ILIAS  trunk Revision v11.0_alpha-2638-g80c1d007f79
class.ilObjRoleFolderGUI.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
21 use ILIAS\Refinery\Factory;
22 use ILIAS\UI\Factory as UIFactory;
23 
31 class ilObjRoleFolderGUI extends ilObjectGUI
32 {
33  private const COPY_ADD_PERMISSIONS = 1;
34  private const COPY_CLONE_PERMISSIONS = 2;
35  private const COPY_REMOVE_PERMISSIONS = 3;
36  private const COPY_CHANGE_EXISTING_OBJECTS = 1;
37 
38  private ilLogger $logger;
39  protected ilRbacAdmin $rbacadmin;
40  protected Factory $refinery;
41  protected UIFactory $ui_factory;
42 
47  public function __construct($a_data, int $a_id, bool $a_call_by_reference)
48  {
49  global $DIC;
50 
51  $this->logger = $DIC->logger()->ac();
52  $this->rbacadmin = $DIC['rbacadmin'];
53  $this->refinery = $DIC->refinery();
54  $this->ui_factory = $DIC['ui.factory'];
55 
56  $this->type = "rolf";
57  parent::__construct($a_data, $a_id, $a_call_by_reference, false);
58  $this->lng->loadLanguageModule('rbac');
59  }
60 
61  public function executeCommand(): void
62  {
63  $next_class = $this->ctrl->getNextClass($this);
64  $cmd = $this->ctrl->getCmd();
65  $this->prepareOutput();
66 
67  switch ($next_class) {
68  case 'ilpermissiongui':
69  $perm_gui = new ilPermissionGUI($this);
70  $ret = $this->ctrl->forwardCommand($perm_gui);
71  break;
72 
73  default:
74  $this->ctrl->setReturn($this, "view");
75  if (!$cmd) {
76  $cmd = "view";
77  }
78  $cmd .= "Object";
79  $this->$cmd();
80 
81  break;
82  }
83  }
84 
85  protected function initCopySourceFromGET(): int
86  {
87  if ($this->http->wrapper()->query()->has('csource')) {
88  return $this->http->wrapper()->query()->retrieve(
89  'csource',
90  $this->refinery->kindlyTo()->int()
91  );
92  }
93  return 0;
94  }
95 
99  protected function initRolesFromPOST(): array
100  {
101  if ($this->http->wrapper()->post()->has('roles')) {
102  return $this->http->wrapper()->post()->retrieve(
103  'roles',
104  $this->refinery->byTrying([
105  $this->refinery->kindlyTo()->listOf(
106  $this->refinery->kindlyTo()->int()
107  ),
108  $this->refinery->in()->series([
109  $this->refinery->custom()->transformation(function ($v) {
110  return explode(',', $v);
111  }),
112  $this->refinery->kindlyTo()->listOf(
113  $this->refinery->kindlyTo()->int()
114  )
115  ])
116  ])
117  );
118  }
119  return [];
120  }
121 
122  public function returnObject(): void
123  {
124  $this->viewObject();
125  }
126 
127  protected function buildTargetNamesString(): string
128  {
129  $targets = $this->initRolesFromPOST();
130 
131  if ($targets === []) {
132  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('rbac_copy_no_targets'), true);
133  $this->ctrl->redirect($this, 'roleSearchList');
134  }
135 
136  if (count($targets) > 3) {
137  return sprintf($this->lng->txt('rbac_copy_multi_targets'), '<strong>' . ilObject::_lookupTitle($targets[0]), ilObject::_lookupTitle($targets[1]) . '</strong>', '<strong>' . (string) count($targets) - 2, '</strong>');
138  }
139 
140  if (count($targets) > 1) {
141  $target_names = '<strong>' . ilObject::_lookupTitle(array_shift($targets));
142  foreach ($targets as $target) {
143  $target_names .= ', ' . ilObject::_lookupTitle($target);
144  }
145  return $target_names . '</strong>';
146  }
147 
148  // we have one single target
149  return '<strong>' . ilObject::_lookupTitle($targets[0]) . '</strong>';
150  }
151 
152  public function viewObject(): void
153  {
154  $this->tabs_gui->activateTab('view');
155 
156  if (!$this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
157  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
158  }
159 
160  if ($this->rbac_system->checkAccess('create_role', $this->object->getRefId())) {
161  $this->ctrl->setParameter($this, 'new_type', 'role');
162  $this->toolbar->addComponent(
163  $this->ui_factory->link()->standard(
164  $this->lng->txt('rolf_create_role'),
165  $this->ctrl->getLinkTargetByClass(ilObjRoleGUI::class, 'create')
166  )
167  );
168  }
169  if ($this->rbac_system->checkAccess('create_rolt', $this->object->getRefId())) {
170  $this->ctrl->setParameter($this, 'new_type', 'rolt');
171  $this->toolbar->addComponent(
172  $this->ui_factory->link()->standard(
173  $this->lng->txt('rolf_create_rolt'),
174  $this->ctrl->getLinkTargetByClass(ilObjRoleTemplateGUI::class, 'create')
175  )
176  );
177  $this->ctrl->clearParameters($this);
178  }
179 
180  if (
181  $this->rbac_system->checkAccess('create_rolt', $this->object->getRefId()) ||
182  $this->rbac_system->checkAccess('create_rolt', $this->object->getRefId())
183  ) {
184  $this->toolbar->addComponent(
185  $this->ui_factory->link()->standard(
186  $this->lng->txt('rbac_import_role'),
187  $this->ctrl->getLinkTargetByClass('ilPermissionGUI', 'displayImportRoleForm')
188  )
189  );
190  }
191 
192  $table = new ilRoleTableGUI($this, 'view');
193  $table->init();
194  $table->parse($this->object->getId());
195 
196  $this->tpl->setContent($table->getHTML());
197  }
198 
202  protected function roleSearchObject(): void
203  {
204  $this->tabs_gui->clearTargets();
205  $this->tabs_gui->setBackTarget(
206  $this->lng->txt('rbac_back_to_overview'),
207  $this->ctrl->getLinkTarget($this, 'view')
208  );
209 
210  if (!$this->rbac_system->checkAccess('visible,read', $this->object->getRefId())) {
211  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
212  }
213 
214  $this->ctrl->setParameter($this, 'csource', $this->initCopySourceFromGET());
215  $this->tpl->setOnScreenMessage(
216  'info',
217  sprintf(
218  $this->lng->txt('rbac_choose_copy_targets'),
219  '<strong>' . ilObject::_lookupTitle($this->initCopySourceFromGET()) . '</strong>'
220  )
221  );
222 
223  $form = $this->initRoleSearchForm();
224  $this->tpl->setContent($form->getHTML());
225  }
226 
230  protected function initRoleSearchForm(): ilPropertyFormGUI
231  {
232  $form = new ilPropertyFormGUI();
233  $form->setTitle($this->lng->txt('rbac_role_title'));
234  $form->setFormAction($this->ctrl->getFormAction($this, 'view'));
235 
236  $search = new ilTextInputGUI($this->lng->txt('title'), 'title');
237  $search->setRequired(true);
238  $search->setSize(30);
239  $search->setMaxLength(255);
240  $form->addItem($search);
241 
242  $form->addCommandButton('roleSearchForm', $this->lng->txt('search'));
243  return $form;
244  }
245 
249  protected function roleSearchFormObject(): void
250  {
251  ilSession::set('rolf_search_query', '');
252  $this->ctrl->setParameter($this, 'csource', $this->initCopySourceFromGET());
253 
254  $form = $this->initRoleSearchForm();
255  if ($form->checkInput()) {
256  ilSession::set('rolf_search_query', $form->getInput('title'));
257  $this->roleSearchListObject();
258  return;
259  }
260 
261  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_search_string'), true);
262  $form->setValuesByPost();
263  $this->ctrl->redirect($this, 'roleSearch');
264  }
265 
269  protected function roleSearchListObject(): void
270  {
271  $this->tabs_gui->clearTargets();
272  $this->tabs_gui->setBackTarget(
273  $this->lng->txt('rbac_back_to_overview'),
274  $this->ctrl->getLinkTarget($this, 'view')
275  );
276 
277  $this->ctrl->setParameter($this, 'csource', $this->initCopySourceFromGET());
278 
279  if (strlen(ilSession::get('rolf_search_query'))) {
280  $this->tpl->setOnScreenMessage(
281  'info',
282  sprintf(
283  $this->lng->txt('rbac_select_copy_targets'),
284  '<strong>' . ilObject::_lookupTitle($this->initCopySourceFromGET()) . '</strong>'
285  )
286  );
287  $table = new ilRoleTableGUI($this, 'roleSearchList');
288  $table->setType(ilRoleTableGUI::TYPE_SEARCH);
289  $table->setRoleTitleFilter(ilSession::get('rolf_search_query'));
290  $table->init();
291  $table->parse($this->object->getId());
292  $this->tpl->setContent($table->getHTML());
293  return;
294  }
295 
296  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_search_string'), true);
297  $this->ctrl->redirect($this, 'roleSearch');
298  }
299 
303  protected function chooseCopyBehaviourObject(?ilPropertyFormGUI $form = null): void
304  {
305  $this->initCopySourceFromGET();
306 
307  $this->ctrl->saveParameter($this, 'csource');
308  $this->tabs_gui->clearTargets();
309  $this->tabs_gui->setBackTarget(
310  $this->lng->txt('rbac_back_to_overview'),
311  $this->ctrl->getLinkTarget($this, 'view')
312  );
313  if (!$form instanceof \ilPropertyFormGUI) {
314  $form = $this->initCopyBehaviourForm();
315  }
316  $this->tpl->setContent($form->getHTML());
317  }
318 
322  protected function initCopyBehaviourForm(): ilPropertyFormGUI
323  {
324  // not only for role templates; add/remove permissions is also applicable for roles
325  $full_featured = true;
326 
327  $this->tpl->setOnScreenMessage(
328  'info',
329  sprintf(
330  $this->lng->txt('rbac_copy_behaviour_info'),
331  '<strong>' . ilObject::_lookupTitle($this->initCopySourceFromGET()) . '</strong>',
332  $this->buildTargetNamesString()
333  ),
334  true
335  );
336 
337  $form = new ilPropertyFormGUI();
338  $form->setTitle($this->lng->txt('rbac_copy_behaviour'));
339  $form->setFormAction($this->ctrl->getFormAction($this, 'chooseCopyBehaviour'));
340 
341  $copy_type = new \ilRadioGroupInputGUI(
342  $this->lng->txt('rbac_form_copy_roles_adjust_type'),
343  'type'
344  );
345  $copy_type->setRequired(true);
346  $copy_type->setValue((string) self::COPY_CLONE_PERMISSIONS);
347 
348  if ($full_featured) {
349  $add = new \ilRadioOption(
350  $this->lng->txt('rbac_form_copy_roles_adjust_type_add'),
351  (string) self::COPY_ADD_PERMISSIONS,
352  $this->lng->txt('rbac_form_copy_roles_adjust_type_add_info')
353  );
354  $copy_type->addOption($add);
355 
356  $ce_type_add = new \ilRadioGroupInputGUI(
357  '',
358  'add_ce_type'
359  );
360  $ce_type_add->setRequired(true);
361  $ce_add_yes = new \ilRadioOption(
362  $this->lng->txt('rbac_form_copy_roles_ce_add_yes'),
363  (string) self::COPY_CHANGE_EXISTING_OBJECTS,
364  $this->lng->txt('rbac_form_copy_roles_ce_add_yes_info')
365  );
366  $ce_type_add->addOption($ce_add_yes);
367  $ce_add_no = new \ilRadioOption(
368  $this->lng->txt('rbac_form_copy_roles_ce_add_no'),
369  (string) 0,
370  $this->lng->txt('rbac_form_copy_roles_ce_add_no_info')
371  );
372  $ce_type_add->addOption($ce_add_no);
373  $add->addSubItem($ce_type_add);
374  }
375  $clone = new \ilRadioOption(
376  $this->lng->txt('rbac_form_copy_roles_adjust_type_clone'),
377  (string) self::COPY_CLONE_PERMISSIONS,
378  $this->lng->txt('rbac_form_copy_roles_adjust_type_clone_info')
379  );
380  $copy_type->addOption($clone);
381 
382  $ce_type_clone = new \ilRadioGroupInputGUI(
383  '',
384  'clone_ce_type'
385  );
386  $ce_type_clone->setRequired(true);
387  $ce_clone_yes = new \ilRadioOption(
388  $this->lng->txt('rbac_form_copy_roles_ce_clone_yes'),
389  (string) self::COPY_CHANGE_EXISTING_OBJECTS,
390  $this->lng->txt('rbac_form_copy_roles_ce_clone_yes_info')
391  );
392  $ce_type_clone->addOption($ce_clone_yes);
393  $ce_clone_no = new \ilRadioOption(
394  $this->lng->txt('rbac_form_copy_roles_ce_clone_no'),
395  (string) 0,
396  $this->lng->txt('rbac_form_copy_roles_ce_clone_no_info')
397  );
398  $ce_type_clone->addOption($ce_clone_no);
399  $clone->addSubItem($ce_type_clone);
400 
401  if ($full_featured) {
402  $remove = new \ilRadioOption(
403  $this->lng->txt('rbac_form_copy_roles_adjust_type_remove'),
404  (string) self::COPY_REMOVE_PERMISSIONS,
405  $this->lng->txt('rbac_form_copy_roles_adjust_type_remove_info')
406  );
407  $copy_type->addOption($remove);
408  $ce_type_remove = new \ilRadioGroupInputGUI(
409  '',
410  'remove_ce_type'
411  );
412  $ce_type_remove->setRequired(true);
413  $ce_remove_yes = new \ilRadioOption(
414  $this->lng->txt('rbac_form_copy_roles_ce_remove_yes'),
415  (string) self::COPY_CHANGE_EXISTING_OBJECTS,
416  $this->lng->txt('rbac_form_copy_roles_ce_remove_yes_info')
417  );
418  $ce_type_remove->addOption($ce_remove_yes);
419  $ce_remove_no = new \ilRadioOption(
420  $this->lng->txt('rbac_form_copy_roles_ce_remove_no'),
421  (string) 0,
422  $this->lng->txt('rbac_form_copy_roles_ce_remove_no_info')
423  );
424  $ce_type_remove->addOption($ce_remove_no);
425  $remove->addSubItem($ce_type_remove);
426  }
427 
428  $form->addItem($copy_type);
429 
430  $roles = new ilHiddenInputGUI('roles');
431  $roles->setValue(implode(',', $this->initRolesFromPOST()));
432  $form->addItem($roles);
433 
434  $form->addCommandButton('roleSearchList', $this->lng->txt('back'));
435  $form->addCommandButton('adjustRole', $this->lng->txt('rbac_form_copy_roles_adjust_button'));
436  return $form;
437  }
438 
442  protected function adjustRoleObject(): void
443  {
444  $this->checkPermission('write');
445 
446  $roles = $this->initRolesFromPOST();
447  $source = $this->initCopySourceFromGET();
448 
449  $form = $this->initCopyBehaviourForm();
450  if (!$form->checkInput()) {
451  $form->setValuesByPost();
452  $this->chooseCopyBehaviourObject($form);
453  return;
454  }
455 
456  $adjustment_type = $form->getInput('type');
457  foreach ((array) $roles as $role_id) {
458  if ($role_id !== $source) {
459  $start_obj = $this->rbac_review->getRoleFolderOfRole($role_id);
460  $this->logger->debug('Start object: ' . $start_obj);
461 
462  switch ($adjustment_type) {
463  case self::COPY_ADD_PERMISSIONS:
464  $change_existing = (bool) $form->getInput('add_ce_type');
465  $this->doAddRolePermissions(
466  $source,
467  $role_id
468  );
469  if ($change_existing) {
470  $this->doChangeExistingObjects(
471  $start_obj,
472  $role_id,
473  \ilObjRole::MODE_ADD_OPERATIONS,
474  $source
475  );
476  }
477  break;
478  case self::COPY_CLONE_PERMISSIONS:
479  $change_existing = (bool) $form->getInput('clone_ce_type');
480  $this->doCopyRole(
481  $source,
482  $role_id
483  );
484  if ($change_existing) {
485  $this->doChangeExistingObjects(
486  $start_obj,
487  $role_id,
488  \ilObjRole::MODE_READ_OPERATIONS,
489  $source
490  );
491  }
492  break;
493  case self::COPY_REMOVE_PERMISSIONS:
494  $change_existing = (bool) $form->getInput('remove_ce_type');
495  $this->doRemoveRolePermissions(
496  $source,
497  $role_id
498  );
499  if ($change_existing) {
500  $this->doChangeExistingObjects(
501  $start_obj,
502  $role_id,
503  \ilObjRole::MODE_REMOVE_OPERATIONS,
504  $source
505  );
506  }
507  break;
508  }
509  }
510 
511  $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_copy_finished'), true);
512  $this->ctrl->redirect($this, 'view');
513  }
514  }
515 
519  protected function doAddRolePermissions(int $source, int $target): void
520  {
521  $source_definition = $this->rbac_review->getRoleFolderOfRole($source);
522  $this->rbacadmin->copyRolePermissionUnion(
523  $source,
524  $source_definition,
525  $target,
526  $this->rbac_review->getRoleFolderOfRole($target),
527  $target,
528  $this->rbac_review->getRoleFolderOfRole($target)
529  );
530  }
531 
535  protected function removeRolePermissionsObject(): void
536  {
537  // Finally copy role/rolt
538  $roles = $this->initRolesFromPOST();
539  $source = $this->initCopySourceFromGET();
540 
541  $form = $this->initCopyBehaviourForm();
542  if ($form->checkInput()) {
543  foreach ((array) $roles as $role_id) {
544  if ($role_id !== $source) {
545  $this->doRemoveRolePermissions($source, $role_id);
546  }
547  }
548  $this->tpl->setOnScreenMessage('success', $this->lng->txt('rbac_copy_finished'), true);
549  $this->ctrl->redirect($this, 'view');
550  }
551  }
552 
556  protected function doRemoveRolePermissions(int $source, int $target): void
557  {
558  $this->logger->debug('Remove permission source: ' . $source);
559  $this->logger->debug('Remove permission target: ' . $target);
560  $source_obj = $this->rbac_review->getRoleFolderOfRole($source);
561  $this->rbacadmin->copyRolePermissionSubtract(
562  $source,
563  $source_obj,
564  $target,
565  $this->rbac_review->getRoleFolderOfRole($target)
566  );
567  }
568 
572  protected function doCopyRole(int $source, int $target): void
573  {
574  $target_obj = $this->rbac_review->getRoleFolderOfRole($target);
575  $source_obj = $this->rbac_review->getRoleFolderOfRole($source);
576  // Copy role template permissions
577  $this->rbacadmin->copyRoleTemplatePermissions(
578  $source,
579  $source_obj,
580  $target_obj,
581  $target
582  );
583  }
584 
588  protected function doChangeExistingObjects(
589  int $a_start_obj,
590  int $a_target_role,
591  int $a_operation_mode,
592  int $a_source_role
593  ): void {
594  if (!$a_start_obj) {
595  $this->logger->warning('Missing parameter start object.');
596  $this->logger->logStack(\ilLogLevel::WARNING);
597  throw new InvalidArgumentException('Missing parameter: start object');
598  }
599  // the mode is unchanged and read out from the target object
600  $target_ref_id = $this->rbac_review->getRoleFolderOfRole($a_target_role);
601  if ($this->rbac_review->isProtected($target_ref_id, $a_target_role)) {
602  $mode = \ilObjRole::MODE_PROTECTED_KEEP_LOCAL_POLICIES;
603  } else {
604  $mode = \ilObjRole::MODE_UNPROTECTED_KEEP_LOCAL_POLICIES;
605  }
606  $operation_stack = [];
607  if ($a_operation_mode !== \ilObjRole::MODE_READ_OPERATIONS) {
608  $operation_stack[] = $this->rbac_review->getAllOperationsOfRole($a_source_role, $this->ref_id);
609  }
610  $this->logger->debug('Current operation stack');
611  $this->logger->dump($operation_stack, ilLogLevel::DEBUG);
612 
613  $role = new ilObjRole($a_target_role);
614  $role->changeExistingObjects(
615  $a_start_obj,
616  $mode,
617  ['all'],
618  [],
619  $a_operation_mode,
620  $operation_stack
621  );
622  }
623 
627  protected function applyFilterObject(): void
628  {
629  $table = new ilRoleTableGUI($this, 'view');
630  $table->init();
631  $table->resetOffset();
632  $table->writeFilterToSession();
633 
634  $this->viewObject();
635  }
636 
640  public function resetFilterObject(): void
641  {
642  $table = new ilRoleTableGUI($this, 'view');
643  $table->init();
644  $table->resetOffset();
645  $table->resetFilter();
646 
647  $this->viewObject();
648  }
649 
653  protected function confirmDeleteObject(): void
654  {
655  $roles = $this->initRolesFromPOST();
656  if ($roles === []) {
657  $this->tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
658  $this->ctrl->redirect($this, 'view');
659  }
660 
661  $question = $this->lng->txt('rbac_role_delete_qst');
662 
663  $confirm = new ilConfirmationGUI();
664  $confirm->setHeaderText($question);
665  $confirm->setFormAction($this->ctrl->getFormAction($this));
666  $confirm->setHeaderText($this->lng->txt("info_delete_sure"));
667  $confirm->setConfirm($this->lng->txt('delete'), 'deleteRole');
668  $confirm->setCancel($this->lng->txt('cancel'), 'cancel');
669 
670  foreach ($roles as $role_id) {
671  $confirm->addItem(
672  'roles[]',
673  (string) $role_id,
674  ilObjRole::_getTranslation(ilObject::_lookupTitle($role_id))
675  );
676  }
677  $this->tpl->setContent($confirm->getHTML());
678  }
679 
683  protected function deleteRoleObject(): void
684  {
685  if (!$this->rbac_system->checkAccess('delete', $this->object->getRefId())) {
686  $this->error->raiseError(
687  $this->lng->txt('msg_no_perm_delete'),
688  $this->error->MESSAGE
689  );
690  }
691 
692  foreach ($this->initRolesFromPOST() as $id) {
693  // instatiate correct object class (role or rolt)
694  $obj = ilObjectFactory::getInstanceByObjId($id, false);
695 
696  if ($obj->getType() == "role") {
697  $rolf_arr = $this->rbac_review->getFoldersAssignedToRole($obj->getId(), true);
698  $obj->setParent($rolf_arr[0]);
699  }
700 
701  $obj->delete();
702  }
703 
704  // set correct return location if rolefolder is removed
705  $this->tpl->setOnScreenMessage('success', $this->lng->txt("msg_deleted_roles_rolts"), true);
706  $this->ctrl->redirect($this, 'view');
707  }
708 
715  public function getAdminTabs(): void
716  {
717  if ($this->checkPermissionBool("visible,read")) {
718  $this->tabs_gui->addTarget(
719  "view",
720  $this->ctrl->getLinkTarget($this, "view"),
721  ["", "view"],
722  get_class($this)
723  );
724 
725  $this->tabs_gui->addTarget(
726  "settings",
727  $this->ctrl->getLinkTarget($this, "editSettings"),
728  ["editSettings"],
729  get_class($this)
730  );
731  }
732 
733  if ($this->checkPermissionBool("edit_permission")) {
734  $this->tabs_gui->addTarget(
735  "perm_settings",
736  $this->ctrl->getLinkTargetByClass(
737  [get_class($this), 'ilpermissiongui'],
738  "perm"
739  ),
740  "",
741  "ilpermissiongui"
742  );
743  }
744  }
745 
746  public function editSettingsObject(?ilPropertyFormGUI $a_form = null): void
747  {
748  if ($a_form === null) {
749  $a_form = $this->initSettingsForm();
750  }
751 
752  $this->tpl->setContent($a_form->getHTML());
753  }
754 
755  public function saveSettingsObject(): void
756  {
757  global $DIC;
758 
759  $user = $DIC->user();
760 
761  if (!$this->checkPermissionBool("write")) {
762  $this->error->raiseError($this->lng->txt('permission_denied'), $this->error->MESSAGE);
763  }
764 
765  $form = $this->initSettingsForm();
766  if ($form->checkInput()) {
767  $privacy = ilPrivacySettings::getInstance();
768  $privacy->enableRbacLog((bool) $form->getInput('rbac_log'));
769  $privacy->setRbacLogAge((int) $form->getInput('rbac_log_age'));
770  $privacy->save();
771 
772  if ($this->rbac_review->isAssigned($user->getId(), SYSTEM_ROLE_ID)) {
773  $security = ilSecuritySettings::_getInstance();
774  $security->protectedAdminRole((bool) $form->getInput('admin_role'));
775  $security->save();
776  }
777  $this->tpl->setOnScreenMessage('success', $this->lng->txt("settings_saved"), true);
778  $this->ctrl->redirect($this, "editSettings");
779  }
780 
781  $form->setValuesByPost();
782  $this->editSettingsObject($form);
783  }
784 
785  protected function initSettingsForm(): ilPropertyFormGUI
786  {
787  global $DIC;
788 
789  $user = $DIC->user();
790 
791  $this->lng->loadLanguageModule('ps');
792 
793  $privacy = ilPrivacySettings::getInstance();
794  $security = ilSecuritySettings::_getInstance();
795 
796  $form = new ilPropertyFormGUI();
797  $form->setFormAction($this->ctrl->getFormAction($this, "saveSettings"));
798  $form->setTitle($this->lng->txt('settings'));
799 
800  // protected admin
801  $admin = new ilCheckboxInputGUI($GLOBALS['DIC']['lng']->txt('adm_adm_role_protect'), 'admin_role');
802  $admin->setDisabled(!$this->rbac_review->isAssigned($user->getId(), SYSTEM_ROLE_ID));
803  $admin->setInfo($this->lng->txt('adm_adm_role_protect_info'));
804  $admin->setChecked($security->isAdminRoleProtected());
805  $admin->setValue((string) 1);
806  $form->addItem($admin);
807 
808  $check = new ilCheckboxInputGUI($this->lng->txt('rbac_log'), 'rbac_log');
809  $check->setInfo($this->lng->txt('rbac_log_info'));
810  $check->setChecked($privacy->enabledRbacLog());
811  $form->addItem($check);
812 
813  $age = new ilNumberInputGUI($this->lng->txt('rbac_log_age'), 'rbac_log_age');
814  $age->setInfo($this->lng->txt('rbac_log_age_info'));
815  $age->setValue((string) $privacy->getRbacLogAge());
816  $age->setMinValue(1);
817  $age->setMaxValue(24);
818  $age->setSize(2);
819  $age->setMaxLength(2);
820  $check->addSubItem($age);
821 
822  $form->addCommandButton('saveSettings', $this->lng->txt('save'));
823 
824  return $form;
825  }
826 
827  public function addToExternalSettingsForm(int $a_form_id): array
828  {
829  switch ($a_form_id) {
830  case ilAdministrationSettingsFormHandler::FORM_SECURITY:
831 
832  $security = ilSecuritySettings::_getInstance();
833 
834  $fields = ['adm_adm_role_protect' => [$security->isAdminRoleProtected(),
835  ilAdministrationSettingsFormHandler::VALUE_BOOL
836  ]
837  ];
838 
839  return [["editSettings", $fields]];
840 
841  case ilAdministrationSettingsFormHandler::FORM_PRIVACY:
842 
843  $privacy = ilPrivacySettings::getInstance();
844 
845  $subitems = null;
846  if ($privacy->enabledRbacLog()) {
847  $subitems = ['rbac_log_age' => $privacy->getRbacLogAge()];
848  }
849  $fields = ['rbac_log' => [$privacy->enabledRbacLog(),
850  ilAdministrationSettingsFormHandler::VALUE_BOOL,
851  $subitems
852  ]
853  ];
854 
855  return [["editSettings", $fields]];
856  }
857  return [];
858  }
859 } // END class.ilObjRoleFolderGUI
ilObjRole
Class ilObjRole.
Definition: class.ilObjRole.php:26
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilObjRoleFolderGUI\confirmDeleteObject
confirmDeleteObject()
Confirm deletion of roles.
Definition: class.ilObjRoleFolderGUI.php:653
ilObjectGUI\prepareOutput
prepareOutput(bool $show_sub_objects=true)
Definition: class.ilObjectGUI.php:307
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
ilObjRoleFolderGUI\getAdminTabs
getAdminTabs()
Add role folder tabs.
Definition: class.ilObjRoleFolderGUI.php:715
ilObjRoleFolderGUI\__construct
__construct($a_data, int $a_id, bool $a_call_by_reference)
Constructor public.
Definition: class.ilObjRoleFolderGUI.php:47
ilObjRoleFolderGUI\addToExternalSettingsForm
addToExternalSettingsForm(int $a_form_id)
Definition: class.ilObjRoleFolderGUI.php:827
ilObjRoleFolderGUI\editSettingsObject
editSettingsObject(?ilPropertyFormGUI $a_form=null)
Definition: class.ilObjRoleFolderGUI.php:746
ilObjRole\MODE_REMOVE_OPERATIONS
const MODE_REMOVE_OPERATIONS
Definition: class.ilObjRole.php:35
ilObjRoleFolderGUI
Class ilObjRoleFolderGUI.
Definition: class.ilObjRoleFolderGUI.php:31
ilRoleTableGUI
TableGUI for the presentation og roles and role templates.
Definition: class.ilRoleTableGUI.php:26
ilObjRole\MODE_PROTECTED_KEEP_LOCAL_POLICIES
const MODE_PROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:29
ilObjRole\MODE_READ_OPERATIONS
const MODE_READ_OPERATIONS
Definition: class.ilObjRole.php:34
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:144
ilObjRoleFolderGUI\doRemoveRolePermissions
doRemoveRolePermissions(int $source, int $target)
do add role permission
Definition: class.ilObjRoleFolderGUI.php:556
ilHiddenInputGUI
This class represents a hidden form property in a property form.
Definition: class.ilHiddenInputGUI.php:27
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:838
$GLOBALS
$GLOBALS["DIC"]
Definition: wac.php:53
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:27
ilObjRole\_getTranslation
static _getTranslation(string $a_role_title)
Definition: class.ilObjRole.php:364
ilObjectGUI
Class ilObjectGUI Basic methods of all Output classes.
Definition: class.ilObjectGUI.php:48
$DIC
global $DIC
Definition: shib_login.php:26
ilObjRoleFolderGUI\initRoleSearchForm
initRoleSearchForm()
Init role search form.
Definition: class.ilObjRoleFolderGUI.php:230
ilObjRoleFolderGUI\removeRolePermissionsObject
removeRolePermissionsObject()
Remove role permissions.
Definition: class.ilObjRoleFolderGUI.php:535
ilObjRoleFolderGUI\applyFilterObject
applyFilterObject()
Apply role filter.
Definition: class.ilObjRoleFolderGUI.php:627
ilObjRoleFolderGUI\doCopyRole
doCopyRole(int $source, int $target)
Perform copy of role.
Definition: class.ilObjRoleFolderGUI.php:572
ilObjectGUI\checkPermissionBool
checkPermissionBool(string $perm, string $cmd="", string $type="", ?int $ref_id=null)
Definition: class.ilObjectGUI.php:1966
ilObjRole\MODE_ADD_OPERATIONS
const MODE_ADD_OPERATIONS
Definition: class.ilObjRole.php:33
ilObjRoleFolderGUI\resetFilterObject
resetFilterObject()
Reset role filter.
Definition: class.ilObjRoleFolderGUI.php:640
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
ilObjRoleFolderGUI\chooseCopyBehaviourObject
chooseCopyBehaviourObject(?ilPropertyFormGUI $form=null)
Choose option for copying roles/role templates.
Definition: class.ilObjRoleFolderGUI.php:303
ilObjRole\MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
const MODE_UNPROTECTED_KEEP_LOCAL_POLICIES
Definition: class.ilObjRole.php:31
ilObjRoleFolderGUI\doAddRolePermissions
doAddRolePermissions(int $source, int $target)
do add role permission
Definition: class.ilObjRoleFolderGUI.php:519
$check
$check
Definition: buildRTE.php:81
ilRbacAdmin
Class ilRbacAdmin Core functions for role based access control.
Definition: class.ilRbacAdmin.php:31
ilObjRoleFolderGUI\roleSearchFormObject
roleSearchFormObject()
Parse search query.
Definition: class.ilObjRoleFolderGUI.php:249
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:96
ilObjectGUI\checkPermission
checkPermission(string $perm, string $cmd="", string $type="", ?int $ref_id=null)
Definition: class.ilObjectGUI.php:1942
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilObjRoleFolderGUI\doChangeExistingObjects
doChangeExistingObjects(int $a_start_obj, int $a_target_role, int $a_operation_mode, int $a_source_role)
Do change existing objects.
Definition: class.ilObjRoleFolderGUI.php:588
ilObjRoleFolderGUI\initCopyBehaviourForm
initCopyBehaviourForm()
Show copy behaviour form.
Definition: class.ilObjRoleFolderGUI.php:322
ilObjRoleFolderGUI\roleSearchObject
roleSearchObject()
Search target roles.
Definition: class.ilObjRoleFolderGUI.php:202