ILIAS  trunk Revision v12.0_alpha-1227-g7ff6d300864
class.ilObjRoleGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Refinery\Factory;
22use ILIAS\UI\Factory as UIFactory;
23use ILIAS\UI\Renderer;
24use ILIAS\UI\Component\Modal\Interruptive as InterruptiveModal;
25use ILIAS\UI\Component\Input\Container\Form\Standard as StandardForm;
26
35class ilObjRoleGUI extends ilObjectGUI
36{
37 private const FORM_KEY_TITLE = 'title';
38 private const FORM_KEY_DESCRIPTION = 'description';
39 private const FORM_KEY_ILIAS_ID = 'ilias_id';
40 private const FORM_KEY_ON_REGISTRATION_FORM = 'on_registration_form';
41 private const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT = 'allow_local_user_assignment';
42 private const FORM_KEY_PROTECT = 'protect';
43
44 protected int $obj_ref_id = 0;
45 protected int $obj_obj_id = 0;
46 protected string $obj_obj_type = '';
47 protected string $container_type = '';
48 protected int $role_id = 0;
49 protected ilHelpGUI $help;
50 private ilLogger $logger;
51 protected Factory $refinery;
52 protected UIFactory $ui_factory;
53 protected Renderer $ui_renderer;
54
55 public function __construct(
56 $a_data,
57 int $a_id,
58 bool $a_call_by_reference = false,
59 bool $a_prepare_output = true
60 ) {
62 global $DIC;
63
64 $this->help = $DIC['ilHelp'];
65 $this->logger = $DIC->logger()->ac();
66
67 $this->role_id = $a_id;
68 $this->refinery = $DIC['refinery'];
69 $this->ui_factory = $DIC['ui.factory'];
70 $this->ui_renderer = $DIC['ui.renderer'];
71
72 $this->type = 'role';
73
74 parent::__construct($a_data, $a_id, $a_call_by_reference, false);
75 // Add ref_id of object that contains role
76 $this->initParentRefId();
77 $this->obj_obj_id = ilObject::_lookupObjId($this->getParentRefId());
78 $this->obj_obj_type = ilObject::_lookupType($this->getParentObjId());
79 $this->container_type = ilObject::_lookupType(ilObject::_lookupObjId($this->obj_ref_id));
80
81 $this->ctrl->saveParameter($this, ['obj_id', 'rolf_ref_id']);
82 $this->lng->loadLanguageModule('rbac');
83 }
84
85 public function executeCommand(): void
86 {
87 $this->prepareOutput();
88
89 $next_class = $this->ctrl->getNextClass($this);
90 $cmd = $this->ctrl->getCmd();
91
92 $this->ensureRoleAccessForContext();
93
94 switch ($next_class) {
95 case 'ilrepositorysearchgui':
96
97 if (!$this->access->checkAccess('edit_permission', '', $this->obj_ref_id)) {
98 $this->error->raiseError(
99 $this->lng->txt('permission_denied'),
100 $this->error->WARNING
101 );
102 }
103 $rep_search = new ilRepositorySearchGUI();
104 $rep_search->setTitle($this->lng->txt('role_add_user'));
105 $rep_search->setCallback($this, 'addUserObject');
106
107 // Set tabs
108 $this->tabs_gui->setTabActive('user_assignment');
109 $this->ctrl->setReturn($this, 'userassignment');
110 $ret = $this->ctrl->forwardCommand($rep_search);
111 break;
112
113 case 'ilexportgui':
114
115 $this->tabs_gui->setTabActive('export');
116
117 $eo = ilExportOptions::newInstance(ilExportOptions::allocateExportId());
118 $eo->addOption(ilExportOptions::KEY_ROOT, 0, $this->object->getId(), $this->obj_ref_id);
119
120 $exp = new ilExportGUI($this, new ilObjRole($this->object->getId()), false);
121 $this->ctrl->forwardCommand($exp);
122 break;
123
124 case 'ilrecommendedcontentroleconfiggui':
125 $this->tabs_gui->setTabActive('rep_recommended_content');
126 $ui = new ilRecommendedContentRoleConfigGUI($this->object->getId(), $this->obj_ref_id);
127 $this->ctrl->forwardCommand($ui);
128 break;
129
130 default:
131 if (!$cmd) {
132 if ($this->showDefaultPermissionSettings()) {
133 $cmd = "perm";
134 } else {
135 $cmd = 'userassignment';
136 }
137 }
138 $cmd .= "Object";
139 $this->$cmd();
140
141 break;
142 }
143 }
144
145 protected function getRoleId(): int
146 {
147 return $this->role_id;
148 }
149
150 protected function initParentRefId(): void
151 {
152 $this->obj_ref_id = 0;
153
154 if ($this->http->wrapper()->query()->has('rolf_ref_id')) {
155 $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
156 'rolf_ref_id',
157 $this->refinery->kindlyTo()->int()
158 );
159 } elseif ($this->http->wrapper()->query()->has('ref_id')) {
160 $this->obj_ref_id = $this->http->wrapper()->query()->retrieve(
161 'ref_id',
162 $this->refinery->kindlyTo()->int()
163 );
164 }
165 }
166
167 protected function retrieveTemplatePermissionsFromPost(): array
168 {
169 $template_permissions = [];
170 if ($this->http->wrapper()->post()->has('template_perm')) {
171 $custom_transformer = $this->refinery->custom()->transformation(
172 function ($array) {
173 return $array;
174 }
175 );
176 $template_permissions = $this->http->wrapper()->post()->retrieve(
177 'template_perm',
178 $custom_transformer
179 );
180 }
181 return $template_permissions;
182 }
183
187 public function getParentRefId(): int
188 {
189 return $this->obj_ref_id;
190 }
191
195 public function getParentObjId(): int
196 {
197 return $this->obj_obj_id;
198 }
199
203 public function getParentType(): string
204 {
205 return $this->obj_obj_type;
206 }
207
211 public function getAdminTabs(): void
212 {
213 $this->getTabs();
214 }
215
219 protected function getContainerType(): string
220 {
221 return $this->container_type;
222 }
223
227 protected function showDefaultPermissionSettings(): bool
228 {
229 return $this->obj_definition->isContainer($this->getContainerType())
230 || $this->obj_definition->isAdministrationObject($this->getContainerType());
231 }
232
233 protected function getRoleForm(bool $is_role_creation_form = false): StandardForm
234 {
235 if ($this->creation_mode) {
236 $this->ctrl->setParameter($this, 'new_type', 'role');
237 }
238
239 $ff = $this->ui_factory->input()->field();
240
241 $title_validation_constraint = $this->refinery->custom()->constraint(
242 fn(string $v): bool => preg_match('/^il_.*$/', $v) ? false : true,
243 $this->lng->txt('msg_role_reserved_prefix')
244 );
245
246 $role_is_autogenerated = false;
247
248 if (!$is_role_creation_form) {
249 $role_is_autogenerated = $this->object->isAutoGenerated();
250 }
251
252 $inputs = [
253 self::FORM_KEY_TITLE => $ff->text($this->lng->txt('title'))
254 ->withMaxLength(70)
255 ->withRequired(true)
256 ->withAdditionalTransformation($title_validation_constraint)
257 ->withValue($is_role_creation_form ? '' : $this->object->getTitle())
258 ->withDisabled($role_is_autogenerated),
259 self::FORM_KEY_DESCRIPTION => $ff->textarea($this->lng->txt('description'))
260 ->withMaxLimit(4000)
261 ->withValue($is_role_creation_form ? '' : $this->object->getDescription())
262 ->withDisabled($role_is_autogenerated),
263
264 ];
265
266 if (!$is_role_creation_form) {
267 $inputs[self::FORM_KEY_ILIAS_ID] = $ff->text($this->lng->txt('ilias_id'))
268 ->withDisabled(true)
269 ->withValue('il_' . IL_INST_ID . '_'
270 . $this->object->getType() . '_' . $this->object->getId());
271 }
272
273 if ($this->obj_ref_id === ROLE_FOLDER_ID) {
274 $inputs[self::FORM_KEY_ON_REGISTRATION_FORM] = $ff->checkbox($this->lng->txt('allow_register'))
275 ->withValue($is_role_creation_form ? false : $this->object->getAllowRegister());
276 $inputs[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT] = $ff->checkbox($this->lng->txt('allow_assign_users'))
277 ->withValue($is_role_creation_form ? false : $this->object->getAssignUsersStatus());
278 }
279
280 $inputs[self::FORM_KEY_PROTECT] = $ff->checkbox($this->lng->txt('role_protect_permissions'))
281 ->withValue(
282 $is_role_creation_form
283 ? false
284 : $this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())
285 );
286
287 return $this->ui_factory->input()->container()->form()->standard(
288 $this->ctrl->getFormActionByClass(
289 self::class,
290 $is_role_creation_form ? 'save' : 'update'
291 ),
292 $inputs
293 )->withSubmitLabel(
294 $is_role_creation_form ? $this->lng->txt('role_new') : $this->lng->txt('save')
295 );
296 }
297
298 public function createObject(): void
299 {
300 if (!$this->rbac_system->checkAccess('create_role', $this->obj_ref_id)) {
301 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
302 $this->ctrl->returnToParent(ilRepositoryGUI::class);
303 }
304
305 $this->tabs_gui->setBackTarget(
306 $this->lng->txt('cancel'),
307 $this->ctrl->getParentReturnByClass(self::class)
308 );
309
310 $this->tpl->setContent(
311 $this->ui_renderer->render(
312 $this->ui_factory->panel()->standard(
313 $this->lng->txt('role_new'),
314 $this->getRoleForm(true)
315 )
316 )
317 );
318 }
319
320 public function editObject(): void
321 {
322 if (!$this->checkAccess('write', 'edit_permission')) {
323 $this->tpl->setOnScreenMessage('msg_no_perm_write', $this->lng->txt('permission_denied'), true);
324 $this->ctrl->returnToParent($this);
325 }
326 $this->tabs_gui->activateTab('edit_properties');
327
328 $this->buildEditPage();
329 }
330
335 public function saveObject(): void
336 {
337 $form = $this->getRoleForm(true)->withRequest($this->request);
338 $data = $form->getData();
339 if ($data === null) {
340 $this->tabs_gui->setBackTarget(
341 $this->lng->txt('cancel'),
342 $this->ctrl->getParentReturnByClass(self::class)
343 );
344 $this->tpl->setContent(
345 $this->ui_renderer->render(
346 $this->ui_factory->panel()->standard(
347 $this->lng->txt('role_new'),
348 $form
349 )
350 )
351 );
352 return;
353 }
354
355 $role = new ilObjRole();
356 $role->setTitle($data[self::FORM_KEY_TITLE]);
357 $role->setDescription($data[self::FORM_KEY_DESCRIPTION]);
358 $role->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
359 $role->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
360 $role->create();
361 $this->rbac_admin->assignRoleToFolder($role->getId(), $this->obj_ref_id, 'y');
362 $this->rbac_admin->setProtected(
363 $this->obj_ref_id,
364 $role->getId(),
365 $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
366 );
367 $this->tpl->setOnScreenMessage('success', $this->lng->txt('role_added'), true);
368 $this->ctrl->setParameter($this, 'obj_id', $role->getId());
369 $this->ctrl->redirect($this, 'perm');
370 }
371
376 public function updateObject(): void
377 {
378 $form = $this->getRoleForm()->withRequest($this->request);
379 $data = $form->getData();
380 if ($data === null) {
381 $this->buildEditPage($form);
382 return;
383 }
384
385 if (isset($data[self::FORM_KEY_TITLE])) {
386 $this->object->setTitle($data[self::FORM_KEY_TITLE]);
387 }
388 if (isset($data[self::FORM_KEY_DESCRIPTION])) {
389 $this->object->setDescription($data[self::FORM_KEY_DESCRIPTION]);
390 }
391 if (isset($data[self::FORM_KEY_ON_REGISTRATION_FORM])) {
392 $this->object->setAllowRegister($data[self::FORM_KEY_ON_REGISTRATION_FORM]);
393 }
394 if (isset($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT])) {
395 $this->object->toggleAssignUsersStatus($data[self::FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT]);
396 }
397 $this->object->update();
398 $this->rbac_admin->setProtected(
399 $this->obj_ref_id,
400 $this->object->getId(),
401 $data[self::FORM_KEY_PROTECT] ? 'y' : 'n'
402 );
403
404 $this->tpl->setOnScreenMessage('success', $this->lng->txt('saved_successfully'), true);
405 $this->ctrl->redirect($this, 'edit');
406 }
407
408 private function buildEditPage(?StandardForm $form = null): void
409 {
410 $page_content = [];
411 if ($this->object->getId() != SYSTEM_ROLE_ID) {
412 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
413 if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
414 $modal = $this->buildConfirmationModal();
415 $this->toolbar->addComponent(
416 $this->ui_factory->button()->standard(
417 $this->lng->txt('rbac_delete_role'),
418 $modal->getShowSignal()
419 )
420 );
421 $page_content[] = $modal;
422 }
423 }
424
425 $page_content[] = $this->ui_factory->panel()->standard(
426 $this->lng->txt('role_edit'),
427 $form ?? $this->getRoleForm()
428 );
429
430 $this->tpl->setContent(
431 $this->ui_renderer->render($page_content)
432 );
433 }
434
435 protected function permObject(bool $a_show_admin_permissions = false): void
436 {
437 $this->tabs_gui->setTabActive('default_perm_settings');
438
439 $this->setSubTabs('default_perm_settings');
440
441 if (!$this->checkAccess('write', 'edit_permission')) {
442 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
443 $this->ctrl->returnToParent($this);
444 }
445
446 if ($a_show_admin_permissions) {
447 $this->tabs_gui->setSubTabActive('rbac_admin_permissions');
448 } else {
449 $this->tabs_gui->setSubTabActive('rbac_repository_permissions');
450 }
451
452 $this->tpl->addBlockFile(
453 'ADM_CONTENT',
454 'adm_content',
455 'tpl.rbac_template_permissions.html',
456 'components/ILIAS/AccessControl'
457 );
458
459 if ($this->object->getId() !== SYSTEM_ROLE_ID) {
460 $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
461 $this->toolbar->addComponent(
462 $this->ui_factory->link()->standard(
463 $this->lng->txt("adopt_perm_from_template"),
464 $this->ctrl->getLinkTarget($this, 'adoptPerm')
465 )
466 );
467 if ($this->rbac_review->isDeleteable($this->object->getId(), $this->obj_ref_id)) {
468 $modal = $this->buildConfirmationModal();
469 $this->toolbar->addComponent(
470 $this->ui_factory->button()->standard(
471 $this->lng->txt('rbac_delete_role'),
472 $modal->getShowSignal()
473 )
474 );
475 $this->tpl->setVariable('DELETION_MODAL', $this->ui_renderer->render($modal));
476 }
477 }
478
479 $this->tpl->setVariable('PERM_ACTION', $this->ctrl->getFormAction($this));
480
481 $acc = new ilAccordionGUI();
482 $acc->setBehaviour(ilAccordionGUI::FORCE_ALL_OPEN);
483 $acc->setId('template_perm_' . $this->getParentRefId());
484
485 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
486 if ($a_show_admin_permissions) {
487 $subs = ilObjRole::getSubObjects('adm', true);
488 } else {
489 $subs = ilObjRole::getSubObjects('root', false);
490 }
491 } else {
492 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
493 }
494
495 foreach ($subs as $subtype => $def) {
496 $tbl = new ilObjectRoleTemplatePermissionTableGUI(
497 $this,
498 'perm',
499 $this->getParentRefId(),
500 $this->object->getId(),
501 $subtype,
502 $a_show_admin_permissions
503 );
504 $tbl->parse();
505
506 $acc->addItem($def['translation'], $tbl->getHTML());
507 }
508
509 $this->tpl->setVariable('ACCORDION', $acc->getHTML());
510
511 // Add options table
512 $options = new ilObjectRoleTemplateOptionsTableGUI(
513 $this,
514 'perm',
515 $this->obj_ref_id,
516 $this->object->getId(),
517 $a_show_admin_permissions
518 );
519 if ($this->object->getId() != SYSTEM_ROLE_ID) {
520 $options->addMultiCommand(
521 $a_show_admin_permissions ? 'adminPermSave' : 'permSave',
522 $this->lng->txt('save')
523 );
524 }
525
526 $options->parse();
527 $this->tpl->setVariable('OPTIONS_TABLE', $options->getHTML());
528 }
529
530 protected function adminPermObject(): void
531 {
532 $this->permObject(true);
533 }
534
535 protected function adminPermSaveObject(): void
536 {
537 $this->permSaveObject(true);
538 }
539
540 protected function adoptPermObject(): void
541 {
542 $output = [];
543 $parent_role_ids = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
544
545 $this->tabs_gui->clearTargets();
546
547 $ids = [];
548 foreach (array_keys($parent_role_ids) as $id) {
549 $ids[] = $id;
550 }
551 // Sort ids
552 $sorted_ids = ilUtil::_sortIds($ids, 'object_data', 'type,title', 'obj_id');
553 $key = 0;
554 foreach ($sorted_ids as $id) {
555 $par = $parent_role_ids[$id];
556 if ($par["obj_id"] != SYSTEM_ROLE_ID && $this->object->getId() != $par["obj_id"]) {
557 $output[$key]["role_id"] = $par["obj_id"];
558 $output[$key]["type"] = ($par["type"] == 'role' ? $this->lng->txt('obj_role') : $this->lng->txt('obj_rolt'));
559 $output[$key]["role_name"] = ilObjRole::_getTranslation($par["title"]);
560 $output[$key]["role_desc"] = $par["desc"];
561 $key++;
562 }
563 }
564
565 $tbl = new ilRoleAdoptPermissionTableGUI($this, "adoptPerm");
566 $tbl->setTitle($this->lng->txt("adopt_perm_from_template"));
567 $tbl->setData($output);
568
569 $this->tpl->setContent($tbl->getHTML());
570 }
571
575 protected function confirmDeleteRoleObject(): void
576 {
577 $this->tabs_gui->clearTargets();
578
579 if (!$this->checkAccess('visible,write', 'edit_permission')) {
580 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
581 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
582 }
583
584 $question = $this->lng->txt('rbac_role_delete_qst');
585 if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
586 $question .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
587 }
588 $this->tpl->setOnScreenMessage('question', $question);
589
590 $confirm = new ilConfirmationGUI();
591 $confirm->setFormAction($this->ctrl->getFormAction($this));
592 $confirm->setHeaderText($question);
593 $confirm->setCancel($this->lng->txt('cancel'), 'perm');
594 $confirm->setConfirm($this->lng->txt('rbac_delete_role'), 'performDeleteRole');
595
596 $confirm->addItem(
597 'role',
598 (string) $this->object->getId(),
599 ilObjRole::_getTranslation($this->object->getTitle()),
600 ilUtil::getImagePath('standard/icon_role.svg')
601 );
602
603 $this->tpl->setContent($confirm->getHTML());
604 }
605
609 protected function performDeleteRoleObject(): void
610 {
611 if (!$this->checkAccess('visible,write', 'edit_permission')) {
612 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
613 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
614 }
615
616 $this->object->setParent($this->obj_ref_id);
617 $this->object->delete();
618 $this->tpl->setOnScreenMessage('success', $this->lng->txt('msg_deleted_role'), true);
619
620 $this->ctrl->returnToParent($this);
621 }
622
627 public function permSaveObject(bool $a_show_admin_permissions = false): void
628 {
629 if (!$this->checkAccess('visible,write', 'edit_permission')) {
630 $this->tpl->setOnScreenMessage('msg_no_perm_perm', $this->lng->txt('permission_denied'), true);
631 $this->ctrl->redirectByClass(ilRepositoryGUI::class);
632 }
633
634 // rbac log
635 $rbac_log_active = ilRbacLog::isActive();
636 if ($rbac_log_active) {
637 $rbac_log_old = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
638 }
639
640 // delete all template entries of enabled types
641 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
642 if ($a_show_admin_permissions) {
643 $subs = ilObjRole::getSubObjects('adm', true);
644 } else {
645 $subs = ilObjRole::getSubObjects('root', false);
646 }
647 } else {
648 $subs = ilObjRole::getSubObjects($this->getParentType(), $a_show_admin_permissions);
649 }
650
651 foreach (array_keys($subs) as $subtype) {
652 // Delete per object type
653 $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id, $subtype);
654 }
655
656 $template_permissions = $this->retrieveTemplatePermissionsFromPost();
657 foreach ($template_permissions as $key => $ops_array) {
658 // sets new template permissions
659 $this->rbac_admin->setRolePermission($this->object->getId(), $key, $ops_array, $this->obj_ref_id);
660 }
661
662 if ($rbac_log_active) {
663 $rbac_log_new = ilRbacLog::gatherTemplate($this->obj_ref_id, $this->object->getId());
664 $rbac_log_diff = ilRbacLog::diffTemplate($rbac_log_old, $rbac_log_new);
665 ilRbacLog::add(ilRbacLog::EDIT_TEMPLATE, $this->obj_ref_id, $rbac_log_diff);
666 }
667
668 // update object data entry (to update last modification date)
669 $this->object->update();
670
671 // set protected flag
672 $protected = false;
673 if ($this->http->wrapper()->post()->has('protected')) {
674 $protected = $this->http->wrapper()->post()->retrieve(
675 'protected',
676 $this->refinery->kindlyTo()->bool()
677 );
678 }
679 if (
680 $this->obj_ref_id == ROLE_FOLDER_ID ||
681 $this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id)) {
682 $this->rbac_admin->setProtected($this->obj_ref_id, $this->object->getId(), ilUtil::tf2yn($protected));
683 }
684 $recursive = false;
685 if ($this->http->wrapper()->post()->has('recursive')) {
686 $recursive = $this->http->wrapper()->post()->retrieve(
687 'recursive',
688 $this->refinery->kindlyTo()->bool()
689 );
690 }
691 // aka change existing object for specific object types
692 $recursive_list = [];
693 if ($this->http->wrapper()->post()->has('recursive_list')) {
694 $recursive_list = $this->http->wrapper()->post()->retrieve(
695 'recursive_list',
696 $this->refinery->kindlyTo()->listOf(
697 $this->refinery->kindlyTo()->string()
698 )
699 );
700 }
701 if ($a_show_admin_permissions) {
702 $recursive = true;
703 }
704
705 // Redirect if Change existing objects is not chosen
706 if (!$recursive && !count($recursive_list)) {
707 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
708 if ($a_show_admin_permissions) {
709 $this->ctrl->redirect($this, 'adminPerm');
710 } else {
711 $this->ctrl->redirect($this, 'perm');
712 }
713 }
714 // New implementation
715 if (
716 ($recursive || count($recursive_list)) &&
717 $this->isChangeExistingObjectsConfirmationRequired() &&
718 !$a_show_admin_permissions
719 ) {
720 $this->showChangeExistingObjectsConfirmation($recursive, $recursive_list);
721 return;
722 }
723
724 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
725 if ($a_show_admin_permissions) {
726 $start = $this->tree->getParentId($this->obj_ref_id);
727 }
728
729 if ($protected) {
730 $this->object->changeExistingObjects(
731 $start,
732 ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
733 ['all'],
734 []
735 );
736 } else {
737 $this->object->changeExistingObjects(
738 $start,
739 ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
740 ['all'],
741 []
742 );
743 }
744 $this->tpl->setOnScreenMessage('success', $this->lng->txt("saved_successfully"), true);
745
746 if ($a_show_admin_permissions) {
747 $this->ctrl->redirect($this, 'adminPerm');
748 } else {
749 $this->ctrl->redirect($this, 'perm');
750 }
751 }
752
753 public function adoptPermSaveObject(): void
754 {
755 $source = 0;
756 if ($this->http->wrapper()->post()->has('adopt')) {
757 $source = $this->http->wrapper()->post()->retrieve(
758 'adopt',
759 $this->refinery->kindlyTo()->int()
760 );
761 }
762
763 if (!$source) {
764 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
765 $this->adoptPermObject();
766 return;
767 }
768
769 $access = $this->checkAccess('visible,write', 'edit_permission');
770 if (!$access) {
771 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_perm'), true);
772 }
773 if ($this->object->getId() == $source) {
774 $this->tpl->setOnScreenMessage('failure', $this->lng->txt("msg_perm_adopted_from_itself"), true);
775 } else {
776 $this->rbac_admin->deleteRolePermission($this->object->getId(), $this->obj_ref_id);
777 $parentRoles = $this->rbac_review->getParentRoleIds($this->obj_ref_id, true);
778 $this->rbac_admin->copyRoleTemplatePermissions(
779 $source,
780 $parentRoles[$source]["parent"],
781 $this->obj_ref_id,
782 $this->object->getId(),
783 false
784 );
785
786 // update object data entry (to update last modification date)
787 $this->object->update();
788
789 // send info
790 $title = ilObject::_lookupTitle($source);
791 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_perm_adopted_from1") . " '" .
792 ilObjRole::_getTranslation($title) . "'.<br/>" .
793 $this->lng->txt("msg_perm_adopted_from2"), true);
794 }
795
796 $this->ctrl->redirect($this, "perm");
797 }
798
802 public function addUserObject(array $a_user_ids): void
803 {
804 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
805 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_assign_user_to_role'), true);
806 return;
807 }
808 if (!$this->rbac_review->isAssignable($this->object->getId(), $this->obj_ref_id) &&
809 $this->obj_ref_id != ROLE_FOLDER_ID) {
810 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('err_role_not_assignable'), true);
811 return;
812 }
813 if ($a_user_ids === []) {
814 $this->lng->loadLanguageModule('search');
815 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('search_err_user_not_exist'), true);
816 return;
817 }
818
819 $assigned_users_all = $this->rbac_review->assignedUsers($this->object->getId());
820
821 // users to assign
822 $assigned_users_new = array_diff($a_user_ids, array_intersect($a_user_ids, $assigned_users_all));
823
824 // selected users all already assigned. stop
825 if (count($assigned_users_new) == 0) {
826 $this->tpl->setOnScreenMessage('info', $this->lng->txt("rbac_msg_user_already_assigned"), true);
827 $this->ctrl->redirect($this, 'userassignment');
828 }
829
830 // assign new users
831 foreach ($assigned_users_new as $user_id) {
832 if ($user_id === ANONYMOUS_USER_ID) {
833 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_anonymous_cannot_be_assigned'), true);
834 return;
835 }
836 $this->rbac_admin->assignUser($this->object->getId(), $user_id, false);
837 }
838
839 // update object data entry (to update last modification date)
840 $this->object->update();
841
842 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
843 $this->ctrl->redirect($this, 'userassignment');
844 }
845
846 public function deassignUserObject(): void
847 {
848 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
849 $this->ilias->raiseError(
850 $this->lng->txt("msg_no_perm_assign_user_to_role"),
851 $this->ilias->error_obj->MESSAGE
852 );
853 }
854
855 $selected_users = [];
856 if ($this->http->wrapper()->query()->has('user_id')) {
857 $selected_users = [
858 $this->http->wrapper()->query()->retrieve(
859 'user_id',
860 $this->refinery->kindlyTo()->int()
861 )
862 ];
863 }
864 if ($this->http->wrapper()->post()->has('user_id')) {
865 $selected_users = $this->http->wrapper()->post()->retrieve(
866 'user_id',
867 $this->refinery->kindlyTo()->listOf(
868 $this->refinery->kindlyTo()->int()
869 )
870 );
871 }
872 if (count($selected_users) === 0) {
873 $this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
874 }
875
876 // prevent unassignment of system user from system role
877 if ($this->object->getId() == SYSTEM_ROLE_ID) {
878 if ($admin = array_search(SYSTEM_USER_ID, $selected_users) !== false) {
879 unset($selected_users[$admin]);
880 }
881 }
882
883 // check for each user if the current role is his last global role before deassigning him
884 $last_role = [];
885 $global_roles = $this->rbac_review->getGlobalRoles();
886 foreach ($selected_users as $user) {
887 $assigned_roles = $this->rbac_review->assignedRoles($user);
888 $assigned_global_roles = array_intersect($assigned_roles, $global_roles);
889
890 if (count($assigned_roles) == 1 || count($assigned_global_roles) == 1 && in_array(
891 $this->object->getId(),
892 $assigned_global_roles
893 )) {
894 $userObj = new ilObjUser($user);
895 $last_role[$user] = $userObj->getFullName();
896 unset($userObj);
897 }
898 }
899
900 // ... else perform deassignment
901 foreach ($selected_users as $user) {
902 if (!isset($last_role[$user])) {
903 $this->rbac_admin->deassignUser($this->object->getId(), $user);
904 }
905 }
906
907 // update object data entry (to update last modification date)
908 $this->object->update();
909
910 // raise error if last role was taken from a user...
911 if ($last_role !== []) {
912 $user_list = implode(", ", $last_role);
913 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_is_last_role') . ': ' . $user_list . '<br />' . $this->lng->txt('msg_min_one_role'), true);
914 } else {
915 $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_userassignment_changed"), true);
916 }
917 $this->ctrl->redirect($this, 'userassignment');
918 }
919
923 public function userassignmentObject(): void
924 {
925 if (!$this->checkAccess('edit_userassignment', 'edit_permission')) {
926 $this->tpl->setOnScreenMessage(
927 $this->lng->txt("msg_no_perm_assign_user_to_role"),
928 );
929 return;
930 }
931
932 $this->tabs_gui->setTabActive('user_assignment');
933
934 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.rbac_ua.html', 'components/ILIAS/AccessControl');
935
936 $tb = new ilToolbarGUI();
937
938 // protected admin role
939 if ($this->object->getId() != SYSTEM_ROLE_ID
940 || ($this->rbac_review->isAssigned($this->user->getId(), SYSTEM_ROLE_ID)
941 || !ilSecuritySettings::_getInstance()->isAdminRoleProtected())) {
942 // add member
943 ilRepositorySearchGUI::fillAutoCompleteToolbar(
944 $this,
945 $tb,
946 [
947 'auto_complete_name' => $this->lng->txt('user'),
948 'submit_name' => $this->lng->txt('add')
949 ]
950 );
951
952 $tb->addSpacer();
953
954 $tb->addComponent(
955 $this->ui_factory->link()->standard(
956 $this->lng->txt('search_user'),
957 $this->ctrl->getLinkTargetByClass('ilRepositorySearchGUI', 'start')
958 )
959 );
960 $tb->addSpacer();
961 }
962
963 $tb->addComponent(
964 $this->ui_factory->link()->standard(
965 $this->lng->txt('role_mailto'),
966 $this->ctrl->getLinkTarget($this, 'mailToRole')
967 )
968 );
969 $this->tpl->setVariable('BUTTONS_UA', $tb->getHTML());
970
971 $role_assignment_editable = true;
972 if (
973 $this->object->getId() == SYSTEM_ROLE_ID &&
974 !ilSecuritySettings::_getInstance()->checkAdminRoleAccessible($this->user->getId())) {
975 $role_assignment_editable = false;
976 }
977 $ut = new ilAssignedUsersTableGUI(
978 $this,
979 'userassignment',
980 $this->ui_factory,
981 $this->ui_renderer,
982 $this->object->getId(),
983 $role_assignment_editable,
984 $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
985 );
986 $this->tpl->setVariable('TABLE_UA', $ut->getHTML());
987 }
988
992 protected function addAdminLocatorItems(bool $do_not_add_object = false): void
993 {
994 if ($this->getAdminMode() === self::ADMIN_MODE_SETTINGS) {
995 parent::addAdminLocatorItems(true);
996
997 $this->locator->addItem(
998 $this->lng->txt('obj_' . $this->getParentType()),
999 $this->ctrl->getLinkTargetByClass("ilobjrolefoldergui", 'view')
1000 );
1001
1002 if ($this->object instanceof ilObjRole) {
1003 $this->locator->addItem(
1004 ilObjRole::_getTranslation($this->object->getTitle()),
1005 $this->ctrl->getLinkTarget($this, 'perm')
1006 );
1007 }
1008 } else {
1009 parent::addAdminLocatorItems($do_not_add_object);
1010 }
1011 }
1012
1013 protected function getTabs(): void
1014 {
1015 $base_role_container = $this->rbac_review->getFoldersAssignedToRole($this->object->getId(), true);
1016 $activate_role_edit = false;
1017
1018 // todo: activate the following (allow editing of local roles in
1019 // roles administration)
1020 if (
1021 in_array($this->obj_ref_id, $base_role_container) ||
1022 $this->getAdminMode() === self::ADMIN_MODE_SETTINGS
1023 ) {
1024 $activate_role_edit = true;
1025 }
1026
1027 // not so nice (workaround for using tabs in repository)
1028 $this->tabs_gui->clearTargets();
1029
1030 $this->help->setScreenIdComponent('role');
1031 $this->tabs_gui->setBackTarget(
1032 $this->lng->txt('btn_back'),
1033 (string) $this->ctrl->getParentReturn($this)
1034 );
1035 if ($this->checkAccess('write', 'edit_permission') && $activate_role_edit) {
1036 $this->tabs_gui->addTarget(
1037 "edit_properties",
1038 $this->ctrl->getLinkTarget($this, "edit"),
1039 ["edit", "update"],
1040 get_class($this)
1041 );
1042 }
1043 if ($this->checkAccess('write', 'edit_permission') && $this->showDefaultPermissionSettings()) {
1044 $this->tabs_gui->addTarget(
1045 'default_perm_settings',
1046 $this->ctrl->getLinkTarget($this, 'perm'),
1047 [],
1048 get_class($this)
1049 );
1050 }
1051
1052 if ($this->checkAccess(
1053 'write',
1054 'edit_permission'
1055 ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1056 $this->tabs_gui->addTarget(
1057 'user_assignment',
1058 $this->ctrl->getLinkTarget($this, 'userassignment'),
1059 ['deassignUser', 'userassignment', 'assignUser', 'searchUserForm', 'search'],
1060 get_class($this)
1061 );
1062 }
1063
1064 if ($this->checkAccess(
1065 'write',
1066 'edit_permission'
1067 ) && $activate_role_edit && $this->object->getId() != ANONYMOUS_ROLE_ID) {
1068 $this->lng->loadLanguageModule('rep');
1069 $this->tabs_gui->addTarget(
1070 'rep_recommended_content',
1071 $this->ctrl->getLinkTargetByClass('ilrecommendedcontentroleconfiggui', '')
1072 );
1073 }
1074 if ($this->checkAccess('write', 'edit_permission')) {
1075 $this->tabs_gui->addTarget(
1076 'export',
1077 $this->ctrl->getLinkTargetByClass('ilExportGUI'),
1078 []
1079 );
1080 }
1081 }
1082
1083 public function mailToRoleObject(): void
1084 {
1085 $mail_roles = (array) (ilSession::get('mail_roles') ?? []);
1086
1087 $obj_ids = ilObject::_getIdsForTitle($this->object->getTitle(), $this->object->getType());
1088 if (count($obj_ids) > 1) {
1089 $mail_roles[] = '#il_role_' . $this->object->getId();
1090 } else {
1091 $mail_roles[] = (new \ilRoleMailboxAddress($this->object->getId()))->value();
1092 }
1093 ilSession::set('mail_roles', $mail_roles);
1094 $script = ilMailFormCall::getRedirectTarget($this, 'userassignment', [], ['type' => 'role']);
1095 ilUtil::redirect($script);
1096 }
1097
1098 public function checkAccess(string $a_perm_global, string $a_perm_obj = ''): bool
1099 {
1100 $a_perm_obj = $a_perm_obj ?: $a_perm_global;
1101
1102 if ($this->obj_ref_id == ROLE_FOLDER_ID) {
1103 return $this->rbac_system->checkAccess($a_perm_global, $this->obj_ref_id);
1104 } else {
1105 return $this->access->checkAccess($a_perm_obj, '', $this->obj_ref_id);
1106 }
1107 }
1108
1112 protected function isChangeExistingObjectsConfirmationRequired(): bool
1113 {
1114 // Role is protected
1115 if ($this->rbac_review->isProtected($this->obj_ref_id, $this->object->getId())) {
1116 // TODO: check if recursive_list is enabled
1117 // and if yes: check if inheritance is broken for the relevant object types
1118 return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1119 } else {
1120 // TODO: check if recursive_list is enabled
1121 // and if yes: check if inheritance is broken for the relevant object types
1122 return count($this->rbac_review->getFoldersAssignedToRole($this->object->getId())) > 1;
1123 }
1124 }
1125
1130 protected function showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list): void
1131 {
1132 $protected = false;
1133 if ($this->http->wrapper()->post()->has('protected')) {
1134 $protected = $this->http->wrapper()->post()->retrieve(
1135 'protected',
1136 $this->refinery->kindlyTo()->bool()
1137 );
1138 }
1139 $form = new ilPropertyFormGUI();
1140 $form->setFormAction($this->ctrl->getFormAction($this, 'changeExistingObjects'));
1141 $form->setTitle($this->lng->txt('rbac_change_existing_confirm_tbl'));
1142
1143 $form->addCommandButton('changeExistingObjects', $this->lng->txt('change_existing_objects'));
1144 $form->addCommandButton('perm', $this->lng->txt('cancel'));
1145
1146 $hidden = new ilHiddenInputGUI('type_filter');
1147 $hidden->setValue($recursive ? json_encode(['all']) : json_encode($recursive_list));
1148 $form->addItem($hidden);
1149
1150 $rad = new ilRadioGroupInputGUI($this->lng->txt('rbac_local_policies'), 'mode');
1151
1152 if ($protected) {
1153 $rad->setValue((string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES);
1154 $keep = new ilRadioOption(
1155 $this->lng->txt('rbac_keep_local_policies'),
1156 (string) ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES,
1157 $this->lng->txt('rbac_keep_local_policies_info')
1158 );
1159 } else {
1160 $rad->setValue((string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES);
1161 $keep = new ilRadioOption(
1162 $this->lng->txt('rbac_keep_local_policies'),
1163 (string) ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES,
1164 $this->lng->txt('rbac_unprotected_keep_local_policies_info')
1165 );
1166 }
1167 $rad->addOption($keep);
1168
1169 if ($protected) {
1170 $del = new ilRadioOption(
1171 $this->lng->txt('rbac_delete_local_policies'),
1172 (string) ilObjRole::MODE_PROTECTED_DELETE_LOCAL_POLICIES,
1173 $this->lng->txt('rbac_delete_local_policies_info')
1174 );
1175 } else {
1176 $del = new ilRadioOption(
1177 $this->lng->txt('rbac_delete_local_policies'),
1178 (string) ilObjRole::MODE_UNPROTECTED_DELETE_LOCAL_POLICIES,
1179 $this->lng->txt('rbac_unprotected_delete_local_policies_info')
1180 );
1181 }
1182 $rad->addOption($del);
1183
1184 $form->addItem($rad);
1185 $this->tpl->setContent($form->getHTML());
1186 }
1187
1188 protected function changeExistingObjectsObject(): void
1189 {
1190 $mode = 0;
1191 if ($this->http->wrapper()->post()->has('mode')) {
1192 $mode = $this->http->wrapper()->post()->retrieve(
1193 'mode',
1194 $this->refinery->kindlyTo()->int()
1195 );
1196 }
1197 $start = ($this->obj_ref_id == ROLE_FOLDER_ID ? ROOT_FOLDER_ID : $this->obj_ref_id);
1198
1199 $type_filter = [];
1200 if ($this->http->wrapper()->post()->has('type_filter')) {
1201 $serialized_type_filter = $this->http->wrapper()->post()->retrieve(
1202 'type_filter',
1203 $this->refinery->kindlyTo()->string()
1204 );
1205 $type_filter = json_decode(
1206 $serialized_type_filter,
1207 true
1208 );
1209 }
1210
1211 $this->object->changeExistingObjects($start, $mode, $type_filter);
1212 $this->tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1213 $this->ctrl->redirect($this, 'perm');
1214 }
1215
1216 protected function setSubTabs($a_tab): void
1217 {
1218 switch ($a_tab) {
1219 case 'default_perm_settings':
1220 if ($this->obj_ref_id != ROLE_FOLDER_ID) {
1221 return;
1222 }
1223 $this->tabs_gui->addSubTabTarget(
1224 'rbac_repository_permissions',
1225 $this->ctrl->getLinkTarget($this, 'perm')
1226 );
1227 $this->tabs_gui->addSubTabTarget(
1228 'rbac_admin_permissions',
1229 $this->ctrl->getLinkTarget($this, 'adminPerm')
1230 );
1231 }
1232 }
1233
1237 protected function addToClipboardObject(): void
1238 {
1239 $users = [];
1240 if ($this->http->wrapper()->post()->has('user_id')) {
1241 $users = $this->http->wrapper()->post()->retrieve(
1242 'user_id',
1243 $this->refinery->kindlyTo()->listOf(
1244 $this->refinery->kindlyTo()->int()
1245 )
1246 );
1247 }
1248 if (count($users) === 0) {
1249 $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1250 $this->ctrl->redirect($this, 'userassignment');
1251 }
1252 $clip = ilUserClipboard::getInstance($this->user->getId());
1253 $clip->add($users);
1254 $clip->save();
1255
1256 $this->lng->loadLanguageModule('user');
1257 $this->tpl->setOnScreenMessage('success', $this->lng->txt('clipboard_user_added'), true);
1258 $this->ctrl->redirect($this, 'userassignment');
1259 }
1260
1264 protected function addLocatorItems(): void
1265 {
1266 if ($this->getAdminMode() === self::ADMIN_MODE_NONE || $this->getAdminMode() === self::ADMIN_MODE_REPOSITORY) {
1267 $this->ctrl->setParameterByClass(
1268 "ilobjrolegui",
1269 "obj_id",
1270 $this->getRoleId()
1271 );
1272 $this->locator->addItem(
1273 ilObjRole::_getTranslation($this->object->getTitle()),
1274 $this->ctrl->getLinkTargetByClass(
1275 [
1276 "ilpermissiongui",
1277 "ilobjrolegui"
1278 ],
1279 "perm"
1280 )
1281 );
1282 }
1283 }
1284
1289 protected function ensureRoleAccessForContext(): bool
1290 {
1291 // creation of roles
1292 if (
1293 !$this->object->getId() ||
1294 $this->object->getId() == ROLE_FOLDER_ID
1295 ) {
1296 return true;
1297 }
1298
1299 $possible_roles = [];
1300 try {
1301 $possible_roles = $this->rbac_review->getRolesOfObject(
1302 $this->obj_ref_id,
1303 false
1304 );
1305 } catch (\InvalidArgumentException $e) {
1306 $this->logger->warning('Role access check failed: ' . $e);
1307 throw new \ilObjectException($this->lng->txt('permission_denied'));
1308 }
1309
1310 if (!in_array($this->object->getId(), $possible_roles)) {
1311 $this->logger->warning('Object id: ' . $this->object->getId() . ' is not accessible for ref_id: ' . $this->obj_ref_id);
1312 throw new \ilObjectException($this->lng->txt('permission_denied'));
1313 }
1314 return true;
1315 }
1316
1317 private function buildConfirmationModal(): InterruptiveModal
1318 {
1319 $message = $this->lng->txt('rbac_role_delete_qst');
1320 if ($this->rbac_review->isAssigned($this->user->getId(), $this->object->getId())) {
1321 $message .= ('<br />' . $this->lng->txt('rbac_role_delete_self'));
1322 }
1323 return $this->ui_factory->modal()->interruptive(
1324 $this->lng->txt('confirm'),
1325 $message,
1326 $this->ctrl->getFormActionByClass(self::class, 'performDeleteRole')
1327 )->withAffectedItems([
1328 $this->ui_factory->modal()->interruptiveItem()->standard(
1329 (string) $this->object->getId(),
1330 $this->object->getTitle()
1331 )
1332 ]);
1333 }
1334}
ILIAS\Data\Color\Factory
Builds a Color from either hex- or rgb values.
Definition: Factory.php:31
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
error
error(string $a_errmsg)
Definition: class.ilIniFile.php:309
ilAccordionGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccordionGUI.php:24
ilAssignedUsersTableGUI
TableGUI class for role administration.
Definition: class.ilAssignedUsersTableGUI.php:31
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:27
ilExportGUI
Export User Interface Class.
Definition: class.ilExportGUI.php:38
ilExportOptions\newInstance
static newInstance(int $a_export_id)
Definition: class.ilExportOptions.php:63
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:29
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:28
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilMailFormCall\getRedirectTarget
static getRedirectTarget( $gui, string $cmd, array $gui_params=[], array $mail_params=[], array $context_params=[])
Definition: class.ilMailFormCall.php:45
ilObjRoleGUI
Class ilObjRoleGUI.
Definition: class.ilObjRoleGUI.php:36
ilObjRoleGUI\getAdminTabs
getAdminTabs()
admin and normal tabs are equal for roles
Definition: class.ilObjRoleGUI.php:211
ilObjRoleGUI\$ui_factory
UIFactory $ui_factory
Definition: class.ilObjRoleGUI.php:52
ilObjRoleGUI\showChangeExistingObjectsConfirmation
showChangeExistingObjectsConfirmation(bool $recursive, array $recursive_list)
Show confirmation screen.
Definition: class.ilObjRoleGUI.php:1130
ilObjRoleGUI\getTabs
getTabs()
@abstract overwrite in derived GUI class of your object type
Definition: class.ilObjRoleGUI.php:1013
ilObjRoleGUI\permObject
permObject(bool $a_show_admin_permissions=false)
Definition: class.ilObjRoleGUI.php:435
ilObjRoleGUI\performDeleteRoleObject
performDeleteRoleObject()
Delete role.
Definition: class.ilObjRoleGUI.php:609
ilObjRoleGUI\getRoleForm
getRoleForm(bool $is_role_creation_form=false)
Definition: class.ilObjRoleGUI.php:233
ilObjRoleGUI\saveObject
saveObject()
Save new role.
Definition: class.ilObjRoleGUI.php:335
ilObjRoleGUI\FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
const FORM_KEY_ALLOW_LOCAL_USER_ASSIGNMENT
Definition: class.ilObjRoleGUI.php:41
ilObjRoleGUI\addAdminLocatorItems
addAdminLocatorItems(bool $do_not_add_object=false)
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:992
ilObjRoleGUI\updateObject
updateObject()
Save role settings.
Definition: class.ilObjRoleGUI.php:376
ilObjRoleGUI\userassignmentObject
userassignmentObject()
display user assignment panel
Definition: class.ilObjRoleGUI.php:923
ilObjRoleGUI\FORM_KEY_ON_REGISTRATION_FORM
const FORM_KEY_ON_REGISTRATION_FORM
Definition: class.ilObjRoleGUI.php:40
ilObjRoleGUI\ensureRoleAccessForContext
ensureRoleAccessForContext()
Ensure access to role for ref_id.
Definition: class.ilObjRoleGUI.php:1289
ilObjRoleGUI\addLocatorItems
addLocatorItems()
should be overwritten to add object specific items (repository items are preloaded)
Definition: class.ilObjRoleGUI.php:1264
ilObjRoleGUI\getParentType
getParentType()
get type of current object (not role folder)
Definition: class.ilObjRoleGUI.php:203
ilObjRoleGUI\getContainerType
getContainerType()
Get type of role container.
Definition: class.ilObjRoleGUI.php:219
ilObjRoleGUI\addUserObject
addUserObject(array $a_user_ids)
Definition: class.ilObjRoleGUI.php:802
ilObjRoleGUI\buildEditPage
buildEditPage(?StandardForm $form=null)
Definition: class.ilObjRoleGUI.php:408
ilObjRoleGUI\showDefaultPermissionSettings
showDefaultPermissionSettings()
check if default permissions are shown or not
Definition: class.ilObjRoleGUI.php:227
ilObjRoleGUI\checkAccess
checkAccess(string $a_perm_global, string $a_perm_obj='')
Definition: class.ilObjRoleGUI.php:1098
ilObjRoleGUI\confirmDeleteRoleObject
confirmDeleteRoleObject()
Show delete confirmation screen.
Definition: class.ilObjRoleGUI.php:575
ilObjRoleGUI\createObject
createObject()
create new object form
Definition: class.ilObjRoleGUI.php:298
ilObjRoleGUI\getParentRefId
getParentRefId()
Get ref id of current object (not role folder id)
Definition: class.ilObjRoleGUI.php:187
ilObjRoleGUI\isChangeExistingObjectsConfirmationRequired
isChangeExistingObjectsConfirmationRequired()
Check if a confirmation about further settings is required or not.
Definition: class.ilObjRoleGUI.php:1112
ilObjRoleGUI\permSaveObject
permSaveObject(bool $a_show_admin_permissions=false)
save permissions @access public
Definition: class.ilObjRoleGUI.php:627
ilObjRoleGUI\getParentObjId
getParentObjId()
Get obj_id of current object.
Definition: class.ilObjRoleGUI.php:195
ilObjRoleGUI\addToClipboardObject
addToClipboardObject()
Add selected users to user clipboard.
Definition: class.ilObjRoleGUI.php:1237
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:27
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjRole\MODE_PROTECTED_DELETE_LOCAL_POLICIES
const MODE_PROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:28
ilObjRole\MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
const MODE_UNPROTECTED_DELETE_LOCAL_POLICIES
Definition: class.ilObjRole.php:30
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjUser
User class.
Definition: class.ilObjUser.php:48
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:49
ilObjectGUI\$access
ilAccessHandler $access
Definition: class.ilObjectGUI.php:67
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:307
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1101
ilObject\_getIdsForTitle
static _getIdsForTitle(string $title, string $type='', bool $partial_match=false)
Definition: class.ilObject.php:874
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:940
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:28
ilRbacLog\diffTemplate
static diffTemplate(array $old, array $new)
Definition: class.ilRbacLog.php:203
ilRbacLog\add
static add(int $action, int $ref_id, array $diff, bool $source_ref_id=false)
Definition: class.ilRbacLog.php:226
ilRbacLog\gatherTemplate
static gatherTemplate(int $role_ref_id, int $role_id)
Definition: class.ilRbacLog.php:195
ilRbacLog\EDIT_TEMPLATE
const EDIT_TEMPLATE
Definition: class.ilRbacLog.php:38
ilRbacLog\isActive
static isActive()
Definition: class.ilRbacLog.php:122
ilRecommendedContentRoleConfigGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRecommendedContentRoleConfigGUI.php:25
ilRepositorySearchGUI\fillAutoCompleteToolbar
static fillAutoCompleteToolbar(object $parent_object, ?ilToolbarGUI $toolbar=null, array $a_options=[], bool $a_sticky=false)
array( auto_complete_name = $lng->txt('user'), auto_complete_size = 15, user_type = array(ilCoursePar...
Definition: class.ilRepositorySearchGUI.php:195
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:394
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:386
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:28
ilUserClipboard\getInstance
static getInstance(int $a_usr_id)
Definition: class.ilUserClipboard.php:34
ilUtil\getImagePath
static getImagePath(string $image_name, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:68
ilUtil\tf2yn
static tf2yn(bool $a_tf)
Definition: class.ilUtil.php:915
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1219
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:944
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ANONYMOUS_ROLE_ID
const ANONYMOUS_ROLE_ID
Definition: constants.php:28
SYSTEM_USER_ID
const SYSTEM_USER_ID
This file contains constants for PHPStan analyis, see: https://phpstan.org/config-reference#constants...
Definition: constants.php:26
IL_INST_ID
const IL_INST_ID
Definition: constants.php:40
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ROLE_FOLDER_ID
const ROLE_FOLDER_ID
Definition: constants.php:34
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
ILIAS\UI\Component\Input\Container\Form\Standard
This describes a standard form.
Definition: Standard.php:30
ILIAS\UI\Renderer
An entity that renders components to a string output.
Definition: Renderer.php:31
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
@inheritDoc
Definition: PluginProviderHelper.php:38
ilias
Class ilObjForumAdministration.
$DIC
global $DIC
Definition: shib_login.php:26