 $this->ctrl->getLinkTargetByClass('ilrecommendedcontentroleconfiggui', '')
1073 );
1074 }
1075 if ($this->checkAccess('write', 'edit_permission')) {
1076 $this->tabs_gui->addTarget(
1077 'export',
1078 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1079 []
1080 );
1081 }
1082 }
1083
1084 public function mailToRoleObject(): void
1085 {
1086 $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1087
1088 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1089 if (count($obj_ids) > 1) {
1090 $mail_roles[] = '#il_role_' . $this->object->getId();
1091 } else {
1092 $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1093 }
1094 ilSession::set('mail_roles', $mail_roles);
1095 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1096 ilUtil::redirect($script);
1097 }
1098
1099 public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1100 {
1101 $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1102
1103 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1104 return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1105 } else {
1106 return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1107 }
1108 }
1109
1113 protected function isChangeExistingObjectsConfirmationRequired(): bool
1114 {
1115 // Role is protected
1116 if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1117 // TODO: check if recursive_list is enabled
1118 // and if yes: check if inheritance is broken for the relevant object types
1119 return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1120 } else {
1121 // TODO: check if recursive_list is enabled
1122 // and if yes: check if inheritance is broken for the relevant object types
1123 return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1124 }
1125 }
1126
1131 protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1132 {
1133 $protected = false;
1134 if ($this->http->wrapper()->post()->has('protected')) {
1135 $protected = $this->http->wrapper()->post()->retrieve(
1136 'protected',
1137 $this->refinery->kindlyTo()->bool()
1138 );
1139 }
1140 $form = new ilPropertyFormGUI();
1141 $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1142 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1143
1144 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1145 $form->addCommandButton('perm', $this->lng->txt('cancel'));
1146
1147 $hidden = new ilHiddenInputGUI('type_filter');
1148 $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1149 $form->addItem($hidden);
1150
1151 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1152
1153 if ($protected) {
1154 $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1155 $keep = new ilRadioOption(
1156 $this->lng->txt('rbac_keep_local_policies'),
1157 (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1158 $this->lng->txt('rbac_keep_local_policies_info')
1159 );
1160 } else {
1161 $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1162 $keep = new ilRadioOption(
1163 $this->lng->txt('rbac_keep_local_policies'),
1164 (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1165 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1166 );
1167 }
1168 $rad->addOption($keep);
1169
1170 if ($protected) {
1171 $del = new ilRadioOption(
1172 $this->lng->txt('rbac_delete_local_policies'),
1173 (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1174 $this->lng->txt('rbac_delete_local_policies_info')
1175 );
1176 } else {
1177 $del = new ilRadioOption(
1178 $this->lng->txt('rbac_delete_local_policies'),
1179 (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1180 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1181 );
1182 }
1183 $rad->addOption($del);
1184
1185 $form->addItem($rad);
1186 $this->tpl->setContent($form->getHTML());
1187 }
1188
1189 protected function changeExistingObjectsObject(): void
1190 {
1191 $mode = 0;
1192 if ($this->http->wrapper()->post()->has('mode')) {
1193 $mode = $this->http->wrapper()->post()->retrieve(
1194 'mode',
1195 $this->refinery->kindlyTo()->int()
1196 );
1197 }
1198 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1199
1200 $type_filter = [];
1201 if ($this->http->wrapper()->post()->has('type_filter')) {
1202 $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1203 'type_filter',
1204 $this->refinery->kindlyTo()->string()
1205 );
1206 $type_filter = json_decode(
1207 $serialized_type_filter,
1208 true
1209 );
1210 }
1211
1212 $this->object->changeExistingObjects($start, $mode, $type_filter);
1213 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1214 $this->ctrl->redirect($this, 'perm');
1215 }
1216
1217 protected function setSubTabs($a_tab): void
1218 {
1219 switch ($a_tab) {
1220 case 'default_perm_settings':
1221 if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1222 return;
1223 }
1224 $this->tabs_gui->addSubTabTarget(
1225 'rbac_repository_permissions',
1226 $this->ctrl->getLinkTarget($this, 'perm')
1227 );
1228 $this->tabs_gui->addSubTabTarget(
1229 'rbac_admin_permissions',
1230 $this->ctrl->getLinkTarget($this, 'adminPerm')
1231 );
1232 }
1233 }
1234
1238 protected function addToClipboardObject(): void
1239 {
1240 $users = [];
1241 if ($this->http->wrapper()->post()->has('user_id')) {
1242 $users = $this->http->wrapper()->post()->retrieve(
1243 'user_id',
1244 $this->refinery->kindlyTo()->listOf(
1245 $this->refinery->kindlyTo()->int()
1246 )
1247 );
1248 }
1249 if (count($users) === 0) {
1250 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1251 $this->ctrl->redirect($this, 'userassignment');
1252 }
1253 $clip = ilUserClipboard::getInstance($this->user->getId());
1254 $clip->add($users);
1255 $clip->save();
1256
1257 $this->lng->loadLanguageModule('user');
1258 $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1259 $this->ctrl->redirect($this, 'userassignment');
1260 }
1261
1265 protected function addLocatorItems(): void
1266 {
1267 if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1268 $this->ctrl->setParameterByClass(
1269 "ilobjrolegui",
1270 "obj_id",
1271 $this->getRoleId()
1272 );
1273 $this->locator->addItem(
1274 ilObjRole::_getTranslation($this->object->getTitle()),
1275 $this->ctrl->getLinkTargetByClass(
1276 [
1277 "ilpermissiongui",
1278 "ilobjrolegui"
1279 ],
1280 "perm"
1281 )
1282 );
1283 }
1284 }
1285
1290 protected function ensureRoleAccessForContext(): bool
1291 {
1292 // creation of roles
1293 if (
1294 !$this->object->getId() ||
1295 $this->object->getId() == ROLE_FOLDER_ID
1296 ) {
1297 return true;
1298 }
1299
1300 $possible_roles = [];
1301 try {
1302 $possible_roles = $this->rbac_review->getRolesOfObject(
1303 $this->obj_ref_id,
1304 false
1305 );
1306 } catch (\InvalidArgumentException $e) {
1307 $this->logger->warning('Role access check failed: ' . $e);
1308 throw new \ilObjectException($this->lng->txt('permission_denied'));
1309 }
1310
1311 if (!in_array($this->object->getId(), $possible_roles)) {
1312 $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1313 throw new \ilObjectException($this->lng->txt('permission_denied'));
1314 }
1315 return true;
1316 }
1317
1318 private function buildConfirmationModal(): InterruptiveModal
1319 {
1320 $message = $this->lng->txt('rbac_role_delete_qst');
1321 if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
1322 $message .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
1323 }
1324 return $this->ui_factory->modal()->interruptive(
1325 $this->lng->txt('confirm'),
1326 $message,
1327 $this->ctrl->getFormActionByClass(self::class, 'performDeleteRole')
1328 )->withAffectedItems([
1329 $this->ui_factory->modal()->interruptiveItem()->standard(
1330 (string) $this->object->getId(),
1331 $this->object->getTitle()
1332 )
1333 ]);
1334 }
1335}
ILIAS\Data\Color\Factory
Builds a Color from either hex- or rgb values.
Definition: Factory.php:31
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
error
error(string $a_errmsg)
Definition: class.ilIniFile.php:309
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:24
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:31
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:27
ilExportGUI
Export User Interface Class.
Definition: class.ilExportGUI.php:38
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:62
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:29
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:28
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:45
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:36
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:212
ilObjRoleGUI\$ui_factory
UIFactory $ui_factory
Definition: class.ilObjRoleGUI.php:52
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1131
ilObjRoleGUI\getTabs
getTabs()
@abstract overwrite in derived GUI class of your object type
Definition: class.ilObjRoleGUI.php:1014
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:436
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:610
ilObjRoleGUI\getRoleForm
getRoleForm(bool $is_role_creation_form=false)
Definition: class.ilObjRoleGUI.php:234
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:336
ilObjRoleGUI\FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
Definition: class.ilObjRoleGUI.php:41
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:993
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:377
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:924
ilObjRoleGUI\FORM_KEY_ON_REGISTRATION_FORM
const FORM_KEY_ON_REGISTRATION_FORM
Definition: class.ilObjRoleGUI.php:40
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1290
ilObjRoleGUI\addLocatorItems
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:1265
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:204
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:220
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:803
ilObjRoleGUI\buildEditPage
buildEditPage(?StandardForm $form=null)
Definition: class.ilObjRoleGUI.php:409
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:228
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1099
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:576
ilObjRoleGUI\createObject
createObject()
create new object form
Definition: class.ilObjRoleGUI.php:299
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:188
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1113
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions @access public
Definition: class.ilObjRoleGUI.php:628
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:196
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1238
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:27
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjUser
User class.
Definition: class.ilObjUser.php:46
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:49
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:67
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:307
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:874
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:28
ilRbacLog\diffTemplate
static diffTemplate(array $old, array $new)
Definition: class.ilRbacLog.php:203
ilRbacLog\add
static add(int $action, int $ref_id, array $diff, bool $source_ref_id=false)
Definition: class.ilRbacLog.php:226
ilRbacLog\gatherTemplate
static gatherTemplate(int $role_ref_id, int $role_id)
Definition: class.ilRbacLog.php:195
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:38
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:122
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:25
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ?ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt('user'), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:195
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:28
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:68
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:915
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1219
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:944
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ILIAS\UI\Component\Input\Container\Form\Standard
This describes a standard form.
Definition: Standard.php:29
ILIAS\UI\Renderer
An entity that renders components to a string output.
Definition: Renderer.php:31
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
ilias
Class ilObjForumAdministration.
$DIC
global $DIC
Definition: shib_login.php:26
$message
$message
Definition: xapiexit.php:31