ILIAS  trunk Revision v11.0_alpha-1689-g66c127b4ae8
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilObjRoleGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\HTTP\GlobalHttpState;
22 use ILIAS\Refinery\Factory;
23 use ILIAS\UI\Factory as UIFactory;
24 use ILIAS\UI\Renderer;
25 use ILIAS\UI\Component\Modal\Interruptive as InterruptiveModal;
26 use ILIAS\UI\Component\Input\Container\Form\Standard as StandardForm;
27 
36 class ilObjRoleGUI extends ilObjectGUI
37 {
38  private const FORM_KEY_TITLE = 'title';
39  private const FORM_KEY_DESCRIPTION = 'description';
40  private const FORM_KEY_ILIAS_ID = 'ilias_id';
41  private const FORM_KEY_ON_REGISTRATION_FORM = 'on_registration_form';
42  private const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT = 'allow_local_user_assignment';
43  private const FORM_KEY_PROTECT = 'protect';
44 
45  protected int $obj_ref_id = 0;
46  protected int $obj_obj_id = 0;
47  protected string $obj_obj_type = '';
48  protected string $container_type = '';
49  protected int $role_id = 0;
50  protected ilHelpGUI $help;
51  private ilLogger $logger;
52  private GlobalHttpState $http;
53  protected Factory $refinery;
54  protected UIFactory $ui_factory;
55  protected Renderer $ui_renderer;
56 
57  public function __construct(
58  $a_data,
59  int $a_id,
60  bool $a_call_by_reference = false,
61  bool $a_prepare_output = true
62  ) {
64  global $DIC;
65 
66  $this->help = $DIC['ilHelp'];
67  $this->logger = $DIC->logger()->ac();
68 
69  $this->role_id = $a_id;
70  $this->http = $DIC['http'];
71  $this->refinery = $DIC['refinery'];
72  $this->ui_factory = $DIC['ui.factory'];
73  $this->ui_renderer = $DIC['ui.renderer'];
74 
75  // Add ref_id of object that contains role
76  $this->initParentRefId();
77  $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
78  $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
79  $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
80 
81  $this->type = "role";
82  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
83  $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
84  $this->lng->loadLanguageModule('rbac');
85  }
86 
87  public function executeCommand(): void
88  {
89  $this->prepareOutput();
90 
91  $next_class = $this->ctrl->getNextClass($this);
92  $cmd = $this->ctrl->getCmd();
93 
94  $this->ensureRoleAccessForContext();
95 
96  switch ($next_class) {
97  case 'ilrepositorysearchgui':
98 
99  if (!$this->access->checkAccess('edit_permission', '', $this->obj_ref_id)) {
100  $this->error->raiseError(
101  $this->lng->txt('permission_denied'),
102  $this->error->WARNING
103  );
104  }
105  $rep_search = new ilRepositorySearchGUI();
106  $rep_search->setTitle($this->lng->txt('role_add_user'));
107  $rep_search->setCallback($this, 'addUserObject');
108 
109  // Set tabs
110  $this->tabs_gui->setTabActive('user_assignment');
111  $this->ctrl->setReturn($this, 'userassignment');
112  $ret = $this->ctrl->forwardCommand($rep_search);
113  break;
114 
115  case 'ilexportgui':
116 
117  $this->tabs_gui->setTabActive('export');
118 
119  $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
120  $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
121 
122  $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()));
123  $exp->addFormat('xml');
124  $this->ctrl->forwardCommand($exp);
125  break;
126 
127  case 'ilrecommendedcontentroleconfiggui':
128  $this->tabs_gui->setTabActive('rep_recommended_content');
129  $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
130  $this->ctrl->forwardCommand($ui);
131  break;
132 
133  default:
134  if (!$cmd) {
135  if ($this->showDefaultPermissionSettings()) {
136  $cmd = "perm";
137  } else {
138  $cmd = 'userassignment';
139  }
140  }
141  $cmd .= "Object";
142  $this->$cmd();
143 
144  break;
145  }
146  }
147 
148  protected function getRoleId(): int
149  {
150  return $this->role_id;
151  }
152 
153  protected function initParentRefId(): void
154  {
155  $this->obj_ref_id = 0;
156 
157  if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
158  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
159  'rolf_ref_id',
160  $this->refinery->kindlyTo()->int()
161  );
162  } elseif ($this->http->wrapper()->query()->has('ref_id')) {
163  $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
164  'ref_id',
165  $this->refinery->kindlyTo()->int()
166  );
167  }
168  }
169 
170  protected function retrieveTemplatePermissionsFromPost(): array
171  {
172  $template_permissions = [];
173  if ($this->http->wrapper()->post()->has('template_perm')) {
174  $custom_transformer = $this->refinery->custom()->transformation(
175  function ($array) {
176  return $array;
177  }
178  );
179  $template_permissions = $this->http->wrapper()->post()->retrieve(
180  'template_perm',
181  $custom_transformer
182  );
183  }
184  return $template_permissions;
185  }
186 
190  public function getParentRefId(): int
191  {
192  return $this->obj_ref_id;
193  }
194 
198  public function getParentObjId(): int
199  {
200  return $this->obj_obj_id;
201  }
202 
206  public function getParentType(): string
207  {
208  return $this->obj_obj_type;
209  }
210 
214  public function getAdminTabs(): void
215  {
216  $this->getTabs();
217  }
218 
222  protected function getContainerType(): string
223  {
224  return $this->container_type;
225  }
226 
230  protected function showDefaultPermissionSettings(): bool
231  {
232  return $this->obj_definition->isContainer($this->getContainerType())
233  || $this->obj_definition->isAdministrationObject($this->getContainerType());
234  }
235 
236  protected function getRoleForm(bool $is_role_creation_form = false): StandardForm
237  {
238  if ($this->creation_mode) {
239  $this->ctrl->setParameter($this, 'new_type', 'role');
240  }
241 
242  $ff = $this->ui_factory->input()->field();
243 
244  $title_validation_constraint = $this->refinery->custom()->constraint(
245  fn(string $v): bool => preg_match('/^il_.*$/', $v) ? false : true,
246  $this->lng->txt('msg_role_reserved_prefix')
247  );
248 
249  $role_is_autogenerated = false;
250 
251  if (!$is_role_creation_form) {
252  $role_is_autogenerated = $this->object->isAutoGenerated();
253  }
254 
255  $inputs = [
256  self::FORM_KEY_TITLE => $ff->text($this->lng->txt('title'))
257  ->withMaxLength(70)
258  ->withRequired(true)
259  ->withAdditionalTransformation($title_validation_constraint)
260  ->withValue($is_role_creation_form ? '' : $this->object->getTitle())
261  ->withDisabled($role_is_autogenerated),
262  self::FORM_KEY_DESCRIPTION => $ff->textarea($this->lng->txt('description'))
263  ->withMaxLimit(4000)
264  ->withValue($is_role_creation_form ? '' : $this->object->getDescription())
265  ->withDisabled($role_is_autogenerated),
266 
267  ];
268 
269  if (!$is_role_creation_form) {
270  $inputs[self::FORM_KEY_ILIAS_ID] = $ff->text($this->lng->txt('ilias_id'))
271  ->withDisabled(true)
272  ->withValue('il_' . IL_INST_ID . '_'
273  . $this->object->getType() . '_' . $this->object->getId());
274  }
275 
276  if ($this->obj_ref_id === ROLE_FOLDER_ID) {
277  $inputs[self::FORM_KEY_ON_REGISTRATION_FORM] = $ff->checkbox($this->lng->txt('allow_register'))
278  ->withValue($is_role_creation_form ? false : $this->object->getAllowRegister());
279  $inputs[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT] = $ff->checkbox($this->lng->txt('allow_assign_users'))
280  ->withValue($is_role_creation_form ? false : $this->object->getAssignUsersStatus());
281  }
282 
283  $inputs[self::FORM_KEY_PROTECT] = $ff->checkbox($this->lng->txt('role_protect_permissions'))
284  ->withValue(
285  $is_role_creation_form
286  ? false
287  : $this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())
288  );
289 
290  return $this->ui_factory->input()->container()->form()->standard(
291  $this->ctrl->getFormActionByClass(
292  self::class,
293  $is_role_creation_form ? 'save' : 'update'
294  ),
295  $inputs
296  )->withSubmitLabel(
297  $is_role_creation_form ? $this->lng->txt('role_new') : $this->lng->txt('save')
298  );
299  }
300 
301  public function createObject(): void
302  {
303  if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
304  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
305  $this->ctrl->returnToParent(ilRepositoryGUI::class);
306  }
307 
308  $this->tabs_gui->setBackTarget(
309  $this->lng->txt('cancel'),
310  $this->ctrl->getParentReturnByClass(self::class)
311  );
312 
313  $this->tpl->setContent(
314  $this->ui_renderer->render(
315  $this->ui_factory->panel()->standard(
316  $this->lng->txt('role_new'),
317  $this->getRoleForm(true)
318  )
319  )
320  );
321  }
322 
323  public function editObject(): void
324  {
325  if (!$this->checkAccess('write', 'edit_permission')) {
326  $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
327  $this->ctrl->returnToParent($this);
328  }
329  $this->tabs_gui->activateTab('edit_properties');
330 
331  $this->buildEditPage();
332  }
333 
338  public function saveObject(): void
339  {
340  $form = $this->getRoleForm(true)->withRequest($this->request);
341  $data = $form->getData();
342  if ($data === null) {
343  $this->tabs_gui->setBackTarget(
344  $this->lng->txt('cancel'),
345  $this->ctrl->getParentReturnByClass(self::class)
346  );
347  $this->tpl->setContent(
348  $this->ui_renderer->render(
349  $this->ui_factory->panel()->standard(
350  $this->lng->txt('role_new'),
351  $form
352  )
353  )
354  );
355  return;
356  }
357 
358  $role = new ilObjRole();
359  $role->setTitle($data[self::FORM_KEY_TITLE]);
360  $role->setDescription($data[self::FORM_KEY_DESCRIPTION]);
361  $role->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
362  $role->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
363  $role->create();
364  $this->rbac_admin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
365  $this->rbac_admin->setProtected(
366  $this->obj_ref_id,
367  $role->getId(),
368  $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
369  );
370  $this->tpl->setOnScreenMessage('success', $this->lng->txt('role_added'), true);
371  $this->ctrl->setParameter($this, 'obj_id', $role->getId());
372  $this->ctrl->redirect($this, 'perm');
373  }
374 
379  public function updateObject(): void
380  {
381  $form = $this->getRoleForm()->withRequest($this->request);
382  $data = $form->getData();
383  if ($data === null) {
384  $this->buildEditPage($form);
385  return;
386  }
387 
388  if (isset($data[self::FORM_KEY_TITLE])) {
389  $this->object->setTitle($data[self::FORM_KEY_TITLE]);
390  }
391  if (isset($data[self::FORM_KEY_DESCRIPTION])) {
392  $this->object->setDescription($data[self::FORM_KEY_DESCRIPTION]);
393  }
394  if (isset($data[self::FORM_KEY_ON_REGISTRATION_FORM])) {
395  $this->object->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
396  }
397  if (isset($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT])) {
398  $this->object->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
399  }
400  $this->object->update();
401  $this->rbac_admin->setProtected(
402  $this->obj_ref_id,
403  $this->object->getId(),
404  $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
405  );
406 
407  $this->tpl->setOnScreenMessage('success', $this->lng->txt('saved_successfully'), true);
408  $this->ctrl->redirect($this, 'edit');
409  }
410 
411  private function buildEditPage(?StandardForm $form = null): void
412  {
413  $page_content = [];
414  if ($this->object->getId() != SYSTEM_ROLE_ID) {
415  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
416  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
417  $modal = $this->buildConfirmationModal();
418  $this->toolbar->addComponent(
419  $this->ui_factory->button()->standard(
420  $this->lng->txt('rbac_delete_role'),
421  $modal->getShowSignal()
422  )
423  );
424  $page_content[] = $modal;
425  }
426  }
427 
428  $page_content[] = $this->ui_factory->panel()->standard(
429  $this->lng->txt('role_edit'),
430  $form ?? $this->getRoleForm()
431  );
432 
433  $this->tpl->setContent(
434  $this->ui_renderer->render($page_content)
435  );
436  }
437 
438  protected function permObject(bool $a_show_admin_permissions = false): void
439  {
440  $this->tabs_gui->setTabActive('default_perm_settings');
441 
442  $this->setSubTabs('default_perm_settings');
443 
444  if (!$this->checkAccess('write', 'edit_permission')) {
445  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
446  $this->ctrl->returnToParent($this);
447  }
448 
449  if ($a_show_admin_permissions) {
450  $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
451  } else {
452  $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
453  }
454 
455  $this->tpl->addBlockFile(
456  'ADM_CONTENT',
457  'adm_content',
458  'tpl.rbac_template_permissions.html',
459  'components/ILIAS/AccessControl'
460  );
461 
462  if ($this->object->getId() !== SYSTEM_ROLE_ID) {
463  $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
464  $this->toolbar->addComponent(
465  $this->ui_factory->link()->standard(
466  $this->lng->txt("adopt_perm_from_template"),
467  $this->ctrl->getLinkTarget($this, 'adoptPerm')
468  )
469  );
470  if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
471  $modal = $this->buildConfirmationModal();
472  $this->toolbar->addComponent(
473  $this->ui_factory->button()->standard(
474  $this->lng->txt('rbac_delete_role'),
475  $modal->getShowSignal()
476  )
477  );
478  $this->tpl->setVariable('DELETION_MODAL', $this->ui_renderer->render($modal));
479  }
480  }
481 
482  $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
483 
484  $acc = new ilAccordionGUI();
485  $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
486  $acc->setId('template_perm_' . $this->getParentRefId());
487 
488  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
489  if ($a_show_admin_permissions) {
490  $subs = ilObjRole::getSubObjects('adm', true);
491  } else {
492  $subs = ilObjRole::getSubObjects('root', false);
493  }
494  } else {
495  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
496  }
497 
498  foreach ($subs as $subtype => $def) {
499  $tbl = new ilObjectRoleTemplatePermissionTableGUI(
500  $this,
501  'perm',
502  $this->getParentRefId(),
503  $this->object->getId(),
504  $subtype,
505  $a_show_admin_permissions
506  );
507  $tbl->parse();
508 
509  $acc->addItem($def['translation'], $tbl->getHTML());
510  }
511 
512  $this->tpl->setVariable('ACCORDION', $acc->getHTML());
513 
514  // Add options table
515  $options = new ilObjectRoleTemplateOptionsTableGUI(
516  $this,
517  'perm',
518  $this->obj_ref_id,
519  $this->object->getId(),
520  $a_show_admin_permissions
521  );
522  if ($this->object->getId() != SYSTEM_ROLE_ID) {
523  $options->addMultiCommand(
524  $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
525  $this->lng->txt('save')
526  );
527  }
528 
529  $options->parse();
530  $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
531  }
532 
533  protected function adminPermObject(): void
534  {
535  $this->permObject(true);
536  }
537 
538  protected function adminPermSaveObject(): void
539  {
540  $this->permSaveObject(true);
541  }
542 
543  protected function adoptPermObject(): void
544  {
545  $output = [];
546  $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
547 
548  $this->tabs_gui->clearTargets();
549 
550  $ids = [];
551  foreach (array_keys($parent_role_ids) as $id) {
552  $ids[] = $id;
553  }
554  // Sort ids
555  $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
556  $key = 0;
557  foreach ($sorted_ids as $id) {
558  $par = $parent_role_ids[$id];
559  if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
560  $output[$key]["role_id"] = $par["obj_id"];
561  $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
562  $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
563  $output[$key]["role_desc"] = $par["desc"];
564  $key++;
565  }
566  }
567 
568  $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
569  $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
570  $tbl->setData($output);
571 
572  $this->tpl->setContent($tbl->getHTML());
573  }
574 
578  protected function confirmDeleteRoleObject(): void
579  {
580  $this->tabs_gui->clearTargets();
581 
582  if (!$this->checkAccess('visible,write', 'edit_permission')) {
583  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
584  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
585  }
586 
587  $question = $this->lng->txt('rbac_role_delete_qst');
588  if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
589  $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
590  }
591  $this->tpl->setOnScreenMessage('question', $question);
592 
593  $confirm = new ilConfirmationGUI();
594  $confirm->setFormAction($this->ctrl->getFormAction($this));
595  $confirm->setHeaderText($question);
596  $confirm->setCancel($this->lng->txt('cancel'), 'perm');
597  $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
598 
599  $confirm->addItem(
600  'role',
601  (string) $this->object->getId(),
602  ilObjRole::_getTranslation($this->object->getTitle()),
603  ilUtil::getImagePath('standard/icon_role.svg')
604  );
605 
606  $this->tpl->setContent($confirm->getHTML());
607  }
608 
612  protected function performDeleteRoleObject(): void
613  {
614  if (!$this->checkAccess('visible,write', 'edit_permission')) {
615  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
616  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
617  }
618 
619  $this->object->setParent($this->obj_ref_id);
620  $this->object->delete();
621  $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
622 
623  $this->ctrl->returnToParent($this);
624  }
625 
630  public function permSaveObject(bool $a_show_admin_permissions = false): void
631  {
632  if (!$this->checkAccess('visible,write', 'edit_permission')) {
633  $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
634  $this->ctrl->redirectByClass(ilRepositoryGUI::class);
635  }
636 
637  // rbac log
638  $rbac_log_active = ilRbacLog::isActive();
639  if ($rbac_log_active) {
640  $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
641  }
642 
643  // delete all template entries of enabled types
644  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
645  if ($a_show_admin_permissions) {
646  $subs = ilObjRole::getSubObjects('adm', true);
647  } else {
648  $subs = ilObjRole::getSubObjects('root', false);
649  }
650  } else {
651  $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
652  }
653 
654  foreach (array_keys($subs) as $subtype) {
655  // Delete per object type
656  $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
657  }
658 
659  $template_permissions = $this->retrieveTemplatePermissionsFromPost();
660  foreach ($template_permissions as $key => $ops_array) {
661  // sets new template permissions
662  $this->rbac_admin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
663  }
664 
665  if ($rbac_log_active) {
666  $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
667  $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
668  ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
669  }
670 
671  // update object data entry (to update last modification date)
672  $this->object->update();
673 
674  // set protected flag
675  $protected = false;
676  if ($this->http->wrapper()->post()->has('protected')) {
677  $protected = $this->http->wrapper()->post()->retrieve(
678  'protected',
679  $this->refinery->kindlyTo()->bool()
680  );
681  }
682  if (
683  $this->obj_ref_id == ROLE_FOLDER_ID ||
684  $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
685  $this->rbac_admin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
686  }
687  $recursive = false;
688  if ($this->http->wrapper()->post()->has('recursive')) {
689  $recursive = $this->http->wrapper()->post()->retrieve(
690  'recursive',
691  $this->refinery->kindlyTo()->bool()
692  );
693  }
694  // aka change existing object for specific object types
695  $recursive_list = [];
696  if ($this->http->wrapper()->post()->has('recursive_list')) {
697  $recursive_list = $this->http->wrapper()->post()->retrieve(
698  'recursive_list',
699  $this->refinery->kindlyTo()->listOf(
700  $this->refinery->kindlyTo()->string()
701  )
702  );
703  }
704  if ($a_show_admin_permissions) {
705  $recursive = true;
706  }
707 
708  // Redirect if Change existing objects is not chosen
709  if (!$recursive && !count($recursive_list)) {
710  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
711  if ($a_show_admin_permissions) {
712  $this->ctrl->redirect($this, 'adminPerm');
713  } else {
714  $this->ctrl->redirect($this, 'perm');
715  }
716  }
717  // New implementation
718  if (
719  ($recursive || count($recursive_list)) &&
720  $this->isChangeExistingObjectsConfirmationRequired() &&
721  !$a_show_admin_permissions
722  ) {
723  $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
724  return;
725  }
726 
727  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
728  if ($a_show_admin_permissions) {
729  $start = $this->tree->getParentId($this->obj_ref_id);
730  }
731 
732  if ($protected) {
733  $this->object->changeExistingObjects(
734  $start,
735  ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
736  ['all'],
737  []
738  );
739  } else {
740  $this->object->changeExistingObjects(
741  $start,
742  ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
743  ['all'],
744  []
745  );
746  }
747  $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
748 
749  if ($a_show_admin_permissions) {
750  $this->ctrl->redirect($this, 'adminPerm');
751  } else {
752  $this->ctrl->redirect($this, 'perm');
753  }
754  }
755 
756  public function adoptPermSaveObject(): void
757  {
758  $source = 0;
759  if ($this->http->wrapper()->post()->has('adopt')) {
760  $source = $this->http->wrapper()->post()->retrieve(
761  'adopt',
762  $this->refinery->kindlyTo()->int()
763  );
764  }
765 
766  if (!$source) {
767  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
768  $this->adoptPermObject();
769  return;
770  }
771 
772  $access = $this->checkAccess('visible,write', 'edit_permission');
773  if (!$access) {
774  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
775  }
776  if ($this->object->getId() == $source) {
777  $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
778  } else {
779  $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
780  $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
781  $this->rbac_admin->copyRoleTemplatePermissions(
782  $source,
783  $parentRoles[$source]["parent"],
784  $this->obj_ref_id,
785  $this->object->getId(),
786  false
787  );
788 
789  // update object data entry (to update last modification date)
790  $this->object->update();
791 
792  // send info
793  $title = ilObject::_lookupTitle($source);
794  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
795  ilObjRole::_getTranslation($title) . "'.<br/>" .
796  $this->lng->txt("msg_perm_adopted_from2"), true);
797  }
798 
799  $this->ctrl->redirect($this, "perm");
800  }
801 
805  public function addUserObject(array $a_user_ids): void
806  {
807  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
808  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
809  return;
810  }
811  if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
812  $this->obj_ref_id != ROLE_FOLDER_ID) {
813  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
814  return;
815  }
816  if ($a_user_ids === []) {
817  $this->lng->loadLanguageModule('search');
818  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
819  return;
820  }
821 
822  $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
823 
824  // users to assign
825  $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
826 
827  // selected users all already assigned. stop
828  if (count($assigned_users_new) == 0) {
829  $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
830  $this->ctrl->redirect($this, 'userassignment');
831  }
832 
833  // assign new users
834  foreach ($assigned_users_new as $user_id) {
835  if ($user_id === ANONYMOUS_USER_ID) {
836  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
837  return;
838  }
839  $this->rbac_admin->assignUser($this->object->getId(), $user_id, false);
840  }
841 
842  // update object data entry (to update last modification date)
843  $this->object->update();
844 
845  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
846  $this->ctrl->redirect($this, 'userassignment');
847  }
848 
849  public function deassignUserObject(): void
850  {
851  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
852  $this->ilias->raiseError(
853  $this->lng->txt("msg_no_perm_assign_user_to_role"),
854  $this->ilias->error_obj->MESSAGE
855  );
856  }
857 
858  $selected_users = [];
859  if ($this->http->wrapper()->query()->has('user_id')) {
860  $selected_users = [
861  $this->http->wrapper()->query()->retrieve(
862  'user_id',
863  $this->refinery->kindlyTo()->int()
864  )
865  ];
866  }
867  if ($this->http->wrapper()->post()->has('user_id')) {
868  $selected_users = $this->http->wrapper()->post()->retrieve(
869  'user_id',
870  $this->refinery->kindlyTo()->listOf(
871  $this->refinery->kindlyTo()->int()
872  )
873  );
874  }
875  if (count($selected_users) === 0) {
876  $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
877  }
878 
879  // prevent unassignment of system user from system role
880  if ($this->object->getId() == SYSTEM_ROLE_ID) {
881  if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
882  unset($selected_users[$admin]);
883  }
884  }
885 
886  // check for each user if the current role is his last global role before deassigning him
887  $last_role = [];
888  $global_roles = $this->rbac_review->getGlobalRoles();
889  foreach ($selected_users as $user) {
890  $assigned_roles = $this->rbac_review->assignedRoles($user);
891  $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
892 
893  if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
894  $this->object->getId(),
895  $assigned_global_roles
896  )) {
897  $userObj = new ilObjUser($user);
898  $last_role[$user] = $userObj->getFullName();
899  unset($userObj);
900  }
901  }
902 
903  // ... else perform deassignment
904  foreach ($selected_users as $user) {
905  if (!isset($last_role[$user])) {
906  $this->rbac_admin->deassignUser($this->object->getId(), $user);
907  }
908  }
909 
910  // update object data entry (to update last modification date)
911  $this->object->update();
912 
913  // raise error if last role was taken from a user...
914  if ($last_role !== []) {
915  $user_list = implode(", ", $last_role);
916  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
917  } else {
918  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
919  }
920  $this->ctrl->redirect($this, 'userassignment');
921  }
922 
926  public function userassignmentObject(): void
927  {
928  if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
929  $this->tpl->setOnScreenMessage(
930  $this->lng->txt("msg_no_perm_assign_user_to_role"),
931  );
932  return;
933  }
934 
935  $this->tabs_gui->setTabActive('user_assignment');
936 
937  $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'components/ILIAS/AccessControl');
938 
939  $tb = new ilToolbarGUI();
940 
941  // protected admin role
942  if ($this->object->getId() != SYSTEM_ROLE_ID
943  || ($this->rbac_review->isAssigned($this->user->getId(), SYSTEM_ROLE_ID)
944  || !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) {
945  // add member
946  ilRepositorySearchGUI::fillAutoCompleteToolbar(
947  $this,
948  $tb,
949  [
950  'auto_complete_name' => $this->lng->txt('user'),
951  'submit_name' => $this->lng->txt('add')
952  ]
953  );
954 
955  $tb->addSpacer();
956 
957  $tb->addComponent(
958  $this->ui_factory->link()->standard(
959  $this->lng->txt('search_user'),
960  $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
961  )
962  );
963  $tb->addSpacer();
964  }
965 
966  $tb->addComponent(
967  $this->ui_factory->link()->standard(
968  $this->lng->txt('role_mailto'),
969  $this->ctrl->getLinkTarget($this, 'mailToRole')
970  )
971  );
972  $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
973 
974  $role_assignment_editable = true;
975  if (
976  $this->object->getId() == SYSTEM_ROLE_ID &&
977  !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($this->user->getId())) {
978  $role_assignment_editable = false;
979  }
980  $ut = new ilAssignedUsersTableGUI(
981  $this,
982  'userassignment',
983  $this->ui_factory,
984  $this->ui_renderer,
985  $this->object->getId(),
986  $role_assignment_editable,
987  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
988  );
989  $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
990  }
991 
995  protected function addAdminLocatorItems(bool $do_not_add_object = false): void
996  {
997  if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
998  parent::addAdminLocatorItems(true);
999 
1000  $this->locator->addItem(
1001  $this->lng->txt('obj_' . $this->getParentType()),
1002  $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1003  );
1004 
1005  if ($this->object instanceof ilObjRole) {
1006  $this->locator->addItem(
1007  ilObjRole::_getTranslation($this->object->getTitle()),
1008  $this->ctrl->getLinkTarget($this, 'perm')
1009  );
1010  }
1011  } else {
1012  parent::addAdminLocatorItems($do_not_add_object);
1013  }
1014  }
1015 
1016  protected function getTabs(): void
1017  {
1018  $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1019  $activate_role_edit = false;
1020 
1021  // todo: activate the following (allow editing of local roles in
1022  // roles administration)
1023  if (
1024  in_array($this->obj_ref_id, $base_role_container) ||
1025  $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1026  ) {
1027  $activate_role_edit = true;
1028  }
1029 
1030  // not so nice (workaround for using tabs in repository)
1031  $this->tabs_gui->clearTargets();
1032 
1033  $this->help->setScreenIdComponent('role');
1034  $this->tabs_gui->setBackTarget(
1035  $this->lng->txt('btn_back'),
1036  (string) $this->ctrl->getParentReturn($this)
1037  );
1038  if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1039  $this->tabs_gui->addTarget(
1040  "edit_properties",
1041  $this->ctrl->getLinkTarget($this, "edit"),
1042  ["edit", "update"],
1043  get_class($this)
1044  );
1045  }
1046  if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1047  $this->tabs_gui->addTarget(
1048  'default_perm_settings',
1049  $this->ctrl->getLinkTarget($this, 'perm'),
1050  [],
1051  get_class($this)
1052  );
1053  }
1054 
1055  if ($this->checkAccess(
1056  'write',
1057  'edit_permission'
1058  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1059  $this->tabs_gui->addTarget(
1060  'user_assignment',
1061  $this->ctrl->getLinkTarget($this, 'userassignment'),
1062  ['deassignUser', 'userassignment', 'assignUser', 'searchUserForm', 'search'],
1063  get_class($this)
1064  );
1065  }
1066 
1067  if ($this->checkAccess(
1068  'write',
1069  'edit_permission'
1070  ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1071  $this->lng->loadLanguageModule('rep');
1072  $this->tabs_gui->addTarget(
1073  'rep_recommended_content',
1074  $this->ctrl->getLinkTargetByClass('ilrecommendedcontentroleconfiggui', '')
1075  );
1076  }
1077  if ($this->checkAccess('write', 'edit_permission')) {
1078  $this->tabs_gui->addTarget(
1079  'export',
1080  $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1081  []
1082  );
1083  }
1084  }
1085 
1086  public function mailToRoleObject(): void
1087  {
1088  $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1089 
1090  $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1091  if (count($obj_ids) > 1) {
1092  $mail_roles[] = '#il_role_' . $this->object->getId();
1093  } else {
1094  $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1095  }
1096  ilSession::set('mail_roles', $mail_roles);
1097  $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1098  ilUtil::redirect($script);
1099  }
1100 
1101  public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1102  {
1103  $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1104 
1105  if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1106  return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1107  } else {
1108  return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1109  }
1110  }
1111 
1115  protected function isChangeExistingObjectsConfirmationRequired(): bool
1116  {
1117  // Role is protected
1118  if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1119  // TODO: check if recursive_list is enabled
1120  // and if yes: check if inheritance is broken for the relevant object types
1121  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1122  } else {
1123  // TODO: check if recursive_list is enabled
1124  // and if yes: check if inheritance is broken for the relevant object types
1125  return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1126  }
1127  }
1128 
1133  protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1134  {
1135  $protected = false;
1136  if ($this->http->wrapper()->post()->has('protected')) {
1137  $protected = $this->http->wrapper()->post()->retrieve(
1138  'protected',
1139  $this->refinery->kindlyTo()->bool()
1140  );
1141  }
1142  $form = new ilPropertyFormGUI();
1143  $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1144  $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1145 
1146  $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1147  $form->addCommandButton('perm', $this->lng->txt('cancel'));
1148 
1149  $hidden = new ilHiddenInputGUI('type_filter');
1150  $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1151  $form->addItem($hidden);
1152 
1153  $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1154 
1155  if ($protected) {
1156  $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1157  $keep = new ilRadioOption(
1158  $this->lng->txt('rbac_keep_local_policies'),
1159  (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1160  $this->lng->txt('rbac_keep_local_policies_info')
1161  );
1162  } else {
1163  $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1164  $keep = new ilRadioOption(
1165  $this->lng->txt('rbac_keep_local_policies'),
1166  (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1167  $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1168  );
1169  }
1170  $rad->addOption($keep);
1171 
1172  if ($protected) {
1173  $del = new ilRadioOption(
1174  $this->lng->txt('rbac_delete_local_policies'),
1175  (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1176  $this->lng->txt('rbac_delete_local_policies_info')
1177  );
1178  } else {
1179  $del = new ilRadioOption(
1180  $this->lng->txt('rbac_delete_local_policies'),
1181  (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1182  $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1183  );
1184  }
1185  $rad->addOption($del);
1186 
1187  $form->addItem($rad);
1188  $this->tpl->setContent($form->getHTML());
1189  }
1190 
1191  protected function changeExistingObjectsObject(): void
1192  {
1193  $mode = 0;
1194  if ($this->http->wrapper()->post()->has('mode')) {
1195  $mode = $this->http->wrapper()->post()->retrieve(
1196  'mode',
1197  $this->refinery->kindlyTo()->int()
1198  );
1199  }
1200  $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1201 
1202  $type_filter = [];
1203  if ($this->http->wrapper()->post()->has('type_filter')) {
1204  $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1205  'type_filter',
1206  $this->refinery->kindlyTo()->string()
1207  );
1208  $type_filter = json_decode(
1209  $serialized_type_filter,
1210  true
1211  );
1212  }
1213 
1214  $this->object->changeExistingObjects($start, $mode, $type_filter);
1215  $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1216  $this->ctrl->redirect($this, 'perm');
1217  }
1218 
1219  protected function setSubTabs($a_tab): void
1220  {
1221  switch ($a_tab) {
1222  case 'default_perm_settings':
1223  if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1224  return;
1225  }
1226  $this->tabs_gui->addSubTabTarget(
1227  'rbac_repository_permissions',
1228  $this->ctrl->getLinkTarget($this, 'perm')
1229  );
1230  $this->tabs_gui->addSubTabTarget(
1231  'rbac_admin_permissions',
1232  $this->ctrl->getLinkTarget($this, 'adminPerm')
1233  );
1234  }
1235  }
1236 
1240  protected function addToClipboardObject(): void
1241  {
1242  $users = [];
1243  if ($this->http->wrapper()->post()->has('user_id')) {
1244  $users = $this->http->wrapper()->post()->retrieve(
1245  'user_id',
1246  $this->refinery->kindlyTo()->listOf(
1247  $this->refinery->kindlyTo()->int()
1248  )
1249  );
1250  }
1251  if (count($users) === 0) {
1252  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1253  $this->ctrl->redirect($this, 'userassignment');
1254  }
1255  $clip = ilUserClipboard::getInstance($this->user->getId());
1256  $clip->add($users);
1257  $clip->save();
1258 
1259  $this->lng->loadLanguageModule('user');
1260  $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1261  $this->ctrl->redirect($this, 'userassignment');
1262  }
1263 
1267  protected function addLocatorItems(): void
1268  {
1269  if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1270  $this->ctrl->setParameterByClass(
1271  "ilobjrolegui",
1272  "obj_id",
1273  $this->getRoleId()
1274  );
1275  $this->locator->addItem(
1276  ilObjRole::_getTranslation($this->object->getTitle()),
1277  $this->ctrl->getLinkTargetByClass(
1278  [
1279  "ilpermissiongui",
1280  "ilobjrolegui"
1281  ],
1282  "perm"
1283  )
1284  );
1285  }
1286  }
1287 
1292  protected function ensureRoleAccessForContext(): bool
1293  {
1294  // creation of roles
1295  if (
1296  !$this->object->getId() ||
1297  $this->object->getId() == ROLE_FOLDER_ID
1298  ) {
1299  return true;
1300  }
1301 
1302  $possible_roles = [];
1303  try {
1304  $possible_roles = $this->rbac_review->getRolesOfObject(
1305  $this->obj_ref_id,
1306  false
1307  );
1308  } catch (\InvalidArgumentException $e) {
1309  $this->logger->warning('Role access check failed: ' . $e);
1310  throw new \ilObjectException($this->lng->txt('permission_denied'));
1311  }
1312 
1313  if (!in_array($this->object->getId(), $possible_roles)) {
1314  $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1315  throw new \ilObjectException($this->lng->txt('permission_denied'));
1316  }
1317  return true;
1318  }
1319 
1320  private function buildConfirmationModal(): InterruptiveModal
1321  {
1322  $message = $this->lng->txt('rbac_role_delete_qst');
1323  if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
1324  $message .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
1325  }
1326  return $this->ui_factory->modal()->interruptive(
1327  $this->lng->txt('confirm'),
1328  $message,
1329  $this->ctrl->getFormActionByClass(self::class, 'performDeleteRole')
1330  )->withAffectedItems([
1331  $this->ui_factory->modal()->interruptiveItem()->standard(
1332  (string) $this->object->getId(),
1333  $this->object->getTitle()
1334  )
1335  ]);
1336  }
1337 }
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:401
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:26
ilObjRoleGUI\$ui_factory
UIFactory $ui_factory
Definition: class.ilObjRoleGUI.php:54
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilObjRoleGUI\getRoleForm
getRoleForm(bool $is_role_creation_form=false)
Definition: class.ilObjRoleGUI.php:236
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1240
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:301
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:62
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:805
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:28
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1101
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1292
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:122
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1133
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:908
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:923
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions public
Definition: class.ilObjRoleGUI.php:630
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:438
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:338
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:26
ilRbacLog\gatherTemplate
static gatherTemplate(int $role_ref_id, int $role_id)
Definition: class.ilRbacLog.php:195
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:830
ilObjRoleGUI\buildEditPage
buildEditPage(?StandardForm $form=null)
Definition: class.ilObjRoleGUI.php:411
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:578
ilObjRoleGUI\$http
GlobalHttpState $http
Definition: class.ilObjRoleGUI.php:52
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1115
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:198
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:612
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:46
ilRadioOption\setValue
setValue(string $a_value)
Definition: class.ilRadioOption.php:64
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:206
$DIC
global $DIC
Definition: shib_login.php:22
ilObjRoleGUI\FORM_KEY_ON_REGISTRATION_FORM
const FORM_KEY_ON_REGISTRATION_FORM
Definition: class.ilObjRoleGUI.php:41
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:66
ilias
Class ilObjForumAdministration.
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:230
ILIAS\UI\Implementation\Component\Input\withValue
withValue($value)
Get an input like this with another value displayed on the client side.
Definition: Group.php:61
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:857
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,7),&#39;usr_data&#39;,&#39;lastname&#39;,&#39;usr_id&#39;) => sorts by lastname.
Definition: class.ilUtil.php:1212
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:937
ilRbacLog\add
static add(int $action, int $ref_id, array $diff, bool $source_ref_id=false)
Definition: class.ilRbacLog.php:226
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:190
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
ilObjRoleGUI\FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
Definition: class.ilObjRoleGUI.php:42
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:926
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
Definition: class.ilObjRoleGUI.php:995
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ?ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt(&#39;user&#39;), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:195
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:64
ilRbacLog\diffTemplate
static diffTemplate(array $old, array $new)
Definition: class.ilRbacLog.php:203
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:51
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:30
$message
$message
Definition: xapiexit.php:31
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:38
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:214
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:24
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1084
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:23
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:36
ilTable2GUI\addMultiCommand
addMultiCommand(string $a_cmd, string $a_text)
Definition: class.ilTable2GUI.php:926
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:379
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:393
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:222
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34